Re: GoDaddy deleting most ancillary registration contact information

[David Conrad via NANOG <nanog () lists nanog org>]

I believe the majority of registrars are used for drop catching, so many of those 2400 are associated with around 200 
registrar “families” (last I looked, it’s sort of hard to be exact since families aren’t official).  If you peruse 
https://www.icann.org/en/contracted-parties/accredited-registrars/list-of-accredited-registrars you’ll see obvious 
signs of affiliated companies (e.g., look at “namepal” to pick one example).  It might be more useful to look at the 
market share of the registrars and see which of those registrars default to “redacted for privacy”. 

However, this feels like hair splitting to me. If you don’t like the term “most, if not all”, how about “lots”? Not 
sure where you’re going with this. You were the one who raised the question of potential operational impact of 
GoDaddy’s action and I’ve been trying to point out that yes, there is non-trivial impact and how we got here. YMMV.

Regards,
-drc

> On Jul 19, 2025, at 5:04 PM, Mel Beckman via NANOG <nanog () lists nanog org> wrote:
>
> So, 2 out of 2400. “Two, if not all”. LOL!
>
> -mel via cell
>
> > On Jul 19, 2025, at 4:47 PM, Dorn Hetzel via NANOG <nanog () lists nanog org> wrote:
> >
> > None of my personal domains have any sort of privacy turned on, never have
> > (it didn't exist when the oldest ones were registered via SRI), and never
> > will.
> > Personally, it feels skanky to do it, but I guess that's just one opinion.
> >
> >
> > > On Sat, Jul 19, 2025 at 7:39 PM Gary Sparkes via NANOG <
> > > nanog () lists nanog org> wrote:
> > >
> > > Cloudflare and Namecheap default to privacy, and don't charge for it.
> > >
> > > -----Original Message-----
> > > From: Mel Beckman via NANOG <nanog () lists nanog org>
> > > Sent: Saturday, July 19, 2025 7:11 PM
> > > To: nanog () lists nanog org
> > > Cc: bzs () theworld com; nanog () lists nanog org; Mel Beckman <mel () beckman org>
> > > Subject: Re: GoDaddy deleting most ancillary registration contact
> > > information
> > >
> > > > On Jul 19, 2025, at 2:03 PM, David Conrad via NANOG <
> > > nanog () lists nanog org> wrote:
> > > > I believe it is the result of most if not all Registrars defaulting to
> > > “privacy” for registrations since GDPR was enacted.
> > >
> > > David,
> > >
> > > Most if not all? I don’t know of any registrars that default to “privacy”
> > > for registrations. In fact, the all sell it as an add-on option that you
> > > have to explicitly accept and agree to pay for.
> > >
> > > It seems like registrars are doing this to just reduce the amount of data
> > > they’re responsible to maintain, while not reducing costs one iota.
> > >
> > > I’ll bet if the FTC, or whoever, mandated that this reduced level of
> > > service required a refund to existing registrants, we’d find exactly how
> > > much non-European Registrars really respect the GPDR!
> > >
> > > -mel via cell
> > >
> > > > Barry,
> > > >
> > > > > On Jul 19, 2025, at 11:50 AM, bzs () theworld com wrote:
> > > > > > On July 18, 2025 at 19:39 nanog () lists nanog org (David Conrad via
> > > NANOG) wrote:
> > > > > > My somewhat cynical answer: if you relied on domain (and likely IP
> > > address/ASN in the future) registration data, it might be worthwhile
> > > figuring out alternatives to that reliance.  Les cynically: pragmatically,
> > > given the vast majority of contact information these days points to privacy
> > > providers or is redacted, I’m unclear there will be significant impact —
> > > the data is already pretty useless.
> > > > > Even if 90% were useless it would still be of use, possibly
> > > > > critically, in the other 10% of cases and I don't think it's anywhere
> > > > > near 90%.
> > > >
> > > > I’ve not done an exhaustive survey myself, but the “majority of contact
> > > information” comment was taken from my interactions with law enforcement
> > > and I believe it is the result of most if not all Registrars defaulting to
> > > “privacy” for registrations since GDPR was enacted.  However, since the law
> > > enforcement folks I deal with are mostly interested in current activities,
> > > e.g., phish/botnet/etc., it’s likely they focus on recently registered
> > > domains so there may be a selection bias. As such, I won’t argue the point.
> > > > > Particularly if one can consider legitimate "privacy providers"
> > > > > useful as they can be contacted, subpoenaed, etc. which you seem to
> > > > > count as being in the "useless" category.
> > > >
> > > > As mentioned, ICANN still requires registrars to collect valid contact
> > > information, however that information is not provided to the public as it
> > > once was.  It is, of course, still subject to subpoena/court order
> > > (depending on jurisdiction, of course) and it’s theoretically possible, if
> > > you can make your case to the registrar, that they’ll provide registration
> > > information to you if you can demonstrate “legitimate interest” (at the
> > > registrar’s discretion and risk, of course).
> > > > > Whatever happened to "if your registration data is fraudulent,
> > > > > obsolete, or incorrect you stand to have your registration canceled"?
> > > >
> > > > AFAIK, it remains a contractual requirement despite ICANN undertaking a
> > > law suit in Germany to enforce it for admin-c and tech-c and losing (if
> > > interested, see
> > > https://www.afslaw.com/perspectives/the-fine-print/recent-lawsuit-icann-against-german-domain-registrar-highlights
> > > ).
> > > > However, this gets into an “interesting” (or “infuriating”, depending on
> > > your POV) discussion about what contact information “accuracy” means. ICANN
> > > Accredited Registrars’ view (which I provide without comment) is at
> > > https://rrsg.org/wp-content/uploads/2024/03/RrSG-Approach-to-Registration-Data-Accuracy-March-2024.pdf
> > > .
> > > > > This seems like an admission that this policy was not enforced.
> > > >
> > > >
> > > > Not sure how you got there. Registrars (or their lawyers) will (have,
> > > and do) argue that they abide by the policy (see the Registrar’s position
> > > above). ICANN Contractual Compliance argues that they enforce the policy
> > > (see pretty much any statement by the head of ICANN CC). I have my
> > > opinions, but they’re not particularly relevant. Since GDPR, the flagging
> > > of inaccurate registration has unsurprisingly tanked, so it’s difficult for
> > > the public to determine if registration information is accurate or
> > > inaccurate (for whatever value of the variable “accurate" you want to use).
> > > Perhaps somewhat relevant, see sections 5.2 and 6.4 of
> > > https://www.icann.org/en/system/files/files/inferential-analysis-maliciously-registered-domains-08nov24-en.pdf,
> > > but that probably doesn’t help that much.
> > > > Regards,
> > > > -drc
> > > >
> > > > _______________________________________________
> > > > NANOG mailing list
> > > > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VT
> > > > C33LVNIQ6ZCHVXL3YLRFCTTDJ6TEHN/
> > > > <signature.asc>
> > > _______________________________________________
> > > NANOG mailing list
> > >
> > > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VFIPBHSKZYDFMKRT5RRMPCGMIESCXUZ6/
> > > _______________________________________________
> > > NANOG mailing list
> > >
> > > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/EX7HBCA5RDMPXEZ3R4RSOWU33RS242AD/
> > _______________________________________________
> > NANOG mailing list
> > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/H2JC46XX6B4TOLBK5LDBFKK63LCJMRCL/
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/3JK2HBDKTKXD5MVUH4S7LRKHVS64IS7Q/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/XLGFAD6YPSPDYULM5LS7TCNENGNKLI23/