Facebook accused of trying to decloak domain owners' personal Whois info

[cynusx]

well, warrants work when you have sufficient evidence but what if you need to perform network-analysis to build sufficient evidence.

Case in point is usage of stolen identity: Criminals probably already use identity theft to buy those domains, but given that the data is obscured by default it would be hard for police organizations to track systemic use of stolen identities.

The ability to detect newly registered domains from known stolen identities would enable

1/ automatic blocking/warning in browsers

2/ Organizations like FB can gain valuable time in sending takedown requests of phishing sites

3/ establish enough evidence of use of stolen identities to get the warrants to obtain more information from the registrars/hosts like IP's used to connect...

Just something I came up with brainstorming, I am sure there's more value to it

[darkarmani]

> but what if you need to perform network-analysis to build sufficient evidence.

In that case you need to do it another way. There are a tremendous number of things we could do if law enforcement wasn't "hindered." It's along the lines of "argument from lack of imagination" to state that they HAVE to have access to that data to prevent x, y, z.

I don't doubt that it would be useful to have that data, but that doesn't override privacy concerns. You already know the IP address of the server using that domain -- follow up that chain of responsibility.