Hacker News new | past | comments | ask | show | jobs | submit login
Grubhub is using fake websites to drive up commission fees from real businesses (theverge.com)
405 points by 9nGQluzmnq3M 4 months ago | hide | past | web | favorite | 106 comments

"it has always been our practice to transfer the domain to the restaurant as soon as they request it"

This is a form of financial blackmail. Transferring a domain usually requires paying for one year's additional registration to a new registrar and, sometimes, a transfer fee on top of that and, most times, a hosting fee to redirect it. So, to summarize simply, in story form (to make very explicit how much of a scam this is for a business owner):

<GrubHub> We've speculatively registered 50 domains at a cost of $500 to mislead people into using our order form, which at 20% commission* at $25 per order average (that we take out of what we would have paid to you) will pay itself back entirely in 100 orders placed.

<Restaurant> What?! Stop it.

<GrubHub> Hey, no sweat, we're happy to transfer those domains to you. All you need to do is initiate transfers for all of those domains, at the cost of at least $500 out of the revenue that we've been reducing by 20% for every order placed through these sites, and we'll be happy to transfer those domains to you. Also you'll have to find someone to host the redirects for you, and clean up the SEO damage we did. Best of luck with that!

<Restaurant> I don't have $500 because you've been cutting my revenue by 20%!

<GrubHub> Please rate your GrubHub Support experience by filling out a 5 minute survey.

* "Marketing commission": https://ghlearnprod.wpengine.com/wp-content/uploads/2018/08/...

If it's really just a transfer, then I'd expect less than $100, and it's paid to the registrar, not Grubhub, so it's not quite blackmail.

Now, what Grubhub is doing is unethical as fuck--best case. Worst case, it's criminal impersonation or business identity theft.

I assume $10 per domain and GrubHub is shown to register tens of domains. Assuming a popular restaurant is worth 50 domains, they only need to capture 20% of average $25/order for qty.100 orders through 50 domains in 1 year to pay the annual registration cost of the scam.

The scam is that restaurants can’t as easily pay $500/year to prevent GrubHub from squatting on and SEOing typos of their domain, and GrubHub can simply go make up another 50 domains when the owner takes over the first 50, because they only need the 20% “marketing” ripoff from 100 orders to break even again.

I'm really curious to know if GrubHub will simply purchase new domains after handing over the previous fake site to the small business owners.

Yea it’s called domain squatting

You are assuming that GrubHub won't simply shut down the domains if the restaurant owner asks, as an alternative to transferring. Why do you assume that? If true that would indeed be an absurd policy, but I've seen nothing in the reporting suggesting any such thing.

Their response to the press was “we always transfer when asked”, not “we always transfer or shutdown when asked”. You may either believe the omission of “or shutdown” to be accidental or non-accidental, due to incompetence or to malice. But it’s clearly omitted whether they would or not, which is often a classical marketing technique for diverting users with a plausibly-deniable statement that doesn’t offer what’s best for others while still seeming to be respectful and kind. This is why I took apart their statement financially, to demonstrate how harmful their stated approach is to businesses. They are of course welcome to revise their statement any time.

You are assuming that GrubHub has anticipated every possible accusation against them and has intentionally crafted their response with respect to each and every one.

That's silly. No one has the ability to do that. GrubHub was responding to a very specific article which made a very specific claim that GrubHub was squatting these domains in order to lock restaurants into their platform. The most relevant response to that claim is to point out that they will transfer the domains if requested. The article in question did not make your "financial blackmail" claim, and there's no reason to expect that GrubHub would have anticipated it.

> Why do you assume that?

Because it is reasonable to assume that, if they would do that, their PR defense would include that. Since it does not, but does I close transfer, it is reasonable to conclude that transfer on demand is the most they will do.

Note that a proper resolution here is for some tech press reporter to formally ask them to address whether or not they’ll stop and report on what they say. Unfortunately that’s outside the scope of an HN comment discussion :(

Here is 'Casey Winters', former growth hacker at GrubHub explaining their strategy:


I absolutely can't stand the whole 'growth hacking' phenomenon, usually it boils down to doing something at someone else's expense in order to improve ones own position in the market. It's the mafia mentality brought to start-up land, suddenly you find you have a 'partner' that you did not choose who skims off a good portion of your profits.

