That's extremely concerning, given that the domain name industry has a very robust set of regulations and legal procedures to govern privacy, mediate dispute, and establish consumer rights. I'd be very concerned about what this relationship between Njalla and myself would do to those protections - they're not a registrar, nor are they a reseller - what am I actually paying them for?
Unfortunately, the ToS and/or registration agreement that I am signing up for doesn't appear anywhere that I was able to find. I went through the purchase flow to try to buy a domain, but it won't let me proceed without funds in my wallet, and I'm not going to put 30 euro just to try and read a legal doc.
In other words, this seems like it's Probably a Bad Idea(tm), though it's difficult to know without more transparency on their part. (full disclosure: I work for a company involved in the domain industry)
1337 will have the right to immediately terminate the provision of the Services and these Terms, as stipulated below under section 9.2. Such termination will have the effect that 1337 may, at its discretion, choose to assume the registered domain name and hold it in its own account, let it expire, or sell it to a third party.
What happens when they get a phishing customer?
How are they going to get around defacto ownership?
When has asset protection through redirection ever stood up in court?
Some registrars, however, say "Nonsense, the owner of the domain is the Registered Name Holder, and we maintain that information, and the whois privacy is just a registered agent who will pass that information back to the registrant".
I think it's telling that the Njalla ToS linked elsewhere does not mention ICANN, UDRP, or WHOIS as a sign that they have not thought through the implications of what they are proposing to do.
EDIT: also, a practical step for transferring a domain is to ask the registrant to disable whois privacy to do name and address validation, which might also mitigate the "who owns this domain" concern
>Think of us as your friendly drunk (but responsibly so) straw person that takes the blame for your expressions. As long as you keep within the boundaries of reasonable law and you're not a right-wing extremist, we’re for promoting your freedom of speech, your political weird thinking, your kinky forums and whatever. Even Trump is welcome. Hell, he might even be a customer. We’ll never know. We might even be approved by him! Or not. We don’t really care.
I have no need for this service, and would never register a business address to it for all the legal reasons being discussed in another thread on this topic, but I would have registered a private domain or two there anyway, just for the sake of supporting something I believe in.
But that sentence sunk it for me. If you're gonna offer an anonymous service to help promote freedom of speech, it can't be just the kind of speech you like. It's reasonable to say "nothing so illegal that we're gonna end up talking to three letter agencies about it", but beyond that you're either promoting freedom of expression or not, it's very much a binary thing.
This is one of Peter Sunde's projects, I wouldn't be too worried about that one.
I find it easy to understand; I would assume that the answers to your questions are yes, yes, no, no, no, likely depends on commercialization (i.e interest from governments; hardly even a policy decision).
These are merely conditions which many will find more favorable than existing alternatives.
I think it's okay for me to 'censor' people from my cooking blog network. It's not at all my obligation to channel the voices of those who don't know how to use slow cookers. They are inferior human beings, and I think of them worse than any cruel racial narrative ever uttered in the US.
That doesn't stop you from engaging in free speech. That doesn't stop you from creating your own cooking blog and discriminating against those who eat the wrong kind of sushi.
The fight over free speech ought to end at my mouth. I don't want a world where other people have ownership over my mouth, telling me how I didn't give equal speaking time to CNN.
It can be quite effective to prevent spread of these ideas, and even if you disagree with this particular instance (I don't) most services do this to some degree. I do think it is strange though, that they say that they are "for promoting your freedom of speech" simultaneously. Their barring of right-wing extremists suggests that they don't care much for freedom of speech (there's nothing wrong with that, though).
An anonimity service is provided to allow people to express their ideas (wrong as they might be) without fear of retaliation .
By - more or less - preventing "right wing extremists" to express their "weird" ideas they contradict the base premise.
This is not entirely different from some (still queer in my opinion) "free" software licenses, prohibiting the use of the software to (example) members of the US government or military, it is simply not "free" anymore when such clauses are given.
Here, as always happens when there is a discretionary choice involved, is determining what qualifies a "right wing extremist", and whether the ban applies to the person/member (and to his/her political ideas) or to the content, let's say that you are a "right wing extremist" that wants to put online a set of cooking recipes, should you be prevented from having a domain there?
Or is it when in the recipe for some stew you make a not-funny reference to "kosher" meat being not suitable?
