WHOIS is the Internet protocol that exposes the registration details of a domain name: the registrant name, organization, address, email, phone number, and registration dates. Established in the 1980s when the Internet was a small academic network and contact information was a feature. Since the 2010s, the assumption that public contact info is desirable has reversed, and most modern registrations use privacy proxies that hide the underlying registrant.
What it means in practice
The default WHOIS exposure is the kind of leak that catches operators by surprise. A journalist who registers a personal domain to host their portfolio also registers their home address, phone, and email in WHOIS unless they opted into privacy. A small business that registers a domain in the founder’s name exposes that founder personally to harassment based on what the business publishes. The privacy-proxy services (Tucows Contact Privacy, Whoisguard, Domains by Proxy) substitute the registrar’s contact info for the registrant’s in WHOIS, with mail forwarding for legitimate inquiries. Most major registrars now offer this free or for a few dollars per year. The exception is some country-code TLDs (.fr, .de, .it) where registrar policy or national law may require certain registrant info to be public.
Where it shows up
Captured by: every domain registration ever made (the historical WHOIS database, viewable via whois.com, who.is, archive sites). The historical record matters: even if you enable WHOIS privacy today, archived snapshots of your prior public registration may still surface your old address. OSINT researchers, investigative journalists, doxxers, debt collectors, and trademark lawyers all use WHOIS as a primary source. The high-leverage application is not the current WHOIS but the historical view that most people forget exists.
What you can change today
Audit your domains. Every domain you own, check the current WHOIS at whois.com or your registrar’s lookup tool. If your name, address, or phone are visible, enable WHOIS privacy (every major registrar offers this; Namecheap, Porkbun, Cloudflare include it free; GoDaddy charges extra). For domains you registered years ago when privacy was not a concern, also check archive.org and historical-WHOIS services to see what is in the public record from past registrations. There is no way to retroactively scrub historical WHOIS, but knowing what is exposed is the first step in deciding whether to reset (transfer the domain to a privacy-protecting registrar in a fresh name).
