I’ve been working on a personal website, and in my view, a personal website should also come with a custom domain, if possible.
However, one thing I have been worrying about is minimizing the amount of personal information I want to share. Thing is, whenever you buy a personal domain, you also have to supply your name, physical address, E-Mail address and phone number. This is a requirement which makes me hesitant to buy a domain (for the second time, I purchased one before but ended up not doing anything with it).
I know that registrars offer “whois privacy” services, which (for certain domain endings at least) prevents simple domain name requests. And I was almost content with that until I fell into a small rabbit hold which lead to a video about some Twitter person being exposed. The subject matter of this video is largely irrelevant, but for context: This video, among other things, reveals that the Twitter person in question ran a website they probably wanted to kept more private.
What concerns me is how the YouTuber in question found the connection between the website and the Twitter person: Apparently they somehow accessed the domain registration info, down to the name and telephone number. How did they do that? Some contacts or did they circumvent these “whois privacy” service?
So, in short: How realistic is it for someone to find out personal information about you just through the domain alone?
If you register for a whois privacy service, then the host will put their details into the registration details, rather than your own details.
If they don’t, get a new domain registrar. It’s required by law in the UK and probably in other countries.
I suspect there was another connection somewhere, not disclosed on the video, or the domain owner didn’t use whois.
FWIW, for 20 years of registering domains the most I ever got was a scammer trying their luck with a “renew your domain now” snail mail, that I threw in the trash.
since this was in a youtube video, the information was probably accessed legally; if so, the person just didn’t use whois privacy. it isn’t actually possible for all TLDs - if you want a .us domain, for example, your registration information is public. libsoftiktok was famously exposed because she got a .us domain name, for example.
in terms of data leaks, i think big domain registrars are about as secure as any other big service that processes payments and addresses and such; it is possible that your personal info could get exposed, but not especially likely, and if that happens you’ve got bigger problems than connecting your name to your website.
Several domain registrars do not offer WhoIs privacy for free, there was a time when many of them required you to pay an additional fee in order to get privacy.
If the domain in question was either with one of those registrars that did not have free domain privacy OR they didn’t have the privacy turned on at any point, someone could have found the registration history (between either internet archive records or certain whois lookup services that retain all domain change information and offer it to anyone that asks, for a fee) and found their personal information that way, even if the domain is currently under private whois.
As for scope of protection of privacy WhoIs on a domain, the average layperson cannot access it or request it, but registrars will offer up that information to law enforcement. (they kinda have to) So, other more unlikely but still possible variables of how someone’s contact information was found on a private domain registration would be someone abusing their position working at the company the domain was registered at or in law enforcement, or a data breech of some kind. But these latter two issues can be a problem in literally anything, not just domain registration.
All this to say, if you register a domain name, ensure you have WhoIs privacy from the jump, you’ll be fine. The protections are pretty dang good (in the hands of a decent registrar).
(as a note, I worked in tech support at the domain registrar, GoDaddy, between years 2005-2008, so I have some personal experience with The Whole Thing.)