WHOIS Compliance Checking

The GDPR is set up to protect the privacy of personal data within the European Union and went into effect in May 2018. According to ICANN’s Temporary Specification, certain fields of domain WHOIS data (e.g., registrant names, addresses) should be redacted before being released by registries and registrars.

Our analysis uses historical WHOIS data collected from port 43 of WHOIS servers. Using unsupervised clustering, we identify unprotected WHOIS records in each week as outliers, and give each provider a compliance rank based on the sequence of weekly outlier ratios. The rank is given according to the result of registrant fields of domains held by EEA registrants.

We now have weekly outlier ratios and compliance rankings of 143 registries and registrars. In the paper we used data collected from Jan 2018 to Dec 2019, and here we release updated results as of Dec 2020.

The results are provided at request for WHOIS providers only. Providers may contact us for their own detailed rankings and domain samples.

For more details, please refer to our paper (to appear):
Chaoyi Lu, Baojun Liu, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan, Ying Liu, Joann Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao and Min Yang. From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. NDSS 2021