[arin-ppml] Policy Manual : Customer Privacy

chris mr chris.misztur at yahoo.com
Wed Oct 1 01:21:38 EDT 2008

It is a very simple resolution, however most people are not aware that WHOIS databases exist. 

I still believe non-business customers requesting a /29 CIDR should be provided with a voluntary NDA regarding WHOIS.  For ONCE, can't we have a business that stands behing their customers!  

From Comcast Website:
How does Comcast protect personally identifiable information?
We follow industry-standard practices to take such actions as are necessary to prevent unauthorized access to personally identifiable information by a person other than the subscriber or us.  However, we cannot guarantee that these practices will prevent every unauthorized attempt to access, use, or disclose personally identifiable information. 

----- Original Message ----
From: Kevin Kargel <kkargel at polartel.com>
To: chris mr <chris.misztur at yahoo.com>
Sent: Tuesday, September 30, 2008 11:05:00 AM
Subject: RE: [arin-ppml] Policy Manual : Customer Privacy

Of course it can lead to abuse issues. It is also an easy resolution.  All the end user has to do is supply the ISP with the information they want to have associated with the WHOIS entry.  This can include a P.O. box, a cel phone., or they can have the ISP (for a fee?) hide the info behind the ISP.  
Best practice for an ISP is to publish WHOIS data for static assignments.  This lets abuse forensics more easily track back to a malfunctioning or malicious machine, and perhaps the biggest reason is that it protects the ISP from the fallout of a misbehaving mail server by segregating the subnet from the ISP's email domain.  

From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of chris mr
Sent: Tuesday, September 30, 2008 10:26 AM
To: heather skanks
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] Policy Manual : Customer Privacy

I have to agree with Heather on this one.  

Unless the account holder is a business entity (separate from a person), the POC needs to be the upstream ISP.  Knowing a residential customer's IP block, name, address, and ISP can lead to all kinds of abuse issues.  This is no joke.

----- Original Message ----
From: heather skanks <heather.skanks at gmail.com>
To: chris mr <chris.misztur at yahoo.com>
Cc: arin-ppml at arin.net
Sent: Monday, September 29, 2008 4:05:50 PM
Subject: Re: [arin-ppml] Policy Manual : Customer Privacy

Automated provisioning systems ... did you think that someone generates all those millions of templates by hand?  :)


On Sat, Sep 27, 2008 at 7:52 PM, chris mr <chris.misztur at yahoo.com> wrote:


Reference: http://www.arin.net/policy/nrpm.html#four2376

I have recently noticed that ISPs such as ATT(SIS-80) and Comcast(CBCI) publish their customers' personal information in /29 reassignments.  For my residential DSL service I was told to contact ipadmin at att.com to hide my personal information, which they did.

What are your thoughts as to why ISPs do not protect their residential customers' privacy by default?

My thought on this subject is that ISPs still have the belief that Internet service with static IP blocks is only required by businesses, therefore ISPs fail to make the distinction between personal and business Internet accounts.


You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
Please contact info at arin.net if you experience any issues.


More information about the ARIN-PPML mailing list