KimmoA.se presents...

The rotten and corrupt Domain Name System

My first-hand experiences both allow and oblige me to tell you the truth about how a crucial part of the modern Internet is rotten and corrupt to the core, controlled by thieves and other criminals. Caution: You may not want to spend time, money and efforts working on anything online after reading this. In a way, I guess it's probably for the best if most people don't know the truth. Nevertheless, I simply need to let as many as possible learn what's really going on out there.

What is the Domain Name System anyway?

The "Domain Name System" (DNS), put simply, is the part of the Internet which maps human-friendly addresses (such as www.example.com) to the "scary" and difficult-to-remember "IP addresses" (such as 123.123.123.123) that are actually used by the computers under the hood. There are many complex technical details which are unimportant in the context and will be skipped here.

The crucial thing to understand is that for this to work in an acceptable manner, everyone (or at least the vast majority) must agree to use the same, global system. Otherwise, some Internet users might get a completely different Web site when they try to go to Microsoft.com as it could be mapped to different IP addresses in different "segments" of the Internet in such a scattered, decentralized system. This would defeat the whole purpose of a global network. There are in fact various alternative so-called "DNS roots", but they are practically useless since they aren't used by almost anyone in comparison.

ICANN is the very-much-for-profit crime syndicate ultimately in charge of all this. Previously, it was InterNIC (whose Web site is still used by ICANN for information and more). They have assigned operation of each "Top-Level Domain" (TLD), such as .com, .org or .se, to a specific company since they are only interested in sitting around and raking in the cash while pretending to give a shit about anything else. In the case of the famous and highly valuable .com, VeriSign (previously United States Department of Defense) has been put in charge (likely by handing over the heaviest bag of bribes, but don't quote me on that as it's merely an educated guess). These companies usually don't actually handle registrations directly, however, but outsource this to other third-party, for-profit companies which, as it turns out, are more often than not criminals and thieves, or at least criminally incompetent.

What's so bad about this setup?

In order to register, transfer, modify or generally "own" or "keep" a .com domain name, you must use an accredited "registrar". An accredited .com registrar is simply any company from anywhere in the world that has paid a large amount of cash directly to ICANN, and/or to the TLD authority company (such as VeriSign in the case of .com.). You need far beyond half a million USD to even get considered, ensuring that only large companies with a "maximum profits at any cost" attitude (more accurately known as "subhuman scum") are able to get a license, making it impossible for sensible people such as myself to get to handle domains.

(Note: There are countless companies that appear and claim to be registrars but which really are just useless resellers of the "real" registrars, which have all of the actual power. Since these depend entirely on their "parent" companies, they have no real reason to exist.)

It is impossible to register/transfer/handle a domain "directly", regardless of the amount of money you are willing to pay. If you want to create a "private" registrar just for your own domains, you must create a dummy company and then pay the same fee as every other registrar. Unless you currently live in a huge mansion and drive a luxurious sports car, you can probably forget about that right away.

These companies want to maximize their profits, at any cost. They have no other motivation to exist and couldn't care less about causing massive problems for people, or lost domains (unless it's part of their own "portfolio", of course). One customer, assuming he only has one domain, gives the average registrar a few bucks a year in income. How many hours of support/abuse department time does that pay for? 0.00001 hours? I'm sure that you understand my point. If people were to, say, bombard the company with fake abuse reports about a given domain, what do you think they will do? They will drop the account, or worse. They have absolutely zero interest in "wasting" time looking up facts and setting up necessary filters to block further abuse reports once they have verified that the claims are inaccurate, writing internal notes as necessary, etc.

They want to do as little as at all possible. Preferably, the entire process should be fully automated so they don't even have to hire anyone. What's next? Automatically block any account with more than three abuse reports? They have no pride and don't consider themselves to have any kind of "public service" mission. They want as little trouble as possible. Given the choice between dealing with lots of "upset" people on a continual basis and perhaps receive bad PR for the company from cyber terrorism, and standing up to defend a perfectly legal but "controversial" domain, every company will do one of the following: they either force you to "move" the domain to another registrar, or, if the company is called EuroDNS, simply steal it from you and ignore you from that point on.

What made you write this article?

I used to run a 100% legal (yes, really) site using a nice standard .com domain, having previously done this for ages without problems. At that point, the thought that this could ever happen had never even crossed my mind, much like it most likely hadn't entered your brain prior to reading this article. It's truly absurd and I can't really blame you for not believing any of this I'm trying to tell you.

(I could write a full novel about this experience, but I'll spare your eyes for now. Instead, I'll simply summarize what happened. The full story, which is largely off-topic for this article, might get written one day, in a separate article.)

One day, the first registrar told me I had to move and removed the whois privacy I had purchased without notice. It is important to point out that virtually none of these companies ever would explain themselves, refund me or in any way cooperate: it was always "We have removed the whois privacy. Now pack up and leave, quickly. We will not discuss this any further." in an inexplicably rude and hostile manner (with one exception in Goddady, who at least put it in a somewhat apologetic manner).

