This post has been modified to reflect new information since its original publication.
If you’ve ever registered a website, you’ve probably felt a pang of anxiety about having to enter your address, phone number, and email in the domain’s public WHOIS record. To what extent will publishing this information compromise your online privacy? After all, anyone can easily look up this information with one of the many WHOIS lookup tools available.
Keep reading to learn more about the WHOIS database, what the consequences are of exposing your information this way, and the most effective ways to safeguard your privacy on WHOIS.
The WHOIS database
The term WHOIS is short for “who is responsible for a domain name or an IP address?” The origins of the WHOIS database go back to the early days of the Internet, but since 1999, the system has been regulated by a Los Angeles-based nonprofit called the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is responsible for assigning all the domain names and IP addresses on the Internet (among other tasks).
To claim a domain name, individuals and businesses must provide ICANN with identifying information, such as their full name, street address, telephone number, and email address. The original intent of gathering this information was to help network administrators identify and repair problems, thereby preserving the stability and integrity of the Internet. This data is also an invaluable resource for journalists, security researchers, and law enforcement agencies, who use it to trace the spread of data or malware.
ICANN privacy policy states that users must act ethically:
“You agree to use this data only for lawful purposes and further agree not to use this data (i) to allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited, commercial advertising, or (ii) to enable high volume, automated, electronic processes to collect or compile this data for any purpose, including without limitation mining this data for your own personal or commercial purposes.”—ICANN policy
However, there are few consequences for those who increasingly use this information to target domain owners for spamming, phishing, doxxing, cyberattacks, and identity theft.
WHOIS privacy services
The best way to protect your online privacy when registering a website is by using a WHOIS privacy service. Luckily, most registrars offer free or relatively inexpensive privacy products that let you mask your information with the registrar company’s generic contact information. These privacy services work for most domains, but there are certain domains that don’t support these products.
These services keep your name as the owner of the website but use their company information to fill in the rest of the required fields. (This is different than a proxy service that hides your information by becoming the registered domain owner through a complicated legal agreement.)
However, using a privacy product doesn’t guarantee that your information will remain hidden in all instances. If a court order or other legal action requires your registrar to reveal your data, for example, the registrar will have to provide it.
Who should (and shouldn’t) use a WHOIS privacy service
If you’re registering a domain for a business, it’s almost never a good idea to use domain privacy. The address of your business will likely be listed on your website anyway, so the only thing domain privacy will do is make your customers wonder what you’re trying to hide. How can you trust a company that doesn’t want people to know where it is located?
The exception to this rule, however, is if you run a home-based business. In this is the case, it’s probably worth using domain privacy to protect your home address.
Similarly, if your website is for personal use, or if it’s a non-commercial site that isn’t selling anything, then domain privacy is a reasonable investment to protect your personal information.
Why can’t I just enter fake information?
You should avoid inputting fake information. You may get away with it for a while, but missing or inaccurate WHOIS information can lead to your domain registration being revoked. The last thing you want to do is build up a successful online presence and then lose it all because someone filed a complaint with ICANN.
Should I use a throwaway email address?
Some articles on WHOIS privacy recommend registering with a “throwaway” email address used solely for this purpose. While this will protect you from spammers, it is a dangerous proposition. If the email address gets canceled because of inactivity, then you may no longer be able to access your domain registration, which essentially locks you out of your own website. Also, if the email address comes back undeliverable, you may again face the threat of having your domain registration canceled by ICANN.
For more information
Whether or not you decide you employ a WHOIS privacy service, it’s always a good idea to keep your personal information private. If you have additional questions about safeguarding your information online, feel free to give us a call. We offer complimentary advice 24/7 regarding your unique privacy concerns.
We also have a number of self-help articles you can read to learn more about specific privacy topics, including: