Join 3,516 readers in helping fund MetaFilter (Hide)


Blogging unanonymously
July 18, 2005 1:34 PM   Subscribe

Domains by Proxy is a fairly popular service run by GoDaddy that aims to protect your personal info from whois requests. The domains by proxy homepage has links to law enforcement and civil subpoena policies, making it sound like you actually have to do something deemed illegal by a judge or officer to get outed. One blogger found out something as simple as a letter from a local lawyer was enough to reveal all his personal details in a whois request, without ever being notified beforehand. Might be worth reading up on EFF's guide to anon blogging if you ever start a whistleblower site.
posted by mathowie (26 comments total) 1 user marked this as a favorite

 
I gotta say, while I feel bad for the Foetry guy and while I despise Domains by Proxy/GoDaddy for being lazy and stupid with his information, I also feel like he should have read the Proxy Agreement that Domains by Proxy makes you agree to when you sign up with them. In section four, it states (shortened to get rid of the legalese, but you can click the link to see it in its full glory):

You understand and agree that DBP has the absolute right and power, in its sole discretion and without any liability to You whatsoever, to either: (i) close Your account ... ; (ii) reveal Your name and personal information that You provided to DBP ... ; (iii) resolve any and all third party claims, whether threatened or made ... ; or (iv) take any other action DBP deems necessary ... if it comes to DBP's attention that You are using DBP's services for purposes of engaging in, participating in, sponsoring or hiding Your involvement in, illegal or morally objectionable activities, including but not limited to, activities which are designed, intended to or otherwise: ... (ii) defame, embarrass, harm, abuse, threaten, or harass third parties.

So, if DBP is threatened with an order that leads them to do research and decide that you're using anonymous registration in order to embarrass someone, then they retain the "absolute right and power" to out you, plain and simple. Seriously, I wouldn't touch their service with a ten-foot pole.
posted by delfuego at 1:42 PM on July 18, 2005


So actual legal action is not necessary, nor is it a requirement that the site do more than "embarass" another party?

I guess "Domain by proxy" is a fancy way of saying "we'll gladly charge you more without actually providing you with a higher level of service". Funny how they don't include "embarassing" in their list of 'morally questionable activities',
posted by clevershark at 1:56 PM on July 18, 2005


So I was right to lie like a rug when I originally filled out all that information because I didn't trust the upcharge for privacy deal?

Cool, now when the cops go looking for me they'll all end up at 1060 West Addison. Hahaha. Suckers, maybe they'll time it right so they can go catch a Cubs game.
posted by fenriq at 2:04 PM on July 18, 2005


This is yet another reason why I will never use GoDaddy for anything.
posted by bshort at 2:04 PM on July 18, 2005


From the EFF link: The Online Policy Group (OPG) offersprivacy-protective domain name registration at


They kind of leave you hanging.
posted by caddis at 2:10 PM on July 18, 2005


I find GoDaddy's owner's position on things like torture and the Minutemen to be questionable at best already, so I can't say that this new revelation will affect my domain transactions in the least.
posted by clevershark at 2:13 PM on July 18, 2005


Hmm... I guess the idea is, people can't get your info simply by doing whois, they've got to at least write a threating letter. So it's better then nothing

On the other hand. Yeah. Weak. I can see how they want to avoid getting sued or whatnot, but still.

If I really trying to do this, I'd try to find some shady indian outsourceing company to do my domain registration. What are you going to do if you're outside of the country?
posted by delmoi at 2:17 PM on July 18, 2005


caddis: the secret Online Policy Group website is hidden at:

http://www.onlinepolicy.org

And here's their Internet Services page:

http://www.onlinepolicy.org/hosting.shtml

... though it claims that all services are free, so I suspect that there's some kind of filter on what kinds of sites they'll help register anonymously.
posted by rkent at 2:42 PM on July 18, 2005


What legal obligation is there to include correct information in the whois registry?
posted by Rothko at 2:50 PM on July 18, 2005


Rothko, if you put false information, you can lose your domain if you are notified of the false info and do nothing in a set number of days.

