Confidentiality and domain name protection

When you register a domain with a domain name registrar, you must provide complete contact details which may under certain circumstances be accessible to the public. If you aspire to more data sovereignty, security and privacy, then you need to implement seamless domain privacy. With domain name protection, you or your domain registrar can remove publicly available personal or business data from the domain’s WHOIS entry.

What is domain name protection?¶

Domain name protection is often associated with the terms domain confidentiality or WHOIS address privacy. All these reflect the principle of a reliable anonymity and confidentiality when registering a domain. Anyone registering a domain must provide various information for this purpose. Details of the person, company and contact details are required to officially conclude the purchase of your own domain. They generally cover:

• name
• email addresses
• business address(es)
• telephone number

The problem encountered here is that the information about people and contact details associated with a domain during registration is not private, but publicly accessible via the WHOIS database. This at least applies when the domain name registry or registrant does not care about complete domain privacy and protection. Domain privacy allows the anonymization of associated information and consists of replacing it with information relating to the domain or hosting service provider. This allows you to reliably protect your personal or company data.

What is WHOIS?¶

Domains with corresponding IPs and associated personal and corporate data are managed by ICANN (Internet Corporation for Assigned Names and Numbers) in domain namespaces. To coordinate the IP addresses and domain name servers (DNS), ICANN determines how domains are registered. In addition, the organization manages the allocation of DNS, IP and associated data by an antenna called IANA.

When registering a domain, customers provide personal data to registrars and registrars, which in turn can be viewed in the WHOIS database. Thus, WHOIS is an Internet registry that provides all available information about a domain. The main purpose of data collection is to verify the legitimacy of a domain registration. WHOIS entries, on the other hand, are intended to ensure that contact with the domain holder is possible in the event of legal or technical problems, as well as in the event of other requests.

A WHOIS entry in the WHOIS database includes the following information:

• domain name

• domain registrar

• DNS entries / DNS Server
• date of recording
• domain registration expiration date
• information about the registration renewal date
• domain status

• ADMIN-C and TECH-C

• contact details (email, telephone, address, name) of the domain holder

Depending on the type of domain or domain extensions, the scope and content of the WHOIS information provided may vary, as different registrars may be responsible for it. Under the GDPR, numerous WHOIS domain entries in the European area are also automatically anonymized for Domain Privacy reasons and are only available upon legitimate request.

What is a WHOIS request?¶

If you visit a website or want to learn more about a domain, you can perform a WHOIS search. This makes it possible to determine when a domain was licensed for which person or company. Depending on the scope of WHOIS entries, contact details and personal data about the domain holder may also be available. A WHOIS lookup, also known as a “WHOIS-Lookup” request, is free and can be carried out at various domain administration offices.

Here are a few :

• ICANN via ICANN WHOIS LOOKUP service
• the WHO.IS service under WHO.IS
• domain search for country-specific domains via Afnic (French Association for Internet Naming in Cooperation) under afnic.fr

The benefits of a WHOIS search are as follows:

• verify and prove the legitimacy and uniqueness of a domain
• collect information about a domain before registering a new one
• allow contact with domain holders in the event of technical or legal problems

What role does GDPR play for domain privacy?¶

Since the GDPR (General Data Protection Regulation) came into force on May 25, 2018 across Europe, the processing, publication and storage of personal data are subject to strict regulations. This also applies to the collection and publication of information regarding domains. Thanks to GDPR, this also applies to privacy protection in domain management. Since then, domain name registrars have been obliged to remove or anonymize personal data in the WHOIS entry – at least in the EU for ccTLDs (top-level domains), as well as only for generic top-level domains (in English: generic Top-Level Domain or gTLD).

Domain operators and providers must, in accordance with the GDPR and unless otherwise indicated by the domain holder, remove personal data from publicly accessible WHOIS entries. Many domain registrars now offer their own automatic domain name protection services upon registration. Here are a few :

• anonymized redirect or contact address for WHOIS searches to provide selected data or process queries
• WHOIS entries about domain registrants are replaced with information from the registrar or a third party
• WHOIS protection selected for selected domains
• two-factor authentication and private administration of WHOIS

What are the benefits of domain privacy?¶

When considering the benefits of WHOIS entries, it is important to weigh the benefits of WHOIS entries against those of improved domain privacy. Publicly available domain information offers the advantage of being able to respond to requests and problems raised by site visitors or to inquire about domain attribution and ownership.

The benefits of domain name protection are:

Can we use WHOIS Address Privacy for each top-level domain?¶

The ability to use domain privacy depends on the respective registrar or domain provider. It should be checked whether the protection of the domain name is compatible with the respective contractual conditions of the provider. For top-level domains in the EU, the GDPR applies in the respective implementation by registrars regarding domain registration, such as Afnic, ICANN and others.

For example, the implementation of the GDPR directive by the AFNIC registration office competent for Internet addresses .Fr requires the registration of the following data in parallel with the domain registration:

• name
• email and postal address
• two email addresses for contact
• technical data of the field

However, this data does not appear in the public WHOIS entry. For domains .Fr registered, we only find the status of the domain (registered or not registered), the technical data of the domain, an anonymized email address for general and technical requests as well as an anonymized email address for requests in the event of illegal use or abusive of the domain.

How to Set Up Domain Privacy Successfully¶

If you want to use domain privacy when registering your domain, be aware that domain providers offer you this option upon registration without a major impact on domain costs. Domain name protection at IONOS, for example, works quite simply using a private domain registration. IONOS acts astrusted intermediary at the interface between you and the WHOIS database. Your personal data contained in the WHOIS entry will automatically be replaced by general company data, which does not allow conclusions to be drawn about the domain owner. Private domain registration with IONOS is compatible with domains with the following extensions:

• .com
• .net
• .org
• .biz
• .info
• .name
• .mobi
• .CC
• .TV
• .mx
• .com.mx