At this point, the entire phrase "growth hacking" makes me uncomfortable.

I gather that initially it just meant "engineering focused on growth", and I can see how you might want it as a counterbalance; if you have teams devoted to beautiful UI and stable infrastructure, but not growing, it might get neglected.

But in practice, it mostly seems like a "dirty tricks" role. Dark signup patterns produce growth, fake competition produces growth, dishonest countdown timers and 'rooms remaining' counters produce growth. Having a role devoted to hustling either your users or your customers isn't a good look.

That mentality has been at the core of every place I’ve worked. You dial it back when you have more to lose and then pretend like you never did anything wrong.

If Casey Winters did the "growth hacking" at Pinterest he is responsible for polluting search results with useless, paywalled Pinterest spam.

Pinterest is like ExpertSexChange dark pattern strategy taken to the max.

That Pinterest google spam paywall is equivalent to follow/unfollow bots on instagram. While it is effective at gaining followers/signups, it's not bringing value added people. Of course if your metric for success is hockey stick user growth, then sure. I suspect if Pinterest did some user account house cleaning, you'd see millions of trash accounts go with it.

Yeah for years I've found myself having to "-pinterest" out of searches. I wish that it was just removed period.

And this is how I know google does not give a shite about the people who actually use their search engine as a search engine.

You just basically described capitalism...

In every other system the “Mafia” takes the whole thing.

If you read the article to the end they claim they're not cybersquatting. Sounds pretty disingenuous to me. One of the rationales given is that they'll transfer the domain to the restaurant if the latter requests it. Most of those restaurant owners probably won't know what's going on, or who to ask to have the domain transferred to them, or that they could even ask.

Edit: The text of their response is quite curious. In part it reads: "Additionally, we have registered domains on their behalf, consistent with our restaurant contracts. We no longer provide that service..."

If I were to guess, the fact that they'd be registering these domains was something slipped into the small print of their original contracts. Most restaurant owners probably wouldn't have noticed or understood the implications. The practice could have then been discontinued once it served its purposes of getting (or helping to get) Grubhub up to scale.

The pizza delivery app Slice does something similar... they buy domains that look like they could be legitimate and then outrank the actual website of the small local pizza shops with SEO. Then they tack on additional Slice fees and send the order through to the pizza place. Here’s an example:

Actual site: http://www.mariostogo.com/

Slice scam site: https://www.mariospizzaphiladelphia.com/

Most of these small pizza shops have no idea this is happening and Slice is just ripping off customers. They even claim listings or suggest edits on yelp, foursquare, google, etc. with their Slice domain so customers assume it’s the shop’s actual site. I wish someone from Yelp, Google, etc. would blacklist Slice sites and kill the company and their scammy business practices.

Edit: I forgot to mention they created fake phone numbers for the shops too which is what alerted me to this scam in the first place. I googled the number for Mario’s and called it but a young female answered the phone and I heard call center chatter in the background... normally when calling Mario’s one of the guys with a thick accent answers and speaks in broken English. I’ve never seen a single female employee work there in the 15 years I’ve been ordering from them. On top of it all, the delivery address got screwed up between my call in order that Slice intercepted and Slice then calling the actual Mario’s number to relay my order. Come to think of it, I payed with a credit card over the phone so Slice took my CC info and then relayed that as well... that doesn’t seem kosher.

(I now have the real Mario’s number stored as a contact in my phone.)

I realized that they even copy the logo. Is this even legal? How can it be in any way legal to "impersonate" a business, just to funnel business away into a funnel that forces the business to pay fees.

> Is this even legal?

This infringes the businesses' trademarks, which exist even if not registered. They can and should be sued.

The article says grubhub uses business names and images for "businesses they either work with or are pitching to get on the platform". In the latter case there's no contract fine print to defend themselves with.

