On Mon, 6 Jun 2022 at 22:30, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Registered companies have in the past been LLCs or the local country equivalent and in some cases, using the id of random people paid a few euro to allow their name to appear in LLC paperwork, if I remember right.
The same thing is quite likely for “natural person” to be “some old drunk I met in a bar who handed over his ID to be used for registering ripe resources”
This defeats your own argument. You were arguing you need to know the addresses of these natural persons so you can link separate resources having the same address. Using the IDs of random people and drunks from a bar will give them all different addresses. Knowing these addresses doesn't help you in any way. Also an LLC is a registered business. Their addresses will remain public in the database. cheers denis proposal author
--srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of denis walker <ripedenis@gmail.com> Sent: Tuesday, June 7, 2022 12:19:43 AM To: Richard Clayton <richard@highwayman.com> Cc: anti-abuse-wg <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] personal data in the RIPE Database
On Mon, 6 Jun 2022 at 19:27, Richard Clayton <richard@highwayman.com> wrote:
In message <CAKvLzuGDaye7RTgCbS=Y29aDpNViTaZs+9Xpe72yo- jGZDA5xw@mail.gmail.com>, denis walker <ripedenis@gmail.com> writes
On Mon, 6 Jun 2022 at 17:57, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Always a useful thing to do if you want to block all resources held by a
single actor or set of actors.
So are you saying that you DO use the ORGANISATION object address to match resources held by different members at the same location? If so there are technical ways to offer that functionality within the database without exposing the full address of natural person members.
you're about to suggest hashing ... that doesn't provide what is needed because it is far too fragile to be useful given that WHOIS entries are not canonicalised and also contain minor errors
I had something similar in mind.
you can find countless examples of typos, old addresses etc within the RIPE data. For a contemporary example check for inconsistent use of Kiev/Kyiv for resources held by exactly the same person/organistion.
OK lets narrow it down a bit. The address of a registered business will still be publicly available in the database. So if someone has registered multiple businesses at the same address this data will still be available, even with any spelling mistakes.
What we are talking about are the resource holders who are natural persons. When these people apply to be a member I am sure the RIPE NCC requires proof of identity and proof of address. (They will correct me if I am wrong.) So unless a group of natural persons are all living at the same address and all provide proof of that, then you are not going to get this address correlation anyway. If a group of natural persons are all operating from a common commercial address, not a personal address, then the address will still be publicly available in the database.
The only resource holder's addresses that will be restricted are for natural persons who are operating from their home address. Those addresses are likely to be unique in the database.
I will give a balanced argument and point out that there is a downside. RIPE policy allows multiple LIRs. So a natural person operating from their home address can become a Member and then set up multiple LIR accounts. Each of these accounts will be linked to separate ORGANISATION objects with the same address. Because it is a natural person and their home address, that address will have restricted access. Each of these LIRs can get separate, distinct allocations and the address link between these allocations is lost publicly. This can be fixed if we modify address policy, requiring the RIPE NCC to publicly identify the link between multiple LIRs with the same owner. Relying on the address as the main link between multiple LIRs is not perfect anyway. A Member may be able to set up multiple LIR accounts with different addresses. Having an official link would be far more reliable.
The bottom line is that there are honest, law abiding people who are, or would like to be, resource holders but are exposed to considerable personal danger by making their name and address public. We must take the personal privacy issue seriously. If this creates problems in other areas we need to find solutions to those problems.
cheers denis proposal author
-- richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 --
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg