Hacker News new | comments | show | ask | jobs | submit login
Be aware of "morality" clauses from domain registrars (zacwe.st)
138 points by zacwest on Dec 24, 2011 | hide | past | web | favorite | 41 comments

The last part of his blog post says he chose Gandi[0] as a registrar because they do not have this clause, but I found a similar one in their General Conditions[1] contract[2]:

>By accepting Our Contracts and using Our services, You agree to abide to Our code of ethics which consists, in particular, of protecting and respecting minors, human dignity, public order and good moral standards, not infringing on the rights of third parties (private life, image, honor and reputation, trademarks, designs and models, copyrights, etc.) or the security of persons, property, the government, or the good working order of public institutions, and to help in the fight against abusive and/or deviant uses of the Internet (spamming, phishing, hacking, cracking, or attempts at hacking or cracking), or any other infraction as cited in the Penal Code.

I don't see anything about terminating your account "in its sole discretion", though. I personally use Gandi because they have a ton of TLDs and they've been fast and reliable, but I wouldn't hold it against them if they stuck one of these clauses in there.

[0]: https://www.gandi.net/

[1]: https://www.gandi.net/static/contracts/en/g2/pdf/MSA-1.0-EN....

[2]: https://www.gandi.net/contracts

> the Penal Code.

Which penal code?

Presumably France, since that's where they're based.

Gandi is also incorporated in the US.

----- Legal Notice The owner and publisher of this website is Gandi SAS, a simplified joint-stock company registered under French law with a capital of 37,000 Euros.

Registered with the Paris RCS – French Trade Registry - under number 423 093 459. Intracommunal VAT number FR81423093459

Headquarters: 63-65 boulevard Massena, Paris (75013), France Telephone: +33.(1) Fax: +33.(1)

US office: Gandi US Inc. 124 Lakefront Drive Hunt Valley, MD 21030 Fax: +1.410-449-4499

The US office is a subsidiary. I don't know the legal requirements, but I believe that in the worst case scenario both US law and French law would apply. It is my understanding that the registrar is still the French company, therefor subject to French law.


So I cant register a domain there and sell memorabilia from Nazi Germany, right?

French penal code.

This is an important concern for any US citizen who may migrate their domains to a Gandi. French law differs dramatically from US laws when it comes to matters of libel, slander and privacy.

Why does this matter? If your a US site, and you piss off someone in France then the pissed off individual has a target local to them (Gandi) who they can send legal threats to based on French laws. Or really a mixture of US and French laws.

If you would like to look up more on the subject when dealing with international law conflicts, consider reviewing US-EU safe harbor.

One thing to note, Godaddy has acted on those in the past. I've not once seen NameCheap do it. In fact, I've seen them take the legal hit multiple times and had lawsuits filed against them because they didn't move.




These are a few instances of that, NameCheap doesn't budge on their customers rights despite it being in the agreement.

Disclaimer: I know the owner and think he's one of the most respectable people in the domain industry based on my interactions with him over almost a decade now.

I wish more people would push back on these kinds of open-ended vague clauses in consumer agreements. When I represent big clients in arms-length negotiations, I usually take the position that my client will comply with laws – no more, no less. That leaves the definition of what is "objectionable" up to the (in theory, objective) standards of the law.

Which laws? In Internet-related cases, this is often ambiguous.

There isn't anything special about the Internet in this context. Lots of laws are ambiguous. That's why, in the common law system, we have courts and precedent.

You missed my point: either the standard is the law, or it's "we'll let you know when we have a problem with what you're doing".

I think he may have meant, "whose laws"? If you and your client are both in the United States, and your client only has customers in the United States, that's clear. But that's also rare.

Again, it doesn't really matter. Most countries have laws and respect the rule of law. Same principle applies, except places where the rule of law doesn't hold.

Registrars have rules set by Registries (For example, Verisign is the registry for .com, .net). I would assume these rules go back to the original issuers of the domains.

Regardless, I think that any registrar would have to have some "we reserve the right to shut down your domains" clause given the number of botnets and other uncool stuff on the net which use lots of domains (see http://en.wikipedia.org/wiki/Conficker#Payload_propagation for example)

Yeah - mostly, sorta... :)

Registries and ICANN do require registrars to include certain clauses in their contracts with end-users/registrants, but I'm not aware of any that include vague morality clauses. This document - http://www.opensrs.com/docs/contracts/exhibita.htm - is an enumeration of the terms and conditions that ICANN and the registries require us (Hover/Tucows) to include in our contract with our customers/registrants. These requirements aren't specific to us.

I was in the room in the late '90s when most of these clauses were negotiated and then again in the early '00's when the new registries came online (Afilias, Neulevel, etc.) and most of the new registries just simply absorbed the existing T&C's in order to smooth out the approval process associated with them launching their new TLDs. They've grown and evolved in the last ten years and aren't as uniform as they once were, but generally, you can still see the pattern in there.

Generally, most of the power a registrar requires to prevent the bad guys from doing bad things comes from national laws and not all these extra clauses. We (Hover/Tucows) find that all these extra conditions just make it harder for our customers to do business with us and so we've left out as much as we can and rely mostly on national laws to get what we need done.

> bad guys

know 'em when you see 'em, huh?

Yes, thank you for your reasonable comment. I don't get why everyone gets all apocalyptic any time there's something even remotely "bad" sounding in any Internet company TOS. If we read the TOS of every site we ever visited we'd have an HN with nothing but submissions about how every website on the entire web is impinging on user rights. Let's focus less on all this minutia and get back to startups and code, please.

It seems that Tucows doesn't have a clause like that, unless I'm reading this incorrectly.


That's the the impression I get as well from looking over the ToS for Hover as well.

Yup, that's correct. We can terminate your contract with us and force a transfer out. We can also suspend DNS and email service if you use us and we can be required by the registries or law enforcement to take specific action based on our contract with them and you or national law, but we don't make special carve outs to extend our rights beyond that already provided under law.

(FYI: I'm the GM for Hover...)

NearlyFreeSpeech.net appears not to have any such clause.


As with any registrar / host operating in the US, they will be subject to court orders.

Avoid .cx for this reason as well.

We all saw what happened to goatse.

I honestly don't see a problem with this, it's just a 30 days "we can get out if we want" and/or covering their asses clause from the business providing the service. I don't see anything sinister about it.

My reading of this is not the same. The clause says "after thirty (30) days", which to me means they can cancel it any time after an initial 30 days.

No, that comma before "after" is important. They're giving you a 30 days notice.

Avoid BlueHost for this reason.

Avoid every company on the web for this reason...

DNS is broken. Let's fix it: http://dot-bit.org/Main_Page

We could also establish a viable alternative DNS root zone and nameservers that people could use if their country censors the internet. See also: Jon Postel rolling in grave.

Just as a thought exercise, I wonder what kind of ramifications we would see if a registrar shut down a major domain name like google.com or facebook.com (beyond the obvious lawsuit; what would come of that suit?).

Lost revenue for either company would very quickly exceed the value of the registrar.

This is especially hypocritical from GoDaddy considering their advertising practices.

They believe it's good.

If the consumer doesn't, they can walk.

I've been using Hover for quite some time now, they are great.

Unfortunately, every registrar in the USA has, essentially, a "morality" clause imposed upon it by the US government. I'm not just talking about ICE seizures of .com domains, but also state judges ordering that domains be seized without regard for ICANN rules, and the federal governments widely healed belief that they can demand people be shut down.

I'd love to find a "no bullshit" registrar that was outside the USA. In a jurisdiction where censorship is actually forbidden.

Iceland could be a good candidate. [1]

I'm much more worried about a domain being stolen by the US government than I am by hackers. And that's not because I'm doing anything the US government shouldn't like... just that, with all these massive seizures, they're going to get domains by mistake. Then try and get your domain back... ugh.

[1] http://www.slaw.ca/2010/06/17/iceland-passes-law-to-protect-...

The worry circulating around the domain industry is that they will use VeriSign and Virginia jurisdiction at the registry level. I can't remember if this has happened or not yet though.

The ICE seizures relied on this.

Also of worry is the nexus created by the Regional Internet Registries (ARIN, etc.) which manage the address space and associated policy.

ARIN manages the IP address space for US, Canada, many Caribbean and North Atlantic islands and could easily be hobbled by over-reaching legislation from any of those national interests - with possibly a much deeper and broader impact than anything that could be inflicted by similar legislation affecting the domain name system.

Ah that makes sense. I thought it was used before but I couldn't remember a specific case; so I didn't want to just spout misinformation :)

Let's not piss our pants again over this language... Again. That language is what I like to call "cover my ass" language. By that I mean a lot of companies add in clauses that sound real bad but in reality they're just standard legal jargon that lets them cover their ass in the event that they're forced to. This isn't some totalitarian conspiracy and none of the companies using this language actually want to or have any interest in canceling your domains. This is a very insignificant thing. Let's stop getting our panties in a twist over every little clause in every company's TOS and get back to startups and the cool interesting stuff that used to get posted around here.

Forced to is a problematic term though. A company can be "forced to" because they don't want to stand up in court for the rights of their customers. They can be "forced to" because not doing so would subject them to bad press or just look bad.

The problem here is that the terms can be read in a very one-sided way (leaving aside the questions of adherence contract interpretation) and therefore all the power in the interaction is held by the registrar.

You're wrong. One-sided contracts are not insignificant. If you think they are you're in for a world of hurt.

But if you don't like reading about them, don't. I don't see how you're being forced into these threads. In fact, feel free to vote them down. But don't pollute them.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact