Domains By Proxy – NOT AWESOME

The more I consider the common uses of this obfuscation service, the more it confounds me. I cannot see any reason for a legal business entity to use it. If Joe User sets up a domain, keeps a personal webpage on it and wants to keep his registration information private, more power to him. I’d certainly use it in that situation since I don’t particularly enjoy stalkers. But, a business? Really? Why?

Here’s a perfect example of the lack of awesome: non-technical family member A is attempting to exchange email with definitely-not-technical family member B who is in something of a sticky situation. The server that relays these crucial emails is timing out connections, inbound and outbound. I wanted to help, so I figured I’d look up the technical contact for the domain and give them a nudge. I tried it.

Yep, Dear Reader, you guessed it. Their contact information is hidden. The domain’s website provides no avenue for support either, although it is a government site. So this family – and how many more? – remains fractured, frustrated and angry, their email continues to be deferred, and no-one can do anything about it because the admins who could fix it remain in blissful ignorance of the problem.


Tell me again why a non-criminal business needs to hide who they are and how to reach them?

Le Plus Ca Change…

In a previous post, I mentioned a nifty service that will scan any file you upload to it with multiple AV programs. It is both useful and socially conscious, since any problems found are reported to all the participating anti-virus makers so that they can continue to improve their products to the benefit of everyone.

Naturally, if there is light there must be darkness: a couple weeks later I found several articles including one by Brian Krebs, that refer to a new breed of such scanners which are based on the premise that they will NOT share their findings with the AV makers, and make no pretense of being created to serve anyone but malware authors. For $1 per file, they can test their nasty little products against the big guys and no-one will be the wiser. And of course, the currency used is virtual, so there’s no trail to follow there, either.

When I was a kid and I was reading cyberpunk books, I thought it was all amazingly cool. Now that I’m living in the future, I’m finding it deeply alarming. The more I learn about the shadow economy, the more it scares me.

I fondly imagine that the people who are reading this blog are savvy enough to have their computers locked down tight, know how to spot phish, and are generally security conscious. Please, share the knowledge. Go to your parents and sibs and friends and help them learn. The bad guys are ahead of the game, so why not make it a little harder for them?