Cybersecurity: EU to Ban Anonymous Websites(patrick-breyer.de)
patrick-breyer.de
Cybersecurity: EU to Ban Anonymous Websites
https://www.patrick-breyer.de/en/cybersecurity-eu-to-ban-anonymous-websites/
38 comments
Years ago I received an email from my registrar Net4India for my .in domain that my Government mandates that information submitted to WHOIS DB must be genuine and failing to comply would get the domain cancelled or something like that.
I couldn't find more info about that mandate, Not sure whether the Registrar took upon itself to issue such statements based on Government's order for the registrars to maintain accurate information of the customers(Which isn't same as the info we provide for WHOIS per domain).
Anyways, I stopped buying .in domains, Privacy is a fundamental right in India now and so I'm not sure if the mandate can be applied even if its true. Registrars here are offering privacy redaction now.
I couldn't find more info about that mandate, Not sure whether the Registrar took upon itself to issue such statements based on Government's order for the registrars to maintain accurate information of the customers(Which isn't same as the info we provide for WHOIS per domain).
Anyways, I stopped buying .in domains, Privacy is a fundamental right in India now and so I'm not sure if the mandate can be applied even if its true. Registrars here are offering privacy redaction now.
Something like this always happens when some new regulation happens. Thinking of legislators as idiots and fear mongering.
The second thing won't happen because "anonymous websites", in this context, doesn't mean anonymous from general public but anonymous from governments.
Anonymous bank accounts are also banned so do you also argue that law-abiding citizens who might be whistleblowers, victims of stalking, or have other very genuine reasons for wanting to hide their personal information will be unable to register a bank account without putting themselves in danger?
The second thing won't happen because "anonymous websites", in this context, doesn't mean anonymous from general public but anonymous from governments.
Anonymous bank accounts are also banned so do you also argue that law-abiding citizens who might be whistleblowers, victims of stalking, or have other very genuine reasons for wanting to hide their personal information will be unable to register a bank account without putting themselves in danger?
They are after group 2. They know this will not stop group 1.
This image of controlling Internet speech by Ben Garrison always comes to mind:
https://knowyourmeme.com/photos/976837-reddit
This image of controlling Internet speech by Ben Garrison always comes to mind:
https://knowyourmeme.com/photos/976837-reddit
3) people in between (i.e. not quite law abiding and not quite cyber criminals, or just people who value anonymity) are driven underground, or start using other anonymised means of putting content online.
Doubt is it well intentioned at all. Governments want to quash unapproved speech. This makes it easier for them to do so.
It will be a freezing cold day in hell before I publish my real physical address as a part of my domain's WHOIS. Have those regulators not heard of swatting and doxxing?
I'm really happy about choosing a .com over a .eu domain now.
I'm really happy about choosing a .com over a .eu domain now.
When you cut through the PR and look at the details the EU actually has quite a bad track record on both technology issues and authoritarian government, so sadly this kind of proposal isn't much of a surprise. But I'm 100% with you on this.
I still get phishing emails to an address I set up last century exclusively as a contact point when I managed some domains for a local community group. I haven't been involved with that group for more than a decade.
Every year we get deceptive postal mail to our business address, which is the contact address for the registration of our domains at work, trying to get us to sign up for one con or another involving domain renewal "checks", "registration with search engines", and so on. These almost always arrive in the time leading up to the anniversary of registration, even in the years when we don't need to renew because we previously paid for multiple years.
Cutting the personal details out of WHOIS was a simple, positive step to improve online privacy even just for everyday users who don't want to be subject to harassment and deception.
I still get phishing emails to an address I set up last century exclusively as a contact point when I managed some domains for a local community group. I haven't been involved with that group for more than a decade.
Every year we get deceptive postal mail to our business address, which is the contact address for the registration of our domains at work, trying to get us to sign up for one con or another involving domain renewal "checks", "registration with search engines", and so on. These almost always arrive in the time leading up to the anniversary of registration, even in the years when we don't need to renew because we previously paid for multiple years.
Cutting the personal details out of WHOIS was a simple, positive step to improve online privacy even just for everyday users who don't want to be subject to harassment and deception.
This is useless grandstanding anyway, you can just get a P.O. Box and fill in that information.
... So people will just get a different domain name not in Europe?
What's that supposed to achieve?
What's that supposed to achieve?
The proposal doesn't state it needs to be kept in whois database. It states that it must be kept "in a dedicated database" and be available to "lawful and duly justified requests for access".
Obviously this isn't going to fix anything because those who so wish will just provide false information
ICANN already state that a domain name registrant is obliged to "provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes." This proposal is formalizing that in law.
Im not sure if i agree with that or not, but lets not pretend this is the end of "whois privacy", as many comments (and the author of this article) seem to be suggesting.
Obviously this isn't going to fix anything because those who so wish will just provide false information
ICANN already state that a domain name registrant is obliged to "provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes." This proposal is formalizing that in law.
Im not sure if i agree with that or not, but lets not pretend this is the end of "whois privacy", as many comments (and the author of this article) seem to be suggesting.
These legislations keep me from publishing some of my private projects because I don't want my full name, address and phone number on the internet
Is this a joke? Is this from 20 years ago?
