Skip to content
Blogpost in
domains

How do you hide sensitive data in WHOIS?

Telescope on a circle with purple background and world globe icon
time to read icon 11 Min

You are sure to have heard of WHOIS at least once when dealing with domains. What is it and how does it work? Our article takes a look at this protocol to find out more about its functioning – and to solve some privacy issues at the same time.

Published by

Author

Simone Catania

Date

2023/03/29

Have you ever used that built-in tool on a provider’s website to check the availability of a domain name? Perhaps you weren’t aware of it, but that’s WHOIS. This protocol has been under development since the first days of the internet, when it was still called ARPAnet.

But the main features of WHOIS go beyond the mere information about domain availability. It was created as a network protocol to collect and show everything about a registered domain name. The information gathered can be quite detailed and provides information about who a domain name belongs to and which provider hosts it. You might be wondering about privacy? Since the EU General Data Protection Regulation (GDPR) came into effect, some things have changed. We’ll take a closer look at this below.

What is WHOIS?

WHOIS is a listing of information available in a database server about a domain registration and the registrant’s contact details. It is the de-facto standard for querying domain name information.

To describe it more technically, WHOIS is a TCP-based transaction-oriented query/response protocol designed to work on port 43. As of today, there are plenty of providers that offer a custom web-based WHOIS tool using a WHOIS API service or a WHOIS client.

What information does WHOIS provide?

When you query WHOIS for a domain name, you will get a long list with different kinds of information. The main information will include:

Registrar: The company that manages the domain name

Registrant: The natural or legal person who registered the domain name or domain holder

Contacts: The contact details connected to the domain registration

Name server: The server to which the domain name points

Domain status: The domain’s current situation, such as active, blocked, etc.

Registration date: The date on which the domain was registered

Expiry date: The date on which the registration will expire

Updated date: The date on which the last modification of the domain took place, if ever changed

Nowadays, due to privacy reasons, the availability of information about the domain holders has changed drastically. We will explore this WHOIS topic in further detail below.

Who needs WHOIS?

The first step in choosing the right domain name for a digital project is to check whether it is available. If someone has already registered it, you will have to select another domain or contact the current holder and submit a purchase offer. There is a whole industry surrounding the buying and selling of domain names, so you can imagine that this tool comes in very handy.

The information available is not only extremely useful for domainers, but also for those who work on the web in general. From checking copyright infringement to DNS abuse, it serves a number of purposes. You might want to get in touch with the domain owner for commercial or strategic purposes, for your marketing strategies or to carry out a simple SWOT analysis to study the feasibility of a new project.

But be careful! The databases are available to everyone, spammers and cybersquatters included! There’s no need to worry, however. These days, registrars like InterNetX offer additional services capable of hiding sensitive data from prying eyes.

A brief history of WHOIS

The ARPAnet Resource Handbook developed by Elizabeth “Jake” Feinler and her group at SRI in the early ’70s is considered the prototype of the future WHOIS. At that time, it was a record of people, office locations, phone numbers and, later on, email addresses. In 1977, the NAME/FINGER Protocol was described in RFC 742 and became the foundation of the first WHOIS.

In 1982, Ken Harrenstien and Vic White from the Network Information Center at SRI International developed NICNAME/WHOIS, the first draft of the “digital WHOIS” described in RFC 812. For the first time, it outlined the modern function and intent of WHOIS with a clear statement. Everyone should be able to access WHOIS.

The protocol was initially implemented on the Network Control Program (NCP) but found its main use later on when the TCP/IP suite was standardized on the ARPAnet and then on the internet. In the ’80s, when Paul Mockapetris launched the DNS, WHOIS became a lookup tool for domains, people and other domain and number registrations resources. At the end of the ‘80s, users still carried out domain registrations and WHOIS updates by email!

In the early ’90s, efforts focused on establishing new formats of the protocol, like WHOIS++ and Referral WHOIS. IN 1994, RFC 1689 reaffirmed the role of WHOIS as an essential service on the growing internet, although it didn’t provide any standardization.

A turning point

The year 1998 was a turning point. ICANN acquired all the existing functions of the internet, including IP delegation, domain name registration, DNS management, and, along with it all, the WHOIS administration. In 2013, ICANN’s Registrar Accreditation Agreement (RAA) was put into place, under which registrars were obliged to have higher standards for verifying registrants’ data in order to keep the WHOIS up to date.

Today’s definitive reference is the WHOIS Protocol Specification in RFC 3912, published in 2004. It highlights the technical specification of WHOIS as a TCP port 43 transaction-based query-response service.

This is why WHOIS is controversial

Although there have been several attempts to make WHOIS more human-friendly, some experts consider it to be a giant internet dinosaur. For example, the protocol has not been internationalized. However, on top of that, the most critical problems affecting the WHOIS architecture concern its security as “it lacks mechanisms for access control, integrity and confidentiality” and “has no provisions for strong security”, as stated in RFC 3912.

It is important to highlight that WHOIS is not a centralized service. It is run by individual registries and registrars. Consequently, it suffers due to significant fragmentation – also from a legal point of view, as different TLD registries have different agreements.

Some TLDs like .com or .net are only required to publish the WHOIS thin data, exclusively technical data to identify the sponsoring registrar, registration status, creation and expiration dates.

