Hacker News new | past | comments | ask | show | jobs | submit login
Njalla – A privacy-aware domain registration service (njal.la)
116 points by TonnyGaric on April 23, 2017 | hide | past | favorite | 64 comments

> When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party.

That's extremely concerning, given that the domain name industry has a very robust set of regulations and legal procedures to govern privacy, mediate dispute, and establish consumer rights. I'd be very concerned about what this relationship between Njalla and myself would do to those protections - they're not a registrar, nor are they a reseller - what am I actually paying them for?

Unfortunately, the ToS and/or registration agreement that I am signing up for doesn't appear anywhere that I was able to find. I went through the purchase flow to try to buy a domain, but it won't let me proceed without funds in my wallet, and I'm not going to put 30 euro just to try and read a legal doc.

In other words, this seems like it's Probably a Bad Idea(tm), though it's difficult to know without more transparency on their part. (full disclosure: I work for a company involved in the domain industry)


1337 will have the right to immediately terminate the provision of the Services and these Terms, as stipulated below under section 9.2. Such termination will have the effect that 1337 may, at its discretion, choose to assume the registered domain name and hold it in its own account, let it expire, or sell it to a third party.

Seriously? "leet"??

This is one of those DIY "legal hacks" that never works out in the real world. Like when you try to stand up "my dog ate my homework" in Ms Beasley's class. "You see, Ms Beasley, technically I did my homework, it's just in my dog's gut!" Got'em!

What happens when they get a phishing customer?

How are they going to get around defacto ownership?

When has asset protection through redirection ever stood up in court?

Their scheme protects the identity of the real domain owner, not necessarily the domain itself. They imply that the law enforcement wouldn’t be able to find the real owner and bring them to court.

Here you go https://njal.la/tos/

My understanding is that ownership of a domain belongs to whoever is listed in the Whois, and therefore long established Whois privacy products already deal with the problem (of "private" ownership) through the use of a contract between the customer and Whois contact (proxy owner). Can you clarify if that understanding is wrong?

I am not a lawyer, so I am sure there is nuance here that I am missing. However, that interpretation of the ownership is a fairly narrow inferred one, which is to say that ICANN says "WHOIS data needs to be accurate" and "Transfer procedures need to go to the owner via the data in whois", ergo whoever is in the whois must be the owner.

Some registrars, however, say "Nonsense, the owner of the domain is the Registered Name Holder, and we maintain that information, and the whois privacy is just a registered agent who will pass that information back to the registrant".

I think it's telling that the Njalla ToS linked elsewhere does not mention ICANN, UDRP, or WHOIS as a sign that they have not thought through the implications of what they are proposing to do.

EDIT: also, a practical step for transferring a domain is to ask the registrant to disable whois privacy to do name and address validation, which might also mitigate the "who owns this domain" concern

What's the alternative when you want to provide a registrar where you don't even know who your customers are?

Isn't it queer that "right-wing extremists" are seemingly prohibited from expressing their own "political weird thinking"?

>Think of us as your friendly drunk (but responsibly so) straw person that takes the blame for your expressions. As long as you keep within the boundaries of reasonable law and you're not a right-wing extremist, we’re for promoting your freedom of speech, your political weird thinking, your kinky forums and whatever. Even Trump is welcome. Hell, he might even be a customer. We’ll never know. We might even be approved by him! Or not. We don’t really care.

That line also struck me as odd. I feel like these guys maybe don't understand their customer base.

I have no need for this service, and would never register a business address to it for all the legal reasons being discussed in another thread on this topic, but I would have registered a private domain or two there anyway, just for the sake of supporting something I believe in.

But that sentence sunk it for me. If you're gonna offer an anonymous service to help promote freedom of speech, it can't be just the kind of speech you like. It's reasonable to say "nothing so illegal that we're gonna end up talking to three letter agencies about it", but beyond that you're either promoting freedom of expression or not, it's very much a binary thing.

I found this strange too. It sets a bad precedent. Neonazis are banned but the Black Bloc is OK? Does the Westboro Baptist Church fall under the umbrella of right-wing extremists? They mention reasonable law too. That seems to exclude child porn. What about libel? Copyright infringement? Pro-marijuana domains? Or domain usage that is pro-hard drugs?

> Copyright infringement?

This is one of Peter Sunde's projects, I wouldn't be too worried about that one.

You could always email them to find out.

I find it easy to understand; I would assume that the answers to your questions are yes, yes, no, no, no, likely depends on commercialization (i.e interest from governments; hardly even a policy decision).

I think so too. It's not freedom of speech if it's "you're free to say what you like as long as it doesn't bother me". It's also concerning that this service is the arbiter of what's moral and what's not in their domains.

When is 'freedom of speech' in practice not conditional?

These are merely conditions which many will find more favorable than existing alternatives.

You're right, but I prefer my conditions as open as possible...

As a dedicated left-wing not-at-all-extremist, I'd never support an organization that wants to muffle the voice of others.

Have you ever used Facebook, Google, Apple, HN, or The Government?

This organization doesn't want to muffle the voice of others, in that they don't go out of their way to silence somebody.

I think it's okay for me to 'censor' people from my cooking blog network. It's not at all my obligation to channel the voices of those who don't know how to use slow cookers. They are inferior human beings, and I think of them worse than any cruel racial narrative ever uttered in the US.

That doesn't stop you from engaging in free speech. That doesn't stop you from creating your own cooking blog and discriminating against those who eat the wrong kind of sushi.

The fight over free speech ought to end at my mouth. I don't want a world where other people have ownership over my mouth, telling me how I didn't give equal speaking time to CNN.

Well since Peter Sunde and his family has recieved death-threats from nazi and the majority of terrorist attacks and murders in europe is done by the nazis. I can understand and support this statement.

> and the majority of terrorist attacks and murders in europe is done by the nazis


It's their service, they're bearing the weight of being your "straw person," they can do what they want. I see nothing wrong with them writing their terms of service to reflect their values, and conveying them it in a cheeky manner like this.

I don't think it's so weird, some other services have such stipulations. It's part of the idea of no-platforming, in which the provider of a service wants to minimise spreading of ideas (in this case far right ideas) by not affording people who hold such ideas a platform to speak on.

It can be quite effective to prevent spread of these ideas, and even if you disagree with this particular instance (I don't) most services do this to some degree. I do think it is strange though, that they say that they are "for promoting your freedom of speech" simultaneously. Their barring of right-wing extremists suggests that they don't care much for freedom of speech (there's nothing wrong with that, though).

Yep, but the whole point about anonimity on the net revolves directly or indirectly around freedom (of speech).

An anonimity service is provided to allow people to express their ideas (wrong as they might be) without fear of retaliation .

By - more or less - preventing "right wing extremists" to express their "weird" ideas they contradict the base premise.

This is not entirely different from some (still queer in my opinion) "free" software licenses, prohibiting the use of the software to (example) members of the US government or military, it is simply not "free" anymore when such clauses are given.

Here, as always happens when there is a discretionary choice involved, is determining what qualifies a "right wing extremist", and whether the ban applies to the person/member (and to his/her political ideas) or to the content, let's say that you are a "right wing extremist" that wants to put online a set of cooking recipes, should you be prevented from having a domain there? Or is it when in the recipe for some stew you make a not-funny reference to "kosher" meat being not suitable?

And who determines if that is only "not-funny" (maybe it is actually funny) or if it is a non-acceptable pro-Nazi hint?

Another similar service which has been around for a while is PRQ [0,1] which was created by Gottfrid Svartholm and Fredrik Neij, both founders of TPB. PRQ offer far more than just domains and accept payment via BTC. They also have a proven track record of hosting extremely controversial content.

[0]: https://prq.se/

[1]: https://en.wikipedia.org/wiki/PRQ

This one appears to have been made by the people behind IPredator who are somehow endorsed by TPB but I never knew / understood the direct connection.

As far as I can tell that's the result of an image (from ipv6forum.com) in their footer being loaded over http.

Main selling point of Njalla is that one of its founders is ex ThePirateBay guy, Peter Sunde who fights for privacy and creating privacy related services. He is a co-founder of Flattr. So it is more of a trust service.

> As long as you keep within the boundaries of reasonable law

that's pretty subjective.

> If you use our service in a way that affects anyones health or safety, we reserve the right to suspend your service

Clarifies it a bit

I'd argue that's still overly broad, unfortunately. Do we interpret that as direct threat - i.e. someone's somehow using the service to directly fuck with people's pacemakers or nuclear facilities or something - or something broader, like for example a site being used to organise a harassment campaign against someone? Does a site used for serving malware fit in that definition somewhere? Etc etc.

Note that Peter Sunde is the co-founder of the company: https://torrentfreak.com/pirate-bay-founder-launches-anonymo...

>As long as you keep within the boundaries of reasonable law and you're not a right-wing extremist, we’re for promoting your freedom of speech

What did he mean by this

lol I made almost the same thing earlier this year and everyone told me that it's never going to work out (it also didn't because I'm getting like 0 visits) http://anonname.com/

It might be the lack of any upfront information on the terms and conditions as well as your technical approach to preserve privacy (remailers, etc).

yeah you are probably right, I should add that ..

Any particular reason why there isn't any HTTPS?

could not afford to pay for it when I was buying domain name hehe

Let's Encrypt: https://letsencrypt.org/

How do people concerned about security here register their domains? Security of some registrars seems extremely spotty and nobody really talks about how they're safer to use than the competition, but domains are a huge single point of failure. Maybe there is space for a specialized service, something close to Cloudflare Registrar (https://www.cloudflare.com/registrar/)?

This is good. The closest I've been able to get to anonymous ownership is buying a domain on Gandi and then delegating all roles except Owner to another Gandi account under a fake name. This way I never show up in WHOIS at all but I guess Gandi still knows who bought it (I didn't use bitcoin)

I really want to see more of these kinds of services. Anonymity is important.

Section 9.2 in their TOS, though, seems a little concerning.

"9.2 1337 may in its sole discretion, also terminate the Services and these Terms and choose to keep, sell, suspend or cancel your domain name registration if:"[1] (list of conditions follows)

I can see why that's needed, but it doesn't give a good feel to how much they'll push back before abandoning you once somebody is unhappy with your domain and/or content. Would have a better feel if they replaced "keep/sell" with "transfer", which they would be compelled to do, for example, if an ICANN dispute was lost. I would really want a little more detail on what exactly they do for common things like ICANN inquiries, disputes, DMCA, etc.


Handing over my domain control to some hazy third party?

Some hazy third party in Sweden, where top officials up to and including government ministers vocally promote the idea the idea of internet censorship, and where people have actually been sent to actual jail for voicing opinions.

I think I'll pass.

Njalla is owned by 1337 LLC in Nevis. It's also possible to own your domain within Njalla if you don't want them to be the actually owner of it.

I just moved my domains there. Super happy with the service since it's so simple and clean.

What are your other options?

I see that they are offering the .fr TLD, for which such anonymity is illegal as far as I know (eg even OVH as a registrar and they OwO service which display OVH as the owner to be contacted and then transmit contact to you is not allowed).

I guess the difference here is that they don't hide the real owner behind a "contact us to get through" as they are themselves the real owner, so they might be legal, but then comes the question of "do you really want someone else to be the legal owner of the domain of your website".

>>> "do you really want someone else to be the legal owner of the domain of your website".

Interesting. I'd expect the problem to be the other way around.

Do Njalla want to be legally liable for all domains run by their customers?

I see that as a non issue because of the jurisdiction they're in (a small Caribbean place).

If there is an issue (drugs, pedophilia, the usual suspects ...) they close it down immediately, claim they weren't owner of the content and were merely leasing the domain to the user, since a sub-lease is what they're effectively doing.

If the domain because popular, they can seize control of it easily, or start snooping on users, or do whatever the hell they want.

If you want to be completely anonymous, you might have no choice.

.ca solves this issue by not publicly publishing the details of individual registrants in the Whois system. CIRA still keeps a record so that they know who the owner of the domain is. Corporate/organizational registrants still have their contact information made public.

Is there a reason why Njalla is better than this reasonable system?

Their ratio is going to be 10 customers x 10 DMCA notices.

This is extremely expensive.

This is an interesting idea executed terribly. Obviously there are huge liabilities associated with this kind of proxying, but for people which want or need highly anonymous domain registration it could be a worthwhile idea if backed up by an adequately robust contract.

The issues: firstly, they don't support freedom of speech:

>As long as you keep within the boundaries of reasonable law and you're not a right-wing extremist, we’re for promoting your freedom of speech

Secondly, they don't make it clear in what jurisdiction they operate.

