How private is a private domain?
February 8, 2013 5:56 AM   Subscribe

When buying a web domain, one is given the option(for an additional fee), to make the domain "private" where the owner of the domain is hidden from public view. Then the question is, how private is a private domain? Can a web smart person or internet ninja find out the information? The desire is to hide the domain and completely non-work related blog from my employer.
posted by sock, the puppet to Computers & Internet (6 answers total) 6 users marked this as a favorite
You don't give any specifics but any information would certainly be be surrendered on a subpoena. This askme about anonymity was very good.
posted by sammyo at 6:03 AM on February 8, 2013

For one thing, the domain registrar could be forced to reveal your identity by court order or perhaps other legal means.

If someone who had no idea of any connection between you and the domain was trying to find out its owner, that would probably be relatively difficult, and would probably require gaining access to the registrar's systems; so it would depend on how secure the registrar and the billing company, etc., are.

(Or a comprehensive system like the "Great Firewall of China" that is watching and correlating all the traffic on a large portion of the internet might be able to match you up to the domain. These sorts of things are probably in use in much of the world at this point but hopefully only governments will have access to such capabilities for the time being.)

But if someone had reason to suspect a connection between you and the domain they could conduct surveillance on you and observe you accessing the domain or accessing the registrar's or web host's web control panel or for example reading GMail emails related to it. If you did this from work, IT people monitoring the company's network might observe you doing it, or if you were working at home on a company laptop the laptop might record and report what it's been used for, or provide back-door access to allow an IT person to watch what you're doing as you work. On a personal computer that belongs to you a spyware infection or someone with access to your ISP's network might be able to observe you.

So it's by no means a guarantee of privacy but if it only costs a few dollars a year it's probably worth it, if you're also taking precautions against being discovered in one of the aforementioned ways. If it's your own name on the registration it's immediately available to anyone using whois tools.

A recent thread about anonymous blogging. (on preview, the same one sammyo mentions)
posted by XMLicious at 6:15 AM on February 8, 2013

The danger of the writer on the domain writing something that out themselves is far greater than the danger that somebody will hack the registration dB and find the writer's name.
posted by COD at 9:53 AM on February 8, 2013

There are additional risks that nobody has mentioned yet... So you have a domain, assuming this will be used for web content served by an httpd. You also need hosting/colocation. This has varying levels of privacy and legal risks depending on where your hosting is physically located. Your site will have an IP address which belongs to some entity (typically a colo/hosting ISP) which may be compelled to provide information about who you are.
posted by thewalrus at 11:04 AM on February 8, 2013

As far as I know, private domain registration is fairly limited in what it does. There is a Whois database with a whois record associated with every domain. It records who registered the domain, who is the technical contact for the domain, etc. Anyone can easily run a whois query. With private registration, your domain registrar puts their contact info in the whois record for your domain. That's it.

Private domain registration is about as secure as having an unlisted telephone number—it helps, but it's not a privacy panacea. To truly maintain privacy, private domain registration is necessary but not sufficient.

On the other hand, if your employer doesn't have any legal authority beyond that of any other private entity (e.g.—you don't work for the NSA), private registration, along with common sense precautions such as never accessing the domain from your employer's network or your company laptop, may be enough.
posted by paulg at 12:23 PM on February 8, 2013

If you're hoping to keep a domain private, you should opt for domain privacy from day 1. A subscription to DomainTools, for example, give access to historical WHOIS data, so the registrant's name would show up for all dates until the privacy upgrade is applied.
posted by third word on a random page at 1:03 AM on February 9, 2013

« Older Black Party Etiquette   |   What was the name of that well-funded mobile app... Newer »
This thread is closed to new comments.