Sales Line: 028 9507 2311

Why ‘Who Is’ Protection is Vital to Protect Your Privacy

Why ‘Who Is’ Protection is Vital to Protect Your Privacy

This blog post is deliberately long so I apologise for this in advance but I felt it important to give as much information about my findings as possible. By the end of this post you will understand why you should always add Who Is Protection when registering a domain name that offers such an add on.

Background to this Blog Post

As a member of the BWF management team I deal with escalated issues on a daily basis and I was noticing a growing number of customer complaints from clients who were thinking (wrongly) that we were selling or passing on their personal data to other companies after they had registered a .com domain name – primarily India based company selling ‘Web Design’ services via cold calling and unwanted email marketing. At the same time I noticed a number of tweets directed at some of our competitors accusing them of doing the same thing. Below you can see one such random example taken from a competitors twitter feed.

Background to .com Domain Registrations

When you register a .com domain name your details get passed to the controlling body for the domain you have registered and your details appear on the Who Is database. You can get access to the who is database via websites such as:

http://whois.domaintools.com/
https://who.is/
https://whois.icann.org/en

When you register a domain name you get the opportunity to purchase Who Is protection for a fee. This is a chargeable service (ie the registry charge for this so we need to pass it on) and on 12 September we checked some of the most popular domain registrars and this service costs between £2.99 and £4.99 per year. We charge £2.99 per year for Who Is protection at the moment which appears to be at the lower end of the scale of charges when we look at competitors.

What did I do?

I put my investigative hat on and went to Carphone Warehouse, re-lived my teenage years and bought a new Nokia 3310 as a ‘burner phone’ to use as the phone number for my new ‘Fake Company’ Kinkaid Consulting NI. I got the good folks at Giffgaff to send me a SIM with a new number and I topped up the phone. I kept the phone for 4 weeks to make sure it did not receive any calls.

Domain Registration Time

I registered the domain name: www.kinkaidconsultingni.com to a person called Fred Kinkaid (my name is Stephen Kinkaid) and I used the new Nokia Phone Number as the number for the domain registration. Critically I did not enable WHO IS protection on the domain name. This meant that my number was available in the Who Is database.

The Waiting Game….

My domain and web hosting was sorted. I had a holding page on my Kinkaid Consulting NI hosting and I was waiting for my phone to ring. 72 hours after the domain registration was confirmed I was not disappointed as you can see from the log below:

Date Time Number Notes
07/09/2017 9.24am UK Mobile Number Missed call I was not in the office
07/09/2017 11.00am USA +609 area code No one there when I answered
07/09/2017 12.42pm UK 0128 area code Answered but no one on the other end
07/09/2017 1.01pm UK 01697 area code Answered but no one on the other end
07/09/2017 3.06pm UK 020 area code Lady who did not have a UK accent telling me she was from a “Web Designing” company who were UK based. I could not catch the name despite me asking 3 times. She asked if she was speaking to Frederick from Kinkaid Consulting and asked me if I had any need for “website designing or app designing” services. I was busy at the time so ended the call after asking where she got my details and she said ‘From various directories’
07/09/2017 3.26pm USA Freephone Missed Call I was not in the office
08/09/2017 9.27am Withheld Number Male caller who did not have a UK accent told me he was calling from High 5 Design in the UK. He asked if he was speaking to Frederick Kinkaid from Kinkaid Consulting. I specifically asked the caller if he was a UK company and he told me his company name was High Five Design Limited. I asked him how long he had been trading and he said ‘many years’ at the same time I searched on Companies House and saw a company with a similar name was less than 1 month old. He said they specialise in App and Website design and did we have any need of their services. I asked him how he got my number and he said I had requested a call back. I called him out on that and told him he clearly took my details from the who is database. He started arguing with me that I had requested a call back…
08/09/2017 11.08am Weird Number on Caller Display (077158617482008) Female caller who did not have a UK accent asked if she was speaking to Frederick Kinkaid. Told me she was calling from Accenza a web and app design company and she asked if I had any need for a new website for my Kinkaid Consulting business. I said I did not have any need and asked her where she had got my number from. A refreshing honest reply when she said “From who.is on your new domain name Frederick’ – for her honestly I did not give her a hard time and wished her all the best but declined her design services.
08/09/2017 12.01pm UK Mobile Number Answered but no one on the other end
08/09/2017 1.24pm USA +617 area code 3 rings and had rung off by the time I got to the phone


What’s the Lesson Here?

This is a growing problem it seems given a number of our clients have mentioned it and you don’t need to look too hard on twitter at other web hosts getting the same complaints. The only solution we can offer to this growing problem is to add Who Is protection to your domain name. One client asked if we could change his domain registration details to ‘fake’ details but we strongly advised against this as it is a breach of the registry terms and conditions to register a domain with fake details. We therefore are recommending that where you register a domain name you add who is protection.

What are Big Wet Fish doing about this?

We will be increasing our domain name costs by a modest £1.50 per year but we will be giving Who Is Protection by default on all new domains registered. We appreciate that not all clients will want this but we feel the benefit of stopping these spam calls once and for all makes this a very small price to pay. Two of the best known domain registrars charge £4.99 per year for this same product so £1.50 is a modest increase. If any client feels this increase is too much and they do not need who is protection you can simply reach out to our sales team and we will manually place an order at the old price without who is protection. We’re also looking to see if we can add this option to our billing system as well so you can choose the old price without who is protection easily.