
The .feedback scam - 0x0
http://everythingsysadmin.com/2017/06/the-feedback-scam.html
======
wodenokoto
Wow, the author is not exaggerating when saying it is a scam.

Looking at the .feedback page for Stack Overflow, it says at the top, in
fairly large letters "We make Stack Overflow, where the world's developers get
answers, share knowledge & find jobs they love. Also proud builders of the
@stackexchange Q&A network."

Then at the absolute bottom, in small, washed out print it says "Disclaimer:
This site is provided to facilitate free speech regarding Stack Overflow. No
direct endorsement or association should be conferred."

So, users are not supposed to confer that a page claiming to be by the makers
of stack overflow, are associated with SO? Beyond any reasonable doubt, the
people behind that site are trying to scam visitors.

If the creators of the .feedback pages are also the TLD owners, it seems
obvious to me that they should face legal charges and be stripped of the TLD.

~~~
Stratoscope
Well, the reviews on stackoverflow.feedback are quite informative!

Dan Manny says:

 _Stack over flow made me loose money!!! Bad code with security wholes in it
crashed my clients site!! Warning warning for scammers_

and Antonio B. of Indonesia says:

 _Best site for solving programming issue!!!11!one! The most user and newbie
friendly site!

11/10 would recommend_

You know you can trust reviews like this!

~~~
CPLX
> !!!11!one!

Is there a word for the feeling you get when you see 15+ year old idiot
message board / forum / usenet catchphrases apparently still going strong?

It's a curious mix of nostalgia and revulsion.

~~~
skocznymroczny
Everyone knows adults mix in cos(0) somewhere among the 1's

~~~
taneq
Really??!!!11-i^21?

------
finnn
The whois data for domains under this TLD is kind of interesting

whois stackoverflow.feedback returns a phone number with a CNAM of STACK
OVERFLOW, and the same address listed on
[https://stackoverflow.com/company/contact](https://stackoverflow.com/company/contact)

whois google.feedback returns the phone number +1.1978600872, which is not a
valid US area code last I checked. The address appears to be a PO box in
Seattle.

facebook.feedback has the same bogus phone number and the same PO box as
google.feedback.

myaccount.feedback (where they send you if you try to vote on anything,
presumably other things too) has a residential address on Mercer Island, WA
and a Google Voice number listed.

Calling the Google Voice number results in a voicemail where a person
identifies themselves as "Jay" (presumably Jay Westerdal[0] of Top Level
Spectrum, Inc who owns the .feedback TLD[1])

Another thing of interest is that myaccount.feedback encourages you to login
with Google/Facebook/Twitter/LinkedIn

[0]:
[https://icannwiki.org/Jay_Westerdal](https://icannwiki.org/Jay_Westerdal)
[1]:
[https://icannwiki.org/Top_Level_Spectrum,_Inc](https://icannwiki.org/Top_Level_Spectrum,_Inc).

~~~
TeMPOraL
Casual browsing of Jay's Twitter suggests he might be behind it. Also from:

[http://www.dnsfan.com/2015/11/hammer-nails-and-
feedback.html](http://www.dnsfan.com/2015/11/hammer-nails-and-feedback.html)

> _ICANN 's core values are creativity, innovation, and respect the flow of
> information. The .Feedback registry is innovating and following those core
> values by allowing transparency with an independent review system that can
> be operated by anyone willing to sponsor a name. The .Feedback domain is
> different from all the other registries. It is human nature to fear change
> and innovation, this registry doesn't want to be in the business of selling
> just DNS domains like every other registry. We want to innovate!_

(Innovation my ass...)

Also2, this seems to be the official page for the operation:

[http://www.nic.feedback/](http://www.nic.feedback/)

EDIT: Jay seems to be a big fish in the industry, so this is somewhat
surprising.

------
xg15
Comment from the article:

> _I would like to add that IMHO all new TLDs are scam. Brand owners are
> forced to register their name in many of them.

.feedback is just the tip of the iceberg._

I think this is the core issue here. I remember that a few of ICANN's new TLDs
caused similar issues. The idea of _selling TLDs to companies_ for use at
their discretion is horrible enough, but they also seem to be completely
ignorant of this problem.

This feels as if ICANN is trying to become the new FIFA.

(I don't really have much empathy for google etc having to pay $600 a year,
but the same problem could also hit lots of small sites. Also with the current
trend, TLDs seem to loose all structure and meaning and just turn into another
brand vehicle or trade asset)

~~~
pmyteh
I actually did a fairly robust empirical analysis of the extent to which brand
owners did 'register their name in many of them' back when the round of ICANN
gTLD expansions was happening.

The conclusion was that both currently-fashionable arguments were kinda bogus:
the new gTLDs couldn't deal with 'artificial scarcity' in any real sense, if
it even existed, and yet few brand owners were defensively registering in the
existing domains (even .org) so claims that it would extract massive economic
rent were also overblown.

It was eventually published in the Journal of Information Policy (vol.3,
pp.464-484). There's a full-text copy on
[https://ora.ox.ac.uk/objects/uuid:ba4ca100-2f81-43ea-b207-84...](https://ora.ox.ac.uk/objects/uuid:ba4ca100-2f81-43ea-b207-8403e828e87a)
if anyone's interested...

------
phantom_oracle
On the topic of scams, has anyone ever discovered what ICANN did with the
enormous amount of money it raised by selling these TLDs at a premium?

I recall .blog being purchased by Automattic for 15-20M (that being just 1
example).

ICANN is to tech what the SEC is to finance: A corporate revolving-door where
you join to do your corporate-masters bidding and then move back to your
7-figure job.

~~~
linkregister
Can you substantiate that a bit more?

Is that even how it works in the SEC?

~~~
Renevith
That how the conspiracy-minded assume it works because it fits their world
view better, but there's little evidence to support it. Insightful finance
journalist (and former investment banker) Matt Levine often suggests that the
revolving-door incentives are the reverse: Create tough and complicated
regulations while you work at the SEC so that a big bank will have to hire you
to help navigate those regulations.

Some examples where he has written about this issue:
[https://news.ycombinator.com/item?id=11545117](https://news.ycombinator.com/item?id=11545117)

------
emidln
I worked for a feedback company in the past. Nobody cares even when they pay
for a feedback widget and get the reports emailed/pushed to their managers.
Most of the clients didn't even login to the site or collect the feedback
(sign up for notifications, download a csv, etc). AFAICT, companies paid for
the feedback widget to check some box on a yearly powerpoint along the lines
of "manages user feedback". It's a good racket to be in once you realize that
nobody cares about your product and just wants a good-looking widget that is
effectively write once. You just build good sales and relationship managers
then hit up enterprise.

I'm 90% sure that the entire concept of the feedback form/widget is only still
with us as a way of channeling user rage into non-social platforms. "Here,
complain into this void that won't hurt our public opinion!"

~~~
vidarh
The places I've seen collect feedback use it partly for what you say, partly
to collect praise they can plaster on their sites as well as on powerpoint to
boast to the board. The complaints go nowhere, but the praise is sometimes
cherished.

------
jommi1
Looks like they were already found out in March...? (0) How are they still
up??

The company behind this (1), has .realty .forum .contact .pid and .observer
and all the "sell" pages lookalike. Holy fuck this looks dirty.

(0)
[https://www.icann.org/uploads/compliance_notice/attachment/9...](https://www.icann.org/uploads/compliance_notice/attachment/911/serad-
to-westerdal-16mar17.pdf) (1)
[http://www.topspectrum.com](http://www.topspectrum.com)

------
SimonPStevens
The real scammers here are ICANN and the atrocious way they handled the
generic TLDs.

