It raises the chance of losing your domain greatly. (Even though you can argue that having your email displayed exposes an attack vector).
Public info makes it much easier to recover a domain. And proper security on the email is required as always obviously.
I've helped several people recover domains by going to contacts I have at ICANN. Not having public info doesn't give me what I need to make a case. It's a non-starter many times. And it just confuses the issue for you as well when you are trying to correct things.
Registrars (we don't offer privacy by the way) want privacy because it is a) something they can offer and charge for and b) allows them to lock the customer in and create a barrier to exit. c) Many of them do this by changing ownership to them for the domain and giving you a contract that you are the beneficial owner. Not good for you. You want and need to be owner according to whois. (Read this again.)
If you want a private domain use a po box or a work address etc or your uncles's address. If you are a business you absolutely have no reason to have privacy (and many many businesses do because they have been sold some bullshit on this with respect to spam).
Long ago, I (being childish) stole a domain from some random person who pissed me off in a video game. I spent three days calling the registrar's offices (along with a friend) over fifty times, writing the name of each service representative down so that we didn't dupe up on anyone and raise any red flags. (It was a huge registrar, though not GoDaddy.)
We were able to use the public info available on their whois records to weasel our way into getting additional account information from the employees. We'd simply call and ask for a small piece of the account information in a nonchalant manner, they'd ask for info we've already obtained from previous calls, and usually they'd either give us the info or say "we don't have access to that information".
The hardest part was getting the last four digits of the credit card on the account. Since we had all the rest of the user's information, we called maybe twenty times trying to get those numbers. Some employees would say they can't see them, but they could. All it took was one really stupid representative:
"Yes, I'd like to confirm the credit card on my account before I file a form to retrieve my account back. I have two cards that end with the same last two digits, what are the first two digits of the last four digits"
[she doesn't understand so we confuse the hell out of her for minutes on end]
"uh... 2... 6."
"And the last two?"
"Thank you, I have the right card. Good day."
Had a good laugh, filed a form, emailed it in, stole their domain before they noticed, and never gave it back. I talked to the owner and eventually redirected his website back, and he forgave me.
Keep your whois info private if you're on a crappy registrar. Likely, the OP uses the same password everywhere and some random kid stumbled on his godaddy account and took the domain from under his nose.
But imagine your name was "John Brown". Having address data (any address data) is additional protection. And it creates an additional public paper trail.
And even your name is coming up with approx. 42 potential matches (according to http://www.usa-people-search.com)
Why not just use the address data you use for apters.com ?
See section 126.96.36.199
The point is very valid: someone who controls a domain can trivially MitM any communication with that domain over unencrypted HTTP. And given events of the past year, I wouldn't put it past them to be able to get a cert issued for the fraudulent domain too...
Either way, though, without the private key to the SSL certificate, which he won't have without the original server, he can't pretend to be the original site on the other end of an SSL connection.
Orig. Server <-- SSL --> MITM Server <-- SSL --> Client
If SSL worked like SSH then your browser would whine that the cert changed but the browsers currently don't do that. I think even convergence (http://convergence.io/) wouldn't detect this case because it looks to the outside world to be totally legit. Scary.
The more interesting aspect was that since mobile nameservers are slow to update, the site worked on her phone still. That lead to the lovely "Where does DNS come from" conversation we all have with our loved ones eventually:)
Big ones like MediaTemple and RackSpace seem good too. I used 101domain for international TLDs, not pretty but everything is going fine.
Along with being trustworthy and protective of their customers, their web panel is simple and no BS. I don't know how people put up with other registrars with their upsell-threw-up-all-over-the-page web panels. Even "good" ones like NameCheap are eyesores.
I hope NFS never lets me down, because I talk them up like they walk on water.
Gandi.net is great if you don't mind spending $15 per domain.
(Not to beat a dead horse, but back when we could see the karma numbers for comments, it was possible to visibly "second" an endorsement comment by upvoting it, instead of posting separate +1 comments like this one ...)
I especially love how easy it is to transfer domain names between NameCheap users. I had purchased a domain name once with my personal account. Then I created a company and wanted the domain to be officially owned by that entity and not me. So I created another NameCheap account for that company, then transferred it over very easily.