And who determines if that is only "not-funny" (maybe it is actually funny) or if it is a non-acceptable pro-Nazi hint?
that's pretty subjective.
Clarifies it a bit
What did he mean by this
I really want to see more of these kinds of services. Anonymity is important.
"9.2 1337 may in its sole discretion, also terminate the Services and these Terms and choose to keep, sell, suspend or cancel your domain name registration if:" (list of conditions follows)
I can see why that's needed, but it doesn't give a good feel to how much they'll push back before abandoning you once somebody is unhappy with your domain and/or content. Would have a better feel if they replaced "keep/sell" with "transfer", which they would be compelled to do, for example, if an ICANN dispute was lost. I would really want a little more detail on what exactly they do for common things like ICANN inquiries, disputes, DMCA, etc.
Some hazy third party in Sweden, where top officials up to and including government ministers vocally promote the idea the idea of internet censorship, and where people have actually been sent to actual jail for voicing opinions.
I think I'll pass.
I just moved my domains there. Super happy with the service since it's so simple and clean.
I guess the difference here is that they don't hide the real owner behind a "contact us to get through" as they are themselves the real owner, so they might be legal, but then comes the question of "do you really want someone else to be the legal owner of the domain of your website".
Interesting. I'd expect the problem to be the other way around.
Do Njalla want to be legally liable for all domains run by their customers?
If there is an issue (drugs, pedophilia, the usual suspects ...) they close it down immediately, claim they weren't owner of the content and were merely leasing the domain to the user, since a sub-lease is what they're effectively doing.
If the domain because popular, they can seize control of it easily, or start snooping on users, or do whatever the hell they want.
Is there a reason why Njalla is better than this reasonable system?
The issues: firstly, they don't support freedom of speech:
>As long as you keep within the boundaries of reasonable law and you're not a right-wing extremist, we’re for promoting your freedom of speech
Secondly, they don't make it clear in what jurisdiction they operate.
Thirdly, they don't specify anywhere what registrar(s) they use to register domains. This prevents customers from performing due diligence on the registrar and its history (for example, does the registrar have a history of arbitrary domain suspensions?)
Fourthly, as mentioned in another comment, their terms of service is absurdly loose with regards to their responsibilites; they can terminate service arbitrarily, and have no obligation to transfer ownership to you in this case. This is completely unacceptable.
Sixthly, their website copy is amateurish and has basic typographical errors.
Seventh, and perhaps most gravely of all, their entire website betrays a fundamental misconception of the roles and demarcation of a registrar (or pretend registrar, as is the case here.) Above I mention that they are anti-free speech, but the very fact that they think it is the place of a (pretend) registrar to have a policy on this matter betrays a fundamental misconception about the liabilities of a domain registrar. The very idea that a domain registrar (or pretend domain registrar) should be in some way responsible for content hosted "on" a domain is faulty, and at the same time sets a hazardous precedent; this is exactly the kind of thinking which absolutely should not be encouraged or perpetuated in the domain name industry, as it is only going to lead to more and more political intervention at the domain name level.
A domain name registrar nominates domain names (meaning essentially the name itself, plus the specified nameservers) to a domain name registry. The only legitimate involvement a registrar has in the use of the domain name is any issue involving the legality of the literal domain name string itself, or the nameserver names, or maybe WHOIS data. Notice that for all its faults, this actually moreorless matches the ICANN model: There are dispute processes for trademark issues regarding the domain name string itself, and dispute processes for WHOIS data. There are emphatically not ICANN dispute processes for content served by nameservers, or content served by hosts referenced by zone data served by nameservers! (I suppose theoretically someone could find a way to break a law with the nameserver names themselves; setting a nameserver for example.com to <illegal-string>.example.com, say, but it seems like that's sufficiently obscure a possibility that it has not yet arisen.)
A domain name registrar is not responsible for the content served by name servers referenced by a domain name, let alone the content served by services provided by hosts referenced by the content of a zone file served by a name server referenced by a domain name. That this pretend registrar fundamentally fails to comprehend this demarcation of responsibility is extremely problematic, and betrays a troubling lack of understanding of the system.
