Preventing WHOIS

Hello!

I LOVE privacy. Is there a way to set up a website anonymously? Right
now anyone can use whois http://www.yourwebsite.com and he'll find out
who the domain is registered to. There is the possibility to use a
company that offers you a proxy server but then that company legally
becomes the holder of that domain.

I'd like to be the sole owner of the domain and yet be impenetrable to
the whole whois gestapo thing. Is there a way?

Are there some top level domains that are more suitable for this than
other?

Is there anybody out there who can offer me some help, give me some
pointers of something?

 

Lie.

 

On Mon, 23 Feb 2009 11:10:02 -0500, Ari© wrote:
The person who calls himself "No One", but who's real name is Dan
Camper, used this as his signature in his post above:

Meet Ari! http://tr.im/1fa3

Only thing is, the person depicted in the photograph at
http://tr.im/1fa3 is *not* Frank J. Camper, or as he calls himself,
"Ari".

That is a photo of "Kinky" Friedman, who has a webpage at
http://www.kinkyfriedman.com/

FYI

 

Sure. Host your website on 10.0.0.1
Or on 127.0.0.1
Absolute privacy guaranteed. And cheap too.

 

$ whois yourwebsite.com

Registrant:
yourwebsite
36480 Peugeot Place
Newark, California 94560
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: YOURWEBSITE.COM
Created on: 02-Jan-98
Expires on: 01-Jan-10
Last Updated on: 29-Dec-08

Perhaps you would want to use "example.com" (reserved for the purpose)
instead of a domain name actually owned by someone.

Got a cite for that? I've a couple of domains and the privacy company
does *not* own them.

Yes. Avail yourself of the privacy services offered by your registrar.
Normally, it is an extra-cost option, maybe $9USD or about 78 Swedish
Kronor per year.

Explore your registrar's site for the privacy option. Ex:
http://www.godaddy.com/gdshop/dbp/landing.asp?ci=9002

 

wrote in @n2g2000vba.googlegroups.com:

It can be done very privately but it requires *your own* company.

I give the strongest way below but using any company (either one you
already own or a newly-set-up one - I believe *everyone* should own at
least one company) will go a long way to shielding your personal privacy.

For ordinary privacy (not, say, thwarting a multi-million-dollar lawsuit)
the **simple unadorned version** (i.e., any old company with no
embellishments, with all domain registration addresses, etc. as the
company's) is plenty.

But if you want *maximum* privacy, here's how:

A (USian) LLC is preferable to a traditional company. And the best LLC
is a New Mexico one (permits bearer shares, etc.). An LLC has an address
for its New Mexico "agent" but the address of the actual LLC can be (and
usually is) elsewhere (in fact, the mailing address can be different from
the place of business address and both can be different from the agent's
NM address). There is no list of LLC members, etc. (well, there is, but
it's at the LLC's - possibly offshore - place of business It will be
next to impossible to trace you personally if you set this up right
(e.g., have an intermediary set up the LLC and then you buy all the
bearer shares, etc.).

Domain registration (I'll speak of .com; requirements can be different
for some others) is in the company/LLC's name (not a person's). The
other names that must be given (administrative contact, technical
contact, etc) will not have personal data for address, etc. but rather
will use the *company's* address, phone number, email, etc. Anyone
trying to compromise the privacy of a real live human being (whose name
may itself be fictitious - the LLC fired and replaced its "administrative
contact" last month if anyone inquires will dead-end at the LLC agent
(or the LLC's mail drop address) or the actual domain site. (In fact, if
the domain is hosted, it is common for the "technical contact" to be the
hosting site fellow.)

This is much better than lying (it would be a real PITA if, after using a
domain name for years, you lost it because of a registration
irregularity) or going through a registration intermediary like Godaddy
(who then becomes the *real* owner of your domain name).

