Private domains not so private?

A dispute over a librarian's attempts to out what he called corruption in the world of poetry competitions has led to a new battle in which he is accusing one of the country's largest domain registrars of illegitimately exposing his personal information.

Alan Cordle, a Portland, Ore., librarian, had been posting information on his Web site, Foetry, that he said illustrated a pattern of patronage and other ethical problems in high-level poetry competitions.

But because his wife was a poet, he decided to register Foetry anonymously through GoDaddy's Domains By Proxy (DBP) division, which markets a service allowing domain owners' contact information to remain private.

But some in the poetry community were infuriated by Cordle's assertions, he said, and demanded that DBP reveal his identity.

And while the circumstances of what happened are in dispute, the company decided to cancel Cordle's DBP account and make his information public.

Now, Cordle is trying to raise awareness about what he says is the service's duplicity. And in the process, he is putting a spotlight on the realities of trying to remain anonymous on the Internet today.

"I was probably naive," Cordle said. "I thought that they would completely protect my privacy. That's the whole purpose of DBP. They don't do anything else but purport to protect domain privacy."

Services like DBP are an adjunct to typical domain registration. Normally, when someone registers a Web site name, their personal information--including name, address, phone number and e-mail--are available to anyone through WhoIs databases. But services like DBP offer to keep private information secret by registering domains on behalf of their clients, and charge a premium for the privilege.

But the company said that despite its marketing efforts, DBP is under no legal obligation to maintain its customers' privacy.

"I can tell you DBP was within its rights to cancel Mr. Cordle's privacy services pursuant to the terms of its proxy agreement," said Nima Kelly, GoDaddy's vice president of public relations.

"You understand and agree that DBP has the absolute right and power, in its sole discretion and without any liability to you whatsoever," the agreement states, to "close accounts (or) reveal your name and personal information."

In general, the agreement states, DBP would only take such action when it is subpoenaed or legally required to do so, but the language doesn't preclude any circumstances in which it could decide to reveal a customer's information.

Cordle claims GoDaddy's biggest infraction was revealing his personal information, which subsequently spread across a number of poetry-related Web sites, without contacting him first.

"The main thing I'm angry about is that they were supposed to contact me," he said. But "I received no e-mail nor a phone call."

Meanwhile, Cordle isn't the only DBP customer unhappy with its performance.

David Payer, a Web site owner from Iowa, said he discovered that DBP had given his personal information out over the phone after getting a phone request for it.

"They missed the boat on this one," Payer said. "They simply did it wrong. They should have called me at least. But I got neither a telephone call nor an e-mail, and they simply gave away the information."

To some, DBP's actions, regardless of the reasoning behind them, are unfortunate, especially in light of comments made on GoDaddy President Bob Parson's blog about the virtues of the DBP service.

"The benefits of private domain registration are not trivial," Parson wrote, before listing a number of rights people lose, including protection from having their home address made public, if their personal information is made public against their will.

"The tradition of anonymous speech is a long one in this country," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation, "and, in fact, is a constitutionally protected right. And people should have an avenue to speak anonymously online."

Bankston said that there are numerous venues online for anonymous speech, from Blogspot blogs to Geocities Web sites. But he cautioned against counting on the goodwill of companies like DBP.

"Trusting a third party to keep your identity secret for you," he said, "is a dangerous game."

[thenet411]

Domains are NOT private

This DBP stuff is a spammers tool and everyone knows it. There is NO legitimate reason to have your contact information private. If you have the guts to get your own domain name, for crying out loud, have the guts to put your name on it. The ONLY reason for DBP is to protect sleezeball SPAMMERs from being hit with complaints. GoDaddy is an unscrupulous hack that is helping ruin the Internet and what it stands for.

[sfjase]

Why not?

Why should owning a domain necessitate the disclosure of one's personal contact information? If you own a phone, you can keep your address from being listed in the phone book -- maybe to thwart stalkers or maybe just to maintain a sense of comfort. Shouldn't domain owners be allowed a similar level of personal privacy? Letting the proper agencies track you down is one thing, but letting Joe Shmo track you down -- that's another.

[mrdeleted]

spammer

spammers love when you publish your contact info

[JonIndie]

this is an old post.. and maybe your opinions have changed some.. but if not. Let me say something.

You could agree to the fact that every person that owns a domain is not a spammer, correct?

There is all kinds of people that put up websites now.. to small business owners, and just random people that want to have their own little spot on the internet. I'm sure somewhere there's an old lady that loves cats that has bought a website to talk about it. Her information is public for anything one to view. With the trolls and everyone else on the internet she deserves to have her privacy. I'm sure there's trolls out there that would send her death threats, or prank her.. just because they find it funny. Is that something she really deserves?

