TheJach.com

Jach's personal blog

(Largely containing a mind-dump to myselves: past, present, and future)
Current favorite quote: "Supposedly smart people are weirdly ignorant of Bayes' Rule." William B Vogt, 2010

Google WhoIs Protection Doesn't Protect

So, I own the domain ribbeh.com but not its content. All my domains I've registered through google (and they then register it with enom) because it used to be pretty simple to register and then configure, it was a consistent $10, they didn't try to upsell me a gazillion things, and their auto-renew policies are kind. (I lost a domain to iDotz before. Never Again.) Additionally they provided whois protection for free. I don't really care about that these days but it was more important to me then (and should have been more important to an old acquaintance I once freaked out when I discovered their name and address simply by checking whois...), in any case it's a nice to have, especially because I hate being dishonest. The last name I gave Google was fake as you'll see, but the address used to be a place I lived.

Tonight I was going through my spam folder because gmail's spam filtering has gotten a lot worse than it once was. Found a non-spam email of course. And then I found a spam email about the above domain name expiring this month and telling me to click a link to pay for renewal. (If you actually check the whois, you'll see that it doesn't expire until January.)

What startled me was that it contains the very fake last name and once real address (from which you could infer my last name of course if you wanted to do it the hard way) that google knows, but isn't part of the public whois record. So what gives? How did the info leak? Was there a DB breach I didn't hear about? Or is it trivial to just contact the whois privacy agents and get the real data?

Here's a picture of the email, and following that a picture of the actual whois info if you look up through icann's whois site.





In conclusion, don't ever trust something is private without cryptographic proof.


Posted on 2017-10-31 by Jach

Tags: rant

Permalink: https://www.thejach.com/view/id/347

Trackback URL: https://www.thejach.com/view/2017/10/google_whois_protection_doesnt_protect

Back to the top

Back to the first comment

Comment using the form below

(Only if you want to be notified of further responses, never displayed.)

Your Comment:

LaTeX allowed in comments, use $$\$\$...\$\$$$ to wrap inline and $$[math]...[/math]$$ to wrap blocks.