Regards,

PS Initially setting up the LLC (or just a company in your home
jurisdiction) will typically cost only a few hundred dollars ($300-500)
and annual operating costs (essentially just for the NM agent) are
typically $100-200. Not free, but well within reach of anyone who truly
values his privacy. Pay the LLC fees and the domain name fees with cash
or money orders.

(Incidentally an LLC - or better, several of them - have many other uses
for privacy purposes. There will be no tax complications if your LLC does
no serious business and/or operates on a flow-through basis.)

PPS If you are paranoid a number of additional layers of security can be
added such as having any mail directed to a mail-drop, ideally in a
foreign country (again, can be done for $100 or so). Similar precautions
can be done with telephone (e.g., use VOIP, etc.) You can even have the
LLC itself "owned" not by a person but by a different company (LLC, etc.)
possibly offshore (usually this level of security is only needed for
major tax fraud, asset hiding, etc. and not for ordinary privacy).

 

Sure. Use a registrar that provides for private registrations. ICANN
requires that registrars provide a name for whomever is responsible for
the domain registration. The loophole is that the registrar volunteers
to be responsible. So you register your domain with them but the
registrar list themself as the contact for that domain. There are
several registrars that now provide private registrations and the number
is growing: GoDaddy with their Domains by Proxy service, Network
Solutions, and WildWest Domains (known for having lots of spam sources
and affiliate to GoDaddy) are some of them.

If customers see that you are hiding that they figure there is a
negative reason to do so and they may not trust you. That's how I feel
when I find a domain owner that tries to hide. There are better ways to
block domain registration related spam. For example, in the e-mail
address you provide for registration (required and is supposed to be a
valid, active, and monitored account), just use a rule in that account
to block all e-mails that don't originate from your registrar. You'll
get their e-mails regarding your registration but dump everyone else's.

http://help.godaddy.com/topic/248
http://www.godaddy.com/gdshop/dbp/landing.asp?ci=9002
https://www.networksolutions.com/domain-name-registration/private.jsp

However, I've heard that many of them will divulge the actual domain
registrant when pressed for the information and without requiring a
subpoena. If the plantiff provides sufficient cause for divulging that
info, the registrar will release it. You can try to hide. That doesn't
mean you cannot be found.

 

I'd like to be the sole owner of the domain and yet be impenetrable to

I have one domain registered under a fake name and address, this goes
against the ICANN rules and they will take it away from me when they
find out. But they need to find out first.

If you go down this road I advice you use a working email address to
get your registrar emails and avoid bouncing them.

Many Ltd domains do not allow whois privacy. I would stick to .com and
..net

You can use the whois protection service at http://www.namecheap.com

Or Ixquick "Registrar that offers whois protection"

 

Next problem you may face is proving you are the owner if in fact
the "registered owner" doesn't exist at all

 

Don't flame me just because I'm a n00b... :-(

This contradicts what nemo_outis says.

 

What I want to do is percetly legal. I just don't want some animal
rights/feminist/far left/far right/whatever acitivst to call me in the
middle of the night and threaten me because of my website. That's the
amount of protection I want presently. Later on I might want some
more. Still, if authorities want to find out about me, that's OK.

I am neither a criminal, nor a terrorist, nor a freedom fighter, nor
an advocate of extreme ideologies or creeds, but only a slightly
controversial citizen in need of some basic privacy that I thing is
being compromized if any random punk can call me in the middle of the
night and go bananas towards me.

That's all.

Kind regards,

Tobito

 

Is it heavily trafficed?

Thanks for pointing it out.

What is an Ltd domain? Is it a domain owned by a corporation? Ldt as
in limited. Or do you mean TLD as in top-level domain?

I know that e.g. .se doesn't allow privacy.

Thanks.

Best regards,

 

I don't understand "permits bearer shares, etc". How is that
important? Does bearer shares give me additional privacy, control of
the company, etc? Bear in mind that I'm a n00b.

In case I earn some money, where do I pay the taxes? Do I pay Swedish
income tax only or do I have to pay some kind of American corporate
tax as well?