A friend was threatened with the loss of her domain when some random person didn't like the site and reported the address as false to her registrar. She was forced to put her home address and phone number into whois to keep the domain.
posted by mathowie at 2:53 PM on July 18, 2005


Damned if you tell the truth and damned if you lie. Nice catch-22 they've built for us.
posted by fenriq at 3:12 PM on July 18, 2005


Does manually entering the hosting company's contact info count as giving "false information?" It seems odd to have to pay for the hosting company to do this for you.
posted by rxrfrx at 3:13 PM on July 18, 2005


mathowie: I have my domain at namecheap.com (it was a choice between them and godaddy.com at the time I chose them). I bought (for $2.50/yr, I think) whois protection. I'm not listed in the whois, they are. So, I wonder what would have happened to your friend had she had this type of domain. When the complaint came into namecheap.com they would have known her real address/phone, I guess. I hope.
posted by e40 at 3:18 PM on July 18, 2005


I've been doing my new registrations at -- and moving my existing registrations to -- a registrar in Canada. Of course it makes even more sense for me (being a Canuck in Canada and all), but it's also a layer of protection against being dicked around by lawyers who are a little too quick to fire off threatening letters for no good reason (we're not as impressed with that sort of behaviour here).
posted by clevershark at 4:03 PM on July 18, 2005


DBP is to stop Johnnie Spambot and Susie Nosey from getting your info. It does not a legal barrier make. More like an inconvenience.
posted by Eideteker at 5:47 PM on July 18, 2005


(I use DPB and GoDaddy and have no complaints.)
posted by Eideteker at 5:47 PM on July 18, 2005


Couldn't this person have gotten screwed like two weeks ago and saved me $8.95?
posted by yerfatma at 6:18 PM on July 18, 2005


I, too, am troubled by their president's philosophies and his hypocrisies.

Heh. You sure know how to play to a crowd.

But this absolutely sucks, and I hope you win damages somehow. At least now we all know not to give business to GoDaddy (if we want our privacy protected, anyway).
posted by gd779 at 6:44 PM on July 18, 2005


Mathowie,

Timely that you mention this.

I just discovered that someone had used DBP to purchase my last name -- Gorenfeld.com. I wondered if it was someone who didn't like my magazine journalism, or if it was some Gorenfeld family members.

So I called up DBP, saying I wanted to know which member of my Gorenfeld family bought it. The man on the other end said it was actually a Mr. David Payer.

I Googled Mr. David Payer and discovered he was the Iowa leader of the "Moonies," the movement that owns the Washington Times and threw a shindig on Capitol Hill last year naming Reverend Moon the Messiah.

My coverage of this inspired Mr. Payer to squat on Gorenfeld.com. His role as an official in the Des Moines, Iowa GOP may be why he turned to DBP to keep his identity secret.

I phoned him up and he said he was planning on using the Web site to "give you your 15 minutes of fame," in a very John Malkovich-y kind of way.

I asked if he was satisfied with the service from Domains By Proxy, since they so readily turned over his identity. He didn't really answer that.
posted by johngoren at 6:50 PM on July 18, 2005


Fenriq,

Classic Blues Brothers trick.
posted by johngoren at 7:00 PM on July 18, 2005


If you do not respond to our email or voice messages and/or the correspondence that DBP has received regarding Your domain name registration concerns a legal dispute or otherwise requires immediate forwarding and/or immediate disposition, DBP may immediately reveal Your identity...

I think that OR clause is the kicker...

Best wishes for success on that suit, DBP truly is a non-service.
posted by de void at 6:35 AM on July 19, 2005


I've never put personally identifiable information (home address or phone) in my whois information, ever. My listed address is care of the radio station where I work; it's a tiny, hard-to-find speck on a huge university campus, and access to the building is by cardkey only. I'm not too worried about some loon just showing up, as he or she could if my home address were listed. I can and do get mail at the listed address, and messages can be left for me at their phone number, which would make it a real address for me.

I would imagine that this would be sufficient for any registrar.
posted by chuq at 12:34 PM on July 19, 2005


I am a GoDaddy and Domains by Proxy user. This thread (espeically the bit about gorenfeld.com) has made me decide to take my business elsewhere.

As to the problem of not putting your real info in the whois, can't one just set up a dummy organization name, then use a P.O. box and answering service for the address/phone number? A lot of work, but if that's the only choice...
posted by Potsy at 12:57 PM on July 19, 2005


Matt,

We wanted to let the community know that Domains By Proxy is absolutely not in the habit of releasing it's customers' information without due process.

While we are not at liberty to address the specifics of any individual situation, we can say that when our company is contacted about a domain held by one of our customers and registered with privacy, we go through the same process in every case.

Once the complaint is received and processed, we levy an administrative fee against the registrant of the domain (as is stated in our agreement) and attempt to contact that registrant so that we can work with them to resolve the issue that is at the heart of the complaint. If the situation is resolved and the registrant is found not to be at fault, the administrative fee is refunded in full.

If the registrant of the domain does not respond to our attempts to contact them and resolve the situation, we then reserve the right to remove the privacy from the domain.
This is all covered within the user agreement that all registrants have to consent to prior to purchasing the service.

Our business is built upon the confidentiality of the WHOIS information that we hold. This is something that we take very seriously.

Douglas Preston Jr.
Go Daddy Guy
posted by GoDaddyGuy at 10:15 AM on July 20, 2005


Domains by Proxy's policy is to always notify customers prior to cancelling their privacy service based on a third party complaint. In some cases, we hear from the customer and we find that there is no need to cancel the service and the privacy protection is left in place. While we refuse to get dragged into a debate over this one customer's experience and thus violate our privacy policy, he knows and we know, that his case was no exception to our policy.

Domains by Proxy was formed and exists to provide legitimate privacy services for those who have a genuine need for protection. It does not exist to protect intellectual property infringers or other bad actors. So, if you're an infringer or bad actor, Domains by Proxy's privacy protection is not desinged for you. However, we do now, and will continue to, notify customers prior to cancellation.

And, we checked folks, there have been no exceptions made to this policy.
posted by GoDaddyGuy at 1:30 PM on July 21, 2005


IANAL, but terms of service aside, isn't there a base liability here?

To take an unconnected example, what if I have a "clean" email account that is exposed in WHOIS without my knowledge, and I subsequently fall for a phishing scam that causes me financial harm? Doesn't DBP hold some responsibility? Hell, I have the ability to change my public domain registrations to Anytown, USA if I wish, but when a DBP registrant loses in GoDaddy's evaluation, they are simply revealed with no opportunity to revise the information first?

Even with "notice," I wonder if there's precedent for the level of notice and response window that satisfies a privacy obligation. If I were in the business of selling anonymity, I'd think it would be good practice to err on the side of privacy. Heck, from a PR perspective, I'd at the very least want to give the impression that I err on the side of privacy.

GoDaddyGuy: Are you guys seriously coming on Metafilter to use your TOS as a means of explaining away a seemingly reasonable consumer complaint? How many of us will consider signing up for DBP after seeing the arrogance with which you handle this one customer?

You're not even offering any real response to Foetry Guy's complaints. Basically, you're trying to *wink wink* leave the impression that Foetry Guy is lying and suggest that we should trust you because... you say so.

It's clear that Foetry Guy's private information was released, and that he was paying for that private information to be protected. He claims that this was done without his knowledge, and that his requests for clarification has been ignored. So what we'd really like to hear from you is at least that you intend to respond to his lawyer's requests, so that we know that if we do choose to sign up for your service in the future, we'll at least have some recourse if we end up in a similar situation.

GoDaddy's CEO has seen some unpleasant treatment here in recent months due to his weblog postings. It's a shame that an actual GoDaddy employee posting on the site has been equally unimpressive.

And since the discussion has died down here, feel free to pick it up at the Foetry.com forums, where GoDaddyGuy reiterates (word for word) his early points...
posted by VulcanMike at 9:53 PM on August 14, 2005


« Older This week, the New Republic's &c. blog is providi...  |  The Watchful Investor... Newer »


This thread has been archived and is closed to new comments