Re: GoDaddy deleting most ancillary registration contact information

[David Conrad via NANOG <nanog () lists nanog org>]

As does GoDaddy (which triggered this thread), which is the largest registrar by far (based on market share).

Regards,
-drc

> On Jul 19, 2025, at 4:38 PM, Gary Sparkes via NANOG <nanog () lists nanog org> wrote:
>
> Cloudflare and Namecheap default to privacy, and don't charge for it.
>
> -----Original Message-----
> From: Mel Beckman via NANOG <nanog () lists nanog org>
> Sent: Saturday, July 19, 2025 7:11 PM
> To: nanog () lists nanog org
> Cc: bzs () theworld com; nanog () lists nanog org; Mel Beckman <mel () beckman org>
> Subject: Re: GoDaddy deleting most ancillary registration contact information
>
> > On Jul 19, 2025, at 2:03 PM, David Conrad via NANOG <nanog () lists nanog org> wrote:
> > I believe it is the result of most if not all Registrars defaulting to “privacy” for registrations since GDPR was 
> > enacted.
>
> David,
>
> Most if not all? I don’t know of any registrars that default to “privacy” for registrations. In fact, the all sell it 
> as an add-on option that you have to explicitly accept and agree to pay for.
>
> It seems like registrars are doing this to just reduce the amount of data they’re responsible to maintain, while not 
> reducing costs one iota.
>
> I’ll bet if the FTC, or whoever, mandated that this reduced level of service required a refund to existing 
> registrants, we’d find exactly how much non-European Registrars really respect the GPDR!
>
> -mel via cell
>
> > Barry,
> >
> > > On Jul 19, 2025, at 11:50 AM, bzs () theworld com wrote:
> > > > On July 18, 2025 at 19:39 nanog () lists nanog org (David Conrad via NANOG) wrote:
> > > > My somewhat cynical answer: if you relied on domain (and likely IP address/ASN in the future) registration data, 
> > > > it might be worthwhile figuring out alternatives to that reliance.  Les cynically: pragmatically, given the vast 
> > > > majority of contact information these days points to privacy providers or is redacted, I’m unclear there will be 
> > > > significant impact — the data is already pretty useless.
> > > Even if 90% were useless it would still be of use, possibly
> > > critically, in the other 10% of cases and I don't think it's anywhere
> > > near 90%.
> >
> > I’ve not done an exhaustive survey myself, but the “majority of contact information” comment was taken from my 
> > interactions with law enforcement and I believe it is the result of most if not all Registrars defaulting to 
> > “privacy” for registrations since GDPR was enacted.  However, since the law enforcement folks I deal with are mostly 
> > interested in current activities, e.g., phish/botnet/etc., it’s likely they focus on recently registered domains so 
> > there may be a selection bias. As such, I won’t argue the point.
> >
> > > Particularly if one can consider legitimate "privacy providers"
> > > useful as they can be contacted, subpoenaed, etc. which you seem to
> > > count as being in the "useless" category.
> >
> > As mentioned, ICANN still requires registrars to collect valid contact information, however that information is not 
> > provided to the public as it once was.  It is, of course, still subject to subpoena/court order (depending on 
> > jurisdiction, of course) and it’s theoretically possible, if you can make your case to the registrar, that they’ll 
> > provide registration information to you if you can demonstrate “legitimate interest” (at the registrar’s discretion 
> > and risk, of course).
> >
> > > Whatever happened to "if your registration data is fraudulent,
> > > obsolete, or incorrect you stand to have your registration canceled"?
> >
> > AFAIK, it remains a contractual requirement despite ICANN undertaking a law suit in Germany to enforce it for 
> > admin-c and tech-c and losing (if interested, see 
> > https://www.afslaw.com/perspectives/the-fine-print/recent-lawsuit-icann-against-german-domain-registrar-highlights).
> >
> > However, this gets into an “interesting” (or “infuriating”, depending on your POV) discussion about what contact 
> > information “accuracy” means. ICANN Accredited Registrars’ view (which I provide without comment) is at 
> > https://rrsg.org/wp-content/uploads/2024/03/RrSG-Approach-to-Registration-Data-Accuracy-March-2024.pdf.
> >
> > > This seems like an admission that this policy was not enforced.
> >
> >
> > Not sure how you got there. Registrars (or their lawyers) will (have, and do) argue that they abide by the policy 
> > (see the Registrar’s position above). ICANN Contractual Compliance argues that they enforce the policy (see pretty 
> > much any statement by the head of ICANN CC). I have my opinions, but they’re not particularly relevant. Since GDPR, 
> > the flagging of inaccurate registration has unsurprisingly tanked, so it’s difficult for the public to determine if 
> > registration information is accurate or inaccurate (for whatever value of the variable “accurate" you want to use). 
> > Perhaps somewhat relevant, see sections 5.2 and 6.4 of 
> > https://www.icann.org/en/system/files/files/inferential-analysis-maliciously-registered-domains-08nov24-en.pdf, but 
> > that probably doesn’t help that much.
> >
> > Regards,
> > -drc
> >
> > _______________________________________________
> > NANOG mailing list
> > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VT
> > C33LVNIQ6ZCHVXL3YLRFCTTDJ6TEHN/
> > <signature.asc>
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VFIPBHSKZYDFMKRT5RRMPCGMIESCXUZ6/
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/EX7HBCA5RDMPXEZ3R4RSOWU33RS242AD/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/FCYDLENGFJMTHQOZA6CQQC3YIWNMKR7W/