~~~
blazespin
Not necessarily. TLDs don't rank any better than anything else. Google/Bing
don't rank you just because you have a word in your tld. It's a minor signal.

~~~
davidsong
It's not so much what the machines think, it's that moving from the convention
of `company.domain` to `.company` confuses users and allows scams like this to
happen.

------
toni
The .feedback sites also load a "fingerprint" script which tries to gather all
kinds of info from your browser.

[http://cdn.feedback/js/fingerprint2-0.7.3.min.js](http://cdn.feedback/js/fingerprint2-0.7.3.min.js)

------
captainmuon
I wonder how they can get away with this, and not be sued into oblivion.

On an amusing note, the pages barely load for me. Could this be the first time
the HN hug of death took down a whole TLD?

------
speedplane
GTLDs were introduced only a few years ago, but it's clear the implementers
were conflicted by reckoning the freedom of the "earlier internet" with what
the internet has become today. They wanted to honor the freedom of the DNS
system. But they also recognized the internet has changed enormously. Today,
the internet is largely ruled by large brands, just as most mainstream media
is.

The GTLD system is a pretty poor compromise between those two positions.
User's don't have freedom of the early DNS system, and brands now have a huge
enforcement burden to mange. Registering sites like coca-cola.fun and coca-
cola.shopping are almost certainly not allowed, and will be shut-down
eventually, but it now costs Coke a sizable sum to monitor and take down the
infringing websites.

------
_jal
Ick. In a way, it is a sort of corporate version of those mugshot sites.

I understand a lot of other scams. (Not condone, but I see the attraction of
running it.) This one just seems like a lot of work to put into something that
I really don't see the targeted companies choosing to go along with. Seems
like borrowing a ton of grief - at the very least, they'll be hearing from a
bunch of crabby lawyers.

~~~
janekm
$600 is less than the cost of lawyer time for a worthwhile response, so they
may well collect more than we would like to think...

~~~
ocdtrekkie
It's also about half the cost of starting an ICANN dispute resolution
process.... even without a lawyer.

~~~
janekm
Especially since an ICANN dispute resolution against the registry seems a bit
like uncharted waters...

------
gumoro
Go to [http://feedback.feedback/](http://feedback.feedback/) and write a
sternly-worded review, that'll teach'em.

~~~
SippinLean
Also feeedback.feedback (3 e's) is still available to register for free.
Someone should squat it and extort the .feedback owners to get it back.

------
ryan-c
Someone appears to have figured out how to inject arbitrary javascript into
the .feedback pages, so be careful visiting.

------
paulcole
Similar to .sucks:

[https://www.namehero.com/startup/controversial-sucks-
domain-...](https://www.namehero.com/startup/controversial-sucks-domain-one-
big-scam/)

~~~
finnn
Owned by the same company:

[https://icannwiki.org/Top_Level_Spectrum,_Inc](https://icannwiki.org/Top_Level_Spectrum,_Inc).

~~~
ara24
Link is 404, include the period '.' when copy-pasting.

------
dasil003
Reminds me of GetSatisfaction back in the day. It was never as much of an
outright scam as this, but they definitely had that protection racket vibe
about it.

~~~
cyberferret
I do remember the pitchforks and burning effigies around the GetSatisfaction
drama a while back.

For those that don't know, GetSatisfaction is/was a 'user support' site
designed for users of a particular app/service to provide support to each
other - only the fact that it wasn't an _official_ support page was not
immediately obvious. They had a line somewhere on the page that said something
like "We hope that a support rep from the company will chime in on these
threads" but not much else.

People ended up getting extremely frustrated with the companies in question,
believing that the company was ignoring them when questions went unanswered.

To their credit, I think they changed things and made the situation clearer
when several companies lambasted them on social media, but I don't know that
they ever fully recovered and became as popular as they were before that.

------
Marat_Dukhan
Interestingly, amazon.feedback redirects to amazon.com, so Amazon did pay

~~~
bencollier49
Or threatened to sue them into a smoking hole in the ground..

~~~
egeozcan
Amazon makes that money in about 6 seconds. I don't think they would even
bother to threaten them, but that's just my opinion. Maybe that's the
motivation behind the scam as well?

~~~
7952
Maybe because it is less hassle than getting a purchase order authorised.

------
chadcmulligan
just lodged a complaint on icann.feedback, should fix it.

