Hacker News new | past | comments | ask | show | jobs | submit login

I intend to for future domain registration.

- Register.com is an annoying cesspool of value-add upsells and is extremely expensive in the process, with added cost to not have your personal info attached directly to your domain whois.

- GoDaddy, other than the creepy ads, has shown plenty of willingness to remove domains hosting content that they don't like, even if it's legal.

- I think Google is a registrar, but I'm not at all comfortable with how easy it might be to move my domain out of their grasp if I care to host my content somewhere else. I'm sure it's possible, I'm sure it has weird issues, and I'm certain there's zero support to talk to.

- Epik has, at least as far as I can tell, a reputation for simply hosting domain registrations, not asking questions, and ignoring just about every request for information.

Of those options, I'm fine with the last. I tend pretty hard towards the "free speech" side of the spectrum, and a registrar that will ignore anything short of a legitimate legal request from the authorities of the nation(s) they operate in is perfectly fine with me. Even if they host domains I consider distasteful, I'd rather support that than someone who will bow to public outrage and go snooping around domains looking for reasons to remove their registration (GoDaddy and Arfcom come to mind here).

There are probably other options, but those are the ones I know of, and why I'm intending to register future domains with Epik. I don't particularly care if a founder of a service is a scumbag in their personal life, as long as they reliably do what they promise to do.




Epik "ended its relationship" with The Daily Stormer because of content hosted on the site and the "entanglement" (meaning PR issues). If you're not ok with that, then I don't think Epik is what you're looking for. If you are ok with it, then you can accept service providers disassociating themselves with "distasteful" clients, it's just a matter of exactly how distasteful they have to be.

Source: https://www.npr.org/2021/02/08/965448572/meet-the-man-behind...


If the only ethical way to engage with modern consumer tech is to do a full analysis of the positives and negatives of every aspect of it (which is a position I think has some merit), then the only reasonable conclusion is to simply avoid all of it, because it's all corrupted, at some point or some level, by something someone will find distasteful or worse.

I honestly haven't delved deeply into the list of domains each registrar has removed, decided if I agree or disagree with it, sat down to evaluate the severity of each violation, etc. And I fundamentally don't want to, either.

If you've got a better domain registrar suggestion that isn't full on "bulletproof hosting Bitcoin only" stuff ending in .ru, I'm open to it, but... otherwise, at the end of the day, my goal is to register a domain.

Though, don't get me wrong, I'm seriously considering ending my entire involvement in modern consumer tech and going back to a 1900s tech level once I retire...


I (and many others) have had good experience with Namecheap.


I had an extremely bad experience with Namecheap with an extremely high value domain (5 letters, dictionary word.) They had a fault on their backend and dropped my domain where it got picked up by a parking service. This happened despite me having paid in advance on time for over a decade. After weeks of going back and forth with Namecheap management I contacted an attorney. Some research hours later we find out Namecheap has absolutely 0 western presence other than some extremely low value holdings companies. In the event you have an issue with Namecheap you would need to go through the Ukrainian court system which isn’t feasible for westerners. I had to write off a domain with a 5 figure valuation due to their incompetence.

High value domains use Mark Monitor. It is their entire businesss and most importantly they’re US based.


I'm not familiar with this particular case and I'm sorry that you had a bad experience but most of you what have said here is incorrect and frankly absurd. We're a US-based company and most of our executives and owners are US/UK citizens. After over a decade with the company, I've never seen a domain "drop" because of a "backend fault." There are certainly quirky edge cases with obscure registries where bugs can occur but if we're talking a major TLD then it is highly unlikely. Feel free to email me if you want me to dig into it though: ted [at] namecheap.com.


This is what I was told by an attorney. That in (the attorney) doing an asset check they revealed that NameCheap simply has a virtual office in a Regus office space with little to no US assets. Further, that even if we went through the struggle of getting a judgement against NameCheap's US entity that getting cash out might be impossible. If anyone reading this wants to verify you can look at Namecheap's site where they list their US address as "4600 E Washington St". If anyone has ever interfaced with any staff at Namecheap it's very clear that 100% of the support and middle management is located in the Ukraine. Just because you have some executives living in the US with a virtual office somewhere doesn't make you a US organization.

I've been all up and down the contact chain with Namecheap and quite frankly every time I make a stink about it in a public forum it's always the same playbook. "Yes a mistake was made, no we can't compensate you." Here is the reply from your support where you admit a fundamental systems flaw resulted in my domain being dropped:

"My name is Oksana and I am the Shift Leader of Domains Department. I would like to follow-up with you with regard to the issue you have faced with your domain name. We are very sorry that such unpleasant situation happened. We have reported it to our Technical team and they are doing their best to fix the issue that affected your domain renewal so that similar situations would not occur again. While we cannot change what has happened, we are planning to take steps to ensure that similar incidents and misunderstandings will not occur in the future. Unfortunately, we do not have any ETA on the fix implementation. Rest assured that as soon as there are any updates on this improvement, we will inform you via the ticket. Regretfully, we will not be able to recover your domain name, as it expired and later was re-registered by another Registrant. As a compensation for this negative experience you have faced, we can offer you the XXXX coupon code. You can use it to receive a 20% discount for registration, renewal, and transfer of domains."


To add some circumstantial evidence, Namecheap currently has 52 job openings, of which 47 are in Ukraine, 1 each are in Portugal and India, and 3 are remote: https://www.namecheap.com/careers/openings/


It's 2021. Most companies of our size have an international presence. So what?


Nothing wrong with it, I was just curious about the claim that the company is legally based in the US but most employees are in Ukraine.


Take note. Calling someone's experience "incorrect" and "absurd" before you have all the details will never end well.


I was simply saying it is incorrect to say that we are not a US-based company. We have a large support team in Europe but we were founded in the US and remain a US entity. We have always been a distributed company with remote teams all around the world. It is indeed absurd that their attorney suggested that they would have to through the "Ukraine court system."


You are still welcome to email me and I will try to help you however I can.


Very few people reading your comment have high-value domains.

Also, every registrar sends you scary emails before and after a domain expires and enter the redemption period [1].

That means you failed to:

- register for 10 years in advance

- pay attention to your email for at least 60 days (including your redemption period)

- enable auto-pay

If you had done any one of those very normal measures for a high-value domain, you would have kept your domain.

1. https://www.icann.org/resources/pages/domain-name-renewal-ex...


Many domain registries allow you to send domains directly to the pending delete status (or drop them entirely.) It's how domain tasting used to work about 10 years ago before ICANN/Verisign changed up the rules.


Most users have good experiences with most registrars. It's only in extreme cases that you find out what character your registrar has.


they dumped 8chan as well


> Epik has, at least as far as I can tell, a reputation for simply hosting domain registrations, not asking questions, and ignoring just about every request for information.

Give https://www.nearlyfreespeech.net/services/domains a shot.

I'm not affiliated aside from being a happy customer for over a decade. You can read their abuse-handling terms here: https://www.nearlyfreespeech.net/help/abuse


Actually they revealed a few months ago that if you aren't politically aligned with them at nearlyfreespeech.net, they treat you differently as a customer.

https://blog.nearlyfreespeech.net/2021/01/19/free-speech-in-...

They will "*not* lift one finger to help you [host your site here]" (emphasis theirs)

If you are not politically to their taste, they will look for a reason to kick you off as opposed to their other customers, "we *will* kick you off the instant you give us a reason".

In that same post, they revealed they will cooperate with police requests without any court documents or warrants being provided, putting them in the 'fragile' class of hosting providers.


Not sure of either of their policies, but I usually buy my domains from Dynadot then transfer the eligible ones to CloudFlare after the first year. Both are cheap, and I'm pretty sure CloudFlare tends to not divulge much information.

All my ICANN addresses are fake though so that's never been a concern for me.


They also have a reputation for securing your important PII behind unsalted md5 password lookups. Im not sure about the rest of their security, but if they screw up something as basic as storing passwords it does not imply good things about the rest of their infosec.

If you are concerned about getting your name off google because their systems are wierd, why wouldn't you be concerned with someone just stealing your domain from the insecure site by (e.g.) just logging in as you and initiating the transfer?


Ideology aside, shouldn't the fact that this hack exposed gigabytes of user data cause you to reconsider them as a reliable domain provider?

Why be concerned with domain providers giving personal information to authorities when Epik has already given it to the entire internet?


I moved quite a few of my domains from GoDaddy to Epik because of a) the pricing and b) the option of having "forever" domains, or at least very long term registrations as a potential choice.

...but that decision was made without knowing much about Epik. Ignoring the fact that they've potentially shielded some, uh, unsavory individuals (doxers, DDoSers, etc), the absolute stupidity in the design of their system, insecurity, and the fact that it looks now that Rob Monster tried to negotiate with the hackers to not release unhashed CC#s assuming they'd be happy with him removing the people they wanted removed...

