May 23, 2025 • 31 mins
Helpful episodes to listen to firstQuestions we answer in this episode
Why is Makani sharing his story?
What is a domain name registrar?
What is whois data?
How can it help me stay safe online?
Episode summaryA domain name is what we think of as a website - facebook.com or makanimason.com. In order to have your own domain, you need to pay some money and share some personal information with a domain name registrar.
This information is then publicly available, unless you choose to make it private through your registrar. Unfortunately for some domains, like ones that end in .us - keeping this information private is prohibited.
Unfortunately, I didn't realize this and registered a .us domain, sharing publicly my name, email address, and phone number. It was a great invitation for hackers and scammers to harass me.
Call to actionShare your story of being hacked, scammed or tricked online. Give someone the gift of learning from your experience.
LinksLink Lantern: shine a light on an unfamiliar website
Find out when a website was registered
Hover: a simple trustworthy domain registrar
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to Super Simple Security Principles. I'm Nick Jackson, and I want to love computers.
(00:07):
They don't love me back. I'm learning how to stay safe online from my good buddy and master
guardian, Makani Mason. Woo! He wrote his first computer program at the age of six,
sealing his fate as a computer geek. That's it. He knows his stuff, folks. Now he spends his time
(00:34):
teaching people like me and you how to stay ahead of the digital threats we face and those bad guys.
He keeps it simple, and we love it. Learn along with me each week. I'll ask the questions
and make sure he keeps it super relevant and super simple for us. If I can do it, you can do it too.
(01:01):
All right, man. You ready for this? This is episode 64, Makani leaked his own data.
Here are the questions we'll be answering in today's episode.
Why is Makani sharing his story? Look, we could all learn from somebody else's experience,
(01:22):
so I'm hoping that's what we're going to have as a sharing time that we get to learn from.
The next question kind of got me, so I'm hoping that maybe our listeners
might know this question or know the answer to this. What is a domain name register?
I was assuming something like GoDaddy, but we'll see. This one got me because I wanted
(01:48):
to correct your question. I thought it was a grammatical error.
What is, who is, who is one word? Who is one word? Yeah, what is, who is data?
Yeah, we'll find out. I have no clue, but this is what I was really intrigued for. So,
(02:08):
listeners, this is the question I want you to pay attention to.
How can it help me stay safe online? Okay, so we're going to answer what is, who is data,
and how can it help me stay safe online? Right? Yeah, one of those weird geek things,
you know, not a typo. I know, right? Come on, come on, let's get with this.
(02:34):
That said, I'm kind of pumped. I'm ready to see how these two work together.
Hear your story, man. You know, we got to hear about other people's stories, you know, other
experts that leaked their data on accident, but let's find out about yours, man. Where are we
going to start? Well, like I said, you know, we've been talking about that Troy Hunt specifically in
(02:59):
the last couple episodes. And so while we were doing that one to just kind of continue in the
vein, and you know, there's a few like technical lessons that we can learn. We'll talk about the
domain registrars and things, but really the biggest reason is I just wanted to,
is the same reason we've been focusing on in the last two episodes. And this is one of,
(03:22):
one of our overall missions long-term, and it's to help do everything we can at least to remove
the stigma, the shame, the blame surrounding online security and technology. Right. You know,
I've been tinkering, as you know, on computers since I was six. Yeah. I've been earning money
(03:44):
from writing code since I was 15. Holy crap. You were 15 when you started writing code for money?
Yeah. I got my first paying job when I was, it was, it was for, you know, a neighbor,
somebody who knew me and knew my dad and whatever. So, you know, a small time, but yeah,
that was my first one. Anyway. Yeah. Extracting some information from a database on a CD about
(04:06):
satellite dealers that he wanted to market to and stuff. So anyway, it was butter. Cool. But
the point is, you know, I'm human and I can make mistakes even in an area where I have a lot of
experience. Yeah. And if I have any future stories, I promise I'll share those as well.
(04:28):
Because like I said, I really feel like it's one of our overall missions is to create a safe place
to share our stories. I think it's a fundamental part of improving not only like our individual,
but collective, you know, the systems and everything together for our online safety.
(04:51):
So yeah, that's, that's the biggest reason I want you to remember. So my story takes place in
October of 2023. And I was experimenting with some things related to registering a new domain.
A domain is just the official name for, you know, a website like mcconneymason.com or facebook.com.
(05:18):
Okay. Now different ones cost different amounts. And at least at the time, I'm guessing it's still
true, but a dot US domain, as opposed to like.com that we're, you know, mostly see, it was really
cheap. And all I needed was just registering a domain. So like, I'm just gonna do the cheapest
(05:40):
one. Okay. So you're going cheap. Yep. So now before we go to the next part, though, I need
to explain a couple of things about how domain names work. If you want to use a domain name,
you have to register it by paying some money to a domain registrar. Okay. So I was correct.
(06:04):
Yep. You're exactly right. And GoDaddy, that's the one, that's the one I was going to put,
because that's exactly, that's the one of the few that actually most people might recognize the name
of. Right. Right. Even though there's actually like. There's several, quite a few, aren't there?