~~~
Neuron4ger
It seems that ICANN have gone for the $600/year deal.

~~~
mzzter
That was suspiciously fast.

------
r1ch
Aren't all ICANN accredited registrars bound by the UDRP[1]? It seems like any
domain registered "on behalf" of a company could easily be taken down /
claimed by the UDRP process.

[1] [https://www.icann.org/resources/pages/help/dndr/udrp-
en](https://www.icann.org/resources/pages/help/dndr/udrp-en)

~~~
giobox
Yup you're right, there's effectively no way to avoid the UDRP with domain
names, with very few exceptions, usually around country code TLDs. These
domains should be relatively trivial to take down for big stakeholders I'd
have thought, if the experience of the UDRP case load over '.sucks' domains is
anything to go by. That and of course the UDRP's well studied and documented
bias towards large trademark holders thanks to the "pursuer pays" business
model they use. I'd imagine a compelling argument can be drafted that these
are bad faith registrations of another company's registered mark, especially
if you look at the criteria the UDRP uses.

Interestingly, their CEO has claimed that .feedback is 'UDRP proof', which is
laughable if you are at all familiar with the way in which the system has
worked in the past: [http://domainincite.com/19736-tls-says-feedback-will-be-
udrp...](http://domainincite.com/19736-tls-says-feedback-will-be-udrp-proof-
will-hire-lawyers-to-defend-registrants)

I'm always surprised how few people in the software industry know anything
about the UDRP, especially in light of some of its incredibly questionable
decisions over the years, and the huge impact it can have on a software
business. It's pretty interesting as one of the few large scale examples of a
privatized court system, and also one of the only globally enforceable
trademark systems ever conceived (thanks to ICANN's total control of the DNS
system), much to the annoyance of many non-US governments.

------
ollybee
This seems a similar model to the .sucks TLD. They offered domains to company
owners for $2500 before offering them to the public.

------
blazespin
You can't do "or pay $600/year to take the web site down". There are laws
against that. It's called extortionate. That being said, they could be more
subtle like Glassdoor / Yelp / etc. People would actually have to find
.feedback domains useful for that to happen however. My sense is that this
will just go nowhere, no business will be made, and it's all a lot of sound
and fury over nothing.

~~~
SolarNet
Well they word it differently I'm sure.

~~~
klodolph
Wording things differently rarely has any significant legal impact.

(Except in advertising, right?)

~~~
corin_
Wording things differently very often has significant legal impact, depending
on the situation and context.

I have no legal training, but regularly review lengthy legal contracts and
discuss them with lawyers, and tiny changes in wording can have huge
implications in what they mean.

Outside of legal contracts, many agreements (such as an agreement over email,
or even verbal) can be considered legally binding, and so could be affected
similarly when it comes to wording.

An example away from contracts (written or otherwise): salesmen and bribing.
"I'd like you to buy my company's product, let me take you to an expensive
restaurant to discuss the opportunity" is fine (roughly, in some cases and
depending on the monetary value of the meal it might be against company policy
or in some cases even illegal, but usually fine), vs. "If you buy my company's
product I will take you to an expensive restaurant" which isn't fine.
(Speaking from experience, having a) had plenty of experience on both sides of
the sales table, including being specifically offered bribes and including
being "client entertained" including some cases where I couldn't accept even
though it would have been legally not considered bribery, and also from the
experience of having to write, and enforce, anti-bribery / anti-corruption
company policies.)

~~~
klodolph
I was a bit sloppy in my original statement. Yes, if you word a contract
differently it will often have a different meaning, that's not really just a
rewording, that's a material change. Same with other agreements. The different
wording describes different requirements for fulfilling a contract.

An example of what I'm talking about is the difference between gifts and
loans. Say you're applying for a mortgage, and I give you $50k as a gift.
Sure, you can use that as a down payment. But if I make you agree to pay the
$50k "gift" back as a condition, it's not a gift, it's a loan, and calling it
a gift is mortgage fraud. No matter how you word it, you can't change a loan
into a gift.

Just like with extortion. Extortion is an act, and you can carefully word it
all you want, but it doesn't change the fact of extortion, but it may make it
easier or more difficult to prove.

But I'm not trying to say something especially deep here, just that it's
common for people to look at the language of the law and believe that they can
avoid consequences by rewording a few things.

------
thinbeige
Slightly OT: This reminds me of Glassdoor. Glassdoor is more subtle but has a
similar business model.

Pay for the 'employer branding' package way more than 600/year (rather per
month) and you get rid of the worst employee feedbacks.