I use to own a picture rating website and had people threaten to kill me over the most ridiculous things.. We did have a business address listed on the whois but it wasn't where either of the 'owners' of the site lived. I had one person send a letter saying he was going to kill me because he got downrated on the site and some other user had a higher rating then them. This person could have just been a troll.. but honestly with the people of today it really wouldn't surprise me if he wasn't.. and had a mental problem. Regardless of if he was a troll or not.. I still shouldn't have to deal with that offline and outside of my business.. and i'm glad my address wasn't made public.

hard to find real anonymity

i looked REAL hard for anonymous domain & hosting (I admit it, I'm a complete paranoid) and found practically no resources. I already knew GoDaddy (and all its rebadges, e.g. DBP) couldn't be trusted because my searching led me to stories of the Re-code.com incident. (a lefty website that created discount barcodes people could print out and stick on items when shopping "as a protest". DBP gave them up to Wal-Mart instantly.)
the only thing I found after days of googling that seems REALLY anonymous is Katz Global Media (from a message buried in a "white pride" forum of all places!) I haven't taken the plunge yet, but it seems genuinely anonymous coz they never have your info in the first place: you pay only by anonymous e-currency. They can't give out info they don't have.

Of all the sites advertising "anonymous" domain registration, check out their details/terms & conditions: you'll find it's either a rebadge of GoDaddy (i.e. NOT anonymous) or Katz (really anonymous). Oh, and I think there's a third one based in Lichtenstein (!).

EPIC, EFF and all that crowd had lots of info on anonymous *posting* & *e-mailing* but zilch on anonymous domain registration & hosting. I really hope someone develops a resource on this. Or that there is one already that my google fu didn't find and some nice person will post it here.

Katz anonymous?

I enquired of Katz whether or not, if it went bankrupt or was bought out, I would be able to recover my domain name.

I never received a reply.

I decided not to go with them.

[truth-seeker]

I think Katz Global Media is a scam

Be careful with Katz Global Media...

See the following link and judge for yourself:

<a class="jive-link-external" href="http://www.californialegalteam.com/journal/?m=200510" target="_newWindow">http://www.californialegalteam.com/journal/?m=200510</a>

[marie10101]

Domains by Paedos would be a more appropriate name. Or, Domains by Spammers, Domains by IP infringers, Domains by Fraudsters, etc... You get the idea. There isn't a good reason unless you've got something to hide. Has anyone other than this guy ever actually managed to get someone's details from Domains by Paedo?

[Pteryxx]

You never think privacy is a big deal until it's your own personal info being used against you. Maybe you've never been stalked, harassed, slandered, abused, had your ID stolen, had a creepy stranger hit on your spouse or kids, or expressed an unpopular opinion, but I guarantee you know someone who has. Have that much consideration for the rest of us at least. If you still want to believe it'll never happen to you, then I wish you happy ignorance and good luck, because you'll need it.

[Pooua]

Actually, yes, I've been stalked, threatened with bodily harm in a public forum, my Web pages vandalized and my name slandered, and it was all done by anonymous people on the Internet. Right now, my business name is held by an unknown party, with the registration info protected by the registrar. I recognize the other side of this is that if I register my domain name, these people could find my house. Then, again, that's already public information, and has been since the creation of phone books.

[hhjjjs013]

I bought several domain name at zentek-international.com with the exspectation of privacy. People beware of this company, at the first hint of a lawyer asking for information about my domain they spilled the beans. They state the following on their site but DO NOT believe it!

"What makes our domain system private and anonymous? In our specially arranged system, your public WHOIS information and your private ownership details are held completely separate. People who try to dig up your information using WHOIS or similar lookup tools will _only_ get shown the information YOU want them to see, which you can set and change yourself at any time. Who owns the domain name? You do. Unlike other so-called "private" or anonymous domain registration systems (where some other company "holds" your domain), with our system you maintain full private ownership of your domain name at all times. You can login after the domain is registered and privately see your ownership details. You can also update and modify any and all WHOIS details to be whatever you want. This also means you can transfer your domain to a different company if you want to at any time. We do not control your domain, you do."

Just the Attorney asking them to take down the domain names, caused that too. I was ripped off and they wouldn't give me my money back. There is no security with this company. They will give you up in a heart beat, their server is in Vancouver Washington and a bunch of weenies run it that will force any company they server with to give you and your privacy up.

[the20yearbillionaire]

Let's say you work in........politics , high finances , the government, or any sort of job.

Let's say there's abuses taking place at this specific job or whatever it is.

You decide to take action by building a website, and outing those that are in the wrong.

Those that are in the wrong have ALOT of power to throw around (Let's say they've got the police , and others who are in authority in their pockets).

Due to these DNS security lapses, they could find out who you are, then do away with you (Yes, Plenty of people are killed over money).

In the event with a anonymous host, they can't find you.