Publicly displaying the owner of a domain (and technical contact, and billing contact) was done until the GDPR (mandated by the European Union) was approved. According to GDPR, whois displaying ownership, etc was a violation of data protection and privacy.
Now the same EU says whois must display ownership. Well, fuck you, first figure out how that plays with your own GDPR.
Publicly displaying the owner of a domain (and technical contact, and billing contact) was done until the GDPR (mandated by the European Union) was approved. According to GDPR, whois displaying ownership, etc was a violation of data protection and privacy.
Now the same EU says whois must display ownership. Well, fuck you, first figure out how that plays with your own GDPR.
[deleted]
Surely this will be circumvented primarily by people just registering with TLD registries that are not in Europe ?
Germany has required such information for any non trivial website for a long time (Impressumspflicht).
Let’s not forget TERREG, which already makes it illegal in practical terms for individuals to have an open forum or blog in Europe
> The EU just passed TERREG yesterday without a vote that requires anyone running a website with user generated content (a blog with comments, a forum etc.) and if they have significant EU user base to establish legal presence in the EU and have an officer responsible for deleting content with 1 hr SLA. That's out of reach for most of people. You cannot even block your site for EU traffic, because EU users can use VPN.
[…]
> On 12 September 2018, the European Commission presented a proposal for a regulation on preventing the dissemination of terrorist content online, which included:
>The one-hour rule: a legally binding one-hour deadline for content to be removed following a removal order from national competent authorities;
> The EU just passed TERREG yesterday without a vote that requires anyone running a website with user generated content (a blog with comments, a forum etc.) and if they have significant EU user base to establish legal presence in the EU and have an officer responsible for deleting content with 1 hr SLA. That's out of reach for most of people. You cannot even block your site for EU traffic, because EU users can use VPN.
[…]
> On 12 September 2018, the European Commission presented a proposal for a regulation on preventing the dissemination of terrorist content online, which included:
>The one-hour rule: a legally binding one-hour deadline for content to be removed following a removal order from national competent authorities;
what constitutes significant user base?
Why can't someone outside the EU just respond to the EU presence requirement with "lmao no"
I’m guessing we’re within a couple years of a Great EU Firewall. Then they could protect their citizens from these dangerous American websites.
The Internet is being torn apart by governments.
The Internet is being torn apart by governments.
Quite funny you should say that as I had just written this comment on the other related thread:
> I've been leaning more and more away from a global internet and back to regional EU only internet. EU & US & every other region in the world are different.
> As it stands, the global internet is dominated by US cultures & laws.
> I think the internet as it stands inhibits Europeans forging their own path.
So for me personally, my then youthful naivety of supporting connecting the globe and freedom etc. has now shifted over the past 10 years to leaning towards an EU only internet.
> The Internet is being torn apart by governments.
The internet shouldn't be the international waters of the world and it shouldn't be the United States internet.
> I've been leaning more and more away from a global internet and back to regional EU only internet. EU & US & every other region in the world are different.
> As it stands, the global internet is dominated by US cultures & laws.
> I think the internet as it stands inhibits Europeans forging their own path.
So for me personally, my then youthful naivety of supporting connecting the globe and freedom etc. has now shifted over the past 10 years to leaning towards an EU only internet.
> The Internet is being torn apart by governments.
The internet shouldn't be the international waters of the world and it shouldn't be the United States internet.
I really hope such anti-free speech is not an opinion shared among the majority of Europeans. The world will be much worse off when the free flow of ideas is restricted.
> The global internet is dominated by US cultures & laws.
How so?
> The internet shouldn't be the international waters of the world…
Why?
How so?
> The internet shouldn't be the international waters of the world…
Why?
Not OP, but the major websites and services are all US based. That means US copyright laws and takedowns, US data protection (or lack thereof, which the GDPR tried to solve), arbitration, mile-long EULAs, etc
Just make your own major websites and services?
Every other country has their own ecosystem, EU seems to be capable enough.
Every other country has their own ecosystem, EU seems to be capable enough.
Easy to say, harder to execute. Network effects keep American companies as the main way people communicate, whether it's WhatsApp, Instagram, Facebook (or Facebook Messenger), or something else.
why can Russia and China do it, but EU cannot?
Seems strange. EU is capable in everything but silly chat apps and more complex, search engines?
Seems strange. EU is capable in everything but silly chat apps and more complex, search engines?
Russia and China have nation-wide firewalls. I know that at minimum, China blocks most or all of Western social media sites. I don't want to live in a bloc of countries that blocks parts of the web "for my protection".
It's easier for politicians to write laws forbidding stuff and pat themselves in the back than radically changing the economy to foster innovation and investments for EU-based tech companies.
Why shouldn't the internet be the international waters of the world? Surely, the entire point of the network is to be international in every sense? (Including negative ones, I guess)
While I normally argue in the favour of privacy, in this particular case I'm leaning towards thinking that web content accountability is a step in the right direction.
1) Cyber criminals outsmarting the identification and verification mandates, because they're criminals, they're crafty, and they don't give a crap about breaking the laws.
2) Law-abiding citizens who might be whistleblowers, victims of stalking, or have other very genuine reasons for wanting to hide their personal information will be unable to register a website without putting themselves in danger.
This sort of legislation, while possibly well-intentioned, helps no one (except for stalkers, people who get a thrill out of doxxing, and corrupt organizations wanting to silence whistleblowers).