Maybe this is a case of we're a giant corporation and why don't you please sue us?

Probably the restaurants have a contract with Grubhub that allows them to use the restaurant's logo, name etc. for marketing purposes.

Seems analogous to buying a product from a retail shop then reselling it in your own shop with a markup. If your SEO is better, then you can do that successfully, and why not? The original seller was leaving money on the table or failing to reach potential customers.

It is - if you call your shop "Tesco" for example and use their logo and branding to resell Tesco stuff at a slight markup. Of course this would get you shut down very quickly in the real world. I don't know why it should be any different just because it's online.

More like pitching a stall outside your local Costco, calling it Costco, and charging dimwits a fee to enter the warehouse

You own the object after you buy it. Wherein did you pay for the use of their trademark?

That is utterly diabolical.

Interestingly the prices appear to be identical on these two websites (but it's still quite scary to see this happening).

They're probably taking a commission on the orders coming in through the bogus website or call center. The call center is what really gets me. I can understand how the website with a much better seo rank could drive more business to a mom and pop shop, but supplanting a legitimate phone number on yelp or wherever else is seriously shady.

Home advisor also does telephone # MITM.

Yep, terrible company. I made the mistake of calling them to get my roof repaired... actually I didn't call them but some bogus website for a local roofing company led me to those shady clowns. I chose a local contracting company instead and they did a really good job as far as I can tell. No leaks after a year and a half.

Maybe we should create a comprehensive list of these bad companies / bad actors? Something like:


Please don't post duplicate comments.

How is this bad? They are providing a service. If somebody does marketing better than you, why shouldn't they be able to make money from that?

If the restaurants don't want to work with them they can just not. That they do proves that it is a net benefit.

Did you just ask how impersonation is bad?

Grubhub's official statement appears to not understand what cybersquatting actually means, and "created the websites for them" with the ordering process still occurring through Grubhub's platform oftentimes by simply changing the TLD of a company's existing website. Since these orders would directly feed into Grubhub's service, the business could be on the hook for a percentage fee that can be as high as 35% of the order's cost. This definitely seems to fall under extortion and cybersquatting to me.

Its a legal response. The response even reads the definition of cybersquatting according to them which is that the domain was purchased as "generally bad faith registration of another person's trademark".

So GrubHub is claiming that it wasn't purchased in "bad faith" because they are helping the business get more orders. Therefore it isn't cybersquatting.

I am not saying I agree (I think all these delivery services are predatory in more ways than one), but there statement is saying that according to ICAAN's definition they are not cybersquatting. Of course this is semantics because the local business would claim that it was bought without permission and was bad faith. And that is what GrubHub's legal team wants. A discussion about the exact definition of cybersquatting that goes on for months and/or years until the small company realizes it isn't worth their time.

This is the value of class action lawsuits. While class actions are often scams in their own right, this would be a legitimate example of a class action serving its purpose. All the thousands of restaurants affected by this would get together to fight against the company. That would be enough to scare GrubHub (and others).

I love how the CEO was on his high horse just a few years ago talking about the importance of ethics. If I recall correctly, he threatened to fire anybody who voted Republican? This guy clearly shouldn't be leading any company or group of people. Is anyone surprised by this?

Restaurants and their owners are notoriously bad at the internet.

I have a friend in Seattle who became known as a reliable web developer for new restaurants.

He took credit to eat rather than cash to do this relatively simple work for them. As a result, every time I’d visit we’d eat at some nice newer place on his credit line, responsible only for tips. It felt like minor celebrity.

I suppose this is what newer website platforms are for but frankly I think even weebly is somehow too much for many.

> He took credit to eat rather than cash to do this relatively simple work for them.

The good old tax dodge.

Meh, it’s still taxable income that has to be reported :)

Shall we bet on whether it was reported or not?

He was a VP for a big tech co in Seattle, and was getting $300-400 a site so this was more about knowing the restaurant community and doing a hobby not some elaborate tax scheme.

You can dodge more taxes in Seattle driving down to Portland to buy a MacBook.

