[ppml] /29 limit for ARIN SWIP whois

Paul G. Timmins ptimmins at clearrate.com
Thu Jan 10 09:36:25 EST 2008

Where are all these battered wives and grandmas who are getting /29s
from their upstreams? I'm still trying to figure this out.

-----Original Message-----
From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of
Leo Bicknell
Sent: Wednesday, January 09, 2008 6:50 PM
To: Public Policy Mailing List
Subject: Re: [ppml] /29 limit for ARIN SWIP whois

In a message written on Wed, Jan 09, 2008 at 05:15:35PM -0500, Eastman,
Bruce wrote:
> I don't mean this to be insulting by any means, but I have seen you
> mention Lynch mobs and vigilante justice on here a few different
> I am just curious to know if there have ever been any documented
> instances where vigilante justice has taken place over the issue of
> spamming, and if so, was the victim actually found by information
> provided in the whois data base?

If you're looking for direct evidence of someone murdering a spammer
and then standing up and saying "I used ARIN's whois database to
find them" then no, I can provide no direct evidence.

I also want to stress the issue is not just vigilante mobs going
against spammers though.  All the reasons people hate each other
apply in the cyber world as well.  And it's not just vigilante mobs,
it's also lone individual harasser.

Consider cyberstalking, http://en.wikipedia.org/wiki/Cyberstalking.
Has there ever been a case where a predator used whois data to help
locate a victim?  When a battered woman moves across country and
signs up for new internet access is there adequate disclosure from
the provider her name address and phone number may be listed in a
global, public database?  If her ex finds her through that information
and kills her, is the ISP, or even ARIN partially liable?

To bring back a golden oldie: McGruff.org has "stay safe online"
recommendations: http://www.mcgruff.org/Advice/online_safety.php

   "Never give out personal information like your name, telephone
    address, email, or school name."

How many kids are giving out their name, address, and telephone
number just by surfing the web from an IP with fairly specific whois
information?  Who's using that information, and for what purpose?

The sad part of all of this is the victims aren't going to speak
up.  Spammers who have people come to their house and make a death
threat aren't going to go to the police.  Battered women who need
to remain anonymous to stay away from their ex aren't going to write
front page articles on CNN about how their privacy was compromised.
Child predators aren't going to let the world know whois is a
goldmine for them.

What percentage of people who buy service from a provide who lists
their details in whois know that is the case?

I can buy a phone line for home and have it be unlisted.  I can buy
5 phone lines for home and have them be unlisted.  I can buy 500
phone lines for home and have them be unlisted.  Yet, to participate
in the Internet at anything more than a basic level I must provide
my information to the entire world?

       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org

More information about the ARIN-PPML mailing list