
Tell HN: Google drops blogspot.in, breaking hundreds of thousands of permalinks - sairamkunala
When searched within India, Google&#x27;s Blogspot points to username.blogspot.in as opposed to username.blogspot.com (also in search engines). Most permalinks users use to share are country specific which also reflect on Google Search.<p>Looks like blogspot.in was picked up by a non Google entity.<p><pre><code>  Domain Name: blogspot.in
  Registry Domain ID: DE2DC9C0E8E694C28ADEF0F444F121B45-IN
  Registrar WHOIS Server:
  Registrar URL: www.domainming.com
  Updated Date: 2020-06-29T20:00:06Z
  Creation Date: 2020-06-24T20:00:05Z
  Registry Expiry Date: 2021-06-24T20:00:05Z
  Domain Status: inactive http:&#x2F;&#x2F;www.icann.org&#x2F;epp#inactive
</code></pre>
There is a ceritificate for the blogspot.in along with other blogspot.* domains. Would they end up revoking all the certificates if challenged?<p>https:&#x2F;&#x2F;crt.sh&#x2F;?q=blogspot.in
======
chubs
This is one of the main reasons I tried garnering interest around a blogging
app idea I had: If you blog with a third party service, eventually your blog
will go away due to an acquihire, company shutdown, merger, or whatever
happened in this instance (google forgot to renew a domain?). If you want to
write seriously with a multi-decade perspective, you need to host it yourself,
and I wanted to make that easy to manage for an average Joe. Unfortunately I
haven't had any luck gathering interest! Technical people understand the idea
but just roll their own using eg Jekyll; and Non-technical people don't get
the idea, or dont seem to care.

The idea is here:
[http://www.splinter.com.au/2020/06/07/chalkinator/](http://www.splinter.com.au/2020/06/07/chalkinator/)

Anyway if anyone has advice i'm all ears :)

~~~
MrGilbert
This reminds me of the now-obsolete "Windows Live Writer"[1], where you could
write everything on your Windows machine and "push" it to Sharepoint, Blogger,
LiveWriter, Wordpress and much more. Ultimately, it got an open-source fork
called "Open Live Writer"[2].

It sounds like a nice idea - a "Live Writer on steroids". Could be neat.

[1]:
[https://en.wikipedia.org/wiki/Windows_Live_Writer](https://en.wikipedia.org/wiki/Windows_Live_Writer)

[2]:
[https://en.wikipedia.org/wiki/Open_Live_Writer](https://en.wikipedia.org/wiki/Open_Live_Writer)

~~~
forgotmypw17
For anyone wanting to take it for a spin, openlivewriter.org seems to be down
since at least May, but .com works, and is also maintained by the same people.

[https://openlivewriter.com/](https://openlivewriter.com/)

[https://github.com/OpenLiveWriter/OpenLiveWriter/issues/911](https://github.com/OpenLiveWriter/OpenLiveWriter/issues/911)

~~~
rodolphoarruda
This is a Windows only app. Is there any similar app for Linux?

~~~
belltaco
Might run on WINE.

~~~
nacs
Also since it’s .net it may compile/run with the Mono natively on Linux/Mac.

------
jermier
I'm surprised no-one mentioned Mark Monitor[0] (no affiliation). A lot of big
brand corporations use it to protect their intellectual property. Can you
imagine, for example, someone getting their hands on `apple.com` or
`icloud.com`. They could wreak havoc since a lot of iDevices use those two
domains in order to function and you could pwn many devices if you were
determined enough. I imagine MM solves the 10-year time window problem by
ensuring the domain lives well on into the future. It's what they do.

[0] [https://www.markmonitor.com](https://www.markmonitor.com)

~~~
devrand
Yeah, and I checked a few whois history sites and the domain had been
registered with Mark Monitor as the registrar. That's a _major_ mistake on
their [MarkMonitor's] part.

Edit: clarified that I meant the error seems to be on MM's side.

~~~
neonate
What's the major mistake? I don't follow.

~~~
devrand
Companies hire MarkMonitor to safeguard their protected marks, which generally
involves registering these marks under basically every TLD available.
MarkMonitor themselves is an ICANN registrar so companies generally don't need
to worry about renewals: MarkMonitor just handles it (how it actually gets
billed back likely depends upon the contract).

So unless Google explicitly told MarkMonitor to release the domain, this seems
like MarkMonitor dropped the ball.

~~~
kyrra
Google doesn't use MarkMonitor as far as I know.

