Domain registrar data not fully redacted

I have domain example.com registered and parked on Cloudflare. It seems like organization name is not redacted at all which leads to my full name publicly available (My company’s name is literally my full name). The weird thing is Cloudflare itself (either in domain’s settings or on https://rdap.cloudflare.com/) shows organization name as redacted but https://who.is/, https://domains.google/ or any other site can show non-redacted organization name just fine for registrar, administrator and billing sections. I’ve changed organization name to some random stuff in domain’s settings for now.

Second thing is why Cloudflare does not hide region and province? I have other domains on Namecheap, Godaddy or Google and everything’s redacted there including province and country changed as something other than my real location. Yes, I know ICANN policy excludes location from being redacted but still other registrars just hide it by themselves.

So to summarize, I have three questions:

  • as I changed organization name to some random stuff, should there actually be the real data for some internal entities or whatever?
  • Why doesn’t Cloudflare hide all the data including organization name, province and country? This actually can be self-explained - if I can change the data to whatever I’d like in the end then I can just handle covering data by myself
  • As actually only Cloudflare shows organization name as redacted, isn’t it some bug? Just reminding any other 3rd party who-is lookup shows organization name just fine.

Need to say I asked support for all the things above and they just replied with some common stuff and “we are unable to proceed with your request” formula in the end. This is not very supportive for the support.

Anyway thank you in advance for any explanation!

2 Likes

My response does not seek to fully answer your questions as posed, as they related to Cloudflare’s corporate policy.

What I want to point out is that ICANN’s guidelines on registrant data redaction relate to “Personal Data”, and not all registrant data are regarded as “Personal Data”. For instance, section 2.3 of the ICANN guidelines specifically states:

2.3. In responses to domain name queries, Registrar and Registry Operator MUST treat the following Registrant fields as “redacted” unless the Registered Name Holder has provided Consent to publish the Registered Name Holder’s data:

  • Registry Registrant ID
  • Registrant Name
  • Registrant Street
  • Registrant City
  • Registrant Postal Code
  • Registrant Phone
  • Registrant Phone Ext
  • Registrant Fax
  • Registrant Fax Ext

You’ll notice that fields like Organization, State, and Country are not in the above list of what MUST be redacted, leaving them subject to the corporate policies of the individual Registry Operators (of specific TLDs) and Registrars.

So it seems Cloudflare Registrar is following the current ICANN guidelines.

But why doesn’t Cloudflare do more? Why doesn’t Cloudflare go beyond the ICANN guidelines and redact ALL Registrant data, as other registrars do?

That’s a question beyond my pay scale :smiley:

4 Likes

Thank you for your reply!

According to the ICANN guidelines there is 2.4 point which states Admin/Tech/other organization name must be treated as redacted but Cloudflare leaves it as non-redacted. Or have I understood it wrong?

And as far as I know these guidelines are based on GDPR PII which states full name is personal data. My organization name is literally my full name so I guess it should be treated as something to be redacted.

I have read more and it came to that what Cloudflare does is WHOIS redaction/protection. To have everything hidden it should apply WHOIS privacy. This is why Godaddy/Google Domains/Namecheap have all the things redacted. So yes, unless you are fine with leaving organization name (as long as it’s not a bug), country and province visible, you should not register your domain with Cloudflare.

I think a lot of the companies you reference insert proxy details instead of redacting the data. Cloudflare redacts but does not provide their own privacy proxy service like some other registrars do.

Yes, you are absolutely right. Looks like Cloudflare does not apply any WHOIS privacy or proxy - just redaction.

However another thing is Cloudflare itself states organization name is redacted (as per data on https://rdap.cloudflare.com/). But using any other WHOIS lookup (eg. https://who.is/ or even https://client.rdap.org/) you will have organization name just visible. At least this is the case for my domain.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.