I really wish WHOIS would go away forever. There is absolutely no point to it. If you don’t pay to get your name private, you get SPAMMED to such an incredible degree, it’s absolutely awful. Literally 10+ calls a day, emails voicemails. So you have to buy the “privacy protection” thing, which defeats the whole purpose anyway. All WHOIS does is create an industry of people selling privacy to WHOIS. This whole narrative about “journalism” and it being used for research sounds like nonsense to me. Something tells me these people have a vested financial interest in this. Would love to hear an alternate point of view on this.
For what it's worth, I've absolutely used whois for journalism. It's helped me contact people for interviews- usually small business owners or bloggers who aren't particularly trying to hide but don't have their contact info on their actual websites.
Most memorably, I reached someone who imported erectile dysfunction supplements from China, only to have them destroyed by order of the FDA because they were actually made with prescription drugs. He said he felt the manufacturer defrauded him and was happy to talk.
But that hasn't worked for me in at least three years, as far as I can remember. The robocall problem has just gotten ridiculous, so everyone's paying to be anonymous. I briefly had a domain registered without privacy protection a couple of years ago, sort of out of principle, and immediately started getting spammy calls about SEO services.
Whois can also be used to identify who owns IP blocks. Which is crucial to many applications such as security.
If you don't want your personal information to be visible thats very different to the full range of what whois can do. You can always use a proxy so there are options for privacy available. I've never got a single spam email/call from my whois data.
WHOIS the protocol is not the problem, it is the data it is used to publish. Then GDPR-related mitigations required would be the same whether you are publishing with WHOIS, RDAP or something else.
Also, ARIN only has allocations made in North America.
Plus, ARIN only covers North American allocations.
I agree WHOIS is completely useless! Anyone can fake this info anyway and anyone using there real info can be SWATTED (https://en.wikipedia.org/wiki/Swatting)
Only if you use your home address. Most people use a PO Box or other forwarding. (or in the case of a business: physical office presence, which is usually published on the website itself)
Anyone who has my name can find my address, voter registration records are easily searched online in many states. I only bother with WHOIS protections (which Gandi includes at no additional charge) to avoid spam, very few people can claim they are truly safe from swatting.
Choose a registrar that doesn't charge you extra? Your name stays in, of course, but your (electronic and snail) mail addresses and phone number can be replaced by registrar-managed ones where they forward you incoming stuff and (mostly) keep the spam.
It's a pretty common thing with European providers, I think.
OVH is weird, they quite often don't obfuscate all contact data. I switched to namecheap for some and they don't leave any of your original data in there.
OWO is sadly not available for some domains I use (notable .de and .eu don't seem to allow OWO).
WHOIS blackout and redesign under GDPR should address the problem of some registries requiring non-obfuscated WHOIS (some even requiring me to put in the ID number of my ID card)
I've actually found that rotating the email address I have listed in whois quarterly addresses the spam problem pretty well. Phone number goes to my Google Voice account which is set up to send everything directly to voicemail.
