Type your domain name into a WHOIS search right now. Chances are, it comes back blank — no name, no number, no address. Just a registrar's name standing in for yours.

That's not an accident. It's a default setting almost nobody remembers choosing. And it's about to disappear.

A Delhi High Court order, sitting one rung below the Supreme Court, has ruled that Indian domain registrars can no longer hide a buyer's personal details automatically. Privacy becomes something you request — and in most cases, pay for. Every domain purchase will now require government ID. And registrars must hand over owner details to law enforcement within 72 hours of a request.

That last part is fine. It's the part everyone's missing that isn't.

The government isn't wrong about the problem

India added more internet users in the last decade than most countries have people. In 2015, 15% of the population was online. By 2025, it was 70%. That's several hundred million people who've never had to learn the difference between a real bank site and a fake one built to look like it. The National Technical Research Organisation flagged over a thousand phishing domains in the first quarter of 2025 alone — most of them dressed up as brands people already trust.

Anonymous registration makes that easy. Spin up a fake site, run the scam, vanish before anyone can trace who built it. A court trying to fix that isn't being unreasonable.

Where it goes wrong

Requiring ID to buy a domain is nothing new. You already do this to buy a SIM card. Your details sit with the telecom, and they get released to police through a proper request — not to anyone who feels like looking. Nobody's out here arguing SIM KYC should be scrapped, because it isn't actually a privacy problem. It's a paper trail, kept where it belongs.

This ruling throws that model out. Instead of keeping your details on file for when they're actually needed, it puts them in a public database anyone can search — no warrant, no request, no reason required. Type in a domain, get a name, a phone number, a home address.

And here's the part that makes the whole justification fall apart: the scammers this is aimed at almost never register with real information. Fake names, burner numbers, throwaway emails — that's the entire playbook. So the people this actually exposes aren't the fraudsters. They're the blogger who registered under their own name. The small business owner who used their home address at checkout because nobody warned them it'd ever matter. Millions of honest domain owners, made searchable, to catch a fraction of people who were never going to be caught this way anyway.

Global reach, local ruling

GoDaddy — the world's largest domain registrar — is appealing, and it's flagged something worth sitting with: domain names don't respect borders. A ruling written for India could end up reshaping what "private" means for domain owners everywhere, because registrars can't easily run two different privacy standards for two different countries. And this isn't limited to new purchases — if it holds, domains registered years ago could be pulled into it too.

The court hears GoDaddy's appeal on July 16, 2026.

What to actually do

Keep the KYC. Keep the paper trail for law enforcement. That part makes sense. Just stop handing the rest of it out to anyone who knows how to type a domain name into a search bar.

What you can actually do

Anonymity on the internet has been eroding for years, one "reasonable" regulation at a time. This one has a good excuse. That doesn't make the fallout for ordinary people any smaller.