Sure , they're definately open for abuses, but just think of what a world would be like where you had NO options to speak out. The one great hope (The internet) to speak out against your boss, coworkers ,ect is then not yours anymore , but theirs.

[andybushII]

I used yohost.org services for anonymous domain registration and had no problems. I think it depends where the private domain registrar is located. Choose for offshore registrars. And also when you register an anonymous domain you do not need to give any of your personal details. If you are asked to give any, then it is not anonymous.

[nancypole]

My privacy was also breached a few days ago by DBP. I bought a domain name someone I know had mentioned on a public forum because I liked the name and figured I might sell it down the road. For a couple of days after the person posted the name, I didn't purchase it; figuring they might want to. But, after a couple of days, the domain name was still available. i figured if they mentioned it and hadn't purchased it, then they probably didn't want it at this time. I also saw a number of products with the name and thought it would be a good opportunity since I buy and sell domain names. Not wanting the person to know I bought the name they posted in case they desired to purchase it down the road, and feeling it might generate some resentment if they found out I purchased it before they thought of doing so, I purchased the domain with identity protection and paid a premium for it, from godaddy. I specifically asked about mail forwarding in order to make sure that my privacy and identity would be protectted. I was told that all e-mails would go through DBP as the "middle" person. No one ever mentioned anything about autoresponders, and I never gave this a thought. About two weeks after I bought the name, the person who had posted it finally decided they wanted it and sent an inquiry for the name. The inquiry was forwarded to my e-mail which had an autoresponder on, and in quick order the inquirer had my e-mail, my name, and my cell phone number. They called me a thief in a public forum where all my friends could see it. When I called godaddy to ask whether they knew about the breach potential, they said they did, but it was not their responsibility to tell people about it. My husband and I asked to speak to Parsons, and the tech misrepresented himself and said he was Parsons. Hmmm, I wonder what law he was breaking? I strongly disagree that this was my responsibility to know. It wsa, and is, godaddy's responsibility to tell people who think they're purchasing indentity protection that there is this "glitch" in their system. With a godaddy tech on the phone, I logged in to DBP and changed the e-mail address to which inquiries should be forwarded, unfortunately too late to quell the ire of my friend. Two days later, inquiries are still being forwarded to my old e-mail address (the one with the autoresponder) and not to the new e-mail I put in "settings." I've sent two e-mails to DBP support, with no responses. So, I've had to turn my autoresponder off, which affects my business. And, inquiries for the domain I bought are not reaching me at the new e-mail address I entered in to my DBP account settings. I'll say, too, that when I called to get help changing my settings, the godaddy tech was quite nasty to me and trumped up reasons to be argumentative with me and threatened to hang up on me several times. This was a BIG first, and I guessed that my account had been flagged citing me as a "problem" customer. Now, reading the comments here, I wonder if godaddy and DBP will just cut me out and not let me know I own over 200 domain names with godaddy, and before this issue customer service was always super-nice. Now, it seems, they have turned on me. I spend thousands with godaddy and plan to recoup any monies lost because I was unable to sell the domain name once the inquirer found out I was the one who bought it. I planned on selling it for $200 and requested a credit in that amount from godaddy,, and I would consider the matter settled. They refused, and I'm contacing attorneys. My friend was livid at me, btw, and I lost the friend over it, who passed out my e-mail to her friends from whom I have been receiving threats and hate mail. What a mess. How dare companies as huge as godaddy and DBP treat people this way? Class action lawsuit, anyone? If so, contact me at: stackpole.nancy5@yahoo.com

[rickyprice7]

Keep your identity SAFE!

How? Pretty simple. Safeguard your Whois info with our $10 LIFETIME Privacy Domain Service! Who can beat that?

Make your Domain Private for $10 lifetime NO recurring fees.

http://www.youtube.com/watch?v=gEigZLAzg4k

http://makedomainprivate.com/

[maxtalks]

For those looking for domain registration privacy, a good alternative could be HushDomain.com

They're pretty quick to respond and generally very helpful. Plus their offshore status helps in squashing up lawyers notices from the United States.

Cheers!

[N30_H4X0R]

DBP is one of the most Dangerous Aspects of WWW/Internet. If someone is genuine, why should he/she want to be PRIVATE? And if DBP (or PrivacyProtect.org) like things are a part of Business, There should be a way of Verifying the "Need of Privacy" thing.

For Example...I register a domain mydomain.in. I post my original material. After sometime, someone else registers a private domain with the same domain name except the extension, i.e mydomain.com, and makes the info. Private. He tries to abuse my Work aor My Reputation.

In these circumstances, what can be my role to avoid such circumstance.

Mostly, such a thing happen with "Disgruntled Employees".

If anyone has a solution, kindly contact me on http://facebook.com/debojyotiphaxor or my E-mail : haxors.democracy@gmail.com.