Thirdly, they don't specify anywhere what registrar(s) they use to register domains. This prevents customers from performing due diligence on the registrar and its history (for example, does the registrar have a history of arbitrary domain suspensions?)

Fourthly, as mentioned in another comment, their terms of service is absurdly loose with regards to their responsibilites; they can terminate service arbitrarily, and have no obligation to transfer ownership to you in this case. This is completely unacceptable.

Fifthly, their website doesn't work properly without JavaScript. This is completely unacceptable in any case, but is particularly egregious for an anonymity-focused service which provides a Tor hidden service, where many customers may wish to keep JavaScript disabled (as is Tor Browser's default) to reduce attack surface. Apparently people don't know how to make websites anymore.

Sixthly, their website copy is amateurish and has basic typographical errors.

Seventh, and perhaps most gravely of all, their entire website betrays a fundamental misconception of the roles and demarcation of a registrar (or pretend registrar, as is the case here.) Above I mention that they are anti-free speech, but the very fact that they think it is the place of a (pretend) registrar to have a policy on this matter betrays a fundamental misconception about the liabilities of a domain registrar. The very idea that a domain registrar (or pretend domain registrar) should be in some way responsible for content hosted "on" a domain is faulty, and at the same time sets a hazardous precedent; this is exactly the kind of thinking which absolutely should not be encouraged or perpetuated in the domain name industry, as it is only going to lead to more and more political intervention at the domain name level.

A domain name registrar nominates domain names (meaning essentially the name itself, plus the specified nameservers) to a domain name registry. The only legitimate involvement a registrar has in the use of the domain name is any issue involving the legality of the literal domain name string itself, or the nameserver names, or maybe WHOIS data. Notice that for all its faults, this actually moreorless matches the ICANN model: There are dispute processes for trademark issues regarding the domain name string itself, and dispute processes for WHOIS data. There are emphatically not ICANN dispute processes for content served by nameservers, or content served by hosts referenced by zone data served by nameservers! (I suppose theoretically someone could find a way to break a law with the nameserver names themselves; setting a nameserver for example.com to <illegal-string>.example.com, say, but it seems like that's sufficiently obscure a possibility that it has not yet arisen.)

A domain name registrar is not responsible for the content served by name servers referenced by a domain name, let alone the content served by services provided by hosts referenced by the content of a zone file served by a name server referenced by a domain name. That this pretend registrar fundamentally fails to comprehend this demarcation of responsibility is extremely problematic, and betrays a troubling lack of understanding of the system.

Of course, it certainly may be the case that domain name registries and registrars (and pretend registrars) in the future get more and more dragged into disputes regarding services provided by hosts referenced by zone files served by nameservers referenced by a domain name, but this is extremely undesirable. It would represent the politicization of the domain name system, which would itself seriously undermine its stability and reliability. We have already seem some attempts to politicize the system and they do not bode well; it's certainly not helpful if registrars start overestimating the degree of their responsibility, as it only increases the feasibility of future politicization of the domain name system.

In particular, it should be noted that there is basically no case where the seizure of a domain name for the content it "hosts" (in reality, references, not even directly but via a set of referenced nameservers) can be proportionate; or at least, no case where it can be reliably ascertained that the seizure of a domain would not be grossly disproportionate.

For example, if google.com accidentally hosts a small amount of illegal material, should google.com be suspended? Of course not; so unless one is suggesting that 'important' domains should be subject to different, more preferential rules than 'unimportant' domains (an affront to the idea of an internet open for all), where is one supposed to draw the line?

Moreover, most nameservers do not allow zone transfers. This means that the extent of a zone served by nameservers referenced by a domain name cannot be reliably ascertained, which again means that there is no way to reliably ascertain that the seizure of a domain name is not grossly disproportionate. If a domain hosts illegal.example.com, but also hosts a million legal subdomains, how can the seizure of example.com for hosting illegal.example.com be proportionate? There is no way to reliably ascertain the existence of subdomains, so illegal.example.com could be known to search engines but the million legal subdomains could be unpublished, internal names yet unknown (by obscurity) to the world. Even if the full contents of a zone could be reliably ascertained, most records reference IPs (A/AAAA), not services (SRV, MX), so unless you portscanned every IP referenced, that doesn't tell you what type of service is hosted on those subdomains (and even if you did portscan those IP addresses, there's the possibility that some services are firewalled to certain source IPs, for example services for internal use only, etc. etc.; the possibilities are endless, and thus so are the opportunities for unforeseeable collateral damage).