------
UnrealIncident
They're also fingerprinting every user. I noticed because it caused Firefox to
hang for over a minute.

------
rrauenza
Could the major browser providers start just blacklisting these kinds of
TLD's? Or grey listing with huge warnings?

~~~
ams6110
Google provides a huge DNS service. Could they just return NXDOMAIN for the
entire .feedback TLD?

~~~
detaro
I can think of a lot of parties that would _love_ precedent for Google
censoring stuff from their DNS. Parties Google _really_ doesn't want to be
seen as on the same side with.

------
sergiotapia
Fucking genie's out of the bottle now isn't it. :)

A bit late to call party foul when absurd tlds are available more and more.
Ocean of piss and all that. Embrace the chaos.

------
warent
An unethical and shamefully pathetic extortion scheme. This is really a
disappointing and completely uninnovative, destructive direction to take the
internet in

------
jacobmalthouse
Tangential but important. Some new domain endings are really focussed on an
ethical approach to using what we view as important public infrastructure
(meaningful words + DNS = impact). At home.eco we embedded ethics into our
governance (ICANN Contract) our corporate DNA (B Corp) and our product
(profiles.eco). We think there is real potential to leverage the DNS for good.

------
babuskov
[http://feedback.feedback](http://feedback.feedback)

Looks like they got some great feedback.

------
BLanen
Couldn't companies do a class-action on the fact that they pre-registered
domains with trademarks belonging to other companies but not giving those
domains to those companies?

There's precedent for getting a domain based on trademark from someone else.

------
yellowapple
I'm normally thrilled to hear about new TLDs.

This is an exception. It'd be great in theory, but the preregistered scam
domains are absolutely ridiculous.

I hope the likes of Google and Facebook come down on these sites, and come
down on them _hard_.

------
kierenj
I hit the "Claim" button, and it's gone to a page asking for my CC details. I
wonder if anyone could claim it..

------
crispytx
Scammers like this give capitalism a bad name.

~~~
dragonwriter
> Scammers like this give capitalism a bad name.

I dunno, between tobacco companies, oil companies, and the earlier thongs
pretty much every major industry did that stimulated the labor movement from
the 19th Century into the early 20th, these guys are small fry. _Capitalism_
gives capitalism a bad name.

~~~
abawany
I am not much of a fan but I think such stuff is completely in the domain of
humanity and human nature. I can't think of any political or economic system
that can suppress the evil and good that comprise the human species.

------
martin-adams
This feels very similar to Trustpilot in my opinion. The format and
description of the company (in the first person) is extremely similar. The
only difference is branding. Trustpilot don't have a domain looking like the
company, but companies can pay to take control of their brand on the platform.

------
TeMPOraL
See the thread here[0] for info on who's likely behind it. It seems to be
operating since at least 2015 already.

[0] -
[https://news.ycombinator.com/item?id=14669058](https://news.ycombinator.com/item?id=14669058)

------
jheriko
this is the price of having no or nearly no regulation or standards.

as much as i appreciate the arguments for why that is the case, its important
to recognise the cost of that philosophy in practice

still i hope there is some legal action that comes against them.

------
dabber
The fine folks at .feedback seem to be Kurt Vonnegut fans.

cdn.feedback serves up this on an otherwise empty html doc:

    
    
        <!-- There's only one rule that I know of, babies - God damn it, you've got to be kind -->

------
rurban
I edited the site's content changing the name and description to a more
appropriate one, whilst still staying entirely professional, but it failed to
save the adjusted content. -1 for user-friendliness

------
SippinLean
If you click through "Claim this site" there doesn't seem to be anything in
the form of verification, seems that just anyone can claim them. The price for
SO was $750 though, not $600.

------
metaphor
> If they do discover it, they are given a choice: Pay $20/month to receive
> the feedback, or pay $600/year to take the web site down.

Corporate-driven lawsuit for trademark violation?

------
pawy
Doesn't Trademark protect them ? I thought that a simple request could take
down such domain names. (1000 buck per name if I recall)

------
ara24
Browsers should just s/.feedback/.com/, problem solved.

------
King-Aaron
There's some stellar reviews popping up there already

------
natch
Can the TLD just be blackholed by major DNS providers?