~~~
bduerst
Despite having it's own generic registrar service, Google uses MarkMonitor for
most of it's domains, for reasons people have already outlined.

~~~
kyrra
TIL, thanks!

------
donalhunt
The original reason for the per-country domains was to allow Google to
"continue promoting free expression and responsible publishing while providing
greater flexibility in complying with valid removal requests pursuant to local
law."

It arose around the question "Does a judge in country A have the ability to
censor content in country B?". Google has long argued that a judge does not
have this authority.

[https://support.google.com/blogger/answer/2402711](https://support.google.com/blogger/answer/2402711)
[https://www.theverge.com/2012/1/31/2761454/google-blogger-
au...](https://www.theverge.com/2012/1/31/2761454/google-blogger-automatic-
redirect-censorship-cctld)

~~~
pc86
> Google has long argued that a judge does not have this authority.

Google, and anyone with a functioning brain stem.

Jurisdictions exist for a reason, and with a number of exceptions somewhere in
the low single digits (and maybe zero), all jurisdictions end at the borders
of a country.

~~~
quickthrower2
Kind of. Countries have jurisdictions within them, such as states and there is
the EU of course, and then countries make treaties with each other so there
can be influence across countries.

~~~
vikramkr
Influence but not jurisdiction. Outside of crimes against humanity/universal
jurisdiction, I cant think of a situation where a country A would have
jurisdiction over an event that happens in another country B involving nobody
of nationality A. Even in the EU there's a lot of guidelines and processes for
figuring out which member country gets jurisdiction over cases.

~~~
reaperducer
_I cant think of a situation where a country A would have jurisdiction over an
event that happens in another country B involving nobody of nationality A_

Trade sanctions. Banking regulations. It happens all the time.

~~~
vikramkr
Those still involve people of nationality A. The people importing/sending out
funds to the bank etc.

~~~
reaperducer
Not necessarily.

Country A can put an embargo on certain products to Country B. When Country C
sends those products to Country B, Country A refuses to do business with
Country C, or fines it, or levies some other penalty.

~~~
vikramkr
Country A is still involved in their transactions with country C. The only way
they are exercising any power is through their direct involvement in the trade
network. This also isn't a legal court case with a crime and jurisdiction so
it doesnt even really fit the idea of where crimes are evaluated in a court of
law - international trade wars are not criminal law unless there are crimes
against humanity involved, which I already put a disclaimer about as one of
those crimes considered having universal jurisdiction. Though you still have
to invade them to be able to prosecute people, in which case you extend your
jurisdiction by turning the country into a territory as in ww2

------
crazygringo
Honestly the whole notion of losing your domain if you accidentally don't pay
is pretty silly. A domain in usage is obviously meant to continue, even if an
organization misses a process to renew.

Far better would be that a domain is yours in perpetuity until you
_explicitly_ cancel it. If you don't pay, you get bills, or it goes to
collections, or the domain temporarily stops resolving or something... but you
shouldn't _lose_ it. (If a person passes away, their estate figures out what
to do with it.)

The notion that if you forget to pay, 60 days later it's gone (poof), just
seems like a dumb policy in the first place.

And for those wondering how a business forgets to renew, it's pretty easy: the
employee (A) in charge of managing renewals is let go, and so is their manager
(B) at around the same time, so the manager (B) doesn't transfer
responsibility from (A) to a new person, and _their_ manager (C) doesn't
realize the original employee two levels down (A) never had their
responsibility transferred, because that was B's job.

~~~
thrownaway954
There is already something in place where if you forget to renew, the domain
is place in holding for a specified amount of time before it is released.

domains are an asset just like anything else. personally i don't see why if
you are a business, you don't register you domain for 10 years or more. just
as a test i went to godaddy and looked at how much it costs to register a .com
domain for 10 years... it was less than $100. honestly... if you are a
business and it costs you $1000 to register you domain for 100 years, why
wouldn't you do it.

~~~
crazygringo
First, you can't renew for more than 10 years.

Second, long-term renewals are precisely the scariest ones. It's actually
tremendously difficult for a business to keep a process in place that happens
once every 10 years. The employee who registered the domain (and their e-mail
address) are probably _long_ gone. The responsibility has been passed along 5
different employees during that time, and the last one got fired and nobody
knew they were the one in charge of renewals. And then you find out, suddenly
you don't own the domain anymore!

This is the whole problem in a nutshell. Counter-intuitively, if it were a
bill sent monthly, it would be much harder for people to forget about (and you
could rely on USPS forwarding for changes of address).

~~~
curiouscats
You can set it up so you renew up to 10 full years (from the remaining 9)
every year. That way you have 9 chances to fail before it becomes an issue.

Also for a fairly small organization you can have all the domains listed in
one place with the renewal dates and review that every 6 months or year (to
make sure all the new ones were added, the contacts are still all valid
[hopefully you setup things like [domains]@[companyname].com or something
but..., you have noted any that you no longer want or were transferred away...

~~~
hanniabu
I use namecheap and just use their auto renew feature. Do other registrars not
have that option?

~~~
crazygringo
Auto renewal doesn't help here.

Credit cards expire, e-mails get deactivated, addresses change.

If you're not getting notices about your domain expiring in the first place,
auto-renew isn't going to stay working after your credit card expires, which
is only a couple years.

~~~
rectang
I use Namecheap, and I have deliberately _avoided_ their auto-renewal service
because it doesn't offer me anything.

The key point is that a human needs to be involved in an audit process which
occurs regularly. And so I renew all my domains once per year in December, a
year in advance.

Now that I think about it, I suppose I could extend one year at a time, but
keep a 1-2 year buffer (or larger) in case of dire emergency instead of a 0-1
year buffer.

------
mcv
Just another reason to always, always claim your own domain. If you rely on
someone else's domain, you have no control over it.

Although it must be said: even your own registered domain can be lost.
Generally due to you not paying attention, but I believe it has also happened
that a registrar fucked up and sold a customer's domain to someone else.

Maybe we need better regulation for this sort of thing. If you get a new phone
subscription with a different phone provider, the phone providers are required
(in the EU at least) to allow you to keep your phone number, because so many
things are tied to it. The same is true for email addresses and websites.
Breaking this can cause serious problems to people.

~~~
YetAnotherNick
No, this is not the reason. You would have much more likely chance being
kicked by the registrar/card not accepted/country ban/forgot password/domain
hacked/forgetting to renew and myriad of other reason than medium/google
forgetting to renew their domain. This event is extremely unlikely.

~~~
willcipriano
You can petition ICANN if you lost a domain that you paid for. As long as you
are the rightful owner it will be returned to you. Keep a active credit card
on file with your registrar and keep a credit with them as well. All the
horror stories I see are cases where someone stops paying.

[https://www.icann.org/resources/pages/help/dndr/udrp-
en](https://www.icann.org/resources/pages/help/dndr/udrp-en)

~~~
pc86
> As long as you are the rightful owner it will be returned to you.

As long you _can prove_ you are the rightful owner. Sometimes that's much
easier said than done, especially to a particular burden of proof they might
require to pull the domain away from someone actively using it.

~~~
treeman79
Was running a multi hour deploy. Only minor features, so low risk.

Everything broke with our biggest client.

After a massive scramble it turned out our clients certificate had expired, in
middle of the deploy.

    
    
      So our system could no longer talk to them.
    

Whoops

------
gruez
ask hn: how could this have happened? According to
[https://www.domain.com/blog/2018/11/01/domain-name-
expiratio...](https://www.domain.com/blog/2018/11/01/domain-name-expirations-
what-you-need-to-know/), there's supposed to be a 30 + 30 days grace period
following domain expiry, where the original registrant can claim the domain.
Was blogspot.in really down for 60 days and nobody noticed?

~~~
jsploit
Last crawl on Internet Archive, which used to hit blogspot.in almost daily,
was May 21. [0]

Domain deletion processes vary per TLD. For .in it appears to be a 30 day
grace period + 5 day hold period. [1]

[0]
[https://web.archive.org/web/20200521111932/http://blogspot.i...](https://web.archive.org/web/20200521111932/http://blogspot.in/)

[1] [https://www.registry.in/registrants-
faq](https://www.registry.in/registrants-faq)

------
notRobot
[https://www.google.com/search?q=site%3Ablogspot.in](https://www.google.com/search?q=site%3Ablogspot.in)

480,000 results for me. All broken. Wow.

~~~
nix23
I see 4’720’000 results, even more WOW ;)

~~~
saurik
I now have "About 5,080,000 results (0.15 seconds)" (so more _and faster_ than
previous results, lol); clearly our interest in this search term has attracted
the attention of SEO bots ;P.