Of course, it's possible other registrars offer such a frictionless transfer process between account holders too. I've only used NameCheap for this and can say I was pleased with the results.
Also, they support quite a few good causes (https://www.gandi.net/supports/); they fund Debian's DebConf every year.
They're an Irish hosting and domain name provider, and have a great name, a great support team and are a genuinely pleasant company to deal with.
(Disclaimer: I don't work for them, but do know 1 or 2 employees there. Also, I pasted my affilate link above)
I used markmonitor at a previous gig (requirement of a parent company) and they were good, but a bit expensive.
You couldn't pay me to use huge, inept outfits like GoDaddy or Dreamhost who compete primarily on price. I have a similar, though evidence-free aversion to companies which put words like "cheap" in their name.
Never had a problem with them in almost 5 years.
I can understand why a company might want to make it painful to leave their service, but continuing to bill me points to either incompetence (some bugs in their billing system) or a malicious act (doubt it though).
But otherwise, yea, a nice & cheap service.
P.S. And yes, I despise GoDaddy with every molecule of my being.
Also: Don't get a .com/.net domain name. You don't want the US government declaring your domain to be evil and taking it off the 'net.
Create a rackspace cloud server, grab that IP and use it in an A record on name.com.
So, say you have valid records for .yourdomain.com and www.yourdomain.com. Those two hosts will resolve as you would expect them, but *.yourdomain.com will resolve to a spam page.
Thanks for the tip on setting up DNS. If I create a rackspace cloud server, I imagine there is something special I have to do to make it a DNS server, right? Does it just work straight out of the box?
Not exactly fair, but that's the current 'system'..
I don't know that much about how many are or aren't operated out of the US, but most of the generic TLD's are, and several ccTLD's definitively are too - for example .tv and .cc are operated by Verisign, and .co is operated by Neustar.
One of the more controversial parts of SOPA is the ability of ICE/Customs to be able to "un-resolve" domain names under other TLDs and country codes. Since the USA does not have jurisdiction over Russia (as an example), there is no current way to block a filesharing or spammer operating with a .ru address without having a partnership with Russia. This aspect of SOPA would allow the USA Government to block all domain name servers from resolving that address properly, by basically poisoning the legitimate DNS entry with one that resolves to some landing page operated by ICE. They won't be able to seize the domain, but they'll make it just as worthless to anyone inside the USA.
NetSol provides pretty good validation and security options for so-called "VIP" customers, but it's not perfect.
The next step up is paying exorbitant fees to a company like MarkMonitor for domain name management services. This is what the "big boys" tend to do.
Given that this would have to happen from inside the customer account, I can understand why Go Daddy would want to confirm that this was indeed a nefarious act and not something like a domain being sold, transferred, then reported stolen to keep the cash and get the domain back. Or any number of other scenarios one might think of - shady domain stuff happens a lot. I can only imagine the hoops required to jump through for a registrar to get a domain back from another registrar under these circumstances.
Not sure that's the only way. That's like saying the only way you could get credit card information from Sony's playstation servers was if you worked in Sony's billing department.
Not saying this is necessarily a hack, as it most likely is insecure practices on the part of the user, be it passwords or phishing. But seeing a cluster of them raises some concerns that it could be some otherwise unknown method.
I do wonder if the reason we see clusters is because they are the largest, and arguably the most publicized, registrar in the U.S., and in terms of market share, the world.
GoDaddy is certainly annoying with their obnoxious web site and sometimes, their tactics, but this could be another email-hijack attack.
Is there a way to set up two-step without a phone?
I'm using it on my iPod.
It would be a simple twillio app.
I mean a day or two ago Gmail was showing and promoting users to enable 2 step verification because thousands and thousands of gmail accounts are stolen everyday (something to that extent).
Big fish are big targets and gmail like godaddy and bank of america may no longer be safe and or wise to maintain your businesses with!?! I have had issues with all 3 mentioned.
Big fish are big targets and gmail like godaddy and bank of america may no longer be safe and or wise to maintain your business with!?! I have had issues with all 3 mentioned.
