Brands owners benefit from whois privacy, even though they’d prefer their adversaries not be able to use it.

There’s a common myth in intellectual property circles that, if it weren’t for whois privacy and proxy services, there would be a lot less bad stuff on the internet.

I can bust a hole right in the myth. But instead, I’d like to point out something these companies don’t often admit: they are some of the biggest users of whois privacy.

I was reminded of this while reviewing some notes from a recent .NYC Advisory Board meeting. .NYC doesn’t allow registrants to use whois privacy. That’s why, when two firms working on behalf of Michael Bloomberg registered a bunch of embarrassing domain names, I was able to easily find out who was behind it. During the meeting, someone pointed out that Bloomberg’s lawyers had to register the domains in their name, which ended up being rather embarrassing for them. Click here to continue reading…

It’s hypocritical for large companies to lobby against whois privacy services when they use them as well.

Why do so many large companies argue against whois privacy and whois proxy services when they use the same tools themselves?

It’s a frequently asked question, one that Kevin Murphy asked again today:

Sure, a lot of people hide their whois information for nefarious purposes. But for companies to label all whois privacy as “bad” when they do it themselves is hypocritical.

A number of companies use Mark Monitor’s affiliated companies to register domains and keep knowledge of the registrations away from the public. (Of course when they use the MarkMonitor name servers they often get outed).

There are plenty of competitive reasons to do this, such as a new product release.

I would consider this a fairly legitimate use of what is essentially a whois proxy service.

Sometimes big companies use it for questionable purposes. Consider Guthy-Renker, which recently registered a slew of domain names related to a recall of its popular Proactiv acne treatment. It registered the domains under the name of MarkMonitor’s DNStination, Inc.

At first I assumed it just wanted to keep the domains under wraps while it worked on a recall announcement. But it turns out its intentions were a bit more nefarious. It didn’t register the domain ProactivRecall.com because it wanted to save it for an announcement; it did it to keep information out of the public’s hands.

Guthy-Renker has no problem having the resolving yet stealthy (and non-indexed) domain PAbottlereplacement.com use its corporate information in whois, but it wants to hide the obvious domains from view.

Guthy-Renker’s activities around these domains spurred John Berryhill to comment:

When some of these folks come to understand the competitive intelligence available in domain name data, they’ll be singing a different tune about WHOIS privacy.

Let’s just not tell the SEC until we absolutely have to.

Indeed, there’s a lot of competitive intelligence in whois data. Just ask Fusible, an anonymous blog that writes almost exclusively about possible new product launches based on nameserver data courtesy of DailyChanges.com.

So are big companies willing to eliminate all forms of whois privacy and proxy just to go after some of the bad actors? Are they really willing to come forward and claim ownership of domain names the moment they register them?

How do whois privacy services respond to requests to reveal owner information?

The Generic Names Supporting Organization (GNSO) has asked ICANN to consider the cost and feasibility of extended whois studies. ICANN has already undertaken studies to determine what percentage of whois records are accurate. The next study is to see how whois privacy and whois proxy services respond to requests to reveal the actual owner of domain names.

The study would involve working with individuals, businesses, first responders, complaint centers, and law enforcement that have made requests to whois services to reveal or relay information to the actual registrant.

For each submitted request, researchers will then solicit secondary input from the associated Privacy/Proxy service provider and Registrar to determine if the request was received, relayed, responded to, or otherwise acted upon.

This may be a challenge. I suspect the services that easily hand information over to requesters will cooperate; those that don’t want respond to the query from the researchers.