Of course, it certainly may be the case that domain name registries and registrars (and pretend registrars) in the future get more and more dragged into disputes regarding services provided by hosts referenced by zone files served by nameservers referenced by a domain name, but this is extremely undesirable. It would represent the politicization of the domain name system, which would itself seriously undermine its stability and reliability. We have already seem some attempts to politicize the system and they do not bode well; it's certainly not helpful if registrars start overestimating the degree of their responsibility, as it only increases the feasibility of future politicization of the domain name system.
In particular, it should be noted that there is basically no case where the seizure of a domain name for the content it "hosts" (in reality, references, not even directly but via a set of referenced nameservers) can be proportionate; or at least, no case where it can be reliably ascertained that the seizure of a domain would not be grossly disproportionate.
For example, if google.com accidentally hosts a small amount of illegal material, should google.com be suspended? Of course not; so unless one is suggesting that 'important' domains should be subject to different, more preferential rules than 'unimportant' domains (an affront to the idea of an internet open for all), where is one supposed to draw the line?
Moreover, most nameservers do not allow zone transfers. This means that the extent of a zone served by nameservers referenced by a domain name cannot be reliably ascertained, which again means that there is no way to reliably ascertain that the seizure of a domain name is not grossly disproportionate. If a domain hosts illegal.example.com, but also hosts a million legal subdomains, how can the seizure of example.com for hosting illegal.example.com be proportionate? There is no way to reliably ascertain the existence of subdomains, so illegal.example.com could be known to search engines but the million legal subdomains could be unpublished, internal names yet unknown (by obscurity) to the world. Even if the full contents of a zone could be reliably ascertained, most records reference IPs (A/AAAA), not services (SRV, MX), so unless you portscanned every IP referenced, that doesn't tell you what type of service is hosted on those subdomains (and even if you did portscan those IP addresses, there's the possibility that some services are firewalled to certain source IPs, for example services for internal use only, etc. etc.; the possibilities are endless, and thus so are the opportunities for unforeseeable collateral damage).
There is an extremely relevant real-world example of this: the no-ip.org debacle (no-ip.org is a domain which provides free subdomains to arbitrary parties), in which a court, truly extraordinarily, allowed a private corporation, Microsoft, to assume control of the entire no-ip.org domain, simply because of a single bad user, and a very tenuous claim that the abusive subdomain involved infringement of a Microsoft trademark. This resulted in massive disruption to all other no-ip.org users. Again, there is no way of reliably ascertaining an upper bound for the operational impact caused by a domain seizure.
If someone claims a domain of mine, example.com, has a website facilitating illegal activity, and has it seized by some jurisdiction's law, what if my principal email address is @example.com? Now I am deprived of the ability to engage in correspondance so as to ascertain the grounds for such seizure and contest it. The intention was to disable the website, yet email service and potentially an arbitrary number of other services are also disrupted. Again, I reiterate that there is no way of reliably ascertaining an upper bound to the operational impact of a domain seizure, and as such it is hard to see that domain seizures can ever be reliably ascertained to be proportionate as a law enforcement measure in advance.
The idea of domain seizures as a law enforcement method is a really, really bad idea. It makes about as much sense, and is as about as proportionate, as the postal service revoking the address of someone who commits mail fraud; their house number is literally erased from databases, and mailmen return mail sent to that house number as undeliverable. Nobody would claim this is a sane way of dealing with abuse of the postal service.
And of course, nothing in this should seem like it makes law enforcement impractical. If a service is illegal, go after the people, the company, the servers; going after the domain always has the potential to cause extreme collateral damage, and the degree of damage which may be caused cannot be ascertained in advance. Even more worryingly, to the extent that we've seen seizures so far, it seems like something mostly done because it is easy, not because it is right; a cheap, usually due-process-free way of smiting websites deemed improper when persuing the persons or machines involved would be more effort. This reduces the trustworthiness and reliability of the domain name system, and its ability to serve an apolitical role for entities of all countries worldwide. This is a disaster for the law abiding just as much as it is for the lawless.
If this company is serious about the robustness of domain names, it needs to stop perpetuating an idea of the registrar (or pretend registrar) as a publisher, as a legally responsible entity for the services dereferencable via domain names, particularly since such a model of liability is, mercifully, not yet one that has appears to have become reality. To do so simply accelerates the undesirable.
> We're sure it's the best there is, but since we're always improving, we'll pretend to listen to your feedback and make it better.
Openly saying that they'll only "pretend" to listen to feedback doesn't fill me with confidence.