While freenom did genuinely have issues with spam and the like.
I must say it played a pivotal role in my life, it allowed me to do my passion and have a domain name in my early teens when I couldn't pay for anything. Being able to toy with a domain name led me down many rabbit holes and led to me trying out self-hosting and system administration.
I have mixed feelings as well, for the same reason, but I find it absolutely terrible that the citizens of Mali, RCA, Gabon, and Equatorial Guinea have basically been robbed of their TLD by their (mostly failed) governments.
.io is similarly problematic. Although at this point I think the best solution would be to retroactively set .io to mean Input/Output and give the Chagossians a new TLD.
EDIT: it could also be argued that this controversy is beneficial for the Chagossians I guess. I didn't know anything about them until I purchased a .io domain a few years ago.
Do you not see the obvious irony in taking a people who were forcibly removed from their home so it could be given to others, issuing them a TLD, and now you're suggesting forcibly removing that from them and giving it to others?
It's something they didn't really ask for, never meaningfully utilized anyway, and ultimately is an entry in a table on some servers they can't really care less about.
You can fantasize about the hardships the citizens suffered for the appropriation of the .io TLD and draw any analogy you want, but there are probably more pressing needs of the people you're not addressing by spending time to supply this sort of sympathy.
Worse, imagine a world where you actually advocate for the displaced indigenous people to care about this problem. Probably you'd be asking them to divert attention from real problems such as being able to afford food tomorrow.
But if those TLDs don't even bring them any money and they're not named after something in the Chagossian's own language, do they even own them in any meaningful sense?
Aside from the right to return to their homelands, these people should be given some actual royalties from .io domain purchases. And then maybe also a new TLD that is more meaningfully connected to them and less likely to be hijacked.
When I wrote that I wasn't imagining any forcing going on. Rather I was thinking about dialogue happening with the ethnic group in question to try and find a TLD that makes sense in their own language rather than English.
I don't buy this at all. Country-specific tlds are more or less a total failure. To the extent they still have a role, it is in having official government sites (eg "gov.uk" in the uk)
Firstly the US never bought into it so all the original successful internet companies are ".coms". For this reason if you are a global company, chances are you would prefer a ".com" to anything else. Most companies want to address a global audience and part of the point of e-commerce is to make this happen. So they don't necessarily want a parochial-seeming national tld but would prefer a global one. This makes country-specific tlds redundant for commerce.
Secondly the people running the national TLDs are (in my experience) often doing so to further their own egos and personal interests and so tend to offer a shitty service. This is why I gave up my ".co.uk" domain some years back. The UK NIC were just annoying in a bunch of different ways.
not sure what world you live in, but ccTLDs are widely used across the world, and in a lot of countries much preferred over .com.
german people, for example, will trust a business running on a .de domain much more than a .com one.
in most cases it is much preferred for an international company to run the country-specific website on the according ccTLD. companies that "want to address a global audience" are a specific set of companies that might prefer a "global" website, but most businesses will run country specific sites, not "global" sites.
also not sure what the UK NIC being "annoying in a bunch of different ways" has to do with anything, or even means.
seems to me like you are living in your own world, far detached from reality.
I’m happy to be wrong about this and hear about the thriving ccTLD scene but there’s no reason to get personal and say I’m detached from reality.
The way in which the UK nic used to be annoying that is relevant for this is that they used to make it much harder to register, transfer and renew domains. So at some point even though I had a .co.uk and a .com I just stopped trying to transfer the .co.uk and let it lapse at the next renewal date.
yeah you're right that some registries might have some weird quirks about certain things like transfers or additional mandatory requirements etc.
UK transfers are surely more complicated than they have to be (push vs. pull logic).
and I can also see where you're coming from, since in the UK it doesn't seem to be such a big thing.
but in most other non-english speaking countries (or even .com.au or co.nz), ccTLDs are actually a big trust factor. also for example high-end keyworddomains sell for a multiple of the respective .com domain price. sometimes as much as 5-10 times.
It might be different for the UK, but as others have said ccTLDs in my experience are much preferred over .com. .com is basically used for generic US multinational companies, which means a handful of websites you care about but locally relevant sites are going to be .fr or .be for me.
.fr and .be are as easy to manage as any other TLD, and they have the advantage that you're probably not going to be price gouged as they are not run for profit.
Yes! My freeservers site from the same era (2000, when I was 15 ) is also somehow still alive. I don’t have the password though. So I cannot fix the error haunting me for all time that I listed Generations as a TV series of Star Trek rather than a movie.
Storage and bandwidth has gotten orders of magnitude cheaper since then so that might be part of it. Identifying and deleting inactive websites might have deemed to be more expensive than just letting them stay on.
> the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains
If the way to have there things is defrauding others, then they are not as free as they seem.
I'd say that a third-level domain is fine for teenage projects; was fine for me even past teens.
can you link me some free third level domain services that allow full control over all records? while I don't need it now, in the past I have wanted such a service and was unable to find them.
"All records" makes an important difference indeed. I mostly thought about web projects where you need A / AAAA and CNAME. I do remember that I had access to MX and TXT at some free provider around 1995; GeoCities? Can't remember.
for $8 a year you can get a regular domain and then have as many free 3rd level domains with full DNS control as you want. or do you really just mean free free
Yeah, the refrain is usually "anyone should be able to afford $8 a year", but I remember being teenager and even when I was making an income I still couldn't get a credit card. It's less about the money and more about the ability to pay.
You don't really need credit cards, we found ways to pay for domains and hosting back in the day when we weren't legally able to get one (due to being minors). Some smaller companies accept other ways to pay that can be used anonymously. I definitely couldn't afford $8 a year thought, so others were covering that.
It requires specific care because in the DOM security model, third level sites are all in the same security domain and can read each others cookies and control each others pages. The browsers have a special list with gov.uk, co.uk etc so it knows these are special.
That wasn’t a concern in 2002 but today it should be.
These domains apply a serious bonus to spam scores, but if you do everything else right (send a normal but not too large amount of email, get your mail server from a domain with high reliability, set up SPF/DKIM/DMARC/etc.) you shouldn't fall below the spam line in most spam filters.
yep, being a kid iterested in tech and having parents, that are not, is probably a huge pain... internet at home and a computer.. sure... giving your credit card info to your kid for some name on the internet? No way s/he's getting that.
Having a free option (and dynamic dns, and possibly even a free virtual machine somewhere) makes a lot of learning and experimenting possible for kids.
They are knowingly allowing card fraud and other cybercrime groups to operate openly on there. We’re not talking about criminals that use the platform while trying to appear sneaky and flying under the radar - we’re talking about groups outright advertising their wares in the group name: https://krebsonsecurity.com/2018/04/deleted-facebook-cybercr...
> Some had existed on Facebook for up to nine years; approximately ten percent of them had plied their trade on the social network for more than four years.
> KrebsOnSecurity’s research was far from exhaustive: For the most part, I only looked at groups that promoted fraudulent activities in the English language. Also, I ignored groups that had fewer than 25 members. As such, there may well be hundreds or thousands of other groups who openly promote fraud as their purpose of membership but which achieve greater stealth by masking their intent with variations on or mispellings of different cyber fraud slang terms.
I have my own personal experience with this. I came across a page promoting Snapchat (and maybe other services) hacking services that in exchange for a fee claimed it would email you the credentials of the target account, with plenty of obviously compromised accounts posting comments claiming it works. Obviously very illegal in the vast majority of jurisdictions, but the double whammy there is that the service was itself a scam.
Reporting the aforementioned group and a few of the fake comments yielded that none of this activity goes against their community standards.
i love reading the comment in HN, not the articles. but this is a strange one.
> They are knowingly allowing card fraud and other cybercrime groups to operate openly on there.
i wonder if you believe yourself when you write stuff like that?
as if that company has a policy to allow fraud and cybercrime and they really believe its good for their business.
if you do... well... watch out from those black helicopters
You don't need an explicit policy to allow it (putting it in writing would be stupid). There's plenty of ways to effectively allow it without saying it, like not encouraging/deprioritizing projects that aim to crack down on this kind of behavior, effectively turning a blind eye to the bad content without ever explicitly "allowing" it so they retain plausible deniability when confronted.
Note: they "stopped phishing" by basically forbidding almost anyone from registering a domain, I've been trying to get a new domain there for months without success
This is the real answer, I have a paid domain and am still unable to get contact or transfer off (I have attempted this with all known registrars that support .tk, Freenom simply fails to respond to the transfer request)
I mean that's basically the point. The barrier to entry of $10/yr and breaking anonymity is enough to price out bad actors.
If anyone at all has a way to combat this stuff that doesn't rely on "bad actors need disposable identities to get around blocks and don't usually have money" will basically win the internet.
The title is a little deceptive. From near the end:
> Unfortunately, the lawsuits have had little effect on the overall number of phishing attacks and phishing-related domains, which have steadily increased in volume over the years.
> Piscitello said despite the steep drop in phishing domains coming out of Freenom, the alternatives available to phishers are many.
So spammers are attracted to the same low prices and quality of services as anyone else? The subtext of this comment chain is a pretty weird take. The fact a domain is registered at Namecheap does not by itself make it any more likely to be a source of spam.
I think it is more likely that spammers favor Namecheap because Namecheap ignores spam reports (at least mine). So far, I received the same kind of spam from ~500 of their domains.
What kind of evidence do you need to provide when reporting spam to a domain registrar? Could I get your domain banned by spoofing spam emails and sending screenshots of them to Namecheap?
That wasn't the intent of the comment. The original article was suggesting Freenom was popular with spammers. I was adding my observation that it has often been Namecheap that is prolific in my spam folder. We then go on to discuss why that may be.
What alternative options exist for low budget passion projects, toy projects, and the like? It's such a tough space to exist, trying to offer a free service while also combating spam.
I was about to order something from a website[1] that showed as first page result on Google Search.
Spending couple of minutes on the site, it became obvious that it is a scam website. Confirmed further by another search on domain[2]. I wanted to report it but there is no easy way to report this. So I gave up and hope no one falls for it.
Thank you, I tried to report it from the search page. I clicked on the 3 dots menu. The options were not perfect for this kind of scam reporting but I selected something close enough. Then it took me to another page where there was a huge form to fill out.
It should be easier to report scams or phishing sites from search page, imo.
Every third of fourth technical Google search I try lists about 10 to 20 fake sites. Many of them using .it for some reason, but there are plenty of other TLDs with this problem as well. At this point I'll click a .biz before I click a .it.
I'm not going to report hundreds of domains every month. Google needs to get their crap together.
The same is very much true for other parts of Google as well. Youtube comments are hilariously full of spam. There's a pretty good tool out there to get rid of the spam, which just runs the comments through a basic spam filter, but for big channels you can't let the tool run for too long because of API call limits.
I've had people open up Facebook and Instagram accounts using my email address. They don't bother with requiring verification to use their services. Before I took over the accounts I'd get periodic notices about "friend" activity but never a nag to verify the e-mail.
I must say it played a pivotal role in my life, it allowed me to do my passion and have a domain name in my early teens when I couldn't pay for anything. Being able to toy with a domain name led me down many rabbit holes and led to me trying out self-hosting and system administration.
Sad we can't have free things.