Sorry, but that just isn't how it works. If you perform a service for restaurants and you don't invoice them but eat there instead of getting paid that's two helpings of tax fraud. Whether it is 'for a hobby' or not is irrelevant, someone else who did play by the book and for who it wasn't a hobby probably missed a bunch of sales because your buddy was willing to do this 'on the side' for shit & giggles because he already had an income stream.

> Most of those restaurant owners probably won't know what's going on, or who to ask to have the domain transferred to them, or that they could even ask.

That's assuming you don't have to hire a lawyer to send a strongly-worded letter to them. Given the thin margins many restaurants operate under, it would be easier for many places to not bother, especially since GrubHub relays the orders, so even if the order goes to the wrong address they still get their money.

This is not only not new, but has been done by countless other online ordering sites since as early as 5 years ago. I know this since I tried to make monthly-fee based ordering system for restaurants.

This turned out to be a hard sell so most other systems took the other route: they bought a domain and did SEO for thousands of restaurants across the country. SEO and websites is not something the average small business owner is an expert on.

To make it even worse, some of these online ordering systems even convincend Google maps that they were the official site, and a google maps search would also list their fake website as the official website.

Of course to these businesses it just seemed like they were getting a lot of sales from these companies, in reality these people were just typing in the restaurant name into Google. The restaurants usually had to pay 10%-20% to Grubhub, beyondmenu.com, et. al.

The most egregious company that does this is probably beyondmenu.com.

Grubhub itself started purchasing these domains in 2011.

I have no idea when beyondmenu would have started, but I bet they were the first.

Is it just me or are these restaurant adjacent businesses involved in some really bad practices. Between Yelp and Seamless, it seems to me that a mutually beneficial symbiotic relationship will not form organically. (I'm referring to how Yelp can be predatorial to businesses to make them pay yelp or have Yelp negatively affect that business' yelp rating. There are plenty of articles showing this but data is hard to come by)

Restaurants are probably the most common type of "offline" business and their owners tend not to be tech-savvy. Couple that with them working long hours and living in their own bubble and it's no surprise that this kind of thing just doesn't get dealt with.

Perhaps the ambulance chasing lawyers should turn their attention to these aggrieved restaurant owners next. They'd have a field day.

It feels like they all want to ascend to that nirvana where they monopolize and get to charge a fee on everything like iTunes.

Surprisingly enough. I use a lot of things in the App Store (which I assume you meant) without paying a dime to Apple - including Amazon digital purchases and prime video, Hulu, Netflix, Office 365, Udemy and DirecTVNow.

Most of the money Apple makes from the App Store are for in app consumables from games. Admittedly there are still a lot of legacy subscriptions from both Netflix and Spotify before they pulled out of going through Apple for subscriptions.

But the companies that operate those apps are paying Apple. So Apple still gets their cut.

The same goes for Yelp or GrubHub. You can use Yelp for free, but Yelp is generally preying on local businesses to force the businesses to pay Yelp because of Yelp's distribution online.

GrubHub often has free delivery, but they are charging huge commissions to the restaurant you order from.

Someone always pays. It is the way the world works.

The $99 yearly developer program fee is hardly Apple getting "their cut".

Paying Apple for what? What money is Apple getting when you subscribe for services outside of the App Store?

The app store offers subscriptions. If you subscribe to, say, netflix or hulu using an ios app, apple collects 15-30% of the subscription revenue. Netflix fairly publicly killed the app store subscription payment method in the beginning of the year because of this.

That was just the point. At no time did you have to go through the App Store to get s Netflix subscription. You could always go through the Netflix website.

Netflix chose to use the App Store as a method for payment even though they didn’t have to. They decided it was worth the trade off. Plenty of subscription services decided it wasn’t from day one.

the devs had to pay big fees to apple to get the app posted

$99 is almost nothing for a large company, who likely gives Apple a lot more money via the 30% cut.

$99/year is a “big fee”? I pay slightly more than that for my Resharper license.

