Don’t expect to remain private if you register a .us domain name.
Last July, Chaya Raichik registered the domain name LibsofTikTok.com to go along with her Libs of TikTok Twitter account.
In October, she apparently decided to protect her brand by registering the matching domain in .net, .org, .info and .us. That last one ended up being a mistake.
The United States still doesn’t allow Whois privacy for .us domain names, so Raichik’s address, phone and email were (and still are) public on the Whois record for the domain.
Raichik had tried to remain anonymous, even giving anonymous interviews to major news outlets. But the .us domain registration gave her identity away. It helped internet sleuths track down the history of her online rabble-rousing and was the basis for a very public outing in The Washington Post yesterday.
The government nixed Whois privacy on .us domains in 2005, sparking an outcry from registrars, including GoDaddy. At the time, registrars’ motivations might have been financial since they charged for Whois privacy. But these days, in a world of privacy regulations, including the European Unions General Data Protection Regulation, Whois privacy has become the default on almost all domain registrations. An exception remains .us.
GoDaddy (NYSE: GDDY) acquired the company that manages the .us namespace on behalf of the U.S. government in 2020. But the government is the ultimate arbiter of policy. I’ve heard rumblings of a new push to allow privacy on .us domains, even dating to before GoDaddy acquired the registry services operator that manages the domain.
But for now, here’s what about.us, operated by GoDaddy Registry, states about privacy:
The usTLD has an ongoing interest in ensuring that its top-level domain is administered in a secure manner and that the information contained within the authoritative database is reliable, accurate, and up-to date. One of the mechanisms to ensure the integrity of the .US namespace is the through the collection of true registrant information. The usTLD Registry employs an algorithm to detect the inadvertent or intentional registration of proxy, anonymous and/or private domain name registrations, and enforces a registrar’s obligation to not offer such services to .US domain name registrants.
This type of evil phenomenon is exactly why whois privacy for .us was never allowed to begin with, and is exactly what the “powers that be” wanted to begin with.
Originally it began under a “right wing” neocon regime, but the purpose and motive is exactly the same for the neoliberal establishment in power since Obama.
By the way, not sure where you’re getting 2005 from, since whois privacy was never allowed from the beginning.
.us always posed a threat to the “establishment” no matter which side is in power from the very beginning. That is why, despite 2002 seeing the biggest resurgence of American patriotism ever experienced since at least WW II, and bigger than we will probably ever see in our lifetimes, it was in a supremely ironic way released to the public virtually “under a rock,” and was also never promoted to the American public by everyone who should have and was in a position to do so even without cost.
Some may think it’s about a threat to .com and vested business interests, but that is barely even a pebble next to the real threat and the real concern, and the real reason why it has been kept as something still practically unknown to the public and virtually hiding in plain sight after all these years and decades.
PS: as usual in our society, certain ones are allowed to circumvent the no-privacy requirement with impunity. That is what is going on with a .us domain you find registered at Safenames, for instance. Perhaps also the likes of MarkMonitor, and maybe one or two I don’t even know of now.
I don’t think they started enforcing no whois privacy until 2005. That’s why GoDaddy fought back then.
I don’t know about that. It’s been a topic of interest to me since the very beginning in 2002, and I remember it even being discussed and the prohibition declared more or less from the beginning too. I’ve also never once even seen anyone using whois privacy, except for the de facto circumvention method mentioned above. And I’ve looked at tons of .us whois over the years since 2002.
Btw, found this letter still online:
https://cdt.org/wp-content/uploads/copyright/20050922whoisletter.pdf
Text in a new comment below:
Text of letter:
“Michael D. Gallagher
Assistant Secretary of Commerce for Communications and Information
National Telecommunications and Information Administation
United States Department of Commerce
1401 Constitution Ave., NW
Washington, DC 20230
Dear Mr. Gallagher,
We write to join other public interest groups and Internet companies in urging the NTIA
to refine a decision that threatens the privacy of Americans who own addresses in the
nation’s sovereign ‘.us’ Internet domain. Although we understand the reasoning behind
NTIA’s decision to ban so-called ‘proxy’ registrations, we fear that the decision, which
was made without opportunity for public comment, is overbroad and unnecessarily
threatens the privacy of thousands of Americans. We urge NTIA to adopt a policy that
allows for greater privacy in the .us domain. Left unchanged, the decision, which was
intended to increase the accuracy of the data on who owns .us addresses, could have the
opposite effect, as registrants lie to avoid having their identities exposed.
The publicly available ‘whois’ databases for Internet domains like .com, .net and .us are
valuable resources that provide contact information for millions of domain name
registrants. Originally designed to allow users to contact a web site operator in the event
of a technical problem, the databases are now used by law enforcement, consumer
protection agencies, and private groups including intellectual property holders.
Before NTIA made its ruling, Internet users who bought Web addresses ending in .us
could pay an additional fee to register them through one of several proxy, or private
registration services. The proxy services in turn kept those records in their internal files,
substituting their customers’ data with their own contact information in the whois
database for the .us domain. All of the proxy services maintain a policy of willingly
providing their customers names to law enforcers working on investigations, and as such
do not provide any sort of shield for criminal activity. Rather the services offer people a
safe, legal way to keep their personal data out of the hands of idle surfers, marketers and
potentially dangerous stalkers.
A privately registered domain name is the online equivalent of an unlisted phone number.
Both provide valuable protections to individuals without interfering with the needs of law
enforcers and courts. If NTIA upholds its ban on proxy registrations in their current form,
we urge the agency to allow for some sort of private registration process. NTIA could
specify how such services could operate and in what situations they would be required to
divulge customer data, thus serving the need for an open and public whois database,
without harming customer privacy.
Whois registration requirements raise privacy concerns for individuals. While full public
registrations are generally uncontroversial for large commercial registrations, most
domain operators force customers to make their names, home addresses, home phone
numbers, and home e-mail addresses public in order to register an Internet address.
Proxy or private registrations have been widely endorsed as at least a partial solution to
the whois privacy problem by a range of stakeholders on the issue. While many privacy
advocates have argued that proxy registrations do not go far enough, they have at least
seen them as a useful tool, far preferable to full public registrations. 1 Meanwhile, many
copyright holders and others that have generally advocated for more public access to
Whois information have also supported proxy registrations as a way of responding to
some privacy concerns while preserving the access they believe is needed.2
In the absence of any such mechanism to protect their privacy, many more users are
likely to place false information in the Whois database. At a time of concern about
identity theft and online security, it is unwise to require millions of individual registrants
to place their home phone numbers, home addresses, and personal email accounts into a
publicly available database that places no restrictions on the use of that data.
We believe a balance can be struck on Whois data that protects privacy and allows
reasonable access to data for important public purposes. The interpretation of the rules
that banned proxy registrations represented a major enough change in .us policy that it
warrants public input. We believe the Commerce Department and the American online
public could benefit greatly from a more in-depth examination of the decision.
We would be eager to discuss this issue with you in greater detail. Feel free to contact me
at (202) 637-9800 or by e-mail at jberman@cdt.org .
Respectfully,
Jerry Berman
President, Center for Democracy & Technology
1 See, e.g., Tom Cross, DNS WHOIS: Barking Up the Wrong Tree, CIRCLE ID (Jun. 28, 2004), at
http://www.circleid.com/article/630_0_1_0_C/ (“Political speakers on the Internet have a legitimate need to
protect their identities. The Internet presently supports a vibrant ecology of political websites and weblogs
of every flavor and prejudice. Together they constitute a meaningful discourse on nearly every issue of the
day. A large portion of these sites employ WHOIS proxies or publish limited contact information.”)
2 See, e.g., Legislative Hearing on H.R. 3754, the “Fraudulent Online Identity Sanctions Act,” Before the
Subcomm. on Courts, the Internet and Intellectual Property of the House Comm. on the Judiciary, 108 th
Cong. 91605 (2004) (Mark Bohannon, on behalf of the Copyright Coalition on Domain Names: “I think
that with regard to those websites that may be registered by individuals, which I think is probably the more
sensitive issue, in principle, we work with intermediaries and proxy services who can, in fact, keep that
information, and so long as it is accurate and readily available, we have no problem with that.”); Viacom
International, Comments on ICANN Whois Task Force on Privacy Preliminary Report, (Jul. 1, 2004)
available at http://gnso.icann.org/mailing-lists/archives/whois-tf2-report-comments/msg00018.html (Proxy
registrations can, “if properly implemented provide a viable system for registrants that seek to achieve
better privacy protection.” )”
What the hell, Andrew??!!
WashPost retracted the identity and tried to undo their stupidity. Not to mention, their reporter showed up at the door of “LibsofTikTok” – Not “journalism” it’s stalking! By doubling down, this is actually worse.
Remove her identity. Remove the politics.
