Starting from the end rather than the beginning, GoDaddy/123Reg/Identity Protect Ltd did not contest the disclosure order. How do we know this? We have our friend Ted Striker to thank for that one. The other day, he posted a link to a site on wordpress.com. The links were removed by the mods so I shall not be posting it again. The link was to a page showing a picture of a letter on GoDaddy letterhead dated 15 September, disclosing the registrant's details. On the copy of the letter, the addressee's details had been obscured but not the details of the registrant, which is why the link should not be posted on this board. I'm sure the mods went to the page before deleting the link, otherwise they wouldn't have deleted it.
As for the earlier incident of removing the protection without a court order, well, if there was no court order then there are no court documents. The evidence would be in the way of a screenshot showing the details of the registrant instead of Identity Protect Limited, so we are back to the reason above.
Now you know when you book a flight, you have to tick a box saying you've read and agreed to the T&Cs? Most people just tick the box without reading, but then that's their problem. But when you added privacy to a domain on the 123Reg control panel, you just had to add it to your basket, without having to have agreed to any T&Cs. You would probably expect your details to be disclosed to the police or someone like HMRC if relevant, but not just to anyone who decides to complain. Now if you look at their own T&Cs: https://www.123-reg.co.uk/terms/general ... erms.shtml
123Reg wrote:SUSPENSION AND TERMINATION OF PRIVACY SERVICE
4.1. You acknowledge and agree that We have the absolute right, in Our sole discretion and without any liability to You whatsoever, to suspend or cancel the Privacy Service for each subscribed Domain Name, such that You will then become the Registrant of the Domain Name with all applicable information then showing in the Whois, in certain circumstances, including but not limited to the following:
4.1.1. when required by law, governmental rules or requirements, governmental authorities or a court order; or
4.1.2. when We believe in good faith that such action is required by law; or
4.1.3. in compliance with a legal process served upon Us; or
4.1.4. in order to comply with ICANN and/or applicable Registry rules, policies or procedures; or
4.1.5. to resolve any and all third party claims, whether threatened or made, arising out of Your use of a Domain Name; or
4.1.6. if We believe that You are using the Privacy Service to conceal involvement in illegal, illicit, morally objectionable or harmful activities; or
4.1.7. to protect the integrity and stability of the applicable Domain Name Registry; or
4.1.8. to comply with any Dispute Resolution Policy; or
4.1.9. to avoid any financial loss or legal liability (civil or criminal) on the part of Us, Our parent companies, subsidiaries, affiliates, shareholders, agents, officers, directors and employees; or
4.1.10. if the Domain Name We register on Your behalf violates or infringes a third party’s trademark, trade name or other legal rights.
4.2. You further acknowledge and agree that in the event that We receive a formal complaint, notice of claim in relation to legal proceedings or in relation to a Dispute Resolution Policy, the subject matter of which is a Domain Name or which relates to Your use of the Services, We have the right to suspend the Privacy Service and Your identity will be revealed in the Whois as Registrant until and subject to the resolution of such matter.
The question is, how many people have actually read the above? Whenever you add privacy, they should present you with a very noticeable pop up window with all the above, and ask you to confirm having read it. The don't, and, for all we know, they could well have changed those T&Cs after the latest incidents, we just don't know.
Note how it says "formal compliant, notice of claim". That's miles away from a court order! Anyone can submit a "formal complaint". As for "notice of claim", what exactly does that mean? A threat of litigation? Anyone can send one of those too.
It turns out their so-called "privacy service" is as good as a chocolate teapot! But how many people would be aware of that when they add it to their domains?
It used to be the case all you could do was a "whois opt-out". In plain English, that means hiding your address, but still showing your name on the public database. This is an option for "non trading individuals". Which brings us back to Nominet, who are the ones who impose these rules relating to the domain range under their control, all the .uk domains. So Nominet does not allow registrants to be "ex directory" so to speak, which, in turn, created a gap in the market for the so-called "privacy" services. It all looks very cozy between Nominet and 123Reg/GoDaddy and their dormant sister company Identity Protect Limited.