There is an extremely relevant real-world example of this: the no-ip.org debacle (no-ip.org is a domain which provides free subdomains to arbitrary parties), in which a court, truly extraordinarily, allowed a private corporation, Microsoft, to assume control of the entire no-ip.org domain, simply because of a single bad user, and a very tenuous claim that the abusive subdomain involved infringement of a Microsoft trademark. This resulted in massive disruption to all other no-ip.org users. Again, there is no way of reliably ascertaining an upper bound for the operational impact caused by a domain seizure.

Another example is the case of US ICE seizing domains quite dubiously. This brings me to another example of how the seizure of domains for law enforcement purposes related only to services provided by hosts referenced by the zone files served by nameservers referenced by those domains is almost necessarily disproportionate: when one seizes a domain one assumes control of all records served by it, including MX records. As such, when one seizes a domain, one takes control not just of any websites served via it, but any email service for it as well. (For this reason in particular, thinking of domain names as fundamentally website-centric is hazardous to the future political integrity of the domain name system. Domain names are not websites.) As such when ICE seizes a domain, they also are implicitly assuming the right to redirect all incoming email to that domain to them (not even intercept but forward, e.g. with a warrant, but redirect outright). In fact, I'm not sure if this would even be illegal; if you've obtained a domain legally, you can configure it as you wish.

If someone claims a domain of mine, example.com, has a website facilitating illegal activity, and has it seized by some jurisdiction's law, what if my principal email address is @example.com? Now I am deprived of the ability to engage in correspondance so as to ascertain the grounds for such seizure and contest it. The intention was to disable the website, yet email service and potentially an arbitrary number of other services are also disrupted. Again, I reiterate that there is no way of reliably ascertaining an upper bound to the operational impact of a domain seizure, and as such it is hard to see that domain seizures can ever be reliably ascertained to be proportionate as a law enforcement measure in advance.

The idea of domain seizures as a law enforcement method is a really, really bad idea. It makes about as much sense, and is as about as proportionate, as the postal service revoking the address of someone who commits mail fraud; their house number is literally erased from databases, and mailmen return mail sent to that house number as undeliverable. Nobody would claim this is a sane way of dealing with abuse of the postal service.

And of course, nothing in this should seem like it makes law enforcement impractical. If a service is illegal, go after the people, the company, the servers; going after the domain always has the potential to cause extreme collateral damage, and the degree of damage which may be caused cannot be ascertained in advance. Even more worryingly, to the extent that we've seen seizures so far, it seems like something mostly done because it is easy, not because it is right; a cheap, usually due-process-free way of smiting websites deemed improper when persuing the persons or machines involved would be more effort. This reduces the trustworthiness and reliability of the domain name system, and its ability to serve an apolitical role for entities of all countries worldwide. This is a disaster for the law abiding just as much as it is for the lawless.

If this company is serious about the robustness of domain names, it needs to stop perpetuating an idea of the registrar (or pretend registrar) as a publisher, as a legally responsible entity for the services dereferencable via domain names, particularly since such a model of liability is, mercifully, not yet one that has appears to have become reality. To do so simply accelerates the undesirable.

nice service, I like the idea of the automatic pgp-key-lookup-service

ICANN shutting this down in 3...2...1...

It won't even take ICANN, since I seriously doubt they are accredited themselves. They are probably dealing with one or more resellers and may well be breaching the terms of their agreements with those resellers.

You don't think they have look this up before they started to build this service? I'm pretty sure they have been thinking of every little scenarios that might come up and double check with all parts involved.

It really wouldn't be the first time a startup hadn't fully checked the regulations that would affect them, or decided to take their chances with flaunting them…

No DNSSEC support?

They don't seem to be very interested in listening to feedback:

> We're sure it's the best there is, but since we're always improving, we'll pretend to listen to your feedback and make it better.

Openly saying that they'll only "pretend" to listen to feedback doesn't fill me with confidence.

Think it where writing with some irony...

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact