Domain privacy is a service offered by a number of domain name registrars. A user buys privacy from the company, who in turn replaces the user's info in the WHOIS with the info of a forwarding service (for email and sometimes postal mail, done by a proxy server), such as "Domains by Proxy, Inc." or eNom's "ID Protect".
Level of anonymity
- Personal information is typically collected by these registrars to provide the service. Some registrars take little persuasion to release so-called 'private' information to the world, requiring only a phone request or cease and desist letter.
- Others, however, treat privacy more seriously, and host domain names offshore, even using e-gold or money orders in transactions so that the registrar has no knowledge of the domain name owner's personal information in the first place (which would otherwise be transmitted along with credit card transactions). It is debatable whether or not this practice is at odds with the domain registration requirement of the Internet Corporation for Assigned Names and Numbers (ICANN).
Privacy by default
Note that some domain extensions have privacy caveats:
- .at, .co.at, .or.at: Since May 21, 2010, contact data (defined as phone number, fax number, e-mail address) is hidden by the registrar and must be explicitly made public.
- .ca: Since June 10, 2008, the Canadian Internet Registration Authority no longer posts registration details of individuals associated with .ca domains.
- .de: Owner and technical contact must show their postal addresses. Phone number and e-mail address do not have to be made public.
- .eu: If the registrant is a natural person, only the e-mail address is shown in the public whois records unless specified otherwise.
- .gr: No information about the owner is disclosed.
- .nl: Since January 12, 2010, registrant postal addresses are no longer publicly available.
- .us: In March 2005, the National Telecommunications and Information Administration (NTIA) said that owners of .us domains will not have the option of keeping their information private, and that it must be made public.
- .uk: Nominet, the guardian of UK domain namespace, provide inclusive domain privacy tools on their extensions (.co.uk, .me.uk etc.), providing that the registrant is not trading from the domain name.
The Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires that the mailing address, phone number and e-mail address of those owning or administrating a domain name be made publicly available through the "WHOIS" directories. However, that policy enables spammers, direct marketers, identity thieves, or other attackers to use the directory for personal information about those people. Although ICANN has been exploring changing WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made. However, with the offer of private registration from many registrars, some of the risk has been mitigated.
With "private registration", the private registration service can be the legal owner of the domain. This has occasionally resulted in legal problems. Ownership of a domain name is given by the organization name of the owner contact in the domain's Whois record. There are typically four contact positions in a domain's Whois record, Owner, Administrator, Billing, and Technical. Some registrars will not shield the Owner organization name in order to protect the ownership of the domain name.
Ownership of domains held by a privacy service was also an issue in the RegisterFly case, in which a registrar effectively ceased operations and then went bankrupt. Customers encountered serious difficulties in regaining control of the domains involved. ICANN has since remedied that situation by requiring all accredited registrars maintain their customers' contact data in escrow. In the event a registrar loses its accreditation, gTLD domains along with the escrowed contact data will be transferred to another accredited registrar.
There have been several lawsuits against NameCheap, Inc. for its role as owner/registrant. See http://randazza.files.wordpress.com/2009/05/solid-host-v-namecheap.pdf and also in Silverstein v. Alivemax, et al. Los Angeles Superior Court Case Number BC480994.
- "Private domains not so private?". CNET News.com. 2005-08-15.
- Thomas Roessler (2003-04-15). "More on Domains By Proxy".
- Wendy Seltzer (2003-04-11). "proxy fight [Domains-by-proxy update]". Retrieved 2008-06-16.
- nic.at GmbH (2010-05-21). "Change of nic.at Whois policy". Retrieved 2014-05-05 02-15 CET. Check date values in:
- DENIC eG (2014-05-05). "Datenschutz". Retrieved 2014-05-05 02-35 CET. Check date values in:
- EURid. ".eu domain name WHOIS policy". Retrieved 15 December 2014.
- van Miltenburg, Olaf (12 January 2010). "SIDN anonimiseert whois-gegevens" [SIDN anonymizes whois data] (in Dutch). Tweakers.net. Retrieved 4 September 2014.
- "SIDN implements Whois changes from 12 January 2010". SIDN. 1 January 2010. Archived from the original on 29 January 2010. Retrieved 4 September 2014.
- Nominet. "Nominet WHOIS Opt Out".
- "The Privacy Conundrum in Domain Registration". Act Now Domains. Retrieved 26 March 2013.
- "Anger and fear as domain firm slowly implodes". Computer Business Review. February 21, 2007. Retrieved December 11, 2013.