I know your name.
Not that fake sex blogger identity that you spent days mulling over in your mind. Not the one that you use on your sex blog in order to hide your actual name. Not your twitter handle, not the name you put on your books as the “author” or your sex toy reviews as the “tester”.
I know your real name. I know your address, too. And your email address. And your phone number.
And with that information, I’m able to find out a whole lot more about you. I know where you work, where you went to high school, your kids’ names, your dog’s name, and even what you had for dinner. I know it all and it took me less than 10 minutes to find it out.
How do I know all this?
No, I don’t work for the NSA. I didn’t hack into your computer, or spend hours trolling through voting records down at the local town hall. I went online, put your domain name into one of thousands of available WhoIs search tools, and it all came up – your name, your address, your phone number and your email address.
Let’s go back in time to when you registered your domain name. Generally how the process works is that you’ll have picked out your cute little dot com and, while registering this domain name, you’re presented with three sets of addresses to fill in – a registrant name (which is the owner of the site), an admin name (which is the name of the person running the site) and a tech name (which is the name of the person dealing with all the techy back end things). With most bloggers, that’s all one person – you. In my case, this information is auto-filled in from the details I give with my payment method. If I didn’t know any better, I’d miss the option to add on WhoIs Protection to my domain. Without adding on that option, my name, address, phone number and email address now become public information. Without adding on WhoIs protection, I can see this (minus the purple lines, of course):
Pretty scary, right?
Especially for someone who has gone out of their way to hide their name so that that connection between Suzie Officeworker and Tits McBlogger isn’t there.
There seem to be two problems with WhoIs – first, people don’t know about it. They just skim over all the extras and fine print with buying a domain name and never actually find out that this information becomes public.
The other issue is cost. Most bargain-basement domain sellers (you know – the ones that sell a domain for 99 cents the first year) charge you to protect your information and suddenly that $0.99 purchase is now $7.99.
So you may think to yourself that you can bypass this extra cost and privacy leak by not putting the right information in. By US law, these addresses need to be filled out accurately. Put a fake name in, or someone else’s name, and your domain is subject to seizure. (Don’t live in the USA? It doesn’t matter. The majority of domains – com, net and org among a ton of the smaller ones – are governed by US law, no matter where on the planet you are.) Even if it doesn’t get your domain taken away it can create problems down the line.
Get your content stolen by another website? Your DMCA is going to be rather difficult to file since you can’t prove that *you* own the content on “someone else’s” site.
Want to sell ad space? Some ad firms require proof that the person they are paying actually owns the site that they are running ads on, and they do this by emailing the anonymous WhoIs email address that automatically gets forwarded to your actual email address – which won’t work if you put a fake one in.
Not sure if you protected your name during the registration process?
The first thing I suggest is running a WhoIs check on your domain. Just hop onto your favorite search engine and type in “WhoIs search” and you can pick which service you’d like to use. (I use GoDaddy’s WhoIs search. It’s quite straightforward and not bogged down with upsells.) If you see something like this, you’re OK.
If not, you need to go back to wherever you registered your domain and add this option on. More than likely, you’re going to have to pay for it. There are rare times where it was in fact included in your purchase, but was never activated. (This is often the case for people who buy their domain name through Namecheap (affiliate link) – free WhoIs is included, but you have to check a box to activate it.) Typically, the price is around the $5-per-year range, but as with anything, prices vary from place to place.
Keep in mind that adding on WhoIs protection any time after you purchase a domain name does leave you open to being found out. Running a WhoIs check after it’s been added on will show you something like I’ve displayed above. But – running a historic WhoIs check will list all past owners of a domain, including your previously un-protected information. As the old saying goes – once it’s on the internet, it’s there forever.
So how did I find out about the job, the kids, the dog and what they had for dinner? Well, that was because their Facebook settings were set wide open, and a simple internet search of their full name lead me there…but that’s another privacy discussion for another day.
Nominet : For information about .UK domain name registration