GoDaddy Warns India's Crackdown on Fake Site Registrars Could Upend Internet Privacy Everywhere (reuters.com) 19
"The internet is filled with fakes," writes Gizmodo. "A court in India is setting out to address the problem by requiring more transparency from domain registrars to make it easier to crack down on fraud. And while the intentions might be good, Reuters is reporting that major American domain registrar GoDaddy is sounding the warning bells that the court's decision could fundamentally reshape the internet well beyond India's borders."
GoDaddy argues the move would even make the internet less safe, reports Reuters : [Online fraud] is a key challenge for Prime Minister Narendra Modi's government, which last year received 2.4 million complaints of alleged cyber fraud amounting to $2.4 billion. Starting in 2019, lawsuits were brought by dozens of Indian and global firms — Amazon against fake shopping sites trading on its name and McDonald's complaining against bogus sites offering franchises. [More than 20 companies filed a complaint, the article notes, including Microsoft.] In December, an Indian court blocked more than 1,100 such websites. The New Delhi judge however went further, ordering sweeping new measures that tech experts say have rewritten rules of internet governance: Domain sellers should not offer buyers free privacy protection by default, the buyer's details should be released to anyone with a "legitimate interest" within 72 hours, and website addresses that are variations of protected brand names must be prohibited.
U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court, according to a Reuters review of non-public filings. It says the ruling will affect legitimate businesses that have names similar to big brands. Stopping privacy-by-default features, GoDaddy said, will result in public disclosure of name, address, telephone and email of legitimate website owners, exposing them to "foreseeable privacy and security risks" such as stalking and harassment.
As domain names operate globally, not locally, the order could force GoDaddy to regulate website addresses across the world, it said. On the court's order imposing a 72-hour deadline on companies to provide registration details to anyone with "legitimate interest", GoDaddy argues it has no wherewithal to assess who has legitimate interest or not. The "commercially destabilising" directives may force domain name companies to "exit India", said one of GoDaddy's appeal documents that ran into 5,121 pages... GoDaddy rivals, Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also challenged the New Delhi ruling, court records show, although Reuters could not ascertain details of their appeals...
GoDaddy argues that diluting the privacy feature will run contrary to India's data protection law and the European Union GDPR law which mandates a "privacy by default" approach. Farzaneh Badii, a New York-based researcher on internet governance, criticised the New Delhi ruling, noting that Europe redacted such details because publishing them had been abused by harassment and targeted phishing. "The people exposed will be journalists, activists, small business owners, and private individuals. The brand impersonators will not," she said...
While the sweeping December directives were issued by a court, they followed government's submissions, documents showed... The judges will hear the appeals on July 16.
GoDaddy manages 80 million domains and serves over 20 million users, the article points out, with annual revenue over $5 billion.
GoDaddy argues the move would even make the internet less safe, reports Reuters : [Online fraud] is a key challenge for Prime Minister Narendra Modi's government, which last year received 2.4 million complaints of alleged cyber fraud amounting to $2.4 billion. Starting in 2019, lawsuits were brought by dozens of Indian and global firms — Amazon against fake shopping sites trading on its name and McDonald's complaining against bogus sites offering franchises. [More than 20 companies filed a complaint, the article notes, including Microsoft.] In December, an Indian court blocked more than 1,100 such websites. The New Delhi judge however went further, ordering sweeping new measures that tech experts say have rewritten rules of internet governance: Domain sellers should not offer buyers free privacy protection by default, the buyer's details should be released to anyone with a "legitimate interest" within 72 hours, and website addresses that are variations of protected brand names must be prohibited.
U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court, according to a Reuters review of non-public filings. It says the ruling will affect legitimate businesses that have names similar to big brands. Stopping privacy-by-default features, GoDaddy said, will result in public disclosure of name, address, telephone and email of legitimate website owners, exposing them to "foreseeable privacy and security risks" such as stalking and harassment.
As domain names operate globally, not locally, the order could force GoDaddy to regulate website addresses across the world, it said. On the court's order imposing a 72-hour deadline on companies to provide registration details to anyone with "legitimate interest", GoDaddy argues it has no wherewithal to assess who has legitimate interest or not. The "commercially destabilising" directives may force domain name companies to "exit India", said one of GoDaddy's appeal documents that ran into 5,121 pages... GoDaddy rivals, Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also challenged the New Delhi ruling, court records show, although Reuters could not ascertain details of their appeals...
GoDaddy argues that diluting the privacy feature will run contrary to India's data protection law and the European Union GDPR law which mandates a "privacy by default" approach. Farzaneh Badii, a New York-based researcher on internet governance, criticised the New Delhi ruling, noting that Europe redacted such details because publishing them had been abused by harassment and targeted phishing. "The people exposed will be journalists, activists, small business owners, and private individuals. The brand impersonators will not," she said...
While the sweeping December directives were issued by a court, they followed government's submissions, documents showed... The judges will hear the appeals on July 16.
GoDaddy manages 80 million domains and serves over 20 million users, the article points out, with annual revenue over $5 billion.
GoDaddy has been known as the (Score:1)
...armpit of domain name registrars. Those in the armpit business want to keep their armpit niche alive.
GoDaddy's just worried about its profits (Score:4, Insightful)
U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court, according to a Reuters review of non-public filings. It says the ruling will affect legitimate businesses that have names similar to big brands.
I bet GoDaddy makes tons more money from typo-squatters and scammers than from legitimate businesses with similar names.
Re: (Score:3, Informative)
Not just GoDaddy. There's an entire ecosystem of "used domain name" traders out there*. For a small fee, they will "administrate" a domain for you. As if that's a difficult job. Next thing you know, the reassigned administrator contact in the DNS record will be sold off to a squatter. Not typo. They actually have your domain. Now you have to buy it back.
Microsoft was in this business a while back. But they were buying up entire hosting companies and then informing cusomers that their domain was no longer "
Fuck GoDaddy. No website owner should be hidden. (Score:1)
If you are worried about news reporters and whistleblowers there are already sites for that to provide anonymoty - but the website owner itself NEVER needs to hide ownership unless it is some sleezy scammer or thief type site.
Re:Fuck GoDaddy. No website owner should be hidden (Score:5, Informative)
I run a website. It is not politically active or controversial in any way, but I don't want my name, phone and address details out there in the public domain simply because I publish information online.
I live in Europe and we have laws about this... Once I make a bank/debit card payment to register the domain I am traceable by the police if they have a warrant. Why would my name need to be out in public just because bad people register fake names?
Re: (Score:1)
Re: Fuck GoDaddy. No website owner should be hidde (Score:3)
Re:Fuck GoDaddy. No website owner should be hidden (Score:5, Informative)
Apparently you didn't experience the blessings of owning a domain before WHOIS privacy features. It's not the news reporters and whistle blowers, it's the marketers, scammers, and malcontents.
This would have a huge effect on use of vanity domains for email, blogs, or personal websites, since using your domain will be doxxing yourself. Remember that this is the era of swatting and slow descent of civility online, only Gmail and Medium/Substack otherwise someone will be sending you a crew of angry police or a box of manure to your door for your opinion online.
Re: (Score:2)
There are ways to provide the owner's name and non-exact location and provide a protected contact path to the owner through the registrar. But that contact path through the registrar must work or the domain should be disabled until that is fixed - this would require more effort on the part of GoDaddy but that is their fucking job as registrar.
Right now you get 'info redacted' - that's it. This is
Re: (Score:3)
What's wrong with how it is now? You want to know the owner, get a warrant.
What problem needs fixing here? My parents were scammed, and the prosecutor knows who did it but they declined to prosecute due to "policy priorities". If scams aren't a priority then how will changing the law fix anything?
Re: (Score:2)
Either the registrar is then required to play nanny on "valid" communication or people could lose their domains because they don't check spam communication. And that valid communication isn't law enforcement or the courts, because that's the current system.
But don't make me have to check in every month otherwise lose it because some scammer can make a business around stealing domains and holding them hostage. Otherwise the current system of contact the registrar if there is a malicious domain and if there's
Re: Fuck GoDaddy. No website owner should be hidde (Score:2)
Yes that will work perfectly because no one will ever figure out how to put a real and yet wrong address on their WHOIS record.
Re: (Score:2)
They do this, we'll replace DNS with a better system. A decentralised system, where you and them won't get to dictate jack all. Try us on this.
Yes. But No. (Score:1)
Yes, I'd be sorry to see things exposed and even more so to see it brought about by an Indian government ruling.
But, no. GoDaddy is full of shit with this "exposing them to "foreseeable privacy and security risks" such as stalking and harassment". Domain registration information, the whois database, was exposed to the public for a very long time. The only issue it's exposure costed was an increased exposure to spam due to marketers scraping the Whois databases.
The spam email, snail mail, and phone calls wer
Finally a solution to internet fakery! (Score:4, Insightful)
Who knew it would be easy to rid the internet of fakes? Just ask them to please put their name and address on their WHOIS and the problem will be solved forever!
Thanks India, now I can sleep well knowing I'll never come across a fake on the Internet again!
Re: (Score:2)
WHOIS: GMail.com
Nope. Of absolutely no use.
privacy? What privacy? (Score:2)
Google is already tracking everything I do online. Data breaches happen all the time. Privacy is already dead for regular users. Scammers will continue to enjoy anonymity via gray market api proxies. Nobody can stop them.
GoDaddy sounding alarms? Must be good for us (Score:2)
If GoDaddy is concerned, good. They are the worst of the registrars and probably half the reason we have sketchy stuff on the internet.