Oh, there's hundreds. Oh, really? Yeah. There's a lot. Yeah. So, but part of registering a domain
(06:29):
is you've got to give them some personal information, right? So they know who the domain
owner is in case, you know, the government or law enforcement, or even just other people,
you know, whoever want to be able to contact you about the domain. Right. And so, you know,
this includes, of course, your name, email address, a phone number. Right. And this data is stored in,
(06:54):
and this is where we get back to our one of our open questions. It's what originally was called,
it's migrated now, but it's still a lot of people think of it. And anyway, it's technical,
but the whois system that I referenced. Okay. Okay. And so then, so like you can go to whois.com,
I think. I can't remember if it's, anyway, don't go there, but it's publicly available anyway,
(07:18):
at that point to look up from this system. Okay. But as you can imagine, having all that
information that led to a lot of spam and harassment, you know, for domain owners.
Yeah. I mean, these days it's like, duh, in the very beginning, apparently it wasn't quite as
(07:42):
duh. I didn't look at exactly what that date, but that was many, many years ago. Anyway, so this led
to the registrars or whoever it was, but anyway, implementing this notion of who is privacy or who
is redaction where, you know, GoDaddy or whoever your domain registrar is, they would list contact
information of their own instead of yours. Okay. And it might have your domain name at
(08:10):
godaddy.com or whatever. So, I mean, they would know who it was the person was trying to contact,
but they would be an intermediary. So the spammers, you know, they can deal with all
the spam at that one point. That makes sense. Yeah. Makes total sense. Okay. I only know this
because I tried registering a domain once and I didn't, I didn't click for that option.
(08:36):
The privacy. I got so many spam calls, like spam mail. Like I was like, you sold my information,
you know, like everybody got it. Right. So mad. Right. Which they didn't.
They didn't? No, it was just publicly listed. That sucks. So how do you not get publicly listed?
(09:00):
Right. So that there, well, is it only through that option? Yeah. And it depends on the registrar.
Like it's more and more commonly a default option. I'm not sure with GoDaddy. And like I said,
there's so many registrars. The one I'll talk about in a little bit, though, it has that on
by default. Oh, that's good. Right. And there are plenty of that do have on by default. Maybe even
(09:24):
all of them now. I don't know. I mean, you know, some of them actually charge more for it though,
too. So I'm sure not all of them actually have it by default, but yeah, but you do,
again, this is one of those things where the system is kind of like not really great in my
opinion. Right. Because you obviously, if you had realized that your information was going to
(09:44):
be publicly available on the internet. You wouldn't have put the right information, man.
I wouldn't have. Right. You would have done something different. Right. Yeah.
And even though obviously there's a need and it makes sense that you want to be able to have
people contact owners of a domain. Right. There's a lot of technical solutions you can go about. I
(10:07):
simple one that works pretty well, but you know, that should be built in from the very beginning,
in my opinion. And anyway, it's kind of bad. Right. Right. Like you shouldn't have been able
to accidentally leak your data online in such a public way. Right. Right. Agreed.
And well, and just so you know, Nick, that is one of the, like, I mean, you know, everywhere
(10:31):
on the internet in a way is public if it's not behind, you know, a login and password. Right.
But the domain registration is like, is way, way up there because hackers and scammers are
always watching for like new websites. So they can go hack the website. So their eyes are laser
(10:53):
focused on that information all the time. So yeah, it's basically the absolute best place to
post your public information if you want to get hassle. So that's why it felt like your data was
sold. Because yeah, that makes sense. Total sense. Total sense. Okay. So the next thing to know is
(11:16):
that there are different rules for some groups of domains. Okay. When I call talk about groups
of domains, what I'm talking about is the last part of the domain. Like the .org? Like .com.
Exactly. .com, .org, .gov, .edu. There's actually over a thousand of them you can choose from now.
(11:38):
There's a ton. Wow. And the technical term for this, just so you know, is called top level
domain or TLD as you know, another geek acronym. Just in case you're searching and you run into it.
So now for the most part, the rules about them are the same. Although there's widely
(12:00):
varying on pricing. Yeah. But some have some special rules like .edu is reserved for
educational institutions. .gov obviously is for United States government. Things like that.
Yeah. But one of the differences that I didn't realize at the time of my story anyway,
(12:21):
was that this, who is privacy redaction is not allowed on some domains like .us.
Like .us. Gotcha. Right. So you can kind of see where the story's probably headed at this point.
Right. Yup. Yup. Now the registrar I use, like I told you, always has privacy. Well, actually,
(12:47):
so the registrar I was using at this time is different than the one I use currently.
Okay. Check the other tidbit. And this is one of the things that triggered me to
switch because I did not like, now, I don't know. Yeah. Anyway, I didn't like how they handled it.
I felt like they should have been, made it much more clear that that was going to be the case.
(13:11):
Because they did have privacy on by default. But when I registered this .us domain,
I ended up, of course, registering without who has privacy because it was not allowed.
Not allowed. But I don't think they said anything. They certainly, now, it could be my bad. I don't
know for sure because I've deleted my account. I was going to go back and check. I can't remember
(13:35):
if I went through and like how much what they said. And of course, it could have changed since
October of 2023. So I'm not going to mention their name because I don't want to blame them.
Maybe they were and I was just so used to expecting it that I didn't even notice the
warning. Again, I kind of think of this as a big flaw in the system, right? Like,
(13:57):
just like it was for you in the first place, in general, same kind of idea here, right?
Yeah. Yeah. So anyway, I ended up registering the .us domain and posting my name, email address,
and phone number to the public internet. It's kind of funny that we've both done the same thing.
(14:19):
Yeah. Yeah. Well, and part of the reason I decided this was worthwhile talking about is because
these days so many people want their own domain. Even like my sister who is super anti this.
She hates this stuff, but she's an author and she wants a website as a place for people to come
find her, you know, and it makes sense. So I mean, even anyway, so registrars and domains,
(14:45):
a little bit of basics on that I felt like was useful. Absolutely. Absolutely.
