Google WhoIs Protection Doesn't ProtectSo, I own the domain ribbeh.com but not its content. All my domains I've registered through google (and they then register it with enom) because it used to be pretty simple to register and then configure, it was a consistent $10, they didn't try to upsell me a gazillion things, and their auto-renew policies are kind. (I lost a domain to iDotz before. Never Again.) Additionally they provided whois protection for free. I don't really care about that these days but it was more important to me then (and should have been more important to an old acquaintance I once freaked out when I discovered their name and address simply by checking whois...), in any case it's a nice to have, especially because I hate being forced to be dishonest to protect something. The last name I gave Google was fake as you'll see, but the address used to be a place I lived.
Tonight I was going through my spam folder because gmail's spam filtering has gotten a lot worse than it once was. Found a non-spam email of course. And then I found a spam email about the above domain name expiring this month and telling me to click a link to pay for renewal. (If you actually check the whois, you'll see that it doesn't expire until January.)
What startled me was that it contains the very fake last name and once real address (from which you could infer my last name of course if you wanted to do it the hard way) that google knows, but isn't part of the public whois record. So what gives? How did the info leak? Was there a DB breach I didn't hear about? Or is it trivial to just contact the whois privacy agents and get the real data?
Here's a picture of the email, and following that a picture of the actual whois info if you look up through icann's whois site.
In conclusion, don't ever trust something is private without cryptographic proof.
Posted on 2017-10-31 by Jach
Trackback URL: https://www.thejach.com/view/2017/10/google_whois_protection_doesnt_protect