~~~
dgellow
It's increasing?! I got the following:

> About 6,080,000 results (0.21 seconds)

~~~
gspr
> About 5,000,000 results (0.16 seconds)

------
blntechie
Most likely they claim the domain back quickly? Yes?

But that’s a massive mess up by Google. I know blogspot is not any at focus
product for them but still it should hurt.

~~~
dman
It is not a new phenomenon, I am still grouchy about how Deja was handled. :(

------
Santosh83
Apart from the massive list of broken bookmarks, am also wondering what is the
risk of the new owners attempting some kind of phishing fraud on unsuspecting
non-technical users?

Really surprised by Google dropping the ball like this...

~~~
kellengreen
But are we surprised?

~~~
sp332
Well, yes. Google usually makes an announcement before they shut domains off.

------
domainerin
The registrar "domainming"(domainming.com) of .in domains, is the biggest
abuser of nixi policies. NIXI specifically says that registrars themselves
cannot participate in dropcatching and selling, but the owner of domainming
Mr. Salim, goes on with his business unperturbed. I am sure like how the
Indian registrar mitsu was banned by NIXI for violation of policies, the same
way I am certain that law will catch up with domainming.

------
puranjay
Why would an organization like Google ever even drop a domain? A 10 year
domain registration is what - $150?

~~~
jefftk
My bet is that it's a complicated mistake.

(Disclosure: I work for Google, speaking only for myself)

~~~
toomuchtodo
I suppose I'll go start looking for other google domains that heavily impact
internet users if they expire, and are close to expiration, and just pay the
~$100 to renew them for another 10 years and write the cost off as public
service [1].

[1]
[https://www.techdirt.com/articles/000118/1443242.shtml](https://www.techdirt.com/articles/000118/1443242.shtml)

------
jeswin
There's clearly no fail-safe (even moderately so) solution to this problem on
the centralized internet. Yet more reason for Secure Scuttlebutt, Dat and IPFS
to exist.

~~~
dredmorbius
How specifically do those solve this issue?

------
scarface74
Counterexample:

AWS announced that they were going to disable links to files hosted on S3 that
used a deprecated format. But after much outcry about how many links would be
broken, they [1] back tracked.

[https://forums.aws.amazon.com/ann.jspa?annID=6776](https://forums.aws.amazon.com/ann.jspa?annID=6776)

[1] Should I be saying “we” now that I have been working for AWS for less than
a month? I’m not use to being identified as an employee at BigTech.

~~~
dredmorbius
AWS bare links are a cesspit and are increasingly blocked by firewalls. The
sunset will occur one way or the other.

~~~
dredmorbius
Acknowledged (post-Bezos acquisition) at the _Washington Post_ in 2014:

"Amazon is a hornet’s nest of malware"

 _Of the 10 sites that pump out malware most frequently, four are hosted on
Amazon Web Services (AWS) — including the number one site, download-
instantly.com, according to a threat report published Wednesday by the IT
security firm Solutionary._

 _The report comes a week after we learned that hackers allegedly used Amazon
's cloud hosting solution as a platform for a botnet that scraped personal
information from potentially millions of LinkedIn subscribers...._

[https://www.washingtonpost.com/news/the-
switch/wp/2014/01/16...](https://www.washingtonpost.com/news/the-
switch/wp/2014/01/16/amazon-is-a-hornets-nest-of-malware/)

------
thereyougo
Someone in Google going to have a very hard day that's for sure.

------
WClayFerguson
IPFS will fix this. Permanently and forever. Move to Web3. The Big Tech firms
are providing the incentive towards Web3/IPFS apparently not just by their
rampant political censorship but also by breaking links. Everything about Big
Tech monopolies is just harmful to the web. People are fed up with it.

~~~
agentdrtran
Is IPFS easy enough for normal people to use yet?

~~~
WClayFerguson
IPFS isn't really something end users work with directly.

Apps and platforms (like the one I'm building:
[https://quanta.wiki](https://quanta.wiki)) use IPFS behind the scenes. The
main characteristic the end user will need to know is that is _is_ IPFS and is
therefore uncensorable, decentralized, and secure.

------
napolux
And that's why you should own your own domain.