So here's one funny thing. The email address I put on there,
and we talked about this back in episode 17, but it was unique to that registrar.
So you do exactly where it was coming from. Exactly. Yeah. Well, and one of the benefits
(15:11):
of that is I could just block that address and no harm done. Now, I have to mention, though,
in this case, I decided not to block it. I still haven't blocked it because like we talked about
in that episode, I get almost no spam because as soon as I get one spam to an address, I block it.
Right. Right. So I only get a handful, but I'm like, you know, I want to see more examples
(15:35):
of spam and I'm not getting much, you know, now that I'm like teaching people and
I want some more, you know, coming in. So I've just left that open.
So send your spam to Makani. I don't know if I'd go that far, but yeah, I mean, I just,
I left it open. So yeah. So I figured that was kind of a funny tidbit, but
(16:01):
then my phone number though, I actually, you can get virtual phone numbers. They cost a little bit
more, although you can get, there's some level of free you can get, but I did have my real phone
number in there because I guess I was more worried about like my domain being dependent on a virtual
(16:21):
phone number that was like owned by Google or, you know, one of these other virtual phone numbers
provided. I don't know if that's a really a valid, I'm still thinking about that one,
but I was more worried about that anyway, at the time than the privacy of my real phone number.
Okay. And again, the upside, I was like, well, now I get some more experience in, you know,
(16:42):
fighting spam calls. So, you know, I ran an app that blocked spam calls for a while,
and I've just been running my own and doing the built-in reporting and stuff. And I mean,
it was definitely really bad for a while, but it's, it's tapered off. It's not too bad now. So
anyway, but that's, that's my story. Nice. Nice. I can relate to that story only because
(17:09):
I thought I was the only person that made that mistake. So, so it's kind of funny that
now I had made my mistake years before. So I quit using GoDaddy because I was so mad. I was like,
what? I, yeah, I literally, I still have a service that I pay for that blocks spam calls.
(17:31):
So yeah, I made the mistake of using my real phone number too. Yeah. Yeah. Well, so lessons
from this, Nick, obviously we both know that one of the lessons is when you register domain,
you know, be careful and know that this whois privacy is available for most domains and
(17:58):
through most registrars. And though I would say even with the whois privacy enabled,
I still, you know, and this is one of my universal recommendations, but
is use a virtual email address. Yeah.
Using a virtual phone number, I think is probably a good idea. Again, though, even though I didn't.
(18:23):
And for most people like our listeners and is hover.com. Okay. Okay. Is, is a simple, clean,
trustworthy domain registrar. That's hover.com, hover.com. Yep. Okay. So if you're going to
register something, shout out to hover.com. You've done things right. Yeah. Go there.
(18:47):
Well, you know, if you go look at their thing, you know, and go through and use their service
compared to GoDaddy or Namecheap or any of the big ones, I mean, they are all about the upsell
and it's so noisy. They have sales and like all sorts of crazy stuff. And
a hover, of course, you know, has a tiny bit of that going on, but man, I would put it at like
(19:08):
5% of the noise and fluff that most registrars have. Awesome. And so it's just for most people,
it really does the job for, you know, for some of our domains, I'm going to be end up actually
switching as we grow to CloudFlare. Okay. Just because they have some more security
(19:34):
features and things, but for most people, hover.com is going to be just fine.
Excellent. And, and they have, you know, built-in privacy. And actually I walked
through just yesterday, checking if I tried to go register a .us domain.
And I mean, they didn't, I wish they would have made it a lot more prominent, you know,
(19:54):
like a big red, you know, block of text or whatever. They did not do that. They definitely
messaged it when you went through, you know, your checkout process, it said, normally it'll say,
you know, free, who has privacy is included with your purchase. And, you know, and this time they
said they couldn't because it's not allowed, but like I said, it wasn't red or blinking or, you
(20:17):
know, anything that gave you any indicators of what was going to happen. Yeah. Well, nothing
super prominent, like if you were paying attention, it would be there, but just not as, I just wish
it were a little more pushy about warning you about that. Okay. Okay. But I don't know, I guess
there, I don't know. Anyway, that's just one of those flaws in the system from my perspective.
(20:40):
Yeah. Yeah. So, and that's really kind of the second lesson is just that, I mean, obviously
with my background and experience, I absolutely could have, should have avoided leaking my own
data. Right. Right. But I, you know, like we talked about in the last two episodes, I really feel like
(21:05):
the system is flawed. You know, I wasn't doing anything shady or even like weird.
Right. Right. But I mean, I felt foolish at the time, just like anybody else.
So, you know, it was an honest mistake. And so even though personal accountability, I think
(21:28):
is critical when we make a mistake like this, I think it's equally vital to look at the system
and see if there's places where it can be improved as well. Yeah. So, absolutely.
So what's our call to action? Well, we're not quite there yet. Keep sharing our stories or
(21:49):
oh, we're not there yet. So I want to share one. So those were kind of two directly about the
lesson, but I want to share one more just quick tool because we didn't get to one of the answers
of, you know, how can we, the Whois data help us stay safe online? Yeah. Right. So there's a tool
that you can go look up the Whois information about a domain. Right. Like I said, it's publicly
(22:14):
available and there's a simple tool and I put a link in the show notes about it.
But also, like I said, most domains these days are going to actually be protected by that privacy.
So you can't actually go look up and find out who owns a domain generally. Okay. But there is one
(22:37):
extremely useful piece of information that you can get and that is when a domain was registered.