One of the reasons domain prices are low is that people register domains they are not using.
Just like they buy books they don't read. Or buy jewelry they don't wear. (And yes bring on all the replies about the differences that you want but keep in mind the time you picked up the last item on the shelf at the drug store that maybe someone else had a greater need for down the road. Or took the last seat on an airplane.)
No problem with buying domains and letting them sit there until you decide what to do. No problem buying domains that you think you could sell either, in general. As much as this might piss people off who feel the domain should just be there ready when they want it.
Squatting would be registering a domain that specifically (edit: and reasonably) belongs to someone else. Say you hear the local pizzeria opening is called "xyz pizza" and you register "xyzpizza.com". Despite what the media and all the typical articles say about this.
By the way when you say "all registered for various purposes" there is no qualification about what the purpose is so essentially some people would define you as a squatter depending upon the way they see this issue.
Not true. See this:
(The definition I gave is actually more broad.)
I agree that you are right with that statement. I don't agree that people are well informed about this enough to know that that the statement is wrong.
That belief is something that comes from the days of a few bad actors (panavision and mtv domains come to mind and some others) that made the practice which is now called cybersquatting what it is instead of what it should be based on. And by the way even the current definition was shaped by Intellectual property lawyers as a totally one sided law brought about to protect the interests of a certain class of owners. (As was UDRP process for that matter).
But yes that is the uninformed view of most people. Just like many ordinary people associate the word "hacker" with "bad" and not "good".
As has been pointed in another reply, people buy things all the time with the intent to profit from the sale of which they do not use. Since the beginning of time this has not been a bad thing. And why should it be? (Not to mention the fact that there are alternative TLD's it just happens to be that .com is the ubiquitous one.)
It is considered to be good to buy things that you don't intend to use to resell them if you are adding some kind of value in the reselling; for instance, people who have a local retail store, who are adding the value of being close and convenient, rather than having to go all the way to the producer.
Domain squatters are adding no value. If you just buy a whole ton of domains speculatively, and then sell them off at high markup because so many domains are gone that it's impossible to find good ones, you are adding no value, you are only taking advantage of an artificial scarcity for your own profit.
We have plenty of other negative words for this kind of behavior in other domains. Ever heard of a scalper? There is really no significant difference between a domain squatter and a scalper; they are just people who induce artificial scarcity and use that to run a profit without actually adding any real value.
At least in my own experiences, I've never seen a domain sold by a private party for less than 5x the typical price from a registrar. This would raise the average price of domains, not lower them as you suggest.
It has definitely raised prices for a name that would be known in advance to be valuable. No question there. But the increase in number of people registering multiple names has supported a reduction in price.
The actual number of names, (not taking into account putting a dash in one or more places and the fact that there are only a few 1 letter names that aren't blocked and some other stuff) is approx 26 to the 63rd power.
1.3909801171074219559097425909479540384265584214249033... × 10^89
While that's finite it still a huge number of possibilities. (Like ipv6)
I have in my hand an invoice dated 1999 (my earliest domain was '96) and the charge is $70 (for two years). Before that if my memory is correct the price was $100 for two years. Before that the price was 0 (yes 0 when there were so few takers).
It's a little chicken and egg but the fact that a high volume registrar (like godaddy) registers so many domains allows them to make so little per domain. (Actually that's not entirely true they also make money by selling you things you don't need but that's a entire separate subject.)
So the bottom line is this. If you look at the registration activity speculators and non users of domains drive up registration volume greatly. But of the names they register, only a small percentage of those have anyone interested in buying at any price. So in the end the fact that they do what they do drives prices down for everyone.
Edit: Although I agree that's little consolation if they have the domain you want. But there is certainly no guarantee that the name you want wouldn't have been grabbed by someone before you anyway, right? (See woodrich.com below)
For example, the following are all available at a low low price:
But not "woodrich.com" (registered in '96)
I wish there were a tool that would verify that they're all still registered under my account at GoDaddy.
Also, godaddy just got private-equitied, so it's going to be extra shit as they ruin the company, pay themselves an enormous fee, and sell it to the next greater fools .
People have much discretionary power to help you depending on how you treat them. While there are many people who get their way by instilling fear my personal belief is that you get more by being nice to people and making them want to help you (and this has always worked for me).
So when you have a problem with your registrar or hosting company or a meal at a local restaurant don't go off on a rant and tell them
a) It's their fault
b) They suck
c) you will never use them again
d) You will tell everyone a&b&c
(Did I forget anything?)
This will only make them defensive and will alienate them and get them to form a wall.
I'm not saying to not point out some truths about what happened. But do it in a way that makes them think you will be a happy customer if they manage to help you. Edit: And you still love them.
I think I got that right. :)
Use two-factor auth on your Google accounts, people.
The authenticator itself is just HMAC-OTP with the seed as the current time quantitized to 30-second intervals. Very straightforward.
It was pretty straightforward and actual kind of fun to make the switch.
Wait, what? Since when is twitter a replacement for email?
Obviously, it depends on the situation and the company, but Twitter can be a great way to approach some places. For example, if I was having problems with Comcast's phone support, I'd rather tweet @ComcastCares than figure out how to e-mail them.
It's like publicly saying "hey, we're a company that takes support seriously, just look at us being helpful". There was a great post on HN a few months back about a guy who got a steak delivered to him when he arrived home from the airport from his favorite restaurant because he tweeted something about really wanting one of their steaks before his flight departed and he mentioned them. The company had followed him on Twitter, knew he was a loyal customer and went the extra mile to personally deliver the steak when his flight landed. I always think of this story when I think about customer service for my own company.
The point is that Twitter's public nature can make or break you as a business and smart businesses know how to leverage that power for positive PR.
(TLDR: godaddy eventually came through for us)
So not really as exciting as Hackers, but sort of.
Even discussing that option with them may get them to disclose. Lawyering up sucks for businesses as much as it does for you.
IANAL / IDEPLOTI, you may want to chat with one or several or even just find folks who've disputed stuff themselves.
Additionally: register complaints with any and all consumer protections services: BBB, chamber of commerce, your state's attorney general's office, etc. And post to HN (OK, check that punchlist item).
Secondarily I moved because they are so big that if anything happens to my domains the chance I get to speak to a reasonable person are practically zero.
Find a smaller registrar, make sure you can get proper support from them, then move your domains there.
(Recovering a domain you have lost is orders of magnitude more expensive than taking steps to reduce the chance of it happening in the first place)
I hate GoDaddy more than probably anyone here but it looks like their upselling and bad design didn't cause this one. Rats! I really wanted another excuse to talk shit about GoDaddy.
And we know that hackers have been all over Gmail. So obviously they got into their account. Their account probably had links to the registration... or they tried the same password, who knows.
But now they have them. I think the important thing is that the new 'Registrants' return them to Godaddy.com right now. They are trying to say that these people have to prove fraud?
That's ridiculous. With easy to provide proof, get them returned.
Also don't use GMail for important stuff... maybe your own mail server? One that you harden yourself? JK!
I am just wondering for my personal info, I have lots of domains hosted with them
That said, I want to move a few domains away from GoDaddy but I am a bit confused how to do it the right way. Anyone have a good order-of-events list? I'd hate to lose the domains over a technicality when transferring. [edit: misspellings]
Laughed and closed the page. Even if it's not their fault for the original transfer, the headache of support is on you.
edit: Sorry you don't like to hear it? You get what you pay for, and you get what deserve for not shopping around and just going with the brand name that stuck because their CEO shot an elephant.
As a registrar we have access to exclusive contacts at other registrars as well as in many cases personal relationships. If we want to help you there is plenty we can do. Yes in the end it's up to the other registrar. But there are professional courtesies as well and other ways of getting things done.
"After a series of one-sided hearings, luxury goods maker Chanel has won recent court orders against hundreds of websites trafficking in counterfeit luxury goods. A federal judge in Nevada has agreed that Chanel can seize the domain names in question and transfer them all to US-based registrar GoDaddy. The judge also ordered "all Internet search engines" and "all social media websites"—explicitly naming Facebook, Twitter, Google+, Bing, Yahoo, and Google—to "de-index" the domain names and to remove them from any search results."