RE: GoDaddy deleting most ancillary registration contact information

[Gary Sparkes via NANOG <nanog () lists nanog org>]

Hey, I was just providing two major examples!

Google, Gandi, Godaddy, Porkbun, NameSilo (provided free, not sure if enabled by default), Network Solutions (not by 
default as far as I recall, but free still), etc... I can't think of a registrar that *doesn't* do it anymore since the 
advent of GDPR 

Etc etc..... 

-----Original Message-----
From: Mel Beckman <mel () beckman org> 
Sent: Saturday, July 19, 2025 8:05 PM
To: nanog () lists nanog org
Cc: bzs () theworld com; Gary Sparkes <gary () kisaracorporation com>; Dorn Hetzel <dorn () hetzel org>; nanog () lists 
nanog org
Subject: Re: GoDaddy deleting most ancillary registration contact information 

So, 2 out of 2400. “Two, if not all”. LOL! 

-mel via cell

> On Jul 19, 2025, at 4:47 PM, Dorn Hetzel via NANOG <nanog () lists nanog org> wrote:
>
> None of my personal domains have any sort of privacy turned on, never 
> have (it didn't exist when the oldest ones were registered via SRI), 
> and never will.
> Personally, it feels skanky to do it, but I guess that's just one opinion.
>
>
> > On Sat, Jul 19, 2025 at 7:39 PM Gary Sparkes via NANOG < 
> > nanog () lists nanog org> wrote:
> >
> > Cloudflare and Namecheap default to privacy, and don't charge for it.
> >
> > -----Original Message-----
> > From: Mel Beckman via NANOG <nanog () lists nanog org>
> > Sent: Saturday, July 19, 2025 7:11 PM
> > To: nanog () lists nanog org
> > Cc: bzs () theworld com; nanog () lists nanog org; Mel Beckman 
> > <mel () beckman org>
> > Subject: Re: GoDaddy deleting most ancillary registration contact 
> > information
> >
> > > On Jul 19, 2025, at 2:03 PM, David Conrad via NANOG <
> > nanog () lists nanog org> wrote:
> > > I believe it is the result of most if not all Registrars defaulting 
> > > to
> > “privacy” for registrations since GDPR was enacted.
> >
> > David,
> >
> > Most if not all? I don’t know of any registrars that default to “privacy”
> > for registrations. In fact, the all sell it as an add-on option that 
> > you have to explicitly accept and agree to pay for.
> >
> > It seems like registrars are doing this to just reduce the amount of 
> > data they’re responsible to maintain, while not reducing costs one iota.
> >
> > I’ll bet if the FTC, or whoever, mandated that this reduced level of 
> > service required a refund to existing registrants, we’d find exactly 
> > how much non-European Registrars really respect the GPDR!
> >
> > -mel via cell
> >
> > > Barry,
> > >
> > > > On Jul 19, 2025, at 11:50 AM, bzs () theworld com wrote:
> > > > > On July 18, 2025 at 19:39 nanog () lists nanog org (David Conrad via
> > NANOG) wrote:
> > > > > My somewhat cynical answer: if you relied on domain (and likely IP
> > address/ASN in the future) registration data, it might be worthwhile 
> > figuring out alternatives to that reliance.  Les cynically: 
> > pragmatically, given the vast majority of contact information these 
> > days points to privacy providers or is redacted, I’m unclear there 
> > will be significant impact — the data is already pretty useless.
> > > > Even if 90% were useless it would still be of use, possibly 
> > > > critically, in the other 10% of cases and I don't think it's 
> > > > anywhere near 90%.
> > >
> > > I’ve not done an exhaustive survey myself, but the “majority of 
> > > contact
> > information” comment was taken from my interactions with law 
> > enforcement and I believe it is the result of most if not all 
> > Registrars defaulting to “privacy” for registrations since GDPR was 
> > enacted.  However, since the law enforcement folks I deal with are 
> > mostly interested in current activities, e.g., phish/botnet/etc., 
> > it’s likely they focus on recently registered domains so there may be a selection bias. As such, I won’t argue the 
> > point.
> > > > Particularly if one can consider legitimate "privacy providers"
> > > > useful as they can be contacted, subpoenaed, etc. which you seem to 
> > > > count as being in the "useless" category.
> > >
> > > As mentioned, ICANN still requires registrars to collect valid 
> > > contact
> > information, however that information is not provided to the public 
> > as it once was.  It is, of course, still subject to subpoena/court 
> > order (depending on jurisdiction, of course) and it’s theoretically 
> > possible, if you can make your case to the registrar, that they’ll 
> > provide registration information to you if you can demonstrate 
> > “legitimate interest” (at the registrar’s discretion and risk, of course).
> > > > Whatever happened to "if your registration data is fraudulent, 
> > > > obsolete, or incorrect you stand to have your registration canceled"?
> > >
> > > AFAIK, it remains a contractual requirement despite ICANN 
> > > undertaking a
> > law suit in Germany to enforce it for admin-c and tech-c and losing 
> > (if interested, see 
> > https://www.afslaw.com/perspectives/the-fine-print/recent-lawsuit-ica
> > nn-against-german-domain-registrar-highlights
> > ).
> > > However, this gets into an “interesting” (or “infuriating”, 
> > > depending on
> > your POV) discussion about what contact information “accuracy” means. 
> > ICANN Accredited Registrars’ view (which I provide without comment) 
> > is at 
> > https://rrsg.org/wp-content/uploads/2024/03/RrSG-Approach-to-Registra
> > tion-Data-Accuracy-March-2024.pdf
> > .
> > > > This seems like an admission that this policy was not enforced.
> > >
> > >
> > > Not sure how you got there. Registrars (or their lawyers) will 
> > > (have,
> > and do) argue that they abide by the policy (see the Registrar’s 
> > position above). ICANN Contractual Compliance argues that they 
> > enforce the policy (see pretty much any statement by the head of 
> > ICANN CC). I have my opinions, but they’re not particularly relevant. 
> > Since GDPR, the flagging of inaccurate registration has 
> > unsurprisingly tanked, so it’s difficult for the public to determine 
> > if registration information is accurate or inaccurate (for whatever value of the variable “accurate" you want to 
> > use).
> > Perhaps somewhat relevant, see sections 5.2 and 6.4 of 
> > https://www.icann.org/en/system/files/files/inferential-analysis-mali
> > ciously-registered-domains-08nov24-en.pdf,
> > but that probably doesn’t help that much.
> > > Regards,
> > > -drc
> > >
> > > _______________________________________________
> > > NANOG mailing list
> > > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/
> > > VT
> > > C33LVNIQ6ZCHVXL3YLRFCTTDJ6TEHN/
> > > <signature.asc>
> > _______________________________________________
> > NANOG mailing list
> >
> > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/V
> > FIPBHSKZYDFMKRT5RRMPCGMIESCXUZ6/ 
> > _______________________________________________
> > NANOG mailing list
> >
> > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/E
> > X7HBCA5RDMPXEZ3R4RSOWU33RS242AD/
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/H2
> JC46XX6B4TOLBK5LDBFKK63LCJMRCL/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/5AIB7SGGVJAOP5LYBVP5RWVYKULGKZFV/