Launching RDAP; sunsetting WHOIS

Original Article ↗ Hacker News Discussion ↗

Perceived Decline in WHOIS Usefulness

  • Many commenters say they haven’t meaningfully used domain WHOIS in years; GDPR, privacy proxies, and spam harvesting of contact data are seen as having largely “killed” it.
  • Others still rely on it regularly for:
    • Checking if a domain is registered, with which registrar, and since when (useful for scam/fraud detection).
    • Finding abuse contacts and registrar info in security/ops work.
    • IP WHOIS (e.g., ARIN) for netblock ownership and abuse reporting, which is widely viewed as still valuable.

RDAP vs WHOIS (Protocol and Tooling)

  • RDAP is described as “WHOIS over HTTPS/JSON”: same underlying data but structured, authenticated, and machine-parseable.
  • Supporters emphasize:
    • WHOIS is an unstructured text blob with virtually no standardization; programmatic parsing is a nightmare.
    • RDAP has detailed RFCs, a consistent JSON model, and is much easier to integrate into tools and automate.
  • Skeptics are wary of increased complexity vs the bare-bones simplicity of WHOIS, and some fear change “for political reasons.”
  • Deployment is incomplete: many TLDs (especially ccTLDs) still lack RDAP or heavily rate-limit it, so a mixed WHOIS/RDAP world is expected for some time.
  • Most users are expected to keep using “whois lookup” web tools or CLI wrappers, with the protocol swap mostly invisible.

Privacy, Identity, and Accountability

  • Strong criticism of the historic model where registrants had to pay extra for privacy or expose name, address, phone, and email to the world; WHOIS is described as a spam and scam magnet.
  • Examples of TLDs (.us, .in, .edu, some ccTLDs) that forbid privacy, leading to real harassment/spam stories.
  • Debate over real vs fake registration data:
    • One side: use real info to retain legal control and recover stolen domains; domains should have accountable owners like land records.
    • Other side: anonymity is important for safety or sensitive/political content; public personal data is dangerous and unnecessary when law enforcement can subpoena registrars anyway.
  • RDAP’s “differentiated access” is viewed by some as enabling better privacy (“not everyone sees everything”) and by others as a vector for monetization and law-enforcement overreach.

Broader Web Changes and Nostalgia

  • Several reflect that WHOIS once helped contact site owners on a more personal, decentralized web; now most content lives on big platforms, and individuals less often own visible domains.
  • Mixed feelings: today’s web is more accessible to non-technical people, but also more centralized, “gated,” and less personal.