It's difficult to summarize this without leaving out important details and without making it sound as if this was somehow legitimate actions by the companies. Basically, malicious people with some kind of severe mental illness would repeatedly send fake abuse reports as soon as we had switched to a new registrar, until they marked the account as "not worth the money it brings in", which often seems to mean "any fake abuse report". This in no way excuses the companies. It is their duty to protect their customers from such abuse, and ought to be part of their daily routine. No bank would close an account just because a bunch idiots tell them to. In general, nobody should ever have to be negatively affected by things completely out of their control.

I'd have happily paid up to 10x the price for such an extended "service", by the way, but none of them provided such a thing.

The "whois privacy" purchased many times, is a big joke. There is no privacy. They'll randomly remove it without any notice or stated reason. It was not uncommon for them to switch the "nameservers" to their own ones, and it was always unclear whether or not they would even let me transfer the domain away from them to another registar, which they are legally required to allow as per their contract with ICANN. Yes, I and others read it carefully. This isn't some stuff I'm making up.

Note that it didn't matter that I used external DNS hosting (and, of course, an external server for the actual site, again 100% legal). However, every time I would report an actual illegal site to the same companies which treated me like this, they would ignore it or claim that they "have nothing to do with the contents of the sites for which we provide domain names". Don't believe me? Again, I can't blame you. This probably sounds crazy.

EuroDNS = criminal domain thieves

When it eventually came to dealing with EuroDNS, they proved to be the worst, most incompetent, rude pieces of shit I've ever dealt with in my life, and that says a lot. It is very important to point out that this was not any kind of "hack"/compromise of either my account or the company's system. They had more than enough time to set things right after realizing their "mistake", except it wasn't a mistake but a deliberate, flat-out theft. And they got away with it.

EuroDNS manually rejected the transfer away from them (illegal; in direct violation of their contract with ICANN), set the domain for deletion without the owner's active consent (illegal; in direct violation of their contract with ICANN), locked out all access to the account (illegal; in direct violation of their contract with ICANN), and ignored every of my countless attempts of contacting them for the entire "redemptionPeriod" and "pendingDelete" phases (illegal; in direct violation of their contract with ICANN), which were designed to give plenty of time to resolve exactly this kind of situation (illegal; in direct violation of their contract with ICANN).

Simultaneously, I tried everything to contact both ICANN and VeriSign to resolve this at a level above EuroDNS, since it was apparent that they were deliberately ignoring me after stealing the domain. I used their form designed for this very purpose (ignored every time), I talked to VeriSign employees (they "unfortunately cannot help", which was clearly bullshit), contacted every damn employee individually for all these three companies, but nobody would even attempt to set this straight.

When it was clear that nothing was gonna help, I hired a company to register the domain as soon as it became available for registration again, to possibly save it in this manner. Somebody else had done the same thing and got it instead, then attempted to scam-extort his way into receiving a large amount of money. Years of efforts down the drain.

All attempts to talk to the new registrar to attempt to get them to hand over my domain to me proved fruitless. Nobody is keeping an authoritative log of the actions taken to domains, so there was no way for them to verify that I was the real owner. When it was stolen, it had been paid by me many years into the future due to the many jumps between registrars, which each added another year. None of that mattered, of course. It was gone forever.

The rest of the story is, again, off-topic for this article, but the site was later shut down and anything it points to now has nothing to do with what I created. I won't tell you the domain because it's either completely irrelevant to you, or you already know which one it is.

Why should I care about your stolen property? I've got my own share of problems.

Nobody forces you to give a shit about this or anything else. It may be hard to claim that this is as horrible as all the starving children in Africa, any of the random wars going on right now or the many people losing their homes and living off of food stamps in the Western society at the time of writing. Nevertheless, it is a problem which very well might affect you, either as a domain owner or as a user of a Web site having its domain stolen by EuroDNS or some other wealthy scam posing and being treated as a serious company.

If you cannot see why this is a problem, feel free to go back to doing whatever it is you normally do and ignore this issue. You probably don't even believe me, and you might think that it only happened once. Who knows? I got no media attention. I tried to get the media to expose EuroDNS/ICANN/VeriSign, but they are not interested in the horrible truth. Perhaps they are afraid of losing their own domains if they write bad things about this mob rule. Or maybe they are actually OK with domain theft and the broken Internet infrastructure.

Clearly, it has nothing to do with illegal content, since they harass people with legal sites while ignoring abuse reports for actual illegal and abusive ones. Again, I'm not making this up, although I wish I were. This is all based on my own experiences and most people will of course say (correctly) that they have had no problems. Most people don't, becuase they are lucky. Most people also don't get robbed or shot in real life.

What can I do?

Unfortunately, assuming that you are not an influential member of ICANN/VeriSign, a news reporter, or massively wealthy, not much at all. I guess you can link people to this article and, of course, try to avoid registrars which will steal and/or mess with your property.

I don't have any particular recommendations, since they all seem to be the same, but I can at least tell you some of the domain registrars which are verified to be scams and are to be avoided like the plague: EuroDNS, Network Solutions, Key-Systems (AKA domaindiscount24), Gandi, Moniker, GoDaddy, iDotz (worthless reseller) and Easily. Details may be posted later on a separate page.

I won't answer any questions about any of this. This document is provided as a public service and I really have no interest in getting the tainted domain name back at this point. Revenge is best served cold, however, so… if I strike it rich, that's gonna be bad news for you, EuroDNS.

If it matters in any way, this happened between 2008 and 2010.

Sources and links