
123-Reg and NamesCo registered millions of .uk domains without asking customers - jacquesm
https://www.theregister.co.uk/2019/09/16/123reg_namesco_uk_domains/
======
lolc
Sounds like fraud to me. Charge for something similar to what you're already
billing and hope people don't notice.

Around where I live, courts decide differently based on the nature of the
enterprise. If a company gets an invoice and pays up, they basically agreed to
the charge. That's because companies are expected to understand and check
invoices. For private individuals, if they pay an invoice and only later
realize that they didn't in fact wanted to pay, the contract that came into
being based on their payment can be annulled. And in some cases it leads to
charges of fraud. That's not to say that companies can't be illegally
defrauded, just that the bars are higher.

In the .uk case, this means companies would have to make sure they didn't pay.
But consumers could in fact claim they were tricked and demand restitution
even after paying. I don't know how such cases are handled in the UK however.

In any case: Transfer your .co.uk to a reputable registrar. Don't do business
with outfits who pull shit like this.

~~~
scraplab
Who do people recommend for alternative UK/global registrars? Security is high
up my list of priorities, and Cloudflare looks great, but doesn't offer .co.uk
domains currently.

~~~
leonsmith
[https://www.gandi.net/](https://www.gandi.net/) I belive at some point in the
past when you ordered a weird TLD on AWS it was fulfilled by gandi on behalf
of AWS.

~~~
jamesponddotco
Plus one for Gandi, these guys are amazing and follow a clear no bullshit
policy [0].

[0] [https://www.gandi.net/en/no-bullshit](https://www.gandi.net/en/no-
bullshit)

------
reallydontask
We were told that because we had a .co.uk domain with 123-reg, we would get a
.uk domain for free for two years. I think there was an option to opt-out but
we got the domain.

So clearly emails didn't go out to all customers, customer didn't read the
emails or forgot about them.

123-Reg would send a 30 days to renewal email and 7 days to renewal email,
maybe they were not sent this time?

------
blantonl
It seems to me that some of the darkest patterns in the technology field are
related to domain name registrars.

~~~
C1sc0cat
Low cost of entry maybe Ofcom should have to approve all .uk registrars.

And ICANT should clampdown of some of the dodgy stuff they allow crappy
registrars.

------
mjw1007
This affair is also bad for any people who would actually like to use .uk
domain names: in many cases where the current owner of foo.co.uk doesn't want
foo.uk it's effectively increased the period for which the name is reserved
from five to seven years (or more if the current owner drops the ball and lets
the scummy registrars get away with the autorenew).

~~~
Symbiote
That explains what's happened for me.

I have a .me.uk domain, and I'd like the .uk. I attempted to register it, and
I was charged, but then refunded a few days later. It's currently pointing to
a 123-Reg parking page.

------
Milner08
Damn thanks for pointing this out! Just canceled the auto-renewal of the two
.uk domains they added for me.

------
C1sc0cat
I wonder what Ivan Pope's (I used to work with him at poptel) thoughts on this
are and it does seem that Ofcom have been asleep at the wheel here.

------
SteveSmith16384
Stuff like this will happen as long as Nominet is a for-profit company.

~~~
mjw1007
Nominet is officially a non-profit company.

The problem is that (like many non-profits) it's being run by people who see
the world the way for-profit companies do, and think that it's their job to
maximise their surplus rather than act as stewards of the .uk namespace.

So you see the chairman's statement in the annual report saying « In addition
to pursuing organic growth, we have a prudent approach to possible
acquisitions and investments that will accelerate our strategy and lay the
foundations for future growth. »

even though there's nothing in the company's official objectives that says
growth is an aim.

------
BiasRegularizer
Fittingly reported by The Register

------
sp8
As much as I dislike 123-reg, they weren't the only ones who did the 'auto-
registration' thing. I don't feel like dropping my registrar in it but they
did the same (only it was at the end of the .uk reservation period - I gained
2 domain names, both of which ought to belong to clients of mine). I haven't
ever checked if they set them to auto-renew in fairness, my account settings
are to NEVER auto-renew so I suspect they followed that.

------
laumars
> _But, rather than seek to persuade their customers why they should pay for
> two .uk domains instead of one, they have simply stuck those domains on
> auto-renew._

None of the .uk tld's that were registered on my behalf are set to auto-renew
(and I have quite a few .co.uk - and thus .uk - domains too).

Reading past the El Reg's hyperbolic writing style, I suspect what's actually
happening here is they were set to not auto-renew _unless_ the customer
started altering the settings of the .uk tld. Since I left them alone, they'll
just expire. It's still a frustrating anti-pattern and worth reporting on but
not the literal scam El Reg are reporting it as.

~~~
detritus
Did you read the comment section? There're examples therein of people
confirming the practice, as too at least one person on HN here.

El Reg's house style is very much love it or loathe it, but I think it's
unfair to accuse them of being misrepresentative. The Reg has been one of my
daily go-to websites since the early 00s purely because I find it trustworthy
and not wont to sit in the pockets of the industry it reports on.

~~~
laumars
> _Did you read the comment section?_

There wasn't any other comments when I typed mine.

> _El Reg 's house style is very much love it or loathe it, but I think it's
> unfair to accuse them of being misrepresentative._

Why? They have been on other occasions and their writing style is
intentionally designed to be exaggerative.

> _The Reg has been one of my daily go-to websites since the early 00s purely
> because I find it trustworthy and not wont to sit in the pockets of the
> industry it reports on._

I've found in their effort not to "sit in the pockets of the industry" they're
bias has shifted too far to the other side where they too quick to pass
judgement. Combined with their inflammatory tones, it creates a feeling
reminiscent of those armchair critics that claim everything is shit while
failing to appreciate the detail of the problem.

~~~
detritus
That's curious. I'd read the Register article before it was posted here and
there were comments to that effect - did you too read it before it was posted
on HN?

Their writing style is intended to be a bit tabloid in its reading, sure, but
i've always figured that's to make otherwise dry reading a bit more engaging.
The sum of their analysis is essentially on point. Their cousin, The Inquirer,
by contrast is probably less 'exaggerative' as you put, it but is painful to
wade through.

As I say - it's a love it or loathe it rag but I don't see them as being
overly negative, except where due. I suppose the tone does encourage armchair
critics in the comments sections, but then their comments section is second
only to HN, I feel, for worthwhile input from people who Know Their Shit.

~~~
laumars
> _That 's curious. I'd read the Register article before it was posted here
> and there were comments to that effect - did you too read it before it was
> posted on HN?_

Sorry, I was talking about HN comments. To be honest I didn't even realise El
Reg had a comments section (though I wouldn't have read them anyway - HN is
the only site's comments I read)

> _As I say - it 's a love it or loathe it rag but I don't see them as being
> overly negative, except where due._

Their comments regarding OpenSSL weren't. Back when Heartbleed was announced
El Reg were heavily critical (as many people were) but they then ratchet up
the tone by recommending people use other, largely unproven, cryptography
libraries. They've also reported other vulnerabilities as being disastrous -
using the same language as they did for Heardbleed and ShellShock - but for
vulnerabilities that are purely theoretical and extremely difficult,
impractical or even out of scope for 99.999% of consumer devices. El Reg have
often been amongst the worst for misrepresenting the real world implications
for vulnerability announcements and that's entirely down to the tabloid nature
of their reporting.

