New ICANN agreement requires domain registrars to verify user identity

By on July 1, 2013, 12:00 PM
icann, registrar accreditation agreement, raa, domain registration

The board of directors at the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit group that governs a wide array of web-based technology, recently approved the Registrar Accreditation Agreement (RAA) which will soon have an impact on how domain registrars like GoDaddy and Dotster handle signups for web domains.

Under the new rule, domain registrars will be required to verify either the e-mail address of phone number of users that sign up for a new domain within 15 days of applying. If a user fails to do so after the allotted time, the registrar has been instructed to suspend the registration until verification is taken care of.

Furthermore, registrars will be required to keep detailed records on customers for up to two years after a registration has been canceled. This includes information like the credit card that was used to register the domain, we’re told. Also, registrars must keep a record of the IP address used to sign up for the domain for up to 180 days while users are required to update contact information within seven days of making any changes.

It would seem that ICANN is hoping to deter individuals from setting up websites that would contain unlawful material or perhaps sites that would facilitate the sale of illegal goods. The changes will also ensure that WHOIS data is more accurate and reliable but even still, these measures could easily be circumvented if someone simply puts their mind to it. After all, fake e-mail addresses and phone numbers aren’t that hard to come by.




User Comments: 14

Got something to say? Post a comment
Guest said:

I am sure all the privacy cry babies will whine and cry and shed a lot of tears but this is a great thing. Very glad to here it.

Guest said:

keep detailed records on customers for up to two years after a registration has been canceled. This includes information like the credit card that was used

Yea and im sure all that "data" will be kept safe and secure. And keeping it for only 2 years? Right. And the NSA only wants to protect us.

Now if only they would do something about people who "park" every domain with the words "the" and "I(something)", and then charge the buyer $1000+. That would be news.

1 person liked this | FF222 said:

"It would seem that ICANN is hoping to deter individuals from setting up websites that would contain unlawful material or perhaps sites that would facilitate the sale of illegal goods"

Not really. Criminals will have no problem stealing a complete identity of a person and/or credit cards to facilitate registration, and they will have no problem abandoning the domain and the site if their fraud gets exposed. So this policy will not stop any illegal activities.

On the other side this will be a great source of information for targeted IRS audits, police raids with fabricated evidence, etc. against otherwise honest and law abiding citizens who will use - or allow others to use - their websites to voice their disagreement and publish critics against the government, the megacorps and the holders of power in general.

MilwaukeeMike said:

The changes will also ensure that WHOIS data is more accurate and reliable but even still, these measures could easily be circumvented if someone simply puts their mind to it. After all, fake e-mail addresses and phone numbers aren?t that hard to come by.

But don't you need to pay for the domain name? Fake credit card numbers are rather hard to come by.

1 person liked this | Guest said:

I am sure all the privacy cry babies will whine and cry and shed a lot of tears but this is a great thing. Very glad to here it.

Privacy cry babies? Because taking away rights is something not to complain about? How about we take away some of yours. We can start with, the right to vote. Its funny, people like you would never trust a stranger with your SSN or any other important documents, but would gladly give anything up to someone working for government or any other organization.

Tell you what. Give me your SSN, DOB, and place of residence. Ill hold on to it for 2 years and promise not to sell,share,use,or keep it longer. Deal? Until you are comfortable with that, please just STFU and stop trolling.

spydercanopus spydercanopus said:

Now you're guaranteed to get swatted when your forum gets a post about : Assassination, Attack, Drill, Exercise, Cops, Law enforcement, Prevention, Recovery, Dirty bomb, First responder, Deaths, Police, Initiative, Breach, Security, Looting, Facility, Hazmat, Toxic, Gas, North Korea, Infection, Chemical, Recall, Virus, Flu, CDC, Toxic, Agriculture, Symptoms, Resistant, Infection, Sick, Electric, Tamiflu, Metro, Communications, Airport, Subway, San Diego, Illegal immigrants, Mexico, Iraq, Iran, Afghanistan, Hezbollah, Jihad, Pirates, Nationalist, Fundamentalism, Islamist.

