WHOIS is a protocol that all registrars must implement; it’s used to provide information about a domain to the general public. Historically, WHOIS has been a real treasure trove of information about anyone who registered a domain; however, due to privacy becoming an increasing concern, domain registrars began offering WHOIS privacy. This allows a proxy entity to present their information in the public WHOIS, while the proxy maintains the original domain holder information in secure, private storage.
What details are tied to a domain?
When you register for a domain, your personal details attached to this become publicly available as standard. Anyone can look up your domain with WHOIS, and see your full name, address, phone number, your domain registrar, domain age and more. Your domain details contain some sensitive information, which chances are that you’d prefer to be kept out of public view.
Do I really need privacy?
You don’t strictly need domain privacy, it’s not mandatory. However, there are plenty of reasons why it’s well worth thinking about when it comes to protecting yourself and your business. First of all, data breaches can be catastrophic in business, data attackers can cause breaches costing potentially millions. Fraudsters may even be able to conduct domain transfers or conduct identity theft. Other reasons for making your details private include reducing spam and unwanted solicitations, which can be annoying as well as time-consuming, having to trawl through it all. Your competitors might even use your website to conduct their own market research, and firms from capturing your information to resell to others. Private domain registration is able to keep your personal information out of the WHOIS database, meaning from there, it’s up to you to decide what information you wish to make public through your business website. You can provide contact information that’s safe for both you and your customers, and importantly, that you feel comfortable using. At the very least, you probably don’t want your home address on the internet for everyone to see, you wouldn’t post this on a public forum or social media website so why leave it visible on your domain lookup? In terms of your cyber security you’ll want to take a multi-faceted approach, and ensuring your domain privacy is just one aspect.
What privacy options are available?
Domain WHOIS privacy is the masking of all personal information about a domain name. However, not all domain extensions are allowed to have their WHOIS information set to private. Each Registry has its own rules regarding this, and actually, most country code top-level domains do not allow WHOIS protection. In March 2005, the National Telecommunications and Information Administration (NTIA) said that all owners of .us domains will no longer have the option of keeping their information private, and that information must be made public. This can be of concern to business owners, but what can be done?
-
GDPR Domain MaskingIn 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. The biggest impact of GDPR in the domain industry is on how registrant data is handled in the public. With GDPR, from May 25, 2018, even if you opt out of WHOIS privacy, your information is still protected. It’s worth bearing in mind however that while this is great to avoid spam, it can make other tasks harder since a WHOIS query can no longer identify you as the owner of a domain. This is something to bear in mind.
-
Domain Privacy Plus ProtectDomain Privacy + Protect and other similar features that domain hosting offer means you’re able to mask any personal information displayed on the ICANN directory with generic contact information instead.
-
Determine the stance of your top-level domainIt’s important to research any top level you plan on using to determine their stance on WHOIS data, and apply WHOIS privacy when it is available, as you see fit. For country code TLDs (ccTLDs), you will need to look at the policies for the top-level domain to determine their stance on WHOIS data and privacy options. For example, if you own a .uk domain and it’s not used for business purposes, you can remove your address details from the Whois database.
Summary
It’s clear that personal information we have tied to our domains needs to remain protected, since there are significant risks that can occur as a result of data falling into the wrong hands. However, this gets tricky because authorized entities still need access to that data- from law enforcement officials who need details regarding criminal investigations, to law firms and attorneys representing brands still need a way to fight trademark infringement. Choosing a hosting plan which includes privacy allows you to keep your details safe, while still being contactable by authorities if the situation ever arose.
Most of us work hard to protect our privacy in our day to day lives. We opt to have our number taken out of telephone listings, we refrain from posting photos outside our home that could make it easily identifiable and we may choose to blur our car number plate out of photos. In the same way, you can choose private domain registration to keep your contact information out of the hands of strangers. If you have concerns about misuse of the WHOIS database, consider using private domain registration to maintain control of your personal information and keep others from exploiting it for their own gain.