Yeah, no. I'm moving my domains at this point. I don't want to be associated with that anymore than I already am at this point. The system "security" itself was bad enough, but having a CEO try to negotiate with the attackers? This is almost funny if it weren't so idiotic.


Gandi? Namecheap?


Maybe take a look at Gandi. GoDaddy has always been a terrible registrar. People used to recommend Namecheap because of that, but I think namecheap has limits on the length of certain records (which may be annoying for dkim).

In general there are a dozen registrars that are better than GoDaddy or Google without having to choose a right wing nutjob with bad security.


I've heard https://njal.la is pretty good.


I've quite literally never heard of them, and wouldn't click that link if it came across an email... :/

Also...

> When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party.

No?


Njalla is Peter Sunde's project. It's a very high credential, the only possible better thing would be if Edward Snowden ran a registrar.

The ownership is a hack to workaround for some legal issues (e.g. for .es domains you're not allowed WHOIS privacy). Although post-GDPR most whois servers dramatically restricted public access, so maybe it's less important now.


Sunde gives it some credibility, but still the idea that you're not the real owner of a domain is horrible. It seems only useful for domains you believe never to get a large audience.


I on the other hand know 3 people who got stonewalled by their support and were unable to use their domains.


Google is safe, simple, and they never bother you. I'm cheap, but will pay $13 just for piece of mind.


Google Domains incorrectly banned me. I filed an appeal showing how I was indeed authorized to perform the actions I had performed, that I was not in violation of their Terms of Use, and included the contact information of the various parties that Google could contact in order to confirm my claims. None of these individuals were contacted and my appeal was rejected with their standard "unfortunately kindly go fuck yourself" message.

When they banned me, I simply lost access to the entire domains.google.com page. As such, I was unable to transfer any of my domains out. The only thing I could do was let them lapse, wait for them to become available to the general public again, and re-buy them on a different registrar.

Their UI works great, most of the time, but I would not recommend Google Domains to anybody, ever, under any circumstances.


Please write this up with more detail, it deserves a HN front page story. That is horrifying.


It's really not as exciting as all that. As a regular user, I suspect you're unlikely to have an experience like mine.

As part of my job, I perform (authorized) phishing simulations for employees of my employer. Typically this involves registering domains that look like my employer's domain (with permission), or domains that look like those of our vendors (again, with permission). I suspect one too many people clicked Gmail's "report phishing" button and their automated system took it from there. So I wasn't at all surprised that the account eventually got suspended, but I was surprised that my appeal was rejected, and closed with zero investigation. Perhaps I shouldn't have been.

Thankfully the only domains I lost were domains used for that purpose. At the time, I did use Google Domains for my personal domains as well, but thankfully I had those associated with my personal Gmail address and not my work account so I could still control them. Needless to say, though, I moved them off onto another registrar immediately.

The experience has also led me to slowly move off of Google products as a whole, with the notable current exceptions of Android and Google Fi.

--

* before the inevitable "phishing is a violation of their terms of service", it actually isn't. The related section forbids use that violates any laws or regulations, and lists phishing as an example. Authorized phishing simulations do not violate any laws or regulations. Unfortunately, Google failed to follow up with any of the individuals or evidence showing that it was authorized, and just rejected the appeal.


Or any other google product for similar reasons.


Without reading the registry agreement to find anything specific, I'm pretty sure that violates ICANN rules.

I would also like to hear more about it because that's scary.


I posted the story on a sibling comment. It's not as exciting as all that.

Overall it was a net positive experience, really. It led me to perform a personal Disaster Recovery exercise where I modeled losing my Google account, which was very interesting and informed a significant shift in my online behavior. If it ever happens, it'll be a bother, but not much more than that.


> I'm pretty sure that violates ICANN rules

I wonder in the end who's more powerful though: ICANN or Google.


You cannot trust google for anything like domains you rely on, unless you have a contact there to talk to a human.


If its not a free service best assure the reader legal action will follow. Then the easiest solution is to restore access.


I’m not sure why this is being downvoted

I receive email on my domain, which means that it is the root of all of my security. If you steal my domain or tweak my DNS, you can get my email, and you can reset my passwords.

I have some domains at Namecheap still. I have a FIDO2 key set up for their website, which is good, but I’m not sure that I trust their security. I trust Google more.

Google Domains actually has support, too




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: