1

I registered a domain and I choose the private registration AKA: hide the personal data from WHOIS. (It was a non-english registar.) After registering I checked if it is actually private with a few whois services. All was fine except one (whois.com) which showed all my private info for a short moment and then it was updated with the info of the privacy-service. I didn't like this at all.

I'm trying to figure out what happened? I'm guessing that the registrar registered the domain with my actual info and then after that used a 3rd party privacy service to make it private. And whois.com showed me the cached data (which was my personal info) and then updated it with the data from ICANN.

If I'm right then my whois-data is already archived with services like domaintools.com and is available for everyone who bothers to spend the money on registering an account with them.

Is my guess right? Is this domain done for if I don't want my personal info to be available like that?

Stephen Ostermiller
  • 98,758
  • 18
  • 137
  • 361
regfail
  • 13
  • 2
  • 1
    I'm guessing that the registrar registered the domain with my actual info and then after that used a 3rd party privacy service to make it private. Yes. That is how it works. – closetnoc Jun 19 '17 at 17:13
  • @closetnoc Is that how it works with every registar that provides "private registration"? They register with your private data (which is archived with domaintools right away) and then after that a privacy-service makes it "private"? – regfail Jun 19 '17 at 17:21
  • 1
    Yes. In order to make a registration private, the site has to be registered. Even with registrars that own their own private domain companies such as GoDaddy, there is a brief exposure between registration and making the registration private. It is just how the system has to work as a product of how the Internet was designed. The private registration is an add-on to an existing system. – closetnoc Jun 19 '17 at 17:34
  • @closetnoc Thank you! I see! In that case I should have registered with something like GoDaddy since the exposure would have been shorter:S. I had no idea that it works like this. In any case, should I assume that this domain now doxes me and don't use it? Or there is no point in registering a different one since that will probably end up the same? – regfail Jun 19 '17 at 17:45
  • 1
    If you are worried about domaintools.com, they should update fairly quickly to reflect the private registration. – closetnoc Jun 19 '17 at 17:49
  • @closetnoc The problem is that they have a "whois history" service which is available if you register with them. It costs about 100$ a month so I did not do it. I'm guessing that if whois.com had my private info then domaintools has too. – regfail Jun 19 '17 at 17:56
  • 1
    My experience is that domaintools.com is at least responsible. It may be that domain tools has your original data, however, I doubt that information will be available without paying the fee. In other words, not generally available. For what it is worth, all of my domains were registered long before private registration was available. I have had no problems as a result. Cheers!! – closetnoc Jun 19 '17 at 18:10
  • @closetnoc Too bad this works like this:) Thank you for your help! – regfail Jun 19 '17 at 18:18
  • @closetnoc before private registration was available registrars weren't interested in selling your info to designers and others for solicitation purposes. register a new domain right now and give it 6 hours before designers start spamming your inbox. if you want a truely private domain you need to use a power of attorney that can register it in their name thus preventing your info from ever going on record in the first place. – I wrestled a bear once. Jun 19 '17 at 18:44
  • @Iwrestledabearonce. I have been at this long before the beginning. Befoef private registration, spammers pinged your e-mail all day long. My comment is that since my private registration, I have had almost no trouble at all including spam. I can count the e-mailed on one hand with missing fingers. – closetnoc Jun 19 '17 at 21:38
  • @closetnoc Befoef? Is that like covfefe? Lol.. I'd be interested to know which registrar you use. – I wrestled a bear once. Jun 19 '17 at 21:45
  • 1
    @Iwrestledabearonce I drink my covfefe befoef I do matching else. Android spell check annoys the ever living piss out of me. It fixed covfefe to coffee! The bastard!! I ran away as soon as I could from Network Solutions. The only registrar​ available at the time was GoDaddy. GD served me well when I was a web host and I had no issues with them. So with just a few domain names, I stuck with them. No reason to change. Not yet anyway. I understand that GD is not so popular but I cannot argue with success. Cheers!! – closetnoc Jun 19 '17 at 22:22

1 Answers1

1

If you really do not want your personal information to be visible with 100% guarantee, you need to ask someone else do the registration for you (on their name, but then you will have to make pretty sure that the link between you will stay strong as if they are problems on the domain name, the other party is its owner, not you; for this, companies sometimes use their attorney when they want to do some "secret" registrations, for example before opening new services).

Because otherwise you have only two options:

  1. if the TLD in which you do the registration offer "private registration" (which is often the case for European ccTLDs when individuals register domain names), then opt for it, but the registry will have your personal data… just that it will not be displayed through whois
  2. or, use your registrar (or a third party) proxy/privacy service where, basically they put their names as owner instead of yours

(Have a look at https://en.wikipedia.org/wiki/Domain_privacy and one of the latest effort to enable this privacy mode by some known people at https://njal.la/ )

In all cases you should double verify at least:

  • in case of problems of your domain names (such as third party requests for take downs with DMCA, or ICANN procedures such as UDRP or URS), what happens? Is the "cloaking" immediately reverted? How are you contacted? (have a look at https://www.cnet.com/news/private-domains-not-so-private/ for an example of such stories)
  • even when everything goes right, are you still reachable (email, phone, fax, postal address) through the intermediary visible in whois?
  • what kind of contract do you have with the party using its name instead of yours? Because in the second case, the registry will know only the third party, not you, and if there is a complaint on the domain, this third party will have all rights on the domain name, you will have none; so you should really check the contract between them and you, to make sure the domain name could not be stolen from you.

When you use the third party proxy/privacy service, you should of course double check how they operate. It is kind of strange if the domain name is first registered with your info and then later on cloaked. But it may be so, have you asked your registrar/provider about its service on this topic? If you have seen your personal information on line for the specific domain, it may be too late indeed. Depending on why you wanted this feature, you may now go shop for another domain name (and as hinted above, the rules depend on the TLD, ccTLD especially European ones will have stronger protection on personal information, so shop carefully).

You should also always use the registry authoritative whois server, preferably on the command line, not any kind of web whois.

Patrick Mevzek
  • 8,375
  • 1
  • 20
  • 42
  • Thanks! I asked the registar afterwards and they said that this is how they do it, register first with the non-private data and then give it to the privacy-company to change it with private data. I wonder how is this with bigger companies like GoDaddy or Namecheap. At this point I don't trust any of them but registering with false data is not good either since I can loose the domain at any time if they ask to verify. – regfail Jul 04 '17 at 08:49
  • You are absolutely right, never provide false data as this would only create more problems down the road. – Patrick Mevzek Jul 04 '17 at 18:16