You can write this same excellent apolitical piece without exposing her identity. FIRST SENTENCE.
Tell me which side you are more empathetic for…
Read this, and if you still feel the same; i tried.
Youre a great writer- Game’s best. Remove name!
mrctv reported on this couple of days ago.
Have some compassion. Politics is ruthless.
Remove her name, man!
https://www.mrctv.org/blog/irony-wapo-reporter-doxxes-libsoftiktok-creator-then-locks-replies-avoid-criticism
WaPo removed it? It’s still there. By the time I wrote this story lots of other major news publications including the NY Post had included it.
The (holds nose) “journalist” (not/gag) who did this has melted down and turned into a blubbering crybaby crying foul over getting a dose of her own medicine. Which of course is par for the course with people like that.
“Taylor Lorenz DOXXES Libs Of TikTok Twitter Account | Breaking Points with Krystal and Saagar” – https://www.youtube.com/watch?v=oL5XVRgXd1E
Also – like him, dislike him, or think he’s a mixed bag with good points and bad points, that Tucker Carlson guy did a good piece on it:
“Tucker: This is an intimidation campaign against ‘Libs of TikTok'”
https://www.youtube.com/watch?v=q-nMlMU48wI
I do not get why whois information should be public. I always supported private information. Obviously the FBI, CIA, RCMP, EUROPOL, etc…………….can get a warrant for the information.
You might disagree with Chaya Raichik but that journo that doxxed her out was ok with doxxing yet when apparently journo or her family was doxxed then doxxing was wrong according to that journo. Hypocrite much?
When a right winger criticizes the left……..it is a crime. Yet when left wingers want to do the same and privately……….it is ok.
I find that wrong.
BLM/LGBTQ+ attacks Conservatives and Christians. Generalizes them all………..it is ok.
The other way around…………….a crime for the keyboard warriors.
If something is good for one side, then it is good for the other side.
Just for the record, I lean Conservative and Roman Catholic……….I have no problem with LGBTQ+ or anyone.
How many people on the left attack people on the other side? Yet when Chaya Raichik does Chaya Raichik things……..it is a crime?
Doxxing Chaya Raichik is ok, yet the journo’s doxxing is wrong? We should not be doxxing anyone.
By the way, in the early days, I would do whois privacy as following:
e-mail address: I would get a separate @gmail.com address for the whois domain registration.
The postal address: my work’s P.O. Box address
Telephone number: a free voicemail number in the 641 Iowa area code…I live in Canada. I did check the voicemail number once a month.
There are legitimate reasons to keep private the information. Yes I know Porkbun, Namesilo and the rest have my address but the public do not.
100% spot-on with truth in this post. I too, am tired of the rampant hypocrisy.
When you say “with truth” do you mean my comments too, or just Miroslav’s?
So to summarize:
• The absence of Americans being able to have whois privacy – something virtually taken for granted for years and even decades now, and the importance of which has been doing nothing but being expanded and more and more overtly recognized for years now:
– is being used to stifle, suppress, and intimidate and terrorize against free speech and diversity of opinion.
– In America. The nation built upon recognition of the critical and foundational importance of free speech and (genuinely) free press as two of the most important supreme laws and principles of the land.
I don’t see this. The actual website is on a .com. Anyone can register and use a .com with privacy.
This specific instance is an example of what was primarily intended for .us publishers with the actual whois policy spilling over in that way. A “bonus” of sorts.
This specific instance is an example of what was primarily intended for .us publishers with the actual whois policy spilling over in that way. A “bonus” of sorts.
When I registered my first domains .com and .ca (in 2005). I had a P.O. Box address for work, I used that. I registered a separate gmail address just for the domain registration and I used a free 641 area code voicemail. I checked the voicemail once a month, sometimes twice a month.
The domain registrars over the years, obviously had my home address attached to the credit card I used but even for the account with them, I used the PO Box.
I learned in the first few months in 2005 to not use my personal gmail. Hence the separate gmail address.
If you have an office, use the office address and number.
Technically speaking your work address is legitimate.
Thanks for the thought, but that doesn’t work for everyone, and people really need the full privacy option, even if they use business info. If that were not the case there would be no reason to care about the topic at all. There wouldn’t be any need for any whois privacy for any domain at all either.
A lot of deep comments here regarding politics. I just want the privacy to avoid spam. I made the mistake of registering a .US and started getting 50-70 phone calls per day and hundreds of spam email and texts.
Agreed, ridiculous we can’t prevent spam on a .us domain. Made the same mistake.