Good thinking.

PITA = pity?

What an NM agent?

Why is it better to use several of them? Is the idea that company A
owns company B that owns company C that owns www.somewebsite.com?

Does this really work? I mean, are there lots of assets that's
successfully hided this way?

Regards,

Tobito

 

Wouldn't this make my computer a server? Is it possible to set up a
website this way? What would the URL of my site be?

Regards,

 

It would:
a) guarantee you absolute privacy
b) prevent anyone from claiming ownership of your content.
And:
c) It would prevent anyone outside your own network from viewing
your pages.
(And in case you still don't get it: it basically reads: "don't
commit your website to the internet".)

The whole idea behind 'Internet' is universal access.
If you want to publish your opinions anonymously, that can be
done. If you want to retain ownership of your material, that can
also be done (heck, that's even the default situation!).
If you want to hide behind some anonimizer's service, that's also
quite possible.

What you cannot accomplish is: publish matter on the World Wide
Web AND retain the material's ownership AND refrain from using
some proxy organisation's services AND remain anonymous at the
same time.

And as to some other comment in this thread: maybe governements
are much dumber elsewhere (which I doubt), but practically,
anything that is accessible to the government is also accessible
to keen activists. (The latter commonly using governmental data
sources to digg information the government itself is unable to
extract from it's resources

 

There are two levels to my advice. The first, more important one, is to
do the domain registration in the name of a company you own. The second,
more complicated and unnecessary for ordinary privacy, is the
recommendation to use a particular kind of company (a US New Mexico LLC)
because it can be structured to provide some very strong privacy features
approaching anonymity. You probably only need the first level - much of
the info on how to use an LLC (the second level) is moderately
complicated and technical.

One of the "extreme" privacy features of a NM (NM = New Mexico) LLC is
the ability to use "bearer shares." This means that the share does not
have to be in the name of a particular shareholder (e.g., John Smith) but
belongs to whoever holds the share certificate in his hand (the
"bearer"). A bearer share works just like a cheque that says "Pay to:
cash" or "Pay to: bearer" rather than "Pay to: John Smith". Obviously
this permits the owner (i.e., the bearer) of the share to remain
completely anonymous with no record anywhere. This (and other) tricks
make it next to impossible to find out who really owns the NM LLC (i.e.,
the company owning the domain). You hide not only the owner of the
domain but even the owners of the company from almost any search (except
that of an intelligence service of a major government). That's privacy!

(Incidentally, the NM terminology uses "member" and "membership
certificate" rather than "shareholder" and "share" but the meanings are
almost the same.)

....

The normal way a NM LLC is set up is 'as if it wasn't there" for tax
purposes - all income and expenses (and therefore the taxes owing on
them) are passed through to the members (roughly, shareholders). The
members pay any taxes (in whatever country they reside), not the company
(This is called "flow-through"). There is no US tax (but the company
must file a US form saying so).

However, it is best to not have the LLC make any money (use a different
LLC for that). Keep the domain-owning LLC just for that single purpose:
privacy - don't mix privacy and money-making in the same LLC.

By making sure you never make any money in the LLC that owns the domain
name, you ensure that the US tax authorities will never become
"interested" in you. You also make sure there is no money for anyone to
get from the LLC if someone sues it because of the website, etc. Use that
LLC for privacy only, not privacy and business.

....

PITA = pain in the ass = nuisance, bother, hassle

NM = New Mexico

If you form an LLC (in any US state, but I'll confine myself to NM) you
must have a person/company **IN** New Mexico who can receive any
"official" documentation (including service of legal processes, state
communications about the LLC, etc.) on behalf of the LLC (which usually
has an out-of-state mailing and business address).

There are any number of companies/persons who will perform this "NM
agent" function for about $200/year - it's usually done as part of the
process of setting up the NM LLC. There are also annual state fees of
about $80/year.

Incidentally, there are lots of websites that (for a fee) will set up a
NM LLC for you. The problem is that their quality varies tremendously
from reputable firms to outright con artists.

I have shown one way to use LLCs - for privacy regarding domain
ownership. There are many others. For instance, an LLC could be used to
own a house in a different country. That country might have a large tax
if a house is sold. But by having the LLC own the house you can just
sell the LLC to someone else, effectively transferring the house
"invisibly." Of course, you must do a lot of checking if this is legal
in whatever jurisdictions apply.

Other uses for an LLC are to put your assets out of reach from being sued
(many doctors do this in the litigation-crazy US). Or for tax purposes.
But one good principle to follow is: one major asset = one LLC. That
guarantees that you you don't have all your eggs in one basket if you are
sued, ownership gets exposed, etc.

In short, many people use an IBC in a tax haven jurisdiction (e.g., Turks
& Caicos) for privacy/business purposes (some legal, some illegal).
Incidentally, IBC = international business corporation. Well, a New
Mexico LLC is really one of the best IBCs in the world (better and
cheaper and more private than one, say, in the Cayman Islands).

Yes, there are lots of folks who do this but using 'chains" of companies
around the world only begins to make sense (in terms of complication,
cost, etc.) somewhere above $100,000 (some would say above $1,000,000).

But returning to YOUR situation and skipping the fancy stuff:

I suggest that, for simplicity, you do the following without any LLC:
Form a small company in your home jurisdiction (if possible with just one
director and one shareholder). Ask your lawyer if he will "host" the
company (which really means the paperwork, including *his* address as the
company address, just stays in his bottom desk drawer and you pay him a
small annual fee). A lawyer is best because he acts as a barrier/buffer
using client-solicitor privilege to shield you from inquiries.

Register the domain in the name of the company with the lawyer as
administrative contact (using the lawyer's/company's address but a
separate VOIP line routed to you, and email to you at your domain. Same
for technical contact, etc. If anything comes up regarding the domain
your lawyer will contact you (but will invoke client-solicitor privilege
to not reveal your name to any inquiries). This will stand up to all but
the most serious privacy attacks (and will "buy time" even against the
very serious ones).

(If company directors, etc. are a matter of public record (which could
reveal you), consider having the lawyer "own" the company instead of you
with you holding an irrevocable option to purchase the company at any
time for one dollar. However, this extra protection is unnecessary for
"ordinary" WHOIS privacy.)

Regards,

 

Of course not, this is a domain paid yearly that I use it for testing
purposes mainly, I would not want to risk a worthwhile domain name
giving fake name.

But I have had that domain registered with fake details for over five
years now, I think it is very hard for the ICANN to find that out.

It is when problems arise, ie a complaint is made against you, that
this will come to light, but otherwise as far as I know the ICANN does
not go around checking on people's real registration details.

That was meant to be a Top Level Domain TLD, sorry, Ltd. stands for
Limited Company I think, totally irrelevant for this case.

 

Guy is completely right about this. Both he and I are only incorporeal
voices across the internet. You are unwise to rely on either of us but
instead you must do *your own* investigations and due diligence. The
most you should use us for is as signposts to possibly fruitful lines of
inquiry for YOU to pursue.

A good place to start is to RTFM (read the f**king manual In this
case it's the "Registration Agreement" for 000domains to perform
registration for you. You can find it here:
https://secure.registerapi.com/order/register/agreement.php?siteid=35427

It is up to you to decide if this meets your needs. However, although
Guy may find it satisfactory, I find a number of its clauses very, shall
we say, dsquieting!

For instance, Clause 5.3 says (in part):
___

Use of registration information and additional registration information.
You agree and acknowledge that 000Domains will make available the
Registration Information and the Additional Registration Information to
ICANN; to other third parties such as VeriSign, Inc. Global Names
Registry Ltd., Neustar, Inc., Afilias USA, Inc., Global Domains
International (collectively, "Registry Administrators"); AND AS
APPLICABLE LAWS MAY REQUIRE OR PERMIT. [my caps]
___

I think you can drive a truck through that gaping hole (especially the
final "OR PERMIT")!