Opps, sorry Julio. xD

1 person liked this | Guest said:

BIGGY is hitting every day harder and harder... I reckon that Amish were right

Guest said:

@ Guest

Privacy cry babies? Because taking away rights is something not to complain about? How about we take away some of yours. We can start with, the right to vote. Its funny, people like you would never trust a stranger with your SSN or any other important documents, but would gladly give anything up to someone working for government or any other organization.

Tell you what. Give me your SSN, DOB, and place of residence. Ill hold on to it for 2 years and promise not to sell,share,use,or keep it longer. Deal? Until you are comfortable with that, please just STFU and stop trolling.

You are not in a position of trust.

MilwaukeeMike said:

"It would seem that ICANN is hoping to deter individuals from setting up websites that would contain unlawful material or perhaps sites that would facilitate the sale of illegal goods"

Not really. Criminals will have no problem stealing a complete identity of a person and/or credit cards to facilitate registration, and they will have no problem abandoning the domain and the site if their fraud gets exposed. So this policy will not stop any illegal activities.

That's like saying there's no point to a bullet proof vest because you could still get shot in the head.

On the other side this will be a great source of information for targeted IRS audits, police raids with fabricated evidence, etc. against otherwise honest and law abiding citizens who will use - or allow others to use - their websites to voice their disagreement and publish critics against the government, the megacorps and the holders of power in general.

haven't we already decided that the NSA records everything anyway? Why would the govt or IRS need to use ICANN's records?

Most of us are already registered with the govt in like 6 different ways and registered with businesses in probably 15 different places. What's the difference if our name is one more place?

It's probably just a precursor to being taxed. once they find out how many people are creating websites they'll start taxing it.

FF222 said:

That's like saying there's no point to a bullet proof vest because you could still get shot in the head.

No, that's like saying that there's no point in wearing a vest that only protects you from projectiles of toy guns, but doesn't from those of real weapons. There's no point in implementing a security policy to deter illegal use which can only work if everyone plays by the rules, and can be easily circumvented by illegal means.

haven't we already decided that the NSA records everything anyway?

1. That doesn't mean they have your identity, for ex. if you never gave that away in the first place.

2. Another perfect example of a bullet proof vest that only protects you from toy guns. Serious criminals will use encryption and will not post their stuff through Facebook or Google in the first place. So the NSA spying is totally useless against terrorist (that's why they actually prevented zero attacks in the past decade - all attempts where thwarted by fellow passengers and stand-by-ers, not by government agents), and by definition can only be used against honest citizens who have nothing to hide - or so they think.

Most of us are already registered with the govt in like 6 different ways and registered with businesses in probably 15 different places. What's the difference if our name is one more place?

That's like asking what's the difference between taping you having sex with your wife and taping you at a sports event in the audience. Just because you've been and won't mind being taped at a baseball match, you surely wouldn't want to have cameras capture what you're doing in your bedroom. The same holds true for business registrations, public records, etc. being bound to your name, and your personal opinions or beliefs - not neccessarily accepted or agreen on by some or majority parts of society - being bound to your name, address, etc.

Or do you really think there's not a single nut job out there who would be ready even to kill you for this or that you wrote here or there? Because if you're required to supply your real name and address to everything you post online, and if practically anyone can access that information (even if they have to pay a small fee for that), then everyone can come to your house and talk face to face about your opinions posted online - or do whatever they think they need or have to do with your, your family, friends, neighbours, etc.

MilwaukeeMike said:

There's no point in implementing a security policy to deter illegal use which can only work if everyone plays by the rules, and can be easily circumvented by illegal means.

Yes there is. A comparison would be the gun control debate. Why would a criminal follow a gun control law when they're going to go shoot someone? The answer is they won't. So why would a criminal be deterred by having to give a name and credit card before setting up an illegal website, right? The difference is breaking a gun control law is far less severe than shooting someone, but credit card fraud may not be less severe than setting up a website that plans on selling fake weight loss pills. And credit card fraud is probably more closely watched. In fact, setting up a website is probably always legal unless it's child porn or something similar (Freedom of expression and all that). So in fact you'd be breaking the law to pull of something that's not illegal.

