The New Zealand Domain Name Commission just released their fifth(!) consultation on the whois review to allow privacy for domain owners in the .NZ namespace, and unfortunately, it’s still not good enough. The first reaction of one of my teammates at iwantmyname was:

“… doesn’t seem like privacy to me ¯_(ツ)_/¯”

To summarise, whois privacy for .NZ domains will be available to individuals but not hide their full name, email address and country. It also excludes companies and registrants “using the domain name to any significant extent in Trade as that term is defined and used in the Fair Trading Act 1986”.

Here’s why the proposed implementation is not sufficient:

  1. Showing the full name often lets you find out more about the people behind a website. From there it’s just a small step to online harassment, e.g. on social media.
  2. Publishing email details is annoying enough because of spam, but in many cases, you can also find a person’s name by simply googling the email address. Of course, it would be best to hide the email completely, but if you want domain owners to be reachable, it should be at least a randomised email address provided by the registrar.
  3. Making whois privacy only available for individuals and non-trading individuals puts small business owners operating from home at risk. According to statistics from the Ministry Of Business, Innovation & Employment, 70% of enterprises in New Zealand have zero employees. That’s a staggering 353,070 people who would be excluded from using whois privacy. It doesn’t make any sense to scare off business owners because that’s where the .NZ namespace has its biggest growth potential: about 70% of businesses still don’t have a website!

As mentioned in my previous submission there are other country code top-level domains such as .UK who implemented full whois privacy for both individuals and companies. I would love to know why the Domain Name Commission is unable to implement same for .NZ domains?

The proposal falls into the same trap we did at iwantmyname a few years ago when we thought masking the physical contact details would be enough to guarantee you are the legal owner and can be reached by email. But customers quickly told us otherwise, and we corrected course by starting to offer full whois privacy which is now even enabled by default for all accounts if the underlying registry supports it.

Unfortunately, DNC continues to be far removed from reality, and it must do better to protect the privacy of domain owners in New Zealand. If you agree, please let them know by submitting your reply.

Also on:

8 thoughts on “Doesn’t Seem Like Privacy to Me

Leave a Reply