WHOIS privacy clarification needed


I’m planning on moving all my domains over to Cloudflare and need to be assured that my personal info will never be exposed to WHOIS. I realize that Cloudflare registrar redacts all WHOIS data by default, which is excellent! However, there is still the question of how this situation might change in the future. For example, I’ve seen the following comment from Cloudflare staff on this subject:

"That’s correct - it’s redacted by default for all accounts in compliance with the ICANN Temp Spec (ICANN is the governing body for domain registration). They issued the decision as a temporary solution to handling PII after GDPR.

That said, ICANN did just release the final draft for RDAP - a protocol that will replace WHOIS. The industry will be adopting it this fall. It should allow for a way to share contact information on a domain to trusted parties while maintaining public redaction. We’ll be following the development closely."

So, the question that comes to mind is: given that the current privacy solution is temporary, is there any realistic chance that future changes in this area will result in my personal info being exposed to the public via WHOIS without warning and without my express consent? I realize that it’s probably not possible to answer this with a legalistic level of certainty, but can I at least be reasonably confident that nothing like that would ever happen?

If anyone here can take an educated guess about this–or, better yet, if any Cloudflare staff see this thread and are willing to weigh in–that would really help give me the peace of mind I need to take the plunge and transfer my domains over. Basically, I just want to be sure there’s no significant chance I’ll wake up one morning a couple of years from now and see that some new development or policy change has suddenly exposed my info via WHOIS without warning.

Thanks to anyone who can shed any light on this.

That’s pretty clear imho. Denic already does a similar thing. They don’t provide any information except the nameservers. Sure, due to GDPR in Europe.

Trusted parties could be service providers, authorities and so on.

Thanks Mark, I guess I am being a bit paranoid as it does seem clear that they’re saying they have no plans of breaching confidentiality. It’s just that one never knows how these things may change in the future. I’d hope that, if any of these policies were altered down the road in such a way as to be less protective of our privacy, Cloudflare would duly notify us of the looming changes beforehand. It would certainly be reassuring to see a staff member confirm that… :slight_smile:

By default we redact the data. If that were to change for some reason, I don’t know why, I imagine we’d give the opportunity to redact for as long as that is an option. Some registrars charge me for that, but that is not our model or intent.

Great news, thanks! I’ve been burned in the past by other registrars suddenly changing things like this without advance notice. It’s an awful feeling to wake up one day and see that the rug has been pulled out from under you, with formerly private info suddenly public (which is irreversible, given that the data is constantly being scraped and added to databases where it will remain available forever). It sounds like you’re saying that Cloudflare is committed to notifying users before making any sudden changes in this area, so that’s very reassuring. Thanks again.

Fwiw if you are really concerned, I know of at least once whois privacy provider (owned by another registrar) who actually has a free whois proxy service you can use with any registrar, you signup at it’s website and it gives you to proxy details to provide in lieu of your own at the current registrar, so even if CF unmasked it for whatever reason it would still be protected.

Thanks ryan29, that could be useful! Can you share which provider that is? If you don’t want to be explicit, just drop a hint and I’m sure I’ll be able to figure it out. :wink:

1 Like

Yeah I don’t think it’d be appropriate to share a link here because being owned by a registrar it is technically a competitor to CF but I thought I’d share because it is a great option to Anonymize your info.

Thanks! I wasn’t aware of that service. Could really save an epic amount of hassle, in a pinch…