[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is WHOIS going to go away?

On 04/14/2018 07:29 PM, Florian Weimer wrote:
> * Filip Hruska:
>> EURID (.eu) WHOIS already works on a basis that no information about the
>> registrant is available via standard WHOIS.
>> In order to get any useful information you have to go to
>> https://whois.eurid.eu and make a request there.
>> Seems like a reasonable solution.
> Why?  How does the protocol matter?
> Either you may publish individual personal information for use by the
> general public, or you may not.  Adding a 4 to the port number doesn't
> change that.

The EURID webwhois cannot be scraped, there are anti-bot measures in 
place (captcha, throttling, all information displayed in images).
Scraping WHOIS systems for thousands domains at once using the WHOIS 
protocol is easy though. There are "WHOIS History" sites which scrape 
all domains and then publish the data along with the date of retrieval.

GDPR contains this in relation to the right to erasure:

 1. Where the controller has made the personal data public and is
    obliged pursuant to paragraph 1 to erase the personal data, *the
    controller, taking account of available technology and the cost of
    implementation, shall take reasonable steps, including technical
    measures, to inform controllers which are processing the personal
    data that the data subject has requested the erasure* by such
    controllers of any links to, or*copy or replication of, those
    personal data*.

Controller is the TLD operator in this case, other controllers would be 
WHOIS scrapers. The problem here is the definition of "reasonable steps".
Would doing nothing be reasonable? Or would the TLD operator need to 
somehow track all those scrapers and contact them?

IANAL, but I see a problem here.

Filip Hruska
Linux System Administrator