[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 3778

File: 1485152992560.png (27.92 KB, 196x196, scared.jpg)


Good morning, Lain. I fuarked up. I registered a .us domain for a novelty domain name, but I forgot that .us domains cannot be bought with WhoisGuard, so now my full name and address are openly available in that domain's Whois record. This domain has been hosting a site with a steady supply of visitors for a few months. I'm thinking about migrating to a different domain and letting the old domain redirect to the new one until I no longer receive redirects from there, and to then cancel the domain. Thanks to all the domain metadata websites out there, may those who run them burn in hell, my Whois will probably persist in Google's cache for some time.

Do you have any experience in mitigating this type of total fail, Lain? Do you see further issues with my current plan?


The damage is already done, so there's really no point in backtracking. If someone wants to find out who runs it, they'll find out if they try hard enough. As long as it's not illegal, porn, or you're an asshole, no one honestly gives a soykaf about doxing a nobody like you.


This is the type of thing that can't be undone. It's awful that this level of vulnerability is required to own a website.

The best thing I can think to do in the face of privacy violations is to simply do nothing I wouldn't want to acknowledge I did, which I interpret as being "I say exactly what I mean."

You, of course, are probably different and so this advice is of dubious use.


this is bad advice. Raising the difficulty bar definitely will discourage many would-be attackers.


Why do not you try the same thing as sushi?


I'm sorry, who? And what did they do?


I normally use someone else's vital information while supplying my own phone number and email. But then again. Really only an option when I knew the site might draw some ire and might point back to me.

Your only other option is to "transfer" that domain over to a few fake pseudonyms (while enacting your redirect plan) so that hopefully someone runs into a tiny bit of obfuscation in retrospect, should that level of scrutiny come to pass.