An open letter to the .us domain registrar

I attempted to send this message to the .us registrar’s contact form but they kept on throwing up unreasonable, hidden barriers; it required a full first name that’s at least four letters long (sucks to have a name like “Jay” I guess) and “must only contain alphabets” (i.e. no punctuation or spaces, sucks for anyone with apostrophes) and the text input must be under 500 characters, with no indication of how many characters you’ve written.

So, I’ve submitted a very edited-down version, but am reproducing my letter in full here:

Hi, I have a number of domain names registered under several different TLDs. Most of them allow anonymous proxy registrations, with the sole exception of .us.

The lack of proxy registration causes me to get quite a lot of unsolicited calls, violations to my privacy, and attempted scams from bad actors who are all making use of the WHOIS database.

When will .us allow anonymous/proxy registrations, as is standard for pretty much every other TLD?

The current policy is especially problematic for marginalized people who are subject to protracted abuse, harassment, and threats of violence, and this makes .us unsafe for use for all but the most privileged of people.

I absolutely implore you to revisit this regressive, unfair, and downright dangerous policy that does nothing to actually improve the supposed security of the .us registration database.

Private, friends-only, IndieWeb stuff

Yesterday I participated in the IndieWeb sensitive data pop-up, or at least the first half of it (I had to disappear for my refrigerator delivery). It was really great to have some further discussion about what people want out of this stuff and how we’re all going to agree to get it.

Authentication stuff

One of the biggest pain points that keeps on coming up is there being no support for people to be able to get private posts without having to log in or be notified about them in side channels. Lots of people are doing things like making pages with unguessable URLs and then doing side-channel notification, but that’s unwieldy; fewer folks are doing things with actual login mechanisms.

Read more…

Moving away from Disqus

So, Disqus has served me pretty well for quickly embedding comments into my website, but there are a few pretty big downsides to it:

  • No support for private/hidden threads
  • No way to disable random discovery of hidden threads, by design
  • They’re trying to make the whole Internet into their own forum rather than providing “just” a comment system (not that anyone even uses it the way they intend)
  • Their UX keeps getting more and more cumbersome and annoying

I’m going to look into alternative comment systems, ideally ones I can self-host. Isso looks promising, if a bit sparse. So does Schnack. (I’m going to try Isso first because its setup/requirements are far less onerous.)

Anyway, thanks Passerine for bringing the privacy leak issue to my attention. I figured there was probably something like that lurking in the shadows, but I didn’t think it was quite so close to the surface…