Re: [DNSOP] Proposal: Whois over DNS

[John Bambenek <jcb@bambenekconsulting.com>]

> Hi :-)
>
> John Bambenek <jcb@bambenekconsulting.com> wrote:
> >> That said, I agree it cannot solve GDPR or other policy concerns.
>
> > Why? GDPR applies to IP addresses, that doesn't impact DNS yet.
>
> You appear to have confused IP with P(I)I: personally identifying
> information.
>
> All whois data is PII, in the case where people register
> individual details, as opposed to organizational roles. I think
> you may need to do a bit more research on this topic, you seem to
> have misunderstood a thing or two.

One, IP addresses in some cases are PII (see here:
https://eugdprcompliant.com/personal-data/).

Two, in some cases whois data is NOT PII (i.e. role based accounts,
which are allowed here).

You could set contact info to "Mail Administrator" and
"abuse@domain.com" and that's fine here.

>
> > I'm genuinely curious of something. The most I've engaged in
> > this debate about WHOIS records and what is or is useful in
> > fighting abuse, the opinions of those who actually fight abuse
> > for a living are discarded a priori.
>
> I also have done this for a living. I expect everyone on this
> list has, to a certain degree.
>
> I guess what I'm saying is, I probably wouldn't buy what you're
> selling.
>
> Further, I agree with others that it's not our job to standardize
> and encourage the kind of large scale self-doxxing such products
> would undeniably benefit from. That would be to throw the
> average-Joe under the bus, for the benefit of the minority who
> decide to invest in such tools (whether they are actually
> effective or not).
If you put personal information, that's your choice. If you put
role-based info, that's your choice. Same as what you post on twitter,
facebook, or whatever. This enables the choice to "self-dox" (something
I think is an odd formulation.
> So this is me changing my mind, I don't think potential
> automation use-cases justify this.
>
> Cheers,
>  - Bjarni
>