1. That doesn't mean they have your identity, for ex. if you never gave that away in the first place.

If the NSA is recording phone calls and grabbing emails, they can put a name to it. It's in the email header.

2. Another perfect example of a bullet proof vest that only protects you from toy guns. Serious criminals will use encryption and will not post their stuff through Facebook or Google in the first place. So the NSA spying is totally useless against terrorist (that's why they actually prevented zero attacks in the past decade - all attempts where thwarted by fellow passengers and stand-by-ers, not by government agents), and by definition can only be used against honest citizens who have nothing to hide - or so they think.

I won't waste my time linking any news stories to thwarted terrorist attacks (how'd you switch to terrorism?). You probably won't click on them, and you probably won't believe them, regardless of whether it's MSNBC or Fox, and the stories are on both.

Either way it's irrelevant because this story we're commenting on has nothing to do with Facebook or Google, it has to do with recording who is registering websites.

That's like asking what's the difference between taping you having sex with your wife and taping you at a sports event in the audience. Just because you've been and won't mind being taped at a baseball match, you surely wouldn't want to have cameras capture what you're doing in your bedroom. The same holds true for business registrations, public records, etc. being bound to your name, and your personal opinions or beliefs - not neccessarily accepted or agreen on by some or majority parts of society - being bound to your name, address, etc.

How did you equate having to sign your name when you register a website to the govt having a camera in our bedroom? That is not a similar invasion of privacy. You expect me to say "No, I don't want a camera in my bedroom" and them I'm supposed to believe that registering my name with my website is equally as creepy?

Or do you really think there's not a single nut job out there who would be ready even to kill you for this or that you wrote here or there? Because if you're required to supply your real name and address to everything you post online....

I'm not too worried about it... I saw a car the other day with the license plate BLU BUBL and it was covered in liberal stickers for just about every possible issue. There was an Obama 2008 one so that car has at least been on the road for 5 years and no one has dragged them out of it and killed them for their opinion. But again, this is an article about registering websites, not overall online privacy.

I know now you probably think I'm all in favor of NSA snooping and the like, and I'm not. Not even close. But I'm not going to chase this stick off the porch like some excited puppy when there are still no answers about Benghazi, the IRS targeting or the extent of the PRISM project.

Oh, and welcome to Techspot

Guest said:

Oh I am so mad, I signed up with a company that lets me talk on one of them thar cell phone contraptions. They said I can I can talk to ALL my friends from wherever I am. I loved it. Then got a letter in the mail. I was so mad when I seen these things:

1. they know WHO I CALL!

2. they know HOW OFTEN I CALL!

3. they know even WHEN I CALL!

4. they even know HOW LONG I TALKED

5. they know even WHERE I WAS WHEN I CALLED!!

I canceled right away because I value my privacy! you all should check your phones, if they were tracking me, I bet they are tracking you too!

captaincranky captaincranky, TechSpot Addict, said:

Oh I am so mad, I signed up with a company that lets me talk on one of them thar cell phone contraptions. They said I can I can talk to ALL my friends from wherever I am. I loved it. Then got a letter in the mail. I was so mad when I seen these things:

1. they know WHO I CALL!

2. they know HOW OFTEN I CALL!

3. they know even WHEN I CALL!

4. they even know HOW LONG I TALKED

5. they know even WHERE I WAS WHEN I CALLED!!

I canceled right away because I value my privacy! you all should check your phones, if they were tracking me, I bet they are tracking you too!

A cadre of mental health professionals should be included in your calling circle as well. You sound like you need to have people like that to look after you.

Unless you're too paranoid to make an appointment, because then they'll not only know where you've been, but where you're going to be as well......:eek:

Guest said:

All emergency calls are by default tracked. Carriers can track which tower you're using and figure out the radius between towers and keep closing the circle.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.