> "Hello, yes, Christian Kastner? Your website is down. Just thought you should know."

This is a perfect example for one of a positive effects of the GDPR afforded to natural persons.

I haven't been associated with that domain for 15 years or so. Why is someone still maintaining my personal data, some of it now wrong/obsolete, in a public database?

Edit: Just to be clear, I don't see a problem with the parent having posted this information here, as the parent just reposted this from another public source. The problem here is clearly the other source.

Realistic version:

• tries to visit ckastner.com

• the website is down

• retrieve the information from an archived snapshot instead https://addons.mozilla.org/firefox/addon/resurrect-pages-isu...

• Christian Kastner was already notified by email from his automated monitoring that the website is down

And his phone number changed 3 times in the meantime so instead you'll be waking up Nina Sonnenschein at 3 am.

Not very realistic for a lot of personal websites. Sure, newfangled ones that leverage similar pipelines as of web applications, absolutely. But a large fraction of the Web is still a bunch of PHP scripts cobbled together on some outdated hosting service, or equivalent.

Not everyone with a website is a web developer, or paid a knowledgeable and modern web developer to make the website.

It's also not realistic to expect people to want some rando to be able to call them about their website.

Is it? I always name my personal belongings (umbrellas et al) so if I forget them somewhere public and whoever finds it is a kind soul, they can return it to me.

Of course nobody _else_ should be forced on sharing details just for this kind of occasional utility, I'm not claiming that.

Am I supposed to make the assumption for you that because you put your name on your lunchbox, you prefer to make available your name, phone number, and address on your website whois?

Honestly, I think you should take social engineering more seriously if you think the benefits outweigh the costs.

Like someone removing their front door because it might encourage someone to drop by for some stimulating conversation.

For example, the author of the "Amazon Backdoor" post a while back suspected that the attacker got their address from a whois of one of their domains.

If his website was down, his email could be down too, if on the same downed server. I suppose an automated monitoring system could phone him though.

For those that weren't around in the 90s, this is exactly what happened. These down votes reflect a perception of the present without a context for the past. The Web was a _very_ different place 25 years ago.

>These down votes reflect a perception of the present without a context for the past

I think rather the comments in support of an open Whois are looking at the past with overwhelming nostalgia instead of objective reality.

To your own point, the Web is a very different place now. But Whois is still the same, reflecting a reality that no longer exists. It's time for a change.

I don't think that comment was supporting open whois, just giving a historical context.

There were still bad actors of course. But the tipping point hadn’t been reached where they materially spoilt it for the rest of us. In those days you might get one spam/phishing/whatever email a week and you’d complain to the SA of the originating site and get a personal email back that they’d dealt with it. Nowadays of course it is a river of sewage.

That sounds like a fantastic reason for whois to be non-public. Perhaps it just receives email and isn't running a web server - why would Christian Kastner want phone calls every day from someone "helpful" on the internet?

The ICANN proposal preserves a way to contact the owner (via e-mail), so that's not impacted.

If your website is down, your mail relay may be down, making e-mail unavailable. The phone is also a much better way to contact someone immediately, which you might want when your website is down.

If you rely on your visitors to phone you when your website is down you are doing something very wrong.

Once I worked for a company where part of the website had been compromised by an attacker, and was being used to host some malware. We only found out when a random visitor found it, then looked through the site and found a random support address (which was supposed to be internal-only), and sent us an e-mail to tell us about it, which luckily generated a ticket which we eventually reviewed.

We would have preferred someone called us immediately, in case we didn't see the ticket immediately. But we didn't have a security hotline publicly listed.

Putting a phone number in a big public directory of phone numbers for when e-mail doesn't work isn't a bad idea, regardless of what anyone (including the EU) says. We've had phone books forever. This is just a phone book for domains.

Well, that's a case for how it should be opt-in, though.