[sf-lug] SF[-]LUG & domain(s) Re: Domain ...

Rick Moen rick at linuxmafia.com
Sun Apr 7 16:09:04 PDT 2019 

Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):

> Well, as for sf-lug.org & sf-lug.com on joker.com ...
> whois ... it has Jim (James Stockford) & Rick Moen,
> as for access to that (e.g. change or whatever), I've got access
> and I believe Jim still does too.
> As for the "broken" whois ...
> Yeah, ... GDPR ...
> https://joker.com/index.joker?mode=reseller_docs#gdpr
> I'm not spotting, at least easily on joker.com - a way to "unhide"
> the customary whois data.

Oh, it's much worse than that.  They're declaring that it's permanently
gone for all domains registered there.

tl;dr:  IMO, time to jump ship.

https://joker.com/index.joker#gdpr has the new policy, and it's pretty
dire in its effects.  (The URL you give is restricted to logged-in
users, but the one immediately above isn't.  I was able to view your 
page after logging in using my Joker.com customer account, and it
appears to be the same page contents.)


  Whois

  One of the most visible changes will affect the Whois system, and the
  data currently requested for it.
  We basically adopt the ICANN proposal here: Regarding "contact data",
  the only records shown will be

  Registrant Organization
  Registrant State (if available)
  Registrant Country
  Registrant Email (only as a link to a web form - no address shown)
  [...]

  The final new Whois implementation will also provide an
  ICANN-regulated access for "authorized parties" having legitimate rights
  to get the full Whois data. 

  Since this will not be in place until GDPR kicks in, we - like probably
  many other registrars and registries - will offer some web form to allow
  third parties to apply for access to full Whois for a given domain. This
  will be checked manually in the beginning.

  New operational basics

  o registrant's data is regarded as required by contractual means

  o  after the reports of several german lawyers, and also the relevant group
     of the European Comission, we deem that it is not GDPR compliant to
     request more personal data besides the registrant contact. To not break
     the protocols, the new default will be to make the registrant contact
     identical to admin and tech contact (Admin-C and Tech-C will not be
     shown in public whois any more)

A bit further down the page, there's this about a so-called 'Whois
Replacement' tool that, as described, is in no way functionally
equivalent to public WHOIS:

  New Tool: Whois Replacement

  As of 05-25, Whois will publicly only provide reduced data. However, our
  web-based whois will still deliver full data for your domains, when you
  are logged in. 

Being non-public, this totally fails to provide the needed
functionality.

You be the judge, as you're the customer, but I would consider this a
total deal-breaker in a registrar.  I have strongly recommended either
Gandi.net (France) or Joker.com (Germany) as Europe-based registrars in
the past, but my view about Joker.com has just become 'give it a hard
pass' as long as this situation persists.

For those who don't know, the public WHOIS database makes available to
everyone data about Internet domains including date of registration,
date of next expiration, and the name and contact information for
Registrant (domain owner), Technical Contact, and Administrative
Contact.  Those three contacts plus a fourth that's traditionally not
shown to the public (Billing Contact) are important for two reasons:

1.  Internally to the registrar, these are the people who receive
official notices including renewal notices.  So, it is important that 
these be people who're reachable at their e-mail addresses given, and 
that there be diversity among the contacts (not the same person in all
of the roles) to avoid a single point of failure problem.

2.  Externally (public-facing), the three shown contacts are important to 
be real and reachable so that domain stakeholders can be contacted 
if there is a problem with the domain.  For example, if I see a friend's
domain approaching or passing expiration, I will contact that friend
(preferably reaching all of the public contacts) to make sure there's
awareness of the problem.

Thus, in my view, broken public WHOIS is an unacceptable situation, and
merits changing registrars.

Please note that my current registrar, IWantMyName.com of Wellington,
NZ is a reseller of registration service furnished through a much
larger, German firm, 1API Gmbh of Düsseldorf, Germany.  Although I 
recently went through having my domains' WHOIS taken unexpectedly
private, and having to get help from IWantMyName to fix the problem, and
although IWantMyName said this problem originated at 1API and was caused
by 1API's GDPR concerns, my registrar was able to quickly toggle off
this new (undesired by me) default when I asked.

The point being, no, Joker.com's new policy isn't damage necessitated
for all Europe-linked registrars, and one does have alternatives.


In the meantime, if you/Jim want to give me administrative access to the
two SF-LUG domains within Joker.com's Web adminUI, my login name is
rick at linuxmafia.com, ID 1586720.

When I go to the 'My Joker' subpage, SF-LUG's two domains are not among
those I have admin access to.

More information about the sf-lug mailing list