$99 / year

This is obviously messed up, but its nothing new. Thousands of startups growth strategy is ranking organically for brand search of their prospects. Google sells that ad space on branded search, yelp and other directories rank for them. The great big Internet Scam no one wants to admit is that digital advertising is one big protections racket! Hijacking customers and selling it back to businesses. Just look at super shady companies like rehabs.com that ranks for thousands of rehabs and pushes their phone number on all the listings.

If google and the internet went away tomorrow, small local businesses would likely be better off. Instead of having to pay money just to keep competitors from bidding on their brand or worrying about all the ways tech startups prey on small local businesses!

In related news, the FTC sued and won a $1.4 million settlement [0] from a concert ticket company in 2014. They basically place search engine ads that sound like the venue, and use a domain that look like it should be the official one for the venue.

Remarkably, this company is still operating and still doing largely the same thing in violation of the consent decree. I found out about it when my mom tried to buy tickets from the Hult Center in Eugene OR, and lost $500 on 'hult.centereugene.com' thinking it was the official venue.

[0] https://www.ftc.gov/news-events/press-releases/2014/07/ticke...

Crazy to think the people who wrote this shady script probably reads HackerNews. This is all kinds of immoral.

Yet another shiny example of money vs. ethics in the Valley.

Also, don't look towards the engineers, who may or may not have known. Look towards the money. Who are the VCs invested in them and how many of them knew and encouraged that in the name of growth? And, of course, the executives.

GrubHub is based in Chicago, however.

Benchmark, DAG & Lightspeed... all Valley VCs.

the valley isn't just a place, its a state of mind.

This is my new phone wallpaper image

Not really. Elsewhere in this thread, people pointed out that there's a clause in the contract that allows this. So whoever was higher up probably told them (rightly), that it was a service that restaurant owners wanted. I mean, who doesn't a free website generated for their business? They'd need to dig deep to find how it was harming the business.

Software developers are not that dumb. The most likely scenario is whoever coded this knew what was going on (maybe not all the details) but chose to ignore, because paycheck. Same with other shady stuff like dark patterns, facial recognition (like Amazon's) and so on...

Also there is legality and then there is ethics. Something in the contract might be perfectly legal, and yet unethical.

From their statement: "As a service to our restaurants, we have created microsites for them as another source of orders and to increase their online brand presence. Additionally, we have registered domains on their behalf, consistent with our restaurant contracts. We no longer provide that service and it has always been our practice to transfer the domain to the restaurant as soon as they request it."

What service do they no longer provide? Registering domains on their behalf, or microsites, or both? Going forward are they going to have the company register their domain themselves and point it to GrubHub?

GrubHub also runs Google Ads to push GrubHub results to the top of search results. SEO is a core part of their strategy, in the name of driving business to restaurants. I'm sure many businesses don't care and don't mind, as long as they're making money.

There's always the cost that GrubHub, or the restaurants' own solutions, could be cannibalizing each other. It's a similar problem that any company has across marketing channels. GrubHub could be more transparent about their microsites, but there's always the possibility of some restaurant owners just not understanding what they're getting after signing a contract no matter how hard GrubHub tries.

Although, phone orders are definitely tough. Restaurants have historically hated phone orders because of how GrubHub makes money off of them.

Its a big scam. Registering 23,00 fake domain names and getting commission from them is not at all acceptable. They need to be fined.

I guess not illegal, but super shady.

Pretty easy to see how incremental thinking leads to a shady result. We get paid $X per order from our restaurant clients, they like more orders so if we can get them more, they’ll be happier and pay us more -> improve SEO of Grubhub<dot>com -> works -> what else can we do -> use our seo skills -> register other websites do seo -> more orders.

Bad result, but know how they got there.

Are there no trademark issues from using the restaurant's official logos? These restaurants may not have filed on everything they should have and probably don't have the resources to fight it regardless, but what if they did? A large company would definitely send a C&D immediately for actions like this.

The Grubhub terms of service almost certainly include a license to use the name and any trademarks for purposes including these shadow sites.

And it will almost certainly land them in a huge class action lawsuit. The SEO damage done to small businesses makes them almost reliant upon GrubHub after making the mistake of doing business with them in the first place. Terms of Service can say whatever it wants it's not an official legal document, just something they turn to when their ethics violations get exposed.