Okay. Okay. So you can see how long that place has been in business essentially. Yep. And if it's a
time, then it doesn't really tell you anything. Right. But if it's very, very recently registered,
(23:00):
then you don't want to touch it. Okay. Because phishing websites specifically are almost always
very recently registered and then they get recognized and permanently blacklisted as a
phishing website. So they're very short lived. You know, you go to a website and it's only been
registered for a month or two months or three months. That's a huge red flag. Yeah. Now, obviously,
(23:28):
you know, if you're listening, it's like, yeah, am I going to go check the domain registration on
every website I visit? No, I get that. So I'm not really suggesting that you should. But there's
one case when you might manually do it. If you're looking to spend money on a website that you've
never spent money on before, and it's not a common one like Walmart or eBay or whatever,
(23:52):
then you might consider looking it up. Okay. Yeah. And as you know, Nick, we actually have a tool,
Link Lantern. Yeah. Right. Linklantern.com. I love it. Link in the show notes for that too,
to make this super easy. And it gives you a lot more information than just the domain aid.
(24:15):
And still in beta. So we're working on it. But one thing that
Kem and I, we realized recently is we need a browser plugin version of Link Lantern.
That way, every time you visit a website, it can automatically do that check. And it can just kind
(24:37):
of be, we can give a very simple status of, you know, like red light, green light, even potentially
as simple as that. And, you know, and then you can click on it and dive in for more details if it's,
you know, like, Hey, this has some potential issues that we want you to look at. And it can,
you know, even pop up and like warn you kind of thing. Yeah. So that's in the works anyway.
(25:05):
Yeah. That's awesome. That's awesome. Dude. Can I share a little experience about Link Lantern?
I just ripped my mic off by the way. Did you see that? Yeah. Yeah. Yeah, please do.
Okay. So here's my experience and let me tell people I send emails daily with links in them
(25:33):
daily. My, my other job that I do, I send lots of emails and I send links, especially to our
websites. And so anyways, if you're ever sent a link, so for example, the other day, I got an
email from you with three different links in it. I ran to our Link Lantern. I plugged those links
(26:00):
in. Not only did it tell me it was good to go, but I was able to go directly still to proceed
from there from Link Lantern. So it's, it's super quick and easy to just grab that link,
copy paste that, throw it into our Link Lantern real quick, get a quick check. And especially,
(26:23):
you know, we've talked about this before. If you're ever emailed a link specifically,
don't just click on it. Light it up. That's what we like to call it. Light it up at Link Lantern,
man. So, yep. Thank you. Sorry. Sorry to interrupt. That's awesome. No, no,
I found an interruption. That's great. Thank you. Yeah. So that's it. That's it. Yep. Yes.
(26:50):
Call to action. Do we get a call to action? Yeah. So I debated a lot about this one. So I'm just
we're going to do it, you know, multiple choice that you get to, to you can pick from. The first
is simply to visit linklantern.com. Yeah. And put in a website. I, you know, and I suggest doing
once right now, just so it's part of, you know, it's a lot more likely when you actually need it
(27:15):
in the moment that you'll remember it and do it. Yeah. So just put in whatever and see what shows
up. And the other one is the one I'm, you know, most, I don't know, emphatic, enthusiastic,
passionate about is the same one, just a repeat, total repeat as in episode 62 to share your story
(27:39):
when you've, you know, been hacked or when you made, did something stupid like I did online,
you know, there was no hacking, obviously that was just my own failure. But, you know,
and share it in any format with anyone. I'd love for you to share it with me
privately or publicly on the forum or here on the podcast. And yeah, that's, that's it.
(28:05):
Yeah. And look, I'm not even going to go as far as to call mine a stupid mistake.
I would say, look, I just didn't know. I didn't know. I wasn't educated that my information
would become public knowledge, you know, so, so especially for those people that are in my shoes,
you know, for, for Makani and for experts, they totally get it. But for me, I had no idea a
(28:30):
register would actually sell my information or not sell it, but make it public, you know, and,
and so I don't even want to say that those are mistakes. 100% agree. No, I, yeah, no, that,
that one is even more clear case of just a totally broken system. Exactly. And that is why
(28:53):
that call to action, sharing your story is so important because by others hearing, hey, look,
do you know that your information becomes public when you register for a domain?
Okay. We just gave you two domains. You need to check out if you're going to register
like, or two, two different websites, companies that you can go check out.
(29:17):
You know, like we've got some in the show notes, share your stories. It's things like this that
really help us progress and get knowledge and, and get better at layering up and adding this
value to our security. Absolutely. Dude, are you ready for next week's episode?
(29:38):
Oh, I am so ready, man. I got to apologize. I got to apologize. We're going to get Kem on.
Kim was scheduled to come on to share his story. He's not going to be able to make it next week.
That's okay. We are going to get Kem on soon. He is going to share his story. We're excited for that,
but we're more excited to announce our series that's coming up. It is not just a single series,
(30:02):
but it is a series of series. We're going to dive into what it means exactly,
but for now, a little bit of a teaser, you know, we're, we're going to be focusing on
some areas that Makani's gotten a ton of questions. I like, this is going to be our
(30:22):
emphasis. So all the questions that Makani's kind of been asked, he's going to be answering,
like we're kind of pumped. Do you want to leave us with any teasers? Is there a question you
want to throw out there? It's just, you know, about where to start, right? That's really kind
of the theme of the question. Where to start? What to focus on? What next? Those kind of,
(30:45):
those kind of things. And this is my answer. Okay. If you're wondering what's next for your security,
tune in next week. You're going to love this series. Trust me.
Are you ready to take action and wondering where to start? Get my Bulletproof My Identity
(31:06):
Starter Kit for free. The seven most vital layers of protection everyone needs. I'll send you one
step at a time and help you if you get stuck. Just go to bulletproofmyid.com and enter your
name and email and I will send you the first step. Again, that's bulletproofmyid.com.
Welcome to Super Simple Security Principles. I'm Nick Jackson, and I want to love computers.
(00:07):
They don't love me back. I'm learning how to stay safe online from my good buddy and master
guardian, Makani Mason. Woo! He wrote his first computer program at the age of six,
sealing his fate as a computer geek. That's it. He knows his stuff, folks. Now he spends his time
(00:34):
teaching people like me and you how to stay ahead of the digital threats we face and those bad guys.
He keeps it simple, and we love it. Learn along with me each week. I'll ask the questions
and make sure he keeps it super relevant and super simple for us. If I can do it, you can do it too.
(01:01):
All right, man. You ready for this? This is episode 64, Makani leaked his own data.
Here are the questions we'll be answering in today's episode.
Why is Makani sharing his story? Look, we could all learn from somebody else's experience,
(01:22):
so I'm hoping that's what we're going to have as a sharing time that we get to learn from.
The next question kind of got me, so I'm hoping that maybe our listeners
might know this question or know the answer to this. What is a domain name register?
I was assuming something like GoDaddy, but we'll see. This one got me because I wanted
(01:48):
to correct your question. I thought it was a grammatical error.
What is, who is, who is one word? Who is one word? Yeah, what is, who is data?
Yeah, we'll find out. I have no clue, but this is what I was really intrigued for. So,
(02:08):
listeners, this is the question I want you to pay attention to.
How can it help me stay safe online? Okay, so we're going to answer what is, who is data,
and how can it help me stay safe online? Right? Yeah, one of those weird geek things,
you know, not a typo. I know, right? Come on, come on, let's get with this.
(02:34):
That said, I'm kind of pumped. I'm ready to see how these two work together.
Hear your story, man. You know, we got to hear about other people's stories, you know, other
experts that leaked their data on accident, but let's find out about yours, man. Where are we
going to start? Well, like I said, you know, we've been talking about that Troy Hunt specifically in
(02:59):
the last couple episodes. And so while we were doing that one to just kind of continue in the
vein, and you know, there's a few like technical lessons that we can learn. We'll talk about the
domain registrars and things, but really the biggest reason is I just wanted to,
is the same reason we've been focusing on in the last two episodes. And this is one of,
(03:22):
one of our overall missions long-term, and it's to help do everything we can at least to remove
the stigma, the shame, the blame surrounding online security and technology. Right. You know,
I've been tinkering, as you know, on computers since I was six. Yeah. I've been earning money
(03:44):
from writing code since I was 15. Holy crap. You were 15 when you started writing code for money?
Yeah. I got my first paying job when I was, it was, it was for, you know, a neighbor,
somebody who knew me and knew my dad and whatever. So, you know, a small time, but yeah,
that was my first one. Anyway. Yeah. Extracting some information from a database on a CD about
(04:06):
satellite dealers that he wanted to market to and stuff. So anyway, it was butter. Cool. But
the point is, you know, I'm human and I can make mistakes even in an area where I have a lot of
experience. Yeah. And if I have any future stories, I promise I'll share those as well.
(04:28):
Because like I said, I really feel like it's one of our overall missions is to create a safe place
to share our stories. I think it's a fundamental part of improving not only like our individual,
but collective, you know, the systems and everything together for our online safety.
(04:51):
So yeah, that's, that's the biggest reason I want you to remember. So my story takes place in
October of 2023. And I was experimenting with some things related to registering a new domain.
A domain is just the official name for, you know, a website like mcconneymason.com or facebook.com.
(05:18):
Okay. Now different ones cost different amounts. And at least at the time, I'm guessing it's still
true, but a dot US domain, as opposed to like.com that we're, you know, mostly see, it was really
cheap. And all I needed was just registering a domain. So like, I'm just gonna do the cheapest
(05:40):
one. Okay. So you're going cheap. Yep. So now before we go to the next part, though, I need
to explain a couple of things about how domain names work. If you want to use a domain name,
you have to register it by paying some money to a domain registrar. Okay. So I was correct.
(06:04):
Yep. You're exactly right. And GoDaddy, that's the one, that's the one I was going to put,
because that's exactly, that's the one of the few that actually most people might recognize the name
of. Right. Right. Even though there's actually like. There's several, quite a few, aren't there?
Oh, there's hundreds. Oh, really? Yeah. There's a lot. Yeah. So, but part of registering a domain
(06:29):
is you've got to give them some personal information, right? So they know who the domain
owner is in case, you know, the government or law enforcement, or even just other people,
you know, whoever want to be able to contact you about the domain. Right. And so, you know,
this includes, of course, your name, email address, a phone number. Right. And this data is stored in,
(06:54):
and this is where we get back to our one of our open questions. It's what originally was called,
it's migrated now, but it's still a lot of people think of it. And anyway, it's technical,
but the whois system that I referenced. Okay. Okay. And so then, so like you can go to whois.com,
I think. I can't remember if it's, anyway, don't go there, but it's publicly available anyway,
(07:18):
at that point to look up from this system. Okay. But as you can imagine, having all that
information that led to a lot of spam and harassment, you know, for domain owners.
Yeah. I mean, these days it's like, duh, in the very beginning, apparently it wasn't quite as
(07:42):
duh. I didn't look at exactly what that date, but that was many, many years ago. Anyway, so this led
to the registrars or whoever it was, but anyway, implementing this notion of who is privacy or who
is redaction where, you know, GoDaddy or whoever your domain registrar is, they would list contact
information of their own instead of yours. Okay. And it might have your domain name at
(08:10):
godaddy.com or whatever. So, I mean, they would know who it was the person was trying to contact,
but they would be an intermediary. So the spammers, you know, they can deal with all
the spam at that one point. That makes sense. Yeah. Makes total sense. Okay. I only know this
because I tried registering a domain once and I didn't, I didn't click for that option.
(08:36):
The privacy. I got so many spam calls, like spam mail. Like I was like, you sold my information,
you know, like everybody got it. Right. So mad. Right. Which they didn't.
They didn't? No, it was just publicly listed. That sucks. So how do you not get publicly listed?
(09:00):
Right. So that there, well, is it only through that option? Yeah. And it depends on the registrar.
Like it's more and more commonly a default option. I'm not sure with GoDaddy. And like I said,
there's so many registrars. The one I'll talk about in a little bit, though, it has that on
by default. Oh, that's good. Right. And there are plenty of that do have on by default. Maybe even
(09:24):
all of them now. I don't know. I mean, you know, some of them actually charge more for it though,
too. So I'm sure not all of them actually have it by default, but yeah, but you do,
again, this is one of those things where the system is kind of like not really great in my
opinion. Right. Because you obviously, if you had realized that your information was going to
(09:44):
be publicly available on the internet. You wouldn't have put the right information, man.
I wouldn't have. Right. You would have done something different. Right. Yeah.
And even though obviously there's a need and it makes sense that you want to be able to have
people contact owners of a domain. Right. There's a lot of technical solutions you can go about. I
(10:07):
simple one that works pretty well, but you know, that should be built in from the very beginning,
in my opinion. And anyway, it's kind of bad. Right. Right. Like you shouldn't have been able
to accidentally leak your data online in such a public way. Right. Right. Agreed.
And well, and just so you know, Nick, that is one of the, like, I mean, you know, everywhere
(10:31):
on the internet in a way is public if it's not behind, you know, a login and password. Right.
But the domain registration is like, is way, way up there because hackers and scammers are
always watching for like new websites. So they can go hack the website. So their eyes are laser
(10:53):
focused on that information all the time. So yeah, it's basically the absolute best place to
post your public information if you want to get hassle. So that's why it felt like your data was
sold. Because yeah, that makes sense. Total sense. Total sense. Okay. So the next thing to know is
(11:16):
that there are different rules for some groups of domains. Okay. When I call talk about groups
of domains, what I'm talking about is the last part of the domain. Like the .org? Like .com.
Exactly. .com, .org, .gov, .edu. There's actually over a thousand of them you can choose from now.
(11:38):
There's a ton. Wow. And the technical term for this, just so you know, is called top level
domain or TLD as you know, another geek acronym. Just in case you're searching and you run into it.
So now for the most part, the rules about them are the same. Although there's widely
(12:00):
varying on pricing. Yeah. But some have some special rules like .edu is reserved for
educational institutions. .gov obviously is for United States government. Things like that.
Yeah. But one of the differences that I didn't realize at the time of my story anyway,
(12:21):
was that this, who is privacy redaction is not allowed on some domains like .us.
Like .us. Gotcha. Right. So you can kind of see where the story's probably headed at this point.
Right. Yup. Yup. Now the registrar I use, like I told you, always has privacy. Well, actually,
(12:47):
so the registrar I was using at this time is different than the one I use currently.
Okay. Check the other tidbit. And this is one of the things that triggered me to
switch because I did not like, now, I don't know. Yeah. Anyway, I didn't like how they handled it.
I felt like they should have been, made it much more clear that that was going to be the case.
(13:11):
Because they did have privacy on by default. But when I registered this .us domain,
I ended up, of course, registering without who has privacy because it was not allowed.
Not allowed. But I don't think they said anything. They certainly, now, it could be my bad. I don't
know for sure because I've deleted my account. I was going to go back and check. I can't remember
(13:35):
if I went through and like how much what they said. And of course, it could have changed since
October of 2023. So I'm not going to mention their name because I don't want to blame them.
Maybe they were and I was just so used to expecting it that I didn't even notice the
warning. Again, I kind of think of this as a big flaw in the system, right? Like,
(13:57):
just like it was for you in the first place, in general, same kind of idea here, right?
Yeah. Yeah. So anyway, I ended up registering the .us domain and posting my name, email address,
and phone number to the public internet. It's kind of funny that we've both done the same thing.
(14:19):
Yeah. Yeah. Well, and part of the reason I decided this was worthwhile talking about is because
these days so many people want their own domain. Even like my sister who is super anti this.
She hates this stuff, but she's an author and she wants a website as a place for people to come
find her, you know, and it makes sense. So I mean, even anyway, so registrars and domains,
(14:45):
a little bit of basics on that I felt like was useful. Absolutely. Absolutely.
So here's one funny thing. The email address I put on there,
and we talked about this back in episode 17, but it was unique to that registrar.
So you do exactly where it was coming from. Exactly. Yeah. Well, and one of the benefits
(15:11):
of that is I could just block that address and no harm done. Now, I have to mention, though,
in this case, I decided not to block it. I still haven't blocked it because like we talked about
in that episode, I get almost no spam because as soon as I get one spam to an address, I block it.
Right. Right. So I only get a handful, but I'm like, you know, I want to see more examples
(15:35):
of spam and I'm not getting much, you know, now that I'm like teaching people and
I want some more, you know, coming in. So I've just left that open.
So send your spam to Makani. I don't know if I'd go that far, but yeah, I mean, I just,
I left it open. So yeah. So I figured that was kind of a funny tidbit, but
(16:01):
then my phone number though, I actually, you can get virtual phone numbers. They cost a little bit
more, although you can get, there's some level of free you can get, but I did have my real phone
number in there because I guess I was more worried about like my domain being dependent on a virtual
(16:21):
phone number that was like owned by Google or, you know, one of these other virtual phone numbers
provided. I don't know if that's a really a valid, I'm still thinking about that one,
but I was more worried about that anyway, at the time than the privacy of my real phone number.
Okay. And again, the upside, I was like, well, now I get some more experience in, you know,
(16:42):
fighting spam calls. So, you know, I ran an app that blocked spam calls for a while,
and I've just been running my own and doing the built-in reporting and stuff. And I mean,
it was definitely really bad for a while, but it's, it's tapered off. It's not too bad now. So
anyway, but that's, that's my story. Nice. Nice. I can relate to that story only because
(17:09):
I thought I was the only person that made that mistake. So, so it's kind of funny that
now I had made my mistake years before. So I quit using GoDaddy because I was so mad. I was like,
what? I, yeah, I literally, I still have a service that I pay for that blocks spam calls.
(17:31):
So yeah, I made the mistake of using my real phone number too. Yeah. Yeah. Well, so lessons
from this, Nick, obviously we both know that one of the lessons is when you register domain,
you know, be careful and know that this whois privacy is available for most domains and
(17:58):
through most registrars. And though I would say even with the whois privacy enabled,
I still, you know, and this is one of my universal recommendations, but
is use a virtual email address. Yeah.
Using a virtual phone number, I think is probably a good idea. Again, though, even though I didn't.
(18:23):
And for most people like our listeners and is hover.com. Okay. Okay. Is, is a simple, clean,
trustworthy domain registrar. That's hover.com, hover.com. Yep. Okay. So if you're going to
register something, shout out to hover.com. You've done things right. Yeah. Go there.
(18:47):
Well, you know, if you go look at their thing, you know, and go through and use their service
compared to GoDaddy or Namecheap or any of the big ones, I mean, they are all about the upsell
and it's so noisy. They have sales and like all sorts of crazy stuff. And
a hover, of course, you know, has a tiny bit of that going on, but man, I would put it at like
(19:08):
5% of the noise and fluff that most registrars have. Awesome. And so it's just for most people,
it really does the job for, you know, for some of our domains, I'm going to be end up actually
switching as we grow to CloudFlare. Okay. Just because they have some more security
(19:34):
features and things, but for most people, hover.com is going to be just fine.
Excellent. And, and they have, you know, built-in privacy. And actually I walked
through just yesterday, checking if I tried to go register a .us domain.
And I mean, they didn't, I wish they would have made it a lot more prominent, you know,
(19:54):
like a big red, you know, block of text or whatever. They did not do that. They definitely
messaged it when you went through, you know, your checkout process, it said, normally it'll say,
you know, free, who has privacy is included with your purchase. And, you know, and this time they
said they couldn't because it's not allowed, but like I said, it wasn't red or blinking or, you
(20:17):
know, anything that gave you any indicators of what was going to happen. Yeah. Well, nothing
super prominent, like if you were paying attention, it would be there, but just not as, I just wish
it were a little more pushy about warning you about that. Okay. Okay. But I don't know, I guess
there, I don't know. Anyway, that's just one of those flaws in the system from my perspective.
(20:40):
Yeah. Yeah. So, and that's really kind of the second lesson is just that, I mean, obviously
with my background and experience, I absolutely could have, should have avoided leaking my own
data. Right. Right. But I, you know, like we talked about in the last two episodes, I really feel like
(21:05):
the system is flawed. You know, I wasn't doing anything shady or even like weird.
Right. Right. But I mean, I felt foolish at the time, just like anybody else.
So, you know, it was an honest mistake. And so even though personal accountability, I think
(21:28):
is critical when we make a mistake like this, I think it's equally vital to look at the system
and see if there's places where it can be improved as well. Yeah. So, absolutely.
So what's our call to action? Well, we're not quite there yet. Keep sharing our stories or
(21:49):
oh, we're not there yet. So I want to share one. So those were kind of two directly about the
lesson, but I want to share one more just quick tool because we didn't get to one of the answers
of, you know, how can we, the Whois data help us stay safe online? Yeah. Right. So there's a tool
that you can go look up the Whois information about a domain. Right. Like I said, it's publicly
(22:14):
available and there's a simple tool and I put a link in the show notes about it.
But also, like I said, most domains these days are going to actually be protected by that privacy.
So you can't actually go look up and find out who owns a domain generally. Okay. But there is one
(22:37):
extremely useful piece of information that you can get and that is when a domain was registered.
Okay. Okay. So you can see how long that place has been in business essentially. Yep. And if it's a
time, then it doesn't really tell you anything. Right. But if it's very, very recently registered,
(23:00):
then you don't want to touch it. Okay. Because phishing websites specifically are almost always
very recently registered and then they get recognized and permanently blacklisted as a
phishing website. So they're very short lived. You know, you go to a website and it's only been
registered for a month or two months or three months. That's a huge red flag. Yeah. Now, obviously,
(23:28):
you know, if you're listening, it's like, yeah, am I going to go check the domain registration on
every website I visit? No, I get that. So I'm not really suggesting that you should. But there's
one case when you might manually do it. If you're looking to spend money on a website that you've
never spent money on before, and it's not a common one like Walmart or eBay or whatever,
(23:52):
then you might consider looking it up. Okay. Yeah. And as you know, Nick, we actually have a tool,
Link Lantern. Yeah. Right. Linklantern.com. I love it. Link in the show notes for that too,
to make this super easy. And it gives you a lot more information than just the domain aid.
(24:15):
And still in beta. So we're working on it. But one thing that
Kem and I, we realized recently is we need a browser plugin version of Link Lantern.
That way, every time you visit a website, it can automatically do that check. And it can just kind
(24:37):
of be, we can give a very simple status of, you know, like red light, green light, even potentially
as simple as that. And, you know, and then you can click on it and dive in for more details if it's,
you know, like, Hey, this has some potential issues that we want you to look at. And it can,
you know, even pop up and like warn you kind of thing. Yeah. So that's in the works anyway.
(25:05):
Yeah. That's awesome. That's awesome. Dude. Can I share a little experience about Link Lantern?
I just ripped my mic off by the way. Did you see that? Yeah. Yeah. Yeah, please do.
Okay. So here's my experience and let me tell people I send emails daily with links in them
(25:33):
daily. My, my other job that I do, I send lots of emails and I send links, especially to our
websites. And so anyways, if you're ever sent a link, so for example, the other day, I got an
email from you with three different links in it. I ran to our Link Lantern. I plugged those links
(26:00):
in. Not only did it tell me it was good to go, but I was able to go directly still to proceed
from there from Link Lantern. So it's, it's super quick and easy to just grab that link,
copy paste that, throw it into our Link Lantern real quick, get a quick check. And especially,
(26:23):
you know, we've talked about this before. If you're ever emailed a link specifically,
don't just click on it. Light it up. That's what we like to call it. Light it up at Link Lantern,
man. So, yep. Thank you. Sorry. Sorry to interrupt. That's awesome. No, no,
I found an interruption. That's great. Thank you. Yeah. So that's it. That's it. Yep. Yes.
(26:50):
Call to action. Do we get a call to action? Yeah. So I debated a lot about this one. So I'm just
we're going to do it, you know, multiple choice that you get to, to you can pick from. The first
is simply to visit linklantern.com. Yeah. And put in a website. I, you know, and I suggest doing
once right now, just so it's part of, you know, it's a lot more likely when you actually need it
(27:15):
in the moment that you'll remember it and do it. Yeah. So just put in whatever and see what shows
up. And the other one is the one I'm, you know, most, I don't know, emphatic, enthusiastic,
passionate about is the same one, just a repeat, total repeat as in episode 62 to share your story
(27:39):
when you've, you know, been hacked or when you made, did something stupid like I did online,
you know, there was no hacking, obviously that was just my own failure. But, you know,
and share it in any format with anyone. I'd love for you to share it with me
privately or publicly on the forum or here on the podcast. And yeah, that's, that's it.
(28:05):
Yeah. And look, I'm not even going to go as far as to call mine a stupid mistake.
I would say, look, I just didn't know. I didn't know. I wasn't educated that my information
would become public knowledge, you know, so, so especially for those people that are in my shoes,
you know, for, for Makani and for experts, they totally get it. But for me, I had no idea a
(28:30):
register would actually sell my information or not sell it, but make it public, you know, and,
and so I don't even want to say that those are mistakes. 100% agree. No, I, yeah, no, that,
that one is even more clear case of just a totally broken system. Exactly. And that is why
(28:53):
that call to action, sharing your story is so important because by others hearing, hey, look,
do you know that your information becomes public when you register for a domain?
Okay. We just gave you two domains. You need to check out if you're going to register
like, or two, two different websites, companies that you can go check out.
(29:17):
You know, like we've got some in the show notes, share your stories. It's things like this that
really help us progress and get knowledge and, and get better at layering up and adding this
value to our security. Absolutely. Dude, are you ready for next week's episode?
(29:38):
Oh, I am so ready, man. I got to apologize. I got to apologize. We're going to get Kem on.
Kim was scheduled to come on to share his story. He's not going to be able to make it next week.
That's okay. We are going to get Kem on soon. He is going to share his story. We're excited for that,
but we're more excited to announce our series that's coming up. It is not just a single series,
(30:02):
but it is a series of series. We're going to dive into what it means exactly,
but for now, a little bit of a teaser, you know, we're, we're going to be focusing on
some areas that Makani's gotten a ton of questions. I like, this is going to be our
(30:22):
emphasis. So all the questions that Makani's kind of been asked, he's going to be answering,
like we're kind of pumped. Do you want to leave us with any teasers? Is there a question you
want to throw out there? It's just, you know, about where to start, right? That's really kind
of the theme of the question. Where to start? What to focus on? What next? Those kind of,
(30:45):
those kind of things. And this is my answer. Okay. If you're wondering what's next for your security,
tune in next week. You're going to love this series. Trust me.
Are you ready to take action and wondering where to start? Get my Bulletproof My Identity
(31:06):
Starter Kit for free. The seven most vital layers of protection everyone needs. I'll send you one
step at a time and help you if you get stuck. Just go to bulletproofmyid.com and enter your
name and email and I will send you the first step. Again, that's bulletproofmyid.com.
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com