~~~
speedgoose
I don't know, I didn't pay for some time and now it's parked by a bot.

~~~
phendrenad2
Man those domain squatter bot companies, they aren't even interested in
selling the domain back in some cases. I don't understand the business model.
Maybe they're buying google pagerank score.

~~~
alltakendamned
ad income generated by traffic to page (either organic or typos) exceeds the
cost of the domains. then scale to 10s of thousands.

------
rudolph9
Use content addressing. There are still many rough edges to be worked through
but IPFS and others don’t get enough attention when stuff like this comes up
on HN.

------
mitchtbaum
I would probably use Switcheroo Redirector extension if I needed a quick fix,
but I'll keep you posted with better solutions.

[https://chrome.google.com/webstore/detail/switcheroo-
redirec...](https://chrome.google.com/webstore/detail/switcheroo-
redirector/cnmciclhnghalnpfhhleggldniplelbg?hl=en)

------
khemu123
Thanks a lot! Yes, Open Live Writer sounds very similar to what I'd be making.
To be honest I hadn't heard of it.
[https://futuremirror.info](https://futuremirror.info)

------
Abishek_Muthian
It doesn't seem like Google had forgotten to renew the domain, may be blogspot
is next on line?[1]

[1][https://killedbygoogle.com](https://killedbygoogle.com)

~~~
ummonk
Yeah going by [https://www.bleepingcomputer.com/news/google/risky-
blogspoti...](https://www.bleepingcomputer.com/news/google/risky-blogspotin-
domain-for-sale-after-google-fails-to-renew-it/) it sounds like they had ample
warning.

------
creeble
Google doesn't use a service like Markmonitor or one of the dozens of other
professional asset management companies to register their domains?

Huh.

------
pmlnr
Google is slowly becoming the destroyer of the (old) internet. (See amp,
removal of urls, etc) I'm fairly certain I don't like really the new internet,
even if some of the url re-representations are reasonably nice.

~~~
Shorel
Just remember Deja News.

------
contr-error
dang, is this comment
[https://news.ycombinator.com/item?id=23769393](https://news.ycombinator.com/item?id=23769393)
causing this post to erroneously show up in
[https://news.ycombinator.com/ask](https://news.ycombinator.com/ask)?

~~~
oefrha
Any submission that’s not a link or Launch (reserved for YC companies) is put
under the Ask banner, “Ask HN:” in the title is customary but not required, so
no, it’s not erroneous.

------
bhartzer
A great example of why domain owners need domain name insurance. Domain
insurance protects the owner from the loss of the domain, from UDRPs, expiring
domains, failed renewals, stolen domains, etc.

If it's a high-value domain (or if one that you just can't lose), then there
other options, such as a registrar lock, or simply registering it for 100
years (i.e., Network Solutions), or even forever (Epik offers a forever domain
registration). But that doesn't protect the domain owner from losing it via
UDRP, lawsuit, Trademark issue, or having it stolen from them.

~~~
Sebb767
> or even forever

I highly doubt this is going to be the case. Even those 100 year registrations
could easily bankrupt a company with a steep domain price hike or some
inflation.

I mean, it's okay if one wants to be secure, but investing several thousand
dollars in a company for a promise that's very likely going to be broken is -
in my opinion - not a good strategy. Especially when you can invest the same
money into a 10-year registration with yearly renewal (to stay at 10 years)
and sufficient monitoring.

------
raverbashing
To be honest I never got why Blogger bothered with a country specific domain
when visiting a blog

This sounded like a problem waiting to happen

I understand onboarding your customers using a custom domain per country but
not just switching (to the domain of the visitor, not of the blog even!)

~~~
dannyw
Local domains get higher CTRs and hence rankings on Google.

Blogspot is an acquired Google property, hence they actually needed to care
about SEO instead of just forcing their results up through rich snippets and
widgets.

~~~
sairamkunala
source:
[https://support.google.com/blogger/answer/2402711?hl=en](https://support.google.com/blogger/answer/2402711?hl=en)

but other country specific URLs current redirect to .com

------
conroydave
more like semipermalinks, amirite

------
6510
<sarcasm> People are easier to control if they don't talk. Average Joe should
not have a say in anything, he should not have a voice at all. So you give him
a bit of toilet paper to write his stuff on and toss it in the loo.

~~~
6510
We see this dark pattern all over. How should one reason about it? A large
part of the book burning is without intend. Or are we indoctrinated to support
it?

IMHO everything that doesn't cost anything to preserve should be preserved.

