In message <CAKw1M3MEHHC63+BfS7P365F0Cw6hcGuOKKq0ZaTS+evtdiZDoQ@mail.gmail.com> =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= <me@cynthia.re> wrote:
*) Why is the hiding of information even a priority?
Hiding information is good from a privacy standpoint so you have to weigh the benefit of having the data public against the privacy implications of publishing it. (and consider any potential legal issues/requirements)
Transparency is good from an accountability standpoint. And in my opinion, we have far far too little accountability on the Internet. Practically every day now one can find stories about "hackers" and "cybercriminals" and everyone just shrugs and goes back to work as if this is the way that thing have to be, or that they are supposed to be. My position is simple: If youy want to be anonymous, then get yourself a pseudonym account on Twitter, or Facebook, or YouTube, or whatever, and then blast away. Or alternatively, get yourself a domain name with all of the WHOIS data redacted and then arrange wweb site hosting for that, either on one IP of one hosting company, or several. But somewhere up the chain there needs to be accountability, always. It is *not* a God- given right to have an IP address block or an ASN. It is a privilege. And that special privilege should be reserved for those who are willing to be held accountable for what goes on upon their networks. You and Denis are trying to _remove_ accountability from the equation, and I remain steadfast in asserting that this will only benefit criminals.
*) Are these deliberate obfsucation steps still being justified on the basis of GDPR, or do you now accept as fact that GDPR is irrelevant in the context of the RIPE data base, and that it does not currently compel RIPE to make any changes to the public WHOIS data base whatsoever?
Denis has already mentioned in an email regarding 2022-01 that he will not address any more GDPR issues until there has been a legal review as many of us are not lawyers.
I'm sure that I saw someone post here quite recently that he had checked with RIPE legal already, and had already been assured that RIPE is _not_ facing any current or imminent legal jeopardy with the status quo as it now exists, either in relation to GDPR or in relation to any other applicable law or regulation. If you need me to do so, I will find that posting in the archives and I'll copy it here.
While I can't speak for Denis, you have not convinced me that GDPR is somehow irrelevant
I don't see how or why it should be incumbant upon either me or anyone else to persuade either you or Denis that no change needs to be made. You and he are putting forward and supporting this proposal for a _change_ in the current status quo. It is thus necessary for you folks to make a persuasive case that a change _is_ needed, rather than for me or anyone else to make a case that it isn't.
*) If the goal is to hide information, then why not just take the entire RIPE WHOIS data base offline and hide the whole thing behind some sort of permission-wall that can only be pierced with a legal warrant?
(That last question is, of course, the essential point, since that endpoint seems rather clearly to be the direction in which this is all headed.)
This question is not really an "essential point" in my opinion as there is a big difference between hiding postal addresses and hiding abuse email addresses and route(6) objects.
You are doing just what Denis has done so far in relation to this whole thing... You are evading the question. If transparency is "bad" and secrecy is "good" then why not take that general principal to its final and logical conclusion? Why not just take the whole WHOIS data base offline entirely? It's a simple question. I'd like to see either you or Denis answer it, rather than evade it. Regards, rfg