Others, like .info or .biz, must publish the WHOIS thick data, which includes registrant’s contact information, administrative and technical contact information, sponsoring registrar and registration status. Finally, ccTLD registries have different agreements or even no formal agreement with ICANN at all and act independently.

Find perfect domains

This technical and regulatory fragmentation is evident and throws up several difficulties when introducing changes or standards that should be recognized globally.

How do you run a WHOIS search?

There are two main ways to access WHOIS and perform a search:

1. A textual command-line client

This was originally the only method to contact a WHOIS server, usually on a Unix or Unix-like platform. A command-line WHOIS client typically offers options to choose which host to connect for your query. Like many TCP/IP and client-server applications, a WHOIS client collects the request and opens an IP socket to its target server.

2. A modern web-based client available from the browser

Looking at WHOIS information via the web has become quite the standard. At first, web-based WHOIS clients were simply the command-line client with the output result displayed on the web page plus some extra formatting. Nowadays, web-based WHOIS clients usually run the queries directly and format the results. Many of these clients are proprietary software created by registrars.

How does WHOIS work?

Published in 2004, the RFC 3912 is the latest and most significant update to this protocol and describes the WHOIS as follows:

A WHOIS server listens on TCP port 43 for requests from WHOIS clients. The WHOIS client makes a text request to the WHOIS server, then the WHOIS server replies with text content. All requests are terminated with ASCII CR and then ASCII LF. The response might contain more than one line of text, so the presence of ASCII CR or ASCII LF characters does not indicate the end of the response. The WHOIS server closes its connection as soon as the output is finished. The closed TCP connection is the indication to the client that the response has been received.

As mentioned above, the database is mainly run by registries and registrars. ICANN coordinates the central registry for all internet resources, including a reference to the WHOIS server of the responsible registry along with its contact details. Registries also manage the authoritative name servers, which hold the key to a website location.

WHOIS and the concerns about privacy

WHOIS poses a severe risk to privacy since registrant data is publicly exposed and malicious actors can use it for manipulative and dangerous purposes (spam, identity theft, cybersquatting, typosquatting etc.). Its technical roots date back to 1982. Many consider it to be obsolete and, in many ways, inadequate for the current and future shape of the internet.

In 2003, the European Working Group for the protection of personal data in article 29 of European Directive 95/46 expressed reservations about the free accessibility of WHOIS databases. In particular, they highlighted the need to distinguish between data necessary for registration and “optional” data. Also, the IETF itself strongly recommends in RFC 3912 the restriction of “WHOIS-based services for information which is non-sensitive and intended to be accessible to everyone”.

The effect of GDPR on WHOIS

Before the EU General Data Protection Regulation (GDPR), all personal information related to a domain holder, such as first and last name, address, telephone number and email, was available to everyone. With the introduction of the GDPR, effective as of 25 May 2018, WHOIS is still operational, but temporary measures have been taken to restrict access to the databases, making some data publicly unavailable. Access to thin data is still possible, regardless of the owner’s legal status. Instead, access to thick data is limited to cases with an appreciable legitimate interest.

Is RDAP going to replace WHOIS?

Over the past few years, ICANN’s Security and Stability Advisory Committee (SSAC) and the technical community at the Internet Engineering Task Force (IETF) have been working towards overcoming and eventually replacing WHOIS. In March 2015, they published a series of RFCs (RFC 7480, RFC 7481, RFC 7482, RFC 7483, RFC 7484) for the Registration Data Access Protocol (RDAP).

While registration data remains basically the same as in WHOIS, the structure of the response is different. While WHOIS can only retrieve text, RDAP delivers data in a readable JSON format based on RESTful web services. It holds several advantages over WHOIS, such as internationalization, higher security and differentiated access to registration data.

In 2019, ICANN started working with registries and registrars on a pilot program to replace the old WHOIS protocol and make RDAP use mandatory. On 27 February 2019, ICANN issued a notification to gTLD registries and registrars to implement an RDAP service by 26 August 2019. Nevertheless, things have slowed down since then. In the short term, RDAP won’t replace WHOIS altogether, but they will run simultaneously.

A service to hide your sensitive data

Do you value privacy? Optional services known as WHOIS privacy, domain privacy or proxy have been around for a while now. In this case, a third party or the registrar itself acts as a kind of middle-man and has the domain registered in their name, so the actual owner remains hidden. But bear in mind that different TLDs might have different regulations regarding this.

InterNetX offers WHOIS Privacy and Privacy Plus

With InterNetX, you can replace your information in WHOIS with anonymized contact information. Furthermore, as an additional security layer, your data won’t be shared with the registry. You can opt between two different services offering you varying degrees of privacy.

Whois Privacy replaces the registrant’s data with information from the service provider.

Whois Privacy Plus hides the information about the registrant and offers a personalized email address. Emails sent to this email address are forwarded to the registrant’s email address, which is stored with the service provider. It enables anonymous direct communication between the domain holder and an enquirer. All replies by the registrant to the enquirer are also undertaken anonymously.

How can you activate WHOIS Privacy in AutoDNS?

You can easily activate WHOIS Privacy and WHOIS Privacy Plus in the AutoDNS user interface during domain ordering, transfer and domain updates. Remember, you have to specifically start the service for each domain!

Go to AutoDNS icon-arrow--right