Clause 5.4 goes on to say (in part):
___

You further agree that your failure to respond in less than ten (10)
calendar days to inquiries by 000Domains concerning the accuracy of the
Registration Information or IMMEDIATELY UPON DISCOVERY OF ANY WILLFUL
INACCURACY (including i.e. phone number of 555-1212, 000-0000) associated
with your domain registration shall constitute a material breach of this
Agreement and WILL BE SUFFICIENT BASIS FOR CANCELLATION OF YOUR DOMAIN
REGISTRATION. [my caps]
___

This puts you completely at the mercy of 000domains in deciding whether
to cancel your domain registration if it (in its sole discretion as near
as I can tell) decides you are in breach. I don't know about you but that
scares the shit out of me!

Oh, but you could appeal, of course - not to an impartial court system
but instead using a special "Dispute Policy" that is incorporated by
reference into the "Registration Agreement" That "Dispute Policy" can be
found explicitly here:
https://secure.registerapi.com/order/register/dispute.php?siteid=35427

This dispute policy can completely destroy your privacy (even arising
from a pretty frivolous complaint) **even if you are lucky enough to win
the appeal and keep your domain registration.** I think it sucks - HARD!
Others may differ.

In short, your ass is hanging in the wind and some very chill breezes
could blow on it. Not because 000domains is a disreputable or dishonest
company (their terms don't seem any more onerous than most others
offering similar services) but because - as is completely obvious on even
the most cursory reading! - the "agreements" are designed to PROTECT
THEM, NOT YOU! The "agreements" are specifically crafted to give them
the latitude to throw you to the wolves at the first sign of trouble!

Once again Guy is completely right - 00domains just wants to make money
off you **providing you don't cause them any trouble.** If you run a
completley "vanilla" site and never generate complaints you could happily
use 000domains for years entirely satisfactorily.

Nut, on the other hand, if you want your privacy to not be totally
dependent on 000domain's goodwill and forebearance, and not to collapse
at the first serious challenge, you would be wise to use stronger
measures such as the ones I suggest.

Your ass, your call.

Regards,

PS If you not already sufficiently frightened by 000domains "agreement"
you should read clauses 10 & 11 regarding 000domains' control of the
content of YOUR domain! You might also read clause 14 about
Indemnification.

Why are these clauses there? Becuase 000domains IS THE REAL REGSTERED
OWNER OF THE DOMAIN - NOT YOU! and is doing all sorts of legal "bobbing
and weaving" to make sure it doesn't become liable for YOUR actions on
ITS DOMAIN! Very understandable (I'd do the same if I were 000domains)
but it leaves YOU out in the cold if anything goes wrong!

 

Guy Macon <http://www.GuyMacon.com/> wrote in

I agree with your clarifications. It seems that ownership is not
compromised. However, the privacy protections they offer are quite weak.
(Well, not really weak when they're in place, just *potentially* very
easy to revoke.)

Yeah, I followed the ICANN privacy story for a while back in the mists of
time and then just gave up on them and used my own privacy mechanisms.

For an example of how one big business (Microsoft!) handles the privacy
aspect (well, not really privacy but not using real persons' names) take
a look at their WHOIS registration. Note that the "administrative
contact" and "technical contact" are really *roles* not *names* (you can
also use a corporate name, including that of the corporate registrant or
some agent company, rather than a human's name) And of course, the
address, telephone numbers and email addresses are Microsoft's. Nice
tight closed loop.

http://www.networksolutions.com/whois-search/microsoft.com

This is similar to what I did with my LLC (except the address is a mail
forwarder and the telephone just leads to a recorded message saying how
to send email or snail mail). My LLC is owned by a Canadian company
which I control.

Regards,

 

Good, yes, but incomplete and inaccurate.