Read ICANN Blogs to stay informed of the latest policymaking activities, regional events, and more.

Results of the GNSO Whois Privacy/Proxy Abuse Study

17 September 2013

By Mary Wong, Senior Policy Director

I’m excited to share with you some preliminary findings from one of the GNSO Council’s Whois studies of interest to all of us in the ICANN community. This study – one of several initiated by the GNSO Council to examine various aspects of the Whois system – was commissioned to measure the hypothesis that: “a significant percentage of the domain names used to conduct illegal or harmful Internet activities are registered via privacy or proxy services to obscure the perpetrator’s identity”.

In 2012, ICANN selected the National Physical Laboratory (NPL) in the United Kingdom, led by Dr. Richard Clayton of the University of Cambridge, to perform the study. For the purposes of the study, the phrase “illegal or harmful” describes online activities that violate criminal or civil law, or which harm their targets (such as email recipients or website visitors). Such online activities can range from unsolicited commercial bulk email (“spam”) and cybersquatting to phishing, hosting child abuse sexual images, advanced fee fraud (also known as “411 scams”), and online sale of counterfeit pharmaceuticals. NPL was charged to gather a representative sample of illegal or harmful incidents across the top five gTLDs – .biz, .com, .info, .net and .org – to measure how often privacy or proxy services are abused by perpetrators (alleged and confirmed).

A previous study commissioned by ICANN and performed by NORC at the University of Chicago had concluded that 20% of registered domains across the top five gTLDs used privacy or proxy services. In NPL’s more detailed study on the use of privacy or proxy services across these five gTLDs, they found a statistically significant, above-average rate of privacy/proxy use for domains engaged in illegal or harmful online activities. Notably, NPL extended this aspect of the study in two ways that yielded additional useful data. First, NPL compared the rate of use of privacy/proxy services for domains used for selected lawful and harmless activities (e.g. banks and legal pharmacies) chosen to mirror the studied illegal/harmful activities. Secondly, the team also looked at WHOIS details for domain name registrants who did not use privacy or proxy services, to determine whether they could in fact be contacted at apparently valid telephone numbers.

The following are several key findings likely to be of interest to the ICANN community. Please note, however, that these figures should be read both in the context of the original terms of reference of the study (see http://gnso.icann.org/issues/whois/whois-proxy-abuse-study-18may10-en.pdf [PDF, 321 KB])as well as some of the conditions and limitations described by NPL in the full study. NPL’s findings include:

  • 55% of sampled unlicensed pharmacies used privacy/proxy-registered domain names;
  • 46% of sampled advanced fee fraud cases used privacy/proxy-registered domain names;
  • 28% of sampled websites hosting illegal child abuse sexual images used privacy/proxy-registered domain names;
  • By comparison, just 9% of licensed pharmacies and 13% of law firms studied by NPL used privacy/proxy services; on the other hand, 44% of lawful websites hosting adult content and 28% of legitimate banks studied by NPL used privacy/proxy-registered domain names;
  • For domains used for illegal or harmful activities that were not registered using privacy/proxy services, very few calls to Whois-provided telephone numbers (derived from a list of those that appeared valid enough to call) were answered. Registrants of apparently lawful and harmless domains could not be reached 25-55% of the time, but the rate rose to 83-93% for domains engaged in harmful or illegal activity.

Based on these findings, NPL was able to conclude that the hypothesis for the study is true, and that the percentage of domain names used to conduct illegal or harmful Internet activities that are registered via privacy or proxy services is significantly greater than those used for lawful online activities. They also found that the outcomes were consistent regardless of the method used to avoid providing viable contact information.

I hope that you’ll take the opportunity to read the full study when it’s published shortly, and provide your comments. Look out also for the webinar that will be scheduled at that time with Dr. Clayton and his colleagues, when they will present and discuss their findings with the ICANN community.

UPDATE: The study has now been published for public comment. To review the full study and provide your feedback, go to http://www.icann.org/en/news/announcements/announcement-24sep13-en.htm


Mary Wong

Mary Wong

Vice President, Strategic Policy Management