Domain Spotlight:

Why Do We Even Have Domain Privacy?

With all the discussion of the recent Who is privacy breach it got me to thinking. Why do we need privacy on our domains?  If I own a domain that I can’t put my personal or company name on, do I really want to own it? The common comparison usually made is between domains and real estate. Last time I checked I can find out who owns any piece of property in the United States.  A system that seems to work fine with little to no problems. So why is there such an easy way to hide your identity and why does one need it?

In real estate, if you don’t want people to know who you are or the owners , you simply set up a shell company.  Thus hiding the actual owners of the piece of property.  You could easily do the same thing with your domains.  It doesn’t take much work or much cost.  Another argument might be that you don’t want your email to be public information.  In today’s world, emails are as easy to come by as buying a candy bar.  Setting up an email that is specific for that domain or if you own thousands, all of them.  You might say that it would be difficult to manage all the email if you do that but it’s a weak argument because Frank Schilling and Michael Berkens seem to manage just fine and I’m pretty sure they have more domains than you do.  I think I can answer my own question pretty easily.  It is used to hide something negative

Whois privacy is available for two reasons. One, for the registrars to make great money.  They make more money on privacy than the domains themselves.  They want you to use privacy, not to give you privacy but to take your money.  Ever tried to get your privacy taken off at Godaddy?  It’s easier to change your name at marriage at the DMV than it is to get privacy taken off.   They hate to lose that cash cow.  The second point is going to be controversial but I think most people that have privacy are doing something that they personally perceive as negative.

According to Steve Linford, CEO of Spamhaus, an International spam stopping group,

A cloaked WHOIS for example screams ‘Spammer!’ to us, just one look at a WHOIS containing words like ‘Domains by Proxy, Inc.’ or ‘Moniker Privacy Services’ is enough for us to SBL instantly in situations where we suspect the domain is involved in spam. Additionally, spam involving a domain whose WHOIS says it was only registered last week is almost a no-brainer SBL listing. Use of certain ‘blackhat’ or ‘greyhat’ Registrars, use of PO Boxes and addresses of rent-a-mailbox places are other give-aways that talk loudly to us about the intention of the domain owner, as are freemail addresses used as domain contacts. For Spamhaus investigators, WHOIS or sometimes the lack of WHOIS (such as using TLDs that do not have WHOIS servers) can often be a picture that speaks a thousand words.

Obviously this doesn’t mean that all privacy domains are spam or negative in nature but more often than not,  it is. It might be a pornographic name or a typo of a name.  The is a perfect example.  The kind of name that could reflect a negative light on the owner.  It’s a shield that makes finding out the owner a bit more difficult.  Notice how I say more difficult, not impossible.  Privacy does nothing to protect you in the case of a lawsuit.  In fact, when a privacy service masks your identity they are essentially taking control of the domain and with that control comes legal responsibility. Responsibility that will be dropped in a heartbeat if there is a lawsuit.  If they get sued they will turn your name over within seconds.   If they don’t, they will be sued as well.  Registrars hate lawsuits, especially lawsuits when YOU did something wrong.

In my saying that we don’t NEED privacy to protect our identity I am not saying that we don’t have the right to it.  If you sign up for privacy that’s what you should get,  but the only person that is giving you that right is the privacy company. It’s an agreement between you and that company.  Do you really want to rely on that company?   You’ve seen how easy it is to breach.  Fusible has been cloaked for years and nobody figured out who they were without a massive FBI style manhunt. All they did is simply use a company name and address that gives no information about who they are.  You can still contact them without learning their identity.  It only took them 5 minutes to set it all up.  They achieved the same results that all whois privacy buyers get but they control the domain, the privacy, and did it all for free.  There was no need for Whois Privacy.

PS: I did my own privacy protection on my picture above

Domain Spotlight:

17 Replies to “Why Do We Even Have Domain Privacy?”

  1. I have put Whois privacy on some of my names simply because I was getting so much snail mail from a ‘reputable’ registrar ( trying to get me to transfer my names over to them.

    After many emails telling them to stop, I still received letters – so Whois privacy was sort of a last resort.

    I think after the Whois privacy expires on my names, I’ll be taking your advice and setting up a cloaked company name and address instead. Thinking about it now, it probably would have been cheaper to do that in the first place!

  2. I started using whois privacy just recently because I got tired of seeing how many domains are associated with my email account everytime I look up one of my damn domains at, but that’s just me.

  3. People might not want others to know they own valuable Internet real estate, especially in countries where kidnappings happen often.

    It’s harder for thieves to steal a domain name under whois privacy because they can potentially crack a password for an email address they see in a Whois lookup and use that info to get into an account.

    Setting up shell companies can be expensive for sensitive domain names that have little value.

    Finally, on a couple names I own, I was sick of getting spam trying to buy names I have no interest in selling.

    1. Elliot,

      How hard is it to set this up.

      Many Flowers
      Po box 5677
      City state
      Manyflowers @
      I made that up in 5 minutes. All you
      need in one po box. Nobody has to know what domains you own and it costs you less to set up than Whois if you have more than five names

  4. Kidnapping? If a kidnapping attempt has actually been made on a domainer I would love to buy the movie rights to that. However, my wife is Russian and paranois stems deep with non-american business people from emerging markets so fair enough.

    Overall, I think this is a great post Shane and I asked myself the same question. In my opinion I think taxes plays a big part in it.

  5. many registrars make a buck if that on the yearly fee after paying netsol and icann. privacy is just money in their pocket. no other reason to have it.

  6. Shane – “”Elliot,

    How hard is it to set this up.

    Many Flowers
    Po box 5677
    City state
    Manyflowers @
    I made that up in 5 minutes. All you
    need in one po box. Nobody has to know what domains you own and it costs you less to set up than Whois if you have more than five names””

    Gotta agree here. I use this on all my domains, saves me $2-$9 to add Privacy Protect per name (read- ‘easy money for a registrar’), and get no spam or kidnapping threats. And I can use my post office box for other things too!

  7. I use whois privacy for active projects where I don’t want people turning up at the address on the whois for sales calls etc.

    Beyond that don’t see the need to have it on most of my domains, about 99% of my domains don’t have whois privacy.

    And I agree that mostly privacy is used by people to hide all their typosquatting / cybersquatting activities, but then there are people who just use fake whois for that if you didn’t have whois privacy.

  8. I have used Whois privacy on some of my best names. Simply because I am afraid they will get stolen. So by not revealing the registrant email address, stealing them would hopefully be tougher.

    But in fact, it might not be that great anyway. Because if someone does manage to steal them and continues to use privacy, you might not even notice the theft…

  9. Some ccTLDs like .US and .IN don’t even allow privacy.

    Anyone know, what’s the situation with privacy for .XXX domains 😉

  10. I do not use a WHOIS privacy.

    However my WHOIS is setup as follows.

    Registrant email address used there is not tied to my account i have with my Registrar (completly seperate).
    Admin email address is different from my Registrant email address and not tied to my Registrar’s account.

    Incase my account with my Registrar get’s hacked and the authid’s are retrieved and the domains are unlocked i can still cancel the transfer through the Admin email account.
    Incase both would get hacked i can still overrule it with the Registrant email account.

    If all 3 accounts get hacked…. … Yeah then i have a problem.

    Ofcourse when you have many valuable domain names you might want to have them locked at Registrar level.

Comments are closed.