------
Beltiras
www.amazon.feedback redirects to amazon.com login page. They paid the
extortion?

~~~
vuln
Probably does a 302 redirect and drops in their affiliate#. Easy income.

~~~
vardump

      HTTP/1.1 302 Found
      Date: Fri, 30 Jun 2017 16:59:36 GMT
      Server: Apache/2.4.18 (Ubuntu)
      location: http://www.amazon.com/feedback
      Content-Length: 0
      Content-Type: text/html; charset=UTF-8
    

Can that "/feedback" be an affiliate ID?

------
accountyaccount
They also own .sucks... of which they were charging $2500 per domain. I don't
know why these manipulative TLDs are allowable without considerable
regulation. This latest example seems to be more directly extortion, and is
likely illegal in many places.

~~~
OskarS
Yeah, this whole TLD expansion program seems like it was extremely poorly
handled by ICANN. I think it was a good idea to expand TLDs beyond the country
codes and the original ones (TLDs like .travel or .nyc are genuinely useful),
but approving TLDs that could be used for defamation (like .sucks) or scams
like this is clearly a huge mistake. Also, putting it in the hands of private
companies that can charge extortionate rates for domains is just terrible.

------
publicopinionsa
I might want to include that IMHO all new TLDs are trick. Brand proprietors
are compelled to enroll their name in a large portion of them.

~~~
malka
I consider any "non standard" tld as crap. If you have a weird tld i wont go
to your website.

~~~
OberstKrueger
Where do you draw the line on this? I can understand that unknown companies
running on some obscure GTLD might raise suspicion, but what about a personal
blog or someone's side project?

~~~
corobo
TLD more than 3chrs? Not for me.

.info is the furthest I'd go. At a push. I'll also still click on ".google"
and other reputable corp vanity domains if the content appears on HN and looks
interesting enough.

------
snakeanus
This is why people should move to things like OpenNIC or to a DNS-less address
scheme like the ones used in namecoin/tor/i2p. The ICANN scammers should be
stopped.

~~~
nerdponx
How would OpenNIC help?

------
babuskov
I wonder, how does this compare to Yelp?

------
Dot_Feedback
Hello I am Jay the CEO of .Feedback

I wanted to correct a few facts.

First, while it has been reported that Registry pre-registered 5,000 domains
this is incorrect. We have not registered the sites you mentioned. You can
check the whois and look up the owners.

Second, The pricing referenced is out of date and not accurate. Prices can be
found as low as $5 for a .feedback domain. Check out Crazydomains.com

~~~
Sir_Substance
>Second, The pricing referenced is out of date and not accurate. Prices can be
found as low as $5 for a .feedback domain. Check out Crazydomains.com

Well, that's fine then. It's totally ethical to fleece people as long as
you're not fleecing them /too much/.

------
lemagedurage
A site that provides uncensored free speech aimed at companies is considered a
huge scam? It looks like the comments are not manipulated, and I appreciate
that authenticity more than practices happening around Google, YouTube,
Facebook etc.

~~~
nerdponx
It's a scam because they purport to be affiliated with the company everywhere
except the disclaimer at the bottom.

------
oh_sigh
How is this a scam? The result is obviously just a ratings site which never
purports to be the sites referenced in their URL...why does it matter if you
type in google.feedback or feedback.com/google or google.feedback.com into
your browser? No reasonable person could be misled to believe that
google.feedback/ was at all related to Google.

edit: Okay, I guess it is a pretty messed up website. If you go to reply to
something, it gives you the ability to "officially" reply (as, say Google) for
a mere $29 per message. This doesn't seem like extortion, but it is a pretty
horrible business idea.

~~~
cstrat
> No reasonable person could be misled to believe that google.feedback/ was at
> all related to Google.

Mate, that is 100% confusing to anyone on the internet.

Especially more so now that google uses their own TLD for some of their
blogs/services. So `blog.google` is google. `google.com` is google, but
`google.feedback` isn't. Please explain...

~~~
foldr
People who don't understand how domain names work are probably just as likely
to be fooled by 'feedback.com/google' as they are by 'google.feedback'. I
don't really get this either. It's obvious from the content of the site that
it's not run by Google.

