National Physical Laboratory of the UK Selected to Conduct a gTLD Whois Privacy and Proxy Abuse Study

by Liz Gasster on April 30, 2012

I am delighted to report that ICANN has engaged the National Physical Laboratory (NPL) of the United Kingdom to conduct a study of Whois Privacy and Proxy Abuse.

Guided by Richard Clayton, NPL has established a collaborative study team of domain specialists from three universities. Together, this team will examine the extent to which gTLD domain names involved in illegal or harmful Internet activities are registered via Privacy or Proxy services to obscure the perpetrator’s identity. Study results are expected in early 2013.

This study is being launched to help the Generic Names Supporting Organization (GNSO) and ICANN community better understand how often alleged bad actors obscure their identities using several common methods, including (but not limited to) Privacy/Proxy registration. By examining a variety of illegal or harmful Internet activities, including phishing, malware distribution, money laundering, unlicensed pharmacies, typosquatting, child sexual abuse images, spam, and cybersquatting, NPL will measure the percentage of associated gTLD domain names registered via Privacy or Proxy services, as well as the proportion of those registered with inaccurate or incomplete WHOIS details or stolen identities.

To determine whether Privacy/Proxy use is significantly greater among domains involved in illegal or harmful activities, NPL will compare alleged bad actor percentages to the 16-20% overall percentage found by ICANN’s 2010 Study on the Prevalence of Domain Names Registered Using Privacy or Proxy Services among the top 5 gTLDs. Beyond placing bad actor percentages into context, this study will not attempt to analyze broader use of Privacy/Proxy services by domains registered for entirely lawful purposes.

NPL is one of Europe’s leading National Measurement Institutes (NMI). Along with other NMI’s including the U.S. National Institute of Standards and Technology (NIST), NPL works with industry and government to develop the latest state-of-the-art measurement techniques for all areas of science and technology.

To learn more about the Whois Privacy and Proxy Abuse Study, visit:

{ 3 comments… read them below or add one }

Jim Fleming 04.30.12 at 12:20 pm

It should not come as a surprise to people that WHOIS always seems to be more of an ICANN priority than DNS.

WHOIS and DNS are different protocols – history will likely show what a mistake it was to weave those together
DNS does not require WHOIS

…a better Internet may be one without both 1984 WHOIS and (legacy) DNS has more info on the new Peer-2-Peer Currency, Digital Wallets, and DNS

People are invited to move to a better Internet or remain as pawns to be studied…♚ ♛ ♜ ♝ ♞ ♟

Anoni 05.02.12 at 8:25 am

This study is a waste of time.
It is widely known that criminals use false whois information and have no use for whois privacy.
Thus, the extent to which gTLD domain names involved in illegal or harmful Internet activities are registered via Privacy or Proxy services to obscure the perpetrator’s identity will be low.

ICANN is welcome to remit payment for the already known results of the study to my Paypal account.

Jim Fleming 05.02.12 at 9:11 am

Changes being made to the DNS RESOLVERs in the CPE devices could impact SERVER-SIDE studies.

Also, new DNS service providers in the Service-Oriented-Architecture (SOA) may add or subtract value that again would not be seen in the SERVER-SIDE studies. [OpenDNS is one example of a Reputation DNS Service]

With http://PRE.FIX.DNS what some people call gTLDs move to the LEFT of the Domain and .COM. That is done in the RESOLVER with no change to the legacy SERVER-SIDE DNS.

An example of PRE.FIX.DNS would be .WWW which takes a domain such as ICANN.WWW and resolves it as http://WWW.ICANN.COM.

The PRE.FIX.DNS for .CA (CAlifornia) starts with ICANN.CA and attempts to resolve it as CA.ICANN.COM.

Because the changes to the DNS software are out in the field far from the SERVER-SIDE DNS databases, it is almost impossible to study the entire picture (accurately).

Another migration plan could also impact studies. The legacy .COM database can be incrementally (dynamically) cloned as the move is made to Peer-2-Peer DNS. Changes can then be made to the cloned information as the legacy database is phased out.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image