It’s also now harder for the restaurants to leave? They may get lazy with advertising more generally and then would lose a lot if GH shut down the sites as a result?

Surely this has 'class-action lawsuit' written all over it. I can't speak with any authority regarding US law, but surely there are grounds for legal action being taken against GrubHub.

They are using content from the real sites. Copyright violation.

Another day, another company doing something scummy. I'm getting to the point where I just don't want to check my feeds anymore.

No news is good news. Shit's been happening since time immemorial. Your awareness could be valuable. When the bad guy looks forward to his day, the good guy shouldn't put up a weak effort.

I wonder what the impact of the publication of stories like this have on GrubHub's talent acquisition teams. I'd love for them to call me up, and I'd love to ask them about this. When I graduated, the director of my department encouraged us to participate in the Order of the Engineer, specifically to think about the ethical dilemmas faced in situations like this.

Somebody with technical skills performed the purchasing of these 1,000s of domains and setting up these fake sites. When that person continues on in their career, will they proudly exclaim to prospective employers, how they helped their company perform these tasks to leech off small businesses?

> Somebody with technical skills performed the purchasing of these 1,000s of domains and setting up these fronts.

Not really hard core technical skills....

> When that person continues on in their career, will they proudly exclaim to prospective employers, how they helped their company perform these tasks to leech off small businesses?

The tasks might be divided in various ways so that not one guy did it. For example the task of generating the front is delegated to an engineer who does this feature so that restaurant can easily generate a website for themselves if they want. What they leave out is telling that actually GrubHub sales employee registers the domains for GrubHub and generates the webistes with this one-click tool.

You can try and suggest there aren't ethical dilemmas here, but there are. Whether carried out by one or more than one individual, the intent would be clear what you are contributing, whether it's the domain purchases (I could only ponder why we're purchasing johnnyspizzanyc.com, for example, if we're GrubHub) or if you're the one in charge of putting up the phony site at the domain (which makes your role more obvious in the whole scheme).

I wasn't suggesting that there aren't ethical dilemmas, just explaining the processes how I think usually things like this work in bigger companies. Some low-skilled worker can do the ethically questionable thing. The skilled engineers just solve some cooler problems generally and provide tools to those who deal with the ethically questionable work. And I am pretty sure that most people, even talented engineers don't often think about that too much. They just want to solve cool problems.

It is quite obvious that someone with not so much skills is more willing to do unethical work than someone with higher skills and demand for those skills.

In most cases the engineers might never know if the customers are the actual customers or their management...

The New Food Economy had an article on this that was a bit better (https://newfoodeconomy.org/grubhub-domain-purchases-thousand...). It was posted two days ago: https://news.ycombinator.com/item?id=20306604

may domains I just checked from the list cited in the article are now not working https://docs.google.com/spreadsheets/d/1m9vszEQ9A13tN4AFRXWX... weird

I'm now getting 401s for a bunch of these Grubhub-created fake sites. Did they take them down already, or am I hitting a geoblock? (Not in the US.)



Works for me as soon as I turn on a VPN using a USA server.

Also fun that they call the websites vanity websites: "utm_medium=whitelabel_vanitywebsite"

I get the following error when trying to view those sites from Australia:

Sorry about that

You do not have permission to view this site

same same from Turkey

Those URLs work for me, no 401.

Same here.

How is this not cyber squatting ? Also isn’t impersonating a business that you don’t own a crime ?

Maybe we should create a comprehensive list of these bad companies / bad actors? Something like:


A different article with the same story: https://newfoodeconomy.org/grubhub-domain-purchases-thousand... .

Eat24 was doing this prior to the Grubhub purchase. Perhaps they picked it up from there? (It's also possible this started with grubhub and then bled to Eat24 I suppose).

It's also for SEO, not just commissions.

Menulog and others have been doing this in Australia for at least 5 years.

"Everything is securities fraud." ~ Matt Levine

FTC needs to get involved...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact