Slashdot Mirror

Looks like a staged roll-out with the highest prices for day 1 and decreasing from there. I'm guessing it's letting the ones with deep pockets pickup their preferred domain name while paying a large premium to do so. Godaddy has a pretty good layout of the pricing for each day till it reaching the standard of $14ish for the public.

https://www.godaddy.com/tlds/d...

$ ping protonmail.com
PING protonmail.com (185.70.40.182) 56(84) bytes of data.
64 bytes from 185-70-40-182.protonmail.ch (185.70.40.182): icmp_seq=1 ttl=48 time=138 ms
served on a GoDaddy server

~$ whois protonmail.com
      Domain Name: PROTONMAIL.COM
      Registry Domain ID: 1612103273_DOMAIN_COM-VRSN
      Registrar WHOIS Server: whois.godaddy.com
      Registrar URL: http://www.godaddy.com/
      Updated Date: 2016-08-10T23:37:51Z
      Creation Date: 2010-08-21T09:10:58Z
      Registry Expiry Date: 2019-08-21T09:10:58Z
      Registrar: GoDaddy.com, LLC
      Registrar IANA ID: 146
      Registrar Abuse Contact Email: abuse@godaddy.com ...
      Name Server: NS1.PROTONMAIL.CH
      Name Server: NS2.PROTONMAIL.CH

~$ ping protonmail.ch
PING protonmail.ch (185.70.40.181) 56(84) bytes of data.
64 bytes from 185-70-40-181.protonmail.ch (185.70.40.181): icmp_seq=1 ttl=44 time=125 ms

So, protonmail.com is at 185.70.40.182 and protonmail.ch is at 185.70.40.181

Interestingly, when I attempt to "whois" protonmail.ch I get:
~$ whois protonmail.ch
"The number of requests per client per time interval is restricted. You have exceeded this limit. Please wait a moment and try again."
I can whois any other site repeatedly without problems of a "per client per time" limit. Whois is being less than open about its results.

In /etc/hosts place
185.70.40.182 protonmail.com
185.70.40.181 protonmail.ch

and bypass DNS blocking.

Domain Name: amdflaws.com
Registry Domain ID: 2230797110_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com/
Updated Date: 2018-02-22T13:52:36Z
Creation Date: 2018-02-22T13:52:35Z
...
Registrant Contact
Name: Registration Private
Organization: Domains By Proxy, LLC
Mailing Address: DomainsByProxy.com, Scottsdale Arizona 85260 US
Phone: +1.4806242599
Ext:
Fax: +1.4806242598
Fax Ext:
Email:amdflaws.com@domainsbyproxy.com
...

So the new "amdflaws.com" domain was created 20 days ago by some unknown group that hides the domain owner via a proxy. Yeah, that's a totally legitimate research firm...not. It's just another FUD site. "Exploits" that require either 1) physical access to your machine and a "specially crafted BIOS update" or 2) administrative access to the system? Big deal...once you give admin access to malicious software, your system can be compromised a thousand different ways anyway.

I don't necessarily think it was Russia. I think it is an interesting choice given events in the United States. You must admit it was a bad decision on their part for picking an .ru domain. Anyone who supports Trump should stay as far away from .ru domains as possible. That was more so my point. And come to think of it, if I were a Democrat, I'd create a bunch of fake news sites supporting Trump with .ru extensions. And then to troll Trump, when he claims that the .ru sites are fake news, I will report on the .ru sites that there are fake .ru websites in support of Trump. LOL, that's actually a really funny idea. I've got better things to do though. Further more, it is kind of odd they would have gone with an .ru extension, and not something like .info, .io, or something else not as incriminating as .ru. Still, for someone banned from the internet, an .ru domain might make sense. https://www.godaddy.com/domain... Perhaps we can find who dailystormer.ru was registered with, and figure out whether it was a first recommendation or whether it was actively sought out.

Go Daddy doesn't host their site, they only provide the domain name registration.

Oh... That's even worse then. When I once complained to a Domain Registrar about a bona-fide spammer using them, they said, they can not — by some sort of the registrar charter — shut him down for any reason other than non-paying his annual fee.

Maybe, that changed, but I do not see any provision allowing the company to stop DNS-service to a customer based on their content in their ToS. Do you?

I'm on the hunt for an email service that supports encryption, has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping.

You don't want any of the free offerings (like Gmail) then. As far as I know, every mail service that is free does snooping for advertising, whether it's directly in their web client or used elsewhere.

I don't have any paid services to recommend (and even these may or may not come with data slurping) but you could always try rolling your own. Domain names are cheap ($10-$20/yr depending on who you get it through) and many domain registrars offer some sort of mail-setup that can vary greatly in price. GoDaddy is not a registrar I'd recommend, but for an example their e-mail service starts at $5/mo normally.

You could also throw together your own mail server, but my understanding is that a lot of ISPs (in the US, which I presume is your country) are not happy with customers hosting anything regularly. Most shared website hosting plans come with some sort of e-mail service, but the abilities and prices can vary tremendously.

Just know that if you roll your own you'll probably have to be a lot more hands on with things like spam, which can have varying degrees of annoyance depending on the method. With your own domain name you can also do neat things like per-registration routing (Gmail allows username+whatever@gmail.com, but a lot of sites don't accept that as a valid e-mail address) and it looks much better in business use. Having a site where you can host random things can also be handy from time-to-time.

Domain Name: GOLDENHAWK.COM
Registry Domain ID: 151220_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com/
Update Date: 2014-02-20T17:14:07Z
Creation Date: 1997-02-19T05:00:00Z
Registrar Registration Expiration Date: 2016-02-20T05:00:00Z
Registrar: GoDaddy.com, LLC

http://www.networksolutions.co...

Amateurs:

For more information on Whois status codes, please visit
https://www.icann.org/resource....
Domain Name: concreteballoonanimals.com
Registry Domain ID: 1943371105_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com/
Update Date: 2015-06-30T16:36:25Z
Creation Date: 2015-06-30T16:36:25Z
Registrar Registration Expiration Date: 2016-06-30T16:36:25Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clien...
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clien...
Domain Status: clientRenewProhibited http://www.icann.org/epp#clien...
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clien...
Registry Registrant ID:
Registrant Name: Michael Chaney
Registrant Organization:
Registrant Street: 2214 Henpeck Ln
Registrant City: Franklin
Registrant State/Province: Tennessee
Registrant Postal Code: 37064
Registrant Country: United States
Registrant Phone: +1.6153611244
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: domains@michaelchaney.com
Registry Admin ID:
Admin Name: Michael Chaney
Admin Organization:
Admin Street: 2214 Henpeck Ln
Admin City: Franklin
Admin State/Province: Tennessee
Admin Postal Code: 37064
Admin Country: United States
Admin Phone: +1.6153611244
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: domains@michaelchaney.com
Registry Tech ID:
Tech Name: Michael Chaney
Tech Organization:
Tech Street: 2214 Henpeck Ln
Tech City: Franklin
Tech State/Province: Tennessee
Tech Postal Code: 37064
Tech Country: United States
Tech Phone: +1.6153611244
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: domains@michaelchaney.com
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned

I was under the impression you could get signed certs for free or for as low as $5.99,
https://au.godaddy.com/offers/...

and have you looked into this:
http://tack.io/ (Moxie Marlinspike)
Not sure if that is useful for you.

Exchange is a big reason for getting a certificate that contains internal domains.
You get a single UCC Certificate that contains mail.domain.com and mail.company.local
first result from google for UCC cert
http://support.godaddy.com/hel...

What, so they're going to hard-code the acceptable root CAs into the JVM? So entities like the Federal Reserve Bank who run their own CAs (including folks using Microsoft Certificate Services) won't be able to use Java to connect to their secure resources? Providers like zScaler that offer cloud-based security whose entire model is MITMing all SSL/TLS (with the device owner's permission) won't be able to provide 0-day protection against hostile Java code?

Don't forget that the CAs whose keys are trusted by Java today have agreed to stop issuing "internal server name" certificates -- so usage of technology like Microsoft Certificate Services will only increase! In the next few years, the only reasonable way to make https/SSL/TLS work within internal networks will be to roll your own CA and certs.

I wish I could say that I thought there was no way that Oracle would be so stupid as to make it impossible to operate an internal CA. I mean, self-signed is not the same as signed-by-a-CA-not-vetted-by-Oracle. Self-signed traditionally means signed-by-a-CA-not-in-the-OS/runtime-list-of-trusted-root-CAs. But I wouldn't put any bets on this, since the historical data suggests that Oracle is one of the two stupidest, least trustworthy software vendors in the world.

Congress, say.

And of course 'instantly' would be too gestapo for real life. We'd really want a grace period with escalating warnings, followed by fines, followed by pulling-the-plug.

And it'd be much better if industry came up with this on its own first. What's the state of the art?

Rackspace talks about security,
http://www.rackspace.com/managed_hosting/services/security/
but doesn't seem to offer proactive vulnerability scanning, and if they did, they would charge for it instead of just doing it.

Godaddy seems to offer this as an extra cost
service instead of just doing it:
http://www.godaddy.com/security/website-security.aspx

Here's one wordpress hosting provider that promises to install all security updates within one hour (wow):
https://wpengine.com/security/

So, industry guys, can we get our act together and offer security scans and upgrades as part of the basic service plan?

PS: Thanks for remaining civil throughout disagreeing with me on this - I don't think you're right, but I do appreciate it that this hasn't degenerated into name calling like many /. threads seem to do these days.

LOL, thanks right back. I don't usually bother with AC's, but you are a good one.

I've already listed different ways in which you don't have to use ICANN.

I agree that you don't "have" to use them, as in there are technical ways to reach someone without DNS - the simplest being straight IP addresses. That said, there is no practical way for someone to have a successful web presence without ICANN. I've never seen a high-traffic web site without a domain name.

But you don't have a right not to be at a competitive disadvantage in libertopia

I'm definitely not claiming that he has a right to be profitable, or even that he has a right to monopoly-free internet hosting. It's just that you want a successful web presence, there is only one way to do that without breaking the ICANN monopoly. I disagree that he is bound by his libertarian ideals to fight every possible free market fight. Like all of us, he can pick his battles, or even have none at all.

He could use ronpaul.org, ronpaul.biz, or whatever he likes

That is true, but it leaves him with two problems: First, those others are the internet ghetto compared to .COM. Nothing screams "crappy site" like a .BIZ or even a .ORG when you aren't an organization. The second problem is that he'd have these people camped out on RonPaul.com, which could confuse his target audience.

The going rate is the rate at which the domain owner is willing to sell, in the case of sex.com and ronpaul.com.

Welllllll, yes and no. The contract with the registrar is not so simple. There is a fairly good-sized section on how to resolve domain disputes. Here's the one for one of my registrars. It's possible that they violate 4.i.B:

"by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant's mark as to the source, sponsorship, affiliation, or endorsement of your web site or location or of a product or service on your web site or location. "

or maybe C:

"you are making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue. "

or maybe none of those :) Point is, the whole dispute resolution system is built in to the ICANN contract. Ron Paul isn't subverting anything, he's activating a clause in a contract. As part of the dispute resolution, you have to choose from this List of Approved Dispute Resolution Service Providers. All Ron Paul seems to have done is read the standard ICANN contract and contact the appropriate service provider, which happens to be UN-affiliated.

The whole thing is simple hypocrisy - if you espouse libertarian ideals you should be willing to pay the asking rate for property owned by others or let them have it.

Had he used his influence to contact the UN (or some other organization) to pull strings outside of the normal process, I would 100% agree that he was being a hypocrite. However, he's just doing everything by the book (AFAIK).

Here's the guy who just registered ryanlanza.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net/
for detailed information.

Domain Name: RYANLANZA.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com/
Name Server: NS39.DOMAINCONTROL.COM
Name Server: NS40.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 14-dec-2012
Creation Date: 14-dec-2012
Expiration Date: 14-dec-2013

>>> Last update of whois database: Fri, 14 Dec 2012 19:25:09 UTC

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
The data contained in GoDaddy.com, LLC's WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, LLC. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data

"Yesterday, GoDaddy.com and many of our customers experienced intermittent service outages starting shortly after 10 a.m. PDT. Service was fully restored by 4 p.m. PDT. "
http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=410

Must be that new definition of the word "intermittent." The one roughly synonymous with "total."

GoDaddy supported SOPA initially, but rescinded their support last December.

http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=378&isc=smtwsup

Considering their website stayed up during the whole attack, your joke fails. http://support.godaddy.com/godaddy/statement-about-sopa/

I can see that you have not adjusted your thinking to the concept of the absence of copyright.

For instance you wrote: "it's the copyright on it that legally guarantees the source code will remain free."

Your software will be free if there is no copyright.

Then: "Without copyright, another organization could appropriate it, close it up, and release a derivative work without so much as an acknowledgement that they got it from me, costing me potential reputation,"

Just release the closed version yourself, with credits embedded.

And really, its not so hard or expensive to set up a domain. Mine cost me an old computer and the power to run it. UBUNTU is free, APACHE is free, FREEDNS is free. And a few bucks a year to Godaddy for DNS registry. As you can write code, doing all that should be as easy as pi. (oops, pie).

And as an independent programmer, how can you have any street cred without your own domain?

So if you steal my candy bar, or I think it's my candy bar and I say "hey that's mind, stop eating it" you should get to keep on eating it for a week because the sound of you smacking your lips while eating is free speech? If I'm wrong and somebody else stole the candy bar, and you through happenstance had your own identical candy bar, then I've caused you damages and should have to pay for those damages, if on the other hand I'm correct and you did steal my candy bar, you've damaged me and should have to compensate me for the damages

Now here's the rub, and getting closer to the actual topic

To be considered effective, a notification of a claimed copyright infringement must be provided to Go Daddy and must include the following information:

An electronic signature of the copyright owner, or a person authorized to act on behalf of the owner, of an exclusive copyright that has allegedly been infringed.
Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works on that site.
Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit Go Daddy to locate the material.
Information reasonably sufficient to permit Go Daddy to contact the Complaining Party, such as an address, telephone number, and, if available, an electronic mail address at which the Complaining Party may be contacted.
A statement that the Complaining Party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
A statement that the information in the notification is accurate, and under penalty of perjury, that the Complaining Party is the owner, or is authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.
GO DADDY TRADEMARK AND/OR COPYRIGHT INFRINGEMENT POLICY

under penalty of perjury that's scary stuff

... guilty of perjury and shall, except as otherwise expressly provided by law, be fined under this title or imprisoned not more than five years, or both. This section is applicable whether the statement or subscription is made within or without the United States. 18 USC 1621 - PERJURY GENERALLY

a five year felony, clearly false DMCA takedowns are not for the faint of heart.

they've got issues, but they're cheap, even with dedicated hosting (stay away from the limited 'unlimited' plans). http://www.godaddy.com/hosting/dedicated-servers.aspx?ci=9014

I had to look it up. But once I found a reliable source I did a batch transfer. http://help.godaddy.com/article/3560 lol

Uh... I'm no fan either, but it seems clear that they in fact DID reverse their stance: http://support.godaddy.com/godaddy/go-daddys-position-on-sopa

They didn't just transfer to one of the godaddy resellers did they? voxel.net is just a godaddy reseller. I'll assume the best and the records just didn't update yet.

Whois Server Version 2.0

      Domain Name: IMGUR.COM
      Registrar: GODADDY.COM, INC.
      Whois Server: whois.godaddy.com
      Referral URL: http://registrar.godaddy.com/
      Name Server: NS.VOXEL.NET
      Name Server: NS2.VOXEL.NET
      Name Server: NS3.VOXEL.NET
      Status: ok
      Updated Date: 28-dec-2011
      Creation Date: 09-jan-2009
      Expiration Date: 09-jan-2015

Lets not believe all the hype. GoDaddy has decided, for business reasons, that it is no longer publicly supporting SOPA. GoDaddy is NOT publicly saying that they are against SOPA.

From the GoDaddy Website (and with the assistance of their lawyers and public relations team):

In changing its position, Go Daddy remains steadfast in its promise to support security and stability of the Internet. In an effort to eliminate any confusion about its reversal on SOPA though, Jones has removed blog postings that had outlined areas of the bill Go Daddy did support.

"Go Daddy has always fought to preserve the intellectual property rights of third parties, and will continue to do so in the future," Jones said.

Doesn't sound like much of a retreat to me, especially when they say (in regards to SOPA and the DMCA, that "... and we will continue to do so in the future.".

Also, something interesting, if you look at the official list of SOPA supporters, it is filled with a lot of Christian organizations (they either have the word Christian in their name, or they are Christian conservative in their lifestyles and political beliefs), like this group:
Concerned Women for America, whose mandate is:

We are the nation's largest public policy women's organization with a rich 28-year history of helping our members across the country bring Biblical principles into all levels of public policy. We help people focus on six core issues, which we have determined need Biblical principles most and where we can have the greatest impact.

Not that I am trying to Troll or make this into a religious controversy, but I do find it curious that along with the usual suspects like the big media conglomerates, that there would be so many Christian organizations interested in stopping the sale of counterfeit Rolex watches. Though I think we all know that when governments and corporations band together to promote a police state for our own protection, things aren't always as they appear.

And speaking of corporations, why am I forced to create a Google account just so that I can RTFA?!

References:
https://www.godaddy.com/newscenter/release-view.aspx?news_item_id=378&isc=smtwsup
http://judiciary.house.gov/issues/Rouge%20Websites/SOPA%20Supporters.pdf

GoDaddy now does not support SOPA.

http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=378

SCOTTSDALE, Ariz. (Dec. 23, 2011) - Go Daddy is no longer supporting SOPA, the "Stop Online Piracy Act" currently working its way through U.S. Congress.

We value your opinion and understand that there are both proponents and opponents of the Stop Online Piracy Act. Go Daddy's official stance can be viewed at http://support.godaddy.com/godaddy/go-daddys-position-on-sopa/

that page is now blank and just states the change.

The story isn't the drone. The story should be that the Montgomery County Sheriff's Office in Conroe, TX just paid $300,000 for a R/C helicopter from a company that just happens to be in Conroe, TX, with a business website has only been in operating for a year.

Police giving $300,000 to new local company for a toy? Why do I feel like this was a scam, that someone in the police force just made $250,000+?

And they the tend to be the cheaper ones. However these certs are probably more likely to be at risk from the sort of whole CA system compromises we have seen recently here. IE they are issued largely automatically by key issuing servers that are accepting input from random users and have connectivity to the internet.

At least with the issuing methods with more human involvement there is more possibility (not guaranteed of course) of a process involving a physical air gap between the key issuing machines and the outside world making them more resistant to wholesale compromise.

That said I think these cheap certs are here to stay and use them regularly when setting up secure sites.

For problems in this kind, Perspectives works pretty well, I think. Maybe you think so, too, since you use it in all your Firefoxes?

I agree. But I just like arguing edge cases because if a given solution's edge cases are easy to solve or to minimize, it's easier to make a solid case for adopting the solution.

Yes, for the scenario in which you are accessing a virtual host via HTTPS, and the virtual host wasn't given its own IP address

Correct. Running over a thousand sites on one IPv4 address is the norm for budget shared hosting. Shared hosting providers don't offer SNI, and my best guess is that hosting providers don't want to have to deal with the cost of answering hosting clients' complaints that visitors using IE on XP can't see the HTTPS section.

or the server can't use or doesn't have an X509 v3 subjectAltName certificate

True, a so-called UCC can list several hostnames as subjectAltName entries. For example, a single certificate could cover hobbyclublocator.com, www.hobbyclublocator.com, hclubl.com, and www.hclubl.com, because they're all the same site. But I've read that it's poor practice to list several unrelated web sites as subjectAltName entries on one certificate. So if hobbyclublocator.com, philshobbyshop.com, tiltandgo.com, and 5dsoftware.com are not the same site, they shouldn't have the same private key.

And I wouldn't say Perspectives "fails" in those scenarios. More precisely, it cannot work for those scenarios.

I treat "fails" as including "cannot work". If a public key distribution mechanism "cannot work" to reassure customers that their passwords, session tokens, and credit card numbers won't get eavesdropped, then it "fails" to give customers enough confidence to shop there, and it "fails" to convert visitors to orders. Both a false negative and a false positive are different forms of "failure".

Certificate Authorities issue "Relying Party Agreements", which specify their obligations to users relying on their certificates. Some of these specify financial penalties payable to end users.Over the years, as with EULAs, these have been made so favorable to the CAs as to make them meaningless. (See, for example, Verisign's relying party agreement. Or, worse, the one from Starfield, GoDaddy's CA.)

Now it's time to push back.

The Mozilla Foundation should issue a tough standard for CA Relying Party Agreements to get a root cert into Mozilla. One that makes CA's financially responsible for false certs they issue, with a minimum liability limit of at least $100,000. The CA must be required to post a bond. A third party consumer-oriented organization like BEUC (in the EU) or Consumer's Union (in the US), not the CA, must decide claims.

The technology behind SSL is fine. The problem is allowing CA's that aren't doing due diligence on their customers to have root certificates in major browsers. Mozilla all by itself has enough power to tighten up standards in this area. All it takes is the will.

"Huge amounts"? GoDaddy offers widely-trusted certs (their roots are in all major browsers, and also chain back to the old ValiCert root so it works with ancient browsers) for about $13/year. Hardly "huge amounts".

StartSSL has their root in all major browsers, and they issue certs for free. (Naturally, they also offer Class 2 and EV certs for money, but their basic domain-validated certs are free.) While the PKI model has its flaws, StartSSL seems to be doing The Right Thing within the confines of the model (4096-bit roots, 2048-bit minimum key length, checks for weak keys, no internal/unqualified names, etc.).

You're talking about UCC certificates, and yes, they've been around for a while. The problem is browser adoption - there are still waaay too many people using IE6 out there.

Looks like the registrar is Godaddy. Here's a WHOIS on the domain name:

    Domain Name: TORRENT-FINDER.COM
      Registrar: GODADDY.COM, INC.
      Whois Server: whois.godaddy.com
      Referral URL: http://registrar.godaddy.com/
      Name Server: NS1.SEIZEDSERVERS.COM
      Name Server: NS2.SEIZEDSERVERS.COM
      Status: clientDeleteProhibited
      Status: clientRenewProhibited
      Status: clientTransferProhibited
      Status: serverDeleteProhibited
      Status: serverTransferProhibited
      Status: serverUpdateProhibited
      Updated Date: 24-nov-2010
      Creation Date: 30-dec-2005
      Expiration Date: 30-dec-2011

Makes sense. Kinda explains why the ever-so-popular thepiratebay.org wasn't blocked:

Domain ID:D104576138-LROR
Domain Name:THEPIRATEBAY.ORG
Created On:28-Jun-2004 16:08:27 UTC
Last Updated On:07-May-2010 07:22:02 UTC
Expiration Date:28-Jun-2015 16:08:27 UTC
Sponsoring Registrar:Key-Systems GmbH (R51-LROR)
Status:CLIENT TRANSFER PROHIBITED
Name Server:NS0.THEPIRATEBAY.ORG
Name Server:NS1.THEPIRATEBAY.ORG
Name Server:NS2.THEPIRATEBAY.ORG
Name Server:NS3.THEPIRATEBAY.ORG
DNSSEC:Unsigned

Looks like Godaddy was coerced by someone powerful to do this. I doubt that such influence could be had over a foreign registrar. Otherwise I'm sure TPB would be the first to go since it's a proven MPAA favorite. Okay wait.. nevermind that. Just checked another domain and the registrar is chinese.

    Domain Name: MASSNIKE.COM
      Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
      Whois Server: whois.dns.com.cn
      Referral URL: http://www.dns.com.cn/
      Name Server: NS1.SEIZEDSERVERS.COM
      Name Server: NS2.SEIZEDSERVERS.COM
      Status: clientDeleteProhibited
      Status: clientTransferProhibited
      Status: serverDeleteProhibited
      Status: serverTransferProhibited
      Status: serverUpdateProhibited
      Updated Date: 24-nov-2010
      Creation Date: 23-sep-2006
      Expiration Date: 23-sep-2014

Well then I guess they can change stuff for everyone. But even then, it's just .coms. Maybe that's of significance.

The problem is that the whois information for these domain names has been updated with different name servers.

alternate dns servers would have to somehow get the original whois information in order to get to the original website.

do a "whois torrent-finder.com" and you see what I mean:

      Domain Name: TORRENT-FINDER.COM
      Registrar: GODADDY.COM, INC.
      Whois Server: whois.godaddy.com
      Referral URL: http://registrar.godaddy.com/
      Name Server: NS1.SEIZEDSERVERS.COM
      Name Server: NS2.SEIZEDSERVERS.COM
      Status: clientDeleteProhibited
      Status: clientRenewProhibited
      Status: clientTransferProhibited
      Status: serverDeleteProhibited
      Status: serverTransferProhibited
      Status: serverUpdateProhibited
      Updated Date: 24-nov-2010

      Domain Name: TORRENT-FINDER.COM
      Registrar: GODADDY.COM, INC.
      Whois Server: whois.godaddy.com
      Referral URL: http://registrar.godaddy.com/
      Name Server: NS1.SEIZEDSERVERS.COM
      Name Server: NS2.SEIZEDSERVERS.COM
      Status: clientDeleteProhibited
      Status: clientRenewProhibited
      Status: clientTransferProhibited
      Status: serverDeleteProhibited
      Status: serverTransferProhibited
      Status: serverUpdateProhibited
      Updated Date: 24-nov-2010
      Creation Date: 30-dec-2005
      Expiration Date: 30-dec-2011

The WHOIS I see:

Domain Name: TORRENT-FINDER.COM
      Registrar: GODADDY.COM, INC.
      Whois Server: whois.godaddy.com
      Referral URL: http://registrar.godaddy.com/
      Name Server: NS1.SEIZEDSERVERS.COM
      Name Server: NS2.SEIZEDSERVERS.COM

Go look up SEIZEDSERVERS.COM. The owner has contracts with DHS.

Well, how's W looking to you now?

GoDaddy certs are also available for ~$13/year. Search for "godaddy ssl" on Google with AdBlock turned off, and there are ads on the side for the promotion.

Direct link with their promotional code: http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo024c

Disclaimer: I have no connection, financial or otherwise, with GoDaddy or the Google ads. As far as I can tell, the ads are run by GoDaddy themselves. This is not part of any referral program, and I receive nothing in exchange for the link above.

Wow. I never thought of Google as a knife-weilding maniac before. But analogies don't lie so I've made up my mind...I'm switching to Hosted Exchange!!!

That is, unless you think that GoDaddy guy looks like Hannibal Lecter. No...wait...he doesn't wear glasses. OMG, its Benