Latest news of the domain name industry

Recent Posts

Weak demand for private Whois data, ICANN data shows

Kevin Murphy, January 17, 2024, 13:54:15 (UTC), Domain Services

There were fewer than six requests for private Whois data per day in December, and most of those were denied, according to newly published ICANN data.

The disappointing numbers, which also show that only about 2.5% of accredited registrars are participating, show that ICANN’s new Registration Data Request Service is certainly off to a slow start.

RDRS launched in November. It’s a ticketing system that enables people to request unredacted private Whois data, with no guarantee the requests will be granted, from registrars via an ICANN portal.

As it’s a two-year trial, ICANN promised to publish usage data every month. The first such report was published today (pdf).

The report shows that 1,481 requester accounts have been created so far, but that just 174 requests were made in December — about 5.6 per day on average.

Almost a third of requesters were intellectual property interests, with domain investors at 4.5% and law enforcement at 8%. Security researchers accounted for 15% of requests.

The data shows that most requests — 80.47% — were marked as “Denied” by registrars, largely because the registrar needed more information from the requester before it could process their request. ICANN said RDRS has no visibility into whether data was ultimately handed over outside of the system.

The supply-side data isn’t particularly encouraging either. Only 72 registrars were participating in RDRS at the end of the year.

That’s 2.5% of the 2,814 registrar entities ICANN contracts with, but if we exclude the 2,000+ drop-catching shell registrars owned by the likes of TurnCommerce, Newfold Digital and Gname, participation might be more fairly said to be closer to 10%.

ICANN said that the 72 registrars, which include many of the largest, account for 53% of all registered gTLD domain names, so you might think requesters have a better-than-even chance of being able to use the system for any given domain.

That’s not the case. RDRS data requesters are finding that the domain they are querying belongs to a non-participating registrar far more often than not — 80% of queries through the system were for domains not in the system, the report shows.

And when the registrar is participating, chances are that the data request will be denied — 80% were denied versus just 11.72% approved and 1.56% partially approved.

It takes on average two days for a request to be denied and four days for a request to be approved, the report shows.

While the results to date are arguably disappointing, given the years of effort the ICANN community and staff put in to build this thing, it’s still early days.

I also think it quite likely some of the numbers have been skewed by both the Christmas and New Year holiday period and early-adopter requesters kicking the tires with spurious requests.

Tagged: , , ,

Comments (9)

  1. Owen says:

    I’m not sure why you’re spinning the numbers as “disappointing”. Perhaps they’re actually representative of how there is very low demand/need for registration data, and those who think they need the data do not have a legitimate basis to make the request. These numbers align with TACO from Tucows, which has shown very low usage for years.

    • Kevin Murphy says:

      Years of effort and millions of registrants’ tax dollars were pumped into this thing on the basis that such a system was needed and there would be demand. There isn’t (yet), so it’s disappointing.

      • Owen says:

        This is something that came out of the ICANN policy process, and is a beta to determine whether or not there is demand/need for a fully featured system. It is a relatively lower cost test to determine whether to invest further, and is intended to provide data (one way or another). So “disappointing” could mean “not enough demand to spend hundreds of millions of dollars to build a complicated disclosure system no one will use” which some might not consider “disappointing” at all (but a good thing to save money in the long term).

  2. Rubens Kuhl says:

    The real question will be whether to keep RDRS after 2 years or not. The question on whether would be worth it to build the ultra-large EPDP Phase 2 system seems to have been answered by this first report.

    • Owen says:

      Two months of data is not enough to reach a conclusion about the viability of a full system as envisioned by EPDP Phase 2. I think the full two years is better to see if there’s any increase/decrease over time, and other metrics which can better inform the community.

      Sure, not much usage yet but it’s new and that was over a generally slow period for ICANN. I’m not expecting a staggering increase, but we’ll see.

  3. Theo Geurts says:

    LEAs usually have a legal basis to request data.
    But they have a capacity issue at the moment as the majority of all cybercrime related reported incidents never get investigated and as such low requests for now.

    The LEA capacity issue is maybe addressed over 10 years, maybe longer. So sun setting this system over two years might be not such a great idea.

    • Rubens Kuhl says:

      While this is still to be determined, my feeling is that RDRS as it stands now will endure much longer than the 2-year trial. We just can’t take it for granted.

  4. John Berryhill says:

    Getting WHOIS data is simple, as long as it is worth 400 euro to get it, which it sometimes is.

    File a pro forma UDRP complaint against the domain name with the CAC for 800 euro. You’ll get the registrar data within two days. Then, withdraw the case for a 400 euro refund.


    • Rubens Kuhl says:

      A number of registrants have seen their identities disclosed after cease&desist letters to contracted parties… so it might be cheaper than that.

Add Your Comment