[mtmail]

10 years ago I once purchased a domain from a provider who only needed an email address and cash in an envelope (among other payment methods, I used paypal). The website and everything around it was shady but I thought for privacy I'll try. A couple of years later they demanded a copy of my passport to cancel. Renewing (giving them more money) was apparently fine, but cancelling required a passport. I let the domain expire and although it was empty immediately the domain parked, luckily a year later released again. I'm not naming the registrar, it was a bad experience overall. I'm sure there's still some registrars like this around.

[jlokier]

It's plausible that they set higher id requirements for cancelling because some random person renewing doesn't harm the domain owner, but cancelling may cause a lot of harm.

[davchana]

My experience is, from watching some domains, and my own ones; almost every registrar now keeps the domain for 1 year. Some put a parking page, some just update the whois to reflect that domain can be bought.