Is whois protection configurable?



I’m going to transfer some domains to Cloudflare.
I did some research and see that all domains will have whois protection enabled by default.
Is it configurable? Can I disable the whois protection?


Cloudflare Registrar and WHOIS privacy

Yes you can under Configurations > Edit WHOIS


I can see you can edit whois but feature for disabling whois protection i am not seeing myself ?


I am also not seeing the ability to turn on or off WHOIS protection? ANy thoughts?


I, too, cannot find the setting to turn off WHOIS protection. I need to be able to display contact details for all my domains.


I believe CF and other registrars are required to hide whois info for GDPR purposes.

I also think showing WHOIS info is ok if a business owns the domain, but for now CF doesn’t support that.


Haha, I will need to transfer some domains out after 60 days if CF is not going to support showing my real Whois info.


Actually, that is not the case. GDPR applies to businesses headquartered in the EU, but registrars headquartered elsewhere decided to take the opportunity to address general concerns about privacy by retiring their paid WHOIS privacy products and making them a free option for all customers. They were under no legal obligation to do this, and some did not participate in this shift.

Importantly, they all retained the option to switch off the WHOIS privacy because that is an ICANN requirement. There are many situations in which it is necessary to display the WHOIS details, mostly revolving around the need to verify who owns the domain. I presume that Cloudflare will eventually end up adding that option in order to keep their ICANN accreditation.


Actually, GDPR applies to any organisation who does business with anyone in the EU. Where their headquarters is does not matter.

also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects.


That is according to the EU but, beyond their borders, their rules have no more legitimacy than US laws have within the EU, or Zimbabwe laws have within Canada. The GDPR does not fall under the WTO or any other international agreements, such as those that enforce copyright - in those cases, (some) sovereign states agree to mutually enforce specific areas of law.

You sometimes have situations in which international companies have subsidiaries within the EU, in which case they must comply with EU rules and taxes. For example, the EU walloped Google with a €50m GDPR fine via their French subsidiary, and Apple with a €14.3 billion tax fine via their Irish subsidiary.

In the case of non-EU domain registrars, however, apart from Godaddy, most are too small to have an EU subsidiary, so, the general shift to free WHOIS privacy was coincidental with the introduction of the GDPR but not actually legally necessary, even when selling to EU customers. Note, for example, how few US companies apply VAT to sales to EU customers.


This is not the place to have this debate.