API
, , , ,

The future of WHOIS on WhoAPI

It’s been a while since the main focus in our company was WHOIS. And I’ve finally decided to break the radio silence. The main and only reason for now writing publicly about this earlier is because there just wasn’t a clear indication on how exactly the future of WHOIS landscape is going to look like after May 2018 and after the GDPR takes full effect.

Back in 2016 GDPR went live, and the world had 2 years to prepare. Those 2 years are up in May. This new law is going to make a huge impact on a lot of things. Here’s what I am going to focus in this post:

  1. WHOIS in general
  2. WhoAPI,
  3. You as a WhoAPI user (using only Whois API)
Contents hide
1 How will WHOIS change?
2 How will WhoAPI change?
3 How will this impact me as WhoAPI user?
4 Our approach to whois after the GDPR
5 What we did to comply with GDPR on our whois API
6 No private data, even from outside of the EU
7 Summary

How will WHOIS change?

My personal opinion is that we were long overdue on a law like this. And that is all I will share from a personal standpoint. We had absolutely no vote in this change, but we will absolutely comply with this change. It still remains to be seen how exactly the WHOIS will look like after May 2018, so our software may change by then. Right now, we only have rumors and models of possibility.

Proposed Interim Models for Compliance with ICANN Agreements and Policies in Relation to the European Union’s General Data Protection Regulation

You can see in this PDF this is all about the private data in the WHOIS record. Although something like 20% of domain names have WHOIS privacy, and this number is growing, this is not enough. Too many people and companies use private data to spam and scam people. This is a far minority compared to the positive use cases, but nonetheless. If you are relying on WHOIS to get emails, names and phone numbers of domain name owners, your days are probably numbered.

How will WhoAPI change?

One thing is for sure, the future of WHOIS will change, and that will impact one of our APIs. WhoAPI isn’t just WHOIS API. We’ve just revamped our Screenshot API, just last year we launched Domain Score API and this change will have absolutely no impact on our Domain Availability API. Besides, we have other APIs as well. We hope that it is clear to everyone that we are primarily an API company and not a WHOIS company. So what will the change be?

Our Whois API will go through some changes after we see the final model ICANN introduces, and how registrars respond to the growing concerns of the GDPR. GoDaddy made a clear statement to everyone how they will no longer tolerate querying their WHOIS servers. As I’ve already mentioned, if you are looking for emails and phone numbers (which WhoAPI was never about), it may become impossible to get that data in the future. If this data remains available (and I am speculating here) under one of the ICANN models, WhoAPI will impose a stricter application process for access to our WHOIS API.

How will this impact me as WhoAPI user?

If you are using any of our API’s besides Whois API, this will not impact you in absolutely any way. If you are using our Whois API, the impact will vary based on the data you are looking for, and based on the model of WHOIS (how WHOIS will look like) that goes live after May. Again, I am speculating, but if you are using only information such as: domain registration dates, domain expiration dates, name of registrar, nameservers, there’s a good chance you will still be able to access this data. I base my speculation on the ICANN’s proposed model. And it’s just common sense (this is thin whois, and data isn’t considered private).

If you are using domain owner data that contains information such as: email, name, phone number, address, etc. there’s a good chance you won’t be able to access this data anymore.

It is too early to tell or to make guarantees, but if certain ICANN’s model is enabled, AND you have a legitimate positive use case, there’s a chance you might be able to get this data. And no, offering someone a website development just when they register a domain name is not a positive use case. Some of the positive use cases include cybersecurity, tracking down criminals, and fintech.

Our approach to whois after the GDPR

It is the first day after the GDPR is in full motion, and already we were reminded by a certain law firm that it is illegal to contain private data. Therefore I feel it is necessary I write this statement.

First of all, I’ll completely disregard how our American and Indian competition was and is conducting business, and due to this, they were also decimating us in market share. I’ll focus just on us and how we handled whois. Also, this post is not about double opt-in on your newsletter or our privacy policy which we also reacted accordingly and notified our clients. Hint, we didn’t have to change our privacy policy or our terms of use. They were spot on.

What we did have to change is our whois API and IP whois API (EOL in 2022).

For a long time, we haven’t even stored whois on our servers. That’s right. If you asked us the whois for whoapi.com, and then 5 seconds later, another user would ask that same whois, we would go and make the request again. Up until recently we never had a cached version of the whois. We never offered historical whois, nor were you able to purchase “an entire or partial whois database” from us. Never.

Since we did recently start to cache whois to improve speed and put less stress on the whois servers, we did end up having a small whois database. So here’s what we did to comply with the GDPR without waiting for ICANN or other domain registrars.

