Ownership of land, legal entities, and domain names should be public information because that would be better for society.
EDIT (HN won't let me reply or post any more):
> Maybe they're exposing corruption or sharing information that powerful people don't want to have exposed.
Sure there are edge-cases where anonymity would be desirable, but they pale in comparison to the real harm done every day to regular people through anonymously registered domain names.
I can think of many legitimate reason that a site owner might want to be anonymous. Maybe they're exposing corruption or sharing information that powerful people don't want to have exposed.
Maybe they have weird sex fetishes or are flat earthers etc. One has the right to be weird in certain contexts (swing clubs, flat earth rallies) and still have a public persona that’s professionally, politically etc valuable.
I totally agree that in some cases anonymity is good, useful, etc.
But creating phishing sites for Facebook is not that. There is no good reason to register the domain "facebo0k-login.com"
I get that it's difficult to work out if the domain is going to be used for a legit purpose, but surely that's easier to do at the point of registration than it is to police afterwards?
It takes a human about 2s to work out that "fuck-facebook.com" is a legit protest domain, while "facebo0k-support.com" is a phishing domain. It's not even about trademarks or ownership of the word "facebook", it's about the intent of the domain.
I think insisting on ownership information for a domain that looks like it could be used for phishing, while allowing "furries-r-us.com" to be anonymous would be a better system than we have now.
> I get that it's difficult to work out if the domain is going to be used for a legit purpose, but surely that's easier to do at the point of registration than it is to police afterwards?
How could it be easier? I could always start legitimate[1] and then switch later. Now, if you think about the context of "faceb00k.com is probably not legitimate" you get in all sort of discussions about what is okay, what is not okay, what is an edge case.
All these proposals bring us further into a domain where private persons/companies are deputized to rule what is okay under the law, because court processes take so long and are so complicated. It ignores that there is a reason they are long and complicated. We've learned the hard way what happens if they are not.
[1] For the sake of this post let's assume legitimate means 'okay under the law' and split away the question of morality
Yes, this is complex. I agree; so far we've been pretending it's not complicated, and that's not really working any more.
The law is based on moral decisions, so I think "splitting that away" is probably circular - eventually a law will be made to deal with an immoral situation. We might as well consider the morality now and save some time.
I think we should get into all sorts of discussions about what's OK, what's not OK, and what is an edge case. People should be held responsible for what happens on their domain. There should be a discussion about whether the potential registration of "faceb00k.com" is legitimate or not.
What if there was a jury of 12 random people who had to approve every domain registration, and also decide whether that domain registrant should be anonymous or not? Would that lead to better results than we have now?
And to be honest, the actual cause of the harm to these people done every day, is not in fact the result of the lack of transparency in domain registration, but in fact the unwillingness of police in their local jurisdictions to go after criminals. A good example of this would be Jim Browning, who has offered information to police departments operating within India relating to scammers and... he has never got a response.
With all due respect, that's not an answer, that's just reiteration of the same statement with a "because it would be better". The answer to "why" is a rationale and yours so far is "bad people doing bad things so better somehow force business to make sure their clients are legit and make things transparent", which is a perfectly fine opinion, but devoid of any actual analysis. That's my interpretation, though, and my apologies if it's incorrect and not what you've meant - I don't intend to introduce a strawman here.
I would recommend actually analyzing the pros and cons. What are the benefits for the society, why they're real (not a snake oil/security theatre, where bad actors would be easily able to work around), and why they overweigh the harm from the negatives (e.g. the obvious privacy concerns).
This idea conflicts heavily with GDPR first of all. Secondly, why should that information be public? Does car ownership need to be publicly disclosed even though tons of car crashes happen every day? No, because the driver is liable, not the manufacturer, and the driver carries insurance to reduce cost of liability.
The real issue is enforcement. Namecheap should not be there as an arm of the law. Instead, the people BUYING the domains should be held accountable for their fraud.
This gets messy quick. How does Namecheap verify the validity of an individual? What constitutes a valid individual? What evidence is required to prove this to a registrar? How does Namecheap verify the legitimacy of intent for that domain? How does Namecheap keep up with every possible brand that may be subject to abuse? At what point does a brand become protected in a way that restricts the selling of similar domains?
For KYC in the financial world, answers exist to ALL of these questions. There is some inherent level of identity tied to your personal finances. These systems are built around a real identity that can be validated, so it's easy to apply. The same is not true for any internet service.
> For KYC in the financial world, answers exist to ALL of these questions
This might offend us IT types, but I'm not sure there's always just one answer.
Anecdote #1: I can walk into the local branch of my bank - where all the staff know me - and withdraw money from my account without showing any form of ID, telling them my account number, or even stating my name. They know me, I just have to sign the form.
Is that in the KYC regulations, or even the bank's SOPs?
> Anecdote #1: I can walk into the local branch of my bank - where all the staff know me - and withdraw money from my account without showing any form of ID, telling them my account number, or even stating my name. They know me, I just have to sign the form.
They shouldn't do that. I am not saying they don't but they shouldn't. And in this scenario, you've already established your real identity over time in order to open the account and regularly withdraw or deposit funds.
You didn't build this relationship in a day without any evidence of who you are. And then you are physically showing up, which is proof that you are the person they have been dealing with over the course of the relationship. You could have lied initially and established a lie over time, but that stuff happens in the KYC process as well. KYC isn't a perfect system and it's completely possible to 'lie'.
> Is that in the KYC regulations, or even the bank's SOPs?
I would bet that it is in the Bank SOPs to NOT do what you described. But, as a person that does a lot of compliance, it's inevitable that people will ignore SOPs or policy to some extent.
EDIT (HN won't let me reply or post any more):
> Maybe they're exposing corruption or sharing information that powerful people don't want to have exposed.
Sure there are edge-cases where anonymity would be desirable, but they pale in comparison to the real harm done every day to regular people through anonymously registered domain names.