NIXI wants to store your Aadhaar through EKYC details in a “perfect manner and a decent way”

[rootyme]

As per this notification by the National Internet Exchange of India, registrants applying for registration of domains have to share their Aadhaar details for E-KYC verification. It also provides alternatives like PAN Card, Passport and Election Cards.

Such linking is without a clear legal basis, violates the Supreme Court’s privacy decision and could be cited as a precedent for linking social media accounts with Aadhaar. The result? Violation of privacy and a chilling effect on free speech online. The Result? Systematic abuse and life threats coupled with relentless stalking on the web. The result? All the concerned authorities linking my Aadhaar with my TechEnclave account. The result? DISGUSTING SCAMMERS LIKE MITSU.IN SENDING ME REPEATED JAIL THREATS AS WELL AS LIFE THREATS AFTER RECEIVING MY AADHAAR CARD.

.IN Registry and NIXI are just as responsible for what I am currently going through. I'll not leave this without bringing a change. If KYC is mandatory, only NIXI/.IN Registry can have access to it. NOBODY ELSE. NOBODY ELSE.

.IN Registry must create a centrally managed KYC verification portal and employ staff on its own to handle EKYC in any form or manner. No Registrar can be allowed to access any KYC document of any Registrant. I will not leave this without making that happen.

Also, nobody can own more than two .IN Domains without personally contacting NIXI's CEO and seeking his permission:

1. https://www.medianama.com/2022/01/223-nixi-domain-bulk-buying-guidelines/
2. https://archive.internetfreedom.in/post/nixis-domain-cap/
3. RTI filed by IFF for this:
i) https://drive.google.com/file/d/1BLozj0qSBaGKSLySrY8j4IANuBhzk6E3/view
ii) https://drive.google.com/file/d/1Yi2xjGR0QtRVz0yMzgnInK6NO21Xo_0n/view

 

[EHH]

so you have to disclose the domain name first to them so they can front run and book the domain themselves and sell it to you at higher prices. Nice. May it is done to safe guard .IN from domineers. .uk .de also does it but I think there is no permission thingy, you just need to have local address.

 

[rootyme]

I need answers to the following.

What exactly is NIXI trying here? If KYC is mandatory, then it makes the procedure of owning a domain the exact same as creating a SBI Bank Account/Passbook.

In that case, how does NIXI allow random no-name third party Registrars to collect KYC documents from registrants? Does NIXI take the responsibility for what these registrars do? If no, how did they pass that "KYC mandatory" resolution?

Another question is, if "KYC IS MANDATORY" why aren't registrants asked for KYC photocopy during sign up? What's the goal here? To suspend accounts/domains after sign up and subsequently threaten users to submit KYC? I don't understand a thing here.

 

[BullettuPaandi]

I'm not familiar with this field, so correct me if I'm wrong in assuming : We don't NEED a third party registrar; meaning we're free to do the job by ourselves.

how does NIXI allow random no-name third party Registrars to collect this KYCs from registrants?

If my assumption is correct, technically we are the ones allowing third party registrars to do so. Just like how we allow similar representations in, say applying for driver's license, legal representation, etc.

Does it take the responsibility for what these registrars do? If no, how did they pass that "KYC mandatory" resolution?

No and the bitter short answer for the 2nd question is : couldn't be bothered.

I don't understand a thing here.

Me neither; but I'm certain I'm about to learn a lot from the totally civil conversation that's about to take place!

 

[rootyme]

If my assumption is correct, technically we are the ones allowing third party registrars to do so. Just like how we allow similar representations in, say applying for driver's license, legal representation, etc.

Note that you can't purchase a domain directly from NIXI or .IN Registry. NIXI provides "accreditation" to these companies who are then authorised to sell domains. You can view the list of such "Accredited Registrars" here- https://www.registry.in/accredited-registrars. You're not allowing them at your free will. It's being forced upon you by NIXI. For your DL, you submit your KYC to the Regional Transport Office which is an Indian government authority. If I am to trust anybody with my KYC, it'd be either the government itself or the Government bodies.

Going back to my Mitsu thread, I was hesitant to share my confidential data with a non-govt entity thus I asked the company to tell me if this is enforced by all Registrars. The rest is history.

Point is, I got to know about Mitsu and trusted them only because I found them on this page - https://www.registry.in/accredited-registrars. So there is responsibility on them, a lot of it.

No and the bitter short answer for the 2nd question is : couldn't be bothered.

They would have to. And the answer is not as simple as that. Private data is not just random bits of information. It carries a lot of weight. They have to be very bothered.

 

[BullettuPaandi]

It's being forced upon you by NIXI.

Note that you can't purchase a domain directly from NIXI or .IN Registry. NIXI provides "accreditation" to these unknown companies who are then authorised to sell domains.

Oh, so basically my assumption is wrong.

Edit Just wanted to verify and decided to lookup. The very first line that I read alone told me enough - that NIXI is a non-profit.

 

[lockhrt999]

And, .in domains were already bad as they lack privacy protection. Plus, domestic registrar like BigRock verify your mobile, so you can't even get to lie.

 

[rootyme]

And, .in domains were already bad as they lack privacy protection. Plus, domestic registrar like BigRock verify your mobile, so you can't even get to lie.

I wasn't even trying to lie. Yet I have been abused and harassed so much by an "Accredited Registrar".

I have never heard of company support calling a consumer and abusing while screaming. In this case, the support guy never revealed his name. The call literally started with him screaming that I am going to jail. Which was followed by a 500 rupee demand.

 

[EHH]

As per this notification by the National Internet Exchange of India, registrants applying for registration of domains have to share their Aadhaar details for E-KYC verification. It also provides alternatives like PAN Card, Passport and Election Cards.

View attachment 192018

Such linking is without a clear legal basis, violates the Supreme Court’s privacy decision and could be cited as a precedent for linking social media accounts with Aadhaar. The result? Violation of privacy and a chilling effect on free speech online. The Result? Systematic abuse and life threats coupled with relentless stalking on the web. The result? All the concerned authorities linking my Aadhaar with my TechEnclave account. The result? DISGUSTING SCAMMERS LIKE MITSU.IN SENDING ME REPEATED JAIL THREATS AS WELL AS LIFE THREATS AFTER RECEIVING MY AADHAAR CARD.

.IN Registry and NIXI are just as responsible for what I am currently going through. I'll not leave this without bringing a change. If KYC is mandatory, only NIXI/.IN Registry can have access to it. NOBODY ELSE. NOBODY ELSE.

.IN Registry must create a centrally managed KYC verification portal and employ staff on its own to handle EKYC in any form or manner. No Registrar can be allowed to access any KYC document of any Registrant. I will not leave this without making that happen.

Also, nobody can own more than two .IN Domains without personally contacting NIXI's CEO and seeking his permission:

1. https://www.medianama.com/2022/01/223-nixi-domain-bulk-buying-guidelines/
2. https://archive.internetfreedom.in/post/nixis-domain-cap/
3. RTI filed by IFF for this:
i) https://drive.google.com/file/d/1BLozj0qSBaGKSLySrY8j4IANuBhzk6E3/view
ii) https://drive.google.com/file/d/1Yi2xjGR0QtRVz0yMzgnInK6NO21Xo_0n/view

OKAY, why do you want us to sign in google to view the docs on drive ?