What we did to comply with GDPR on our whois API

  1. On the 18th of May we warned our clients of the upcoming changes if they were using our whois API and IP whois API
  2. On the 24th, we completely erased the before mentioned database containing whois information.
  3. On 25th we launched an updated whois API and IP whois API so that now it doesn’t display private data
  4. On 26th we reminded our clients that if they still have private data (especially originating from Europe) on their servers, they should consult with their legal department and probably destroy it like we have (and not to take this as a legal advice)

Today, if you make a whois request on our service, you will get some whois information like before (date of registration and expiration, nameservers, registrar name, etc), but not private data (email, phone number, name, etc.). This is retracted with the words “Disabled due to GDPR”. In essence, for us, GDPR was really simple. Simplified, if we couldn’t get the consent to work with the private data (which we couldn’t) we simply deleted it and ignored it. Case closed.

Furthermore, apart from whois, we do have Screenshot API, Domain Availability API, Blacklist API and several other APIs, so this clearly adds to the fact that we are not a WHOIS company, but an API company. So although GDPR and changes in the whois will affect our business we will continue to do business, here’s why.

Without disclosing sensitive information, I can share that a part of our clients isn’t interested in whois at all (remember, we have other APIs). Another part of our clients isn’t interested in private data within whois at all. (We’ve communicated this with them months ahead). And then we had a very small portion of clients interested in the private data. These will likely cancel their monthly subscription and terminate the contract, or they will keep using just the “non-private data”, because that’s all they can get and it is also helpful to them. So far, not a single client has unsubscribed, but we expect this to happen since we do have some cancellations every month.

No private data, even from outside of the EU

Let me reiterate once again the above statement. When I say “we don’t have any private data”, this doesn’t mean “we don’t have any EU private data”! It means we don’t have any private data, period! Whether the domain owner is in Australia, China, Japan, United States, or South Africa, we don’t show the email, name, address or phone number of that domain name owner. Why? Well, as much as this frustrates some of our potential clients, and they proceed to give money to our competitors, we feel that it is not ethically responsible to distribute millions of emails, phone numbers, and addresses to any marketing and sales individual that wants to spam domain name owners. At the end of the day, we sleep better.

We also feel that with GDPR, California Privacy Rights Act, and Brazil Data Privacy Act the writing is on the wall and the trend is clear. Contact details should only be obtained from the owner directly, with their permission. If this confuses you, please read about “Permission Marketing“.

Summary

To summarize, we currently don’t have s single piece of private data on our servers, other than those of our clients which we obtained their consent during the signup process. The whois information we distribute since 25th, does not contain any private data. Same as before, you need to signup if you want to access our services.

Related Posts

August 26, 2023
API

10 APIs you didn’t know existed

Everybody who’s in web development and management nowadays knows about APIs. They’re so commonly used, that they’ve become integral parts of all relevant sites and operating systems. Regular visitors use them daily, most likely without even noticing. If you’re reading this and have trouble placing them, think of the weather app on your phone. The […]

Read More
Company Name to Domain API
August 26, 2023
API

Company name to domain API

At WhoAPI we are constantly evaluating different APIs, and testing the market interest for new APIs we could develop. I am especially interested in APIs that are near the APIs we’ve already developed. One such API is a Company name to Domain API, and its twin brother Domain to Company name API. Since our Live […]

Read More
Screenshotmachine alternative
August 25, 2023
API

Screenshotmachine

Screenshotmachine is a service that allows users to capture screenshots of web pages or websites. It’s a tool commonly used for various purposes, including website testing, website monitoring, and documentation. Here’s how such a service typically works: Specific features and capabilities of Screenshotmachine can change over time, so it’s a good idea to visit their […]

Read More
August 25, 2023
API

Live Whois API

This article is a quick explanation of our Live Whois API feature. I’ll start by first listing some of the frequently asked questions, and then I’ll write some additional information that I think might be interesting. What is a Live Whois API When you do a Whois lookup with our API, you essentially make an […]

Read More
Bulk Whois Lookup
August 24, 2023
API

Bulk WHOIS Lookup: Tools and APIs

The World Wide Web is a vast and intricate network of websites, each with its own domain name. To keep track of domain ownership and related information, the WHOIS database was created. WHOIS is a system that provides information about registered domain names, including the domain’s owner, registration date, and contact information. Using a bulk […]

Read More
August 24, 2023
API

ZIP Code API

Unveiling the Power of ZIP Code APIs: Enhancing Location-based Services In our increasingly interconnected world, precise location data has become a cornerstone of modern applications and services. From e-commerce and logistics to healthcare and marketing, understanding where your users or customers are located can make all the difference. ZIP codes, a system originally designed to […]

Read More

GoranDuskic

Founder and CEO of WhoAPI Inc. Goran Duskic is an internet entrepreneur since 2006. He co-founded and sold several online ventures, including a web hosting company.

Pin

Post a Comment

Your email address will not be published. Required fields are marked *