Security · 4 min read

What is WHOIS privacy, and why turn it on?

The internet's oldest public directory contains your home address. Here's how to take it out.

WHOIS privacy: public record vs masked

When you register a domain name, ICANN — the global internet body that coordinates domain registries — requires you to provide accurate contact information: your full legal name, postal address, phone number, and email. That information gets published in a public database called WHOIS, queryable by anyone for free.

Originally (in the 1980s) the directory served a practical purpose: helping system administrators find each other across the early internet. Today, WHOIS is mostly used by:

  • Domain investors looking for owners of expiring names
  • Cold-outreach marketers building lead lists
  • Trademark lawyers tracking down infringing domain holders
  • Law enforcement (with proper process)
  • Spammers scraping for email addresses

The last category is the one most owners want to avoid.

What WHOIS privacy actually does

WHOIS privacy doesn't remove the requirement to provide your real info to ICANN — that obligation is still there, and false data can get your domain suspended. What it does is replace your contact details with a proxy contact (operated by your registrar) in the public-facing directory.

A WHOIS lookup with privacy enabled returns something like:

Registrant Name: Privacy Protection Service
Registrant Email: 1a2b3c@privacy-proxy.opensrs.com
Registrant Phone: +1.4165355555
Registrant Address: 96 Mowat Avenue, Toronto, ON, Canada

The proxy email forwards to your real address if legitimate (most go to /dev/null). Your actual home address never appears.

Who can still see your real info?

  • Your registrar (us)
  • The registry operator (Verisign for .com, Public Interest Registry for .org, etc.)
  • ICANN
  • Law enforcement with valid subpoenas
  • UDRP arbitrators in trademark disputes

Spammers, scrapers, and random strangers cannot. That's the point.

Which TLDs don't allow WHOIS privacy

Most TLDs permit it, but a few don't — usually because the registry was set up under government auspices and made public disclosure a feature, not a bug:

  • .us — US Department of Commerce policy requires public WHOIS for all .us domains
  • .nyc — City of New York requires the same
  • .bank, .insurance and a few other regulated TLDs require verified public contact info
  • Some ccTLDs (country-code TLDs) have local rules — .de (Germany), for example, requires real contact for German registrants

If you register a .us or .nyc domain through us, we'll warn you at checkout that your contact details will be public. You can choose to proceed (or pick a different ending).

What WHOIS privacy doesn't protect you from

  • Government records — your business registration (if you have one) is separately publicly searchable in most jurisdictions.
  • Social media OSINT — if your domain matches your personal name, someone can correlate easily.
  • Browser fingerprinting on your actual website — that's a separate set of concerns.
  • Court orders — a US court can compel us to disclose your real WHOIS data via subpoena.

How to turn it on (or off)

If your domain is registered with us, log in to your account dashboard, click the domain, and toggle the WHOIS Privacy switch. The change propagates to the registry within minutes — usually under 60 seconds. Free, no questions asked.

We enable WHOIS privacy by default for every new registration on every TLD that allows it. You'd have to actively turn it off if you want your details public.

Want free WHOIS privacy on your domain?

With us it's included free on every eligible ending — not a $9.99/yr upsell. Register or transfer and your details are masked by default, no extra step.

No upsells at checkout · Free WHOIS privacy · Same price every year · Transfer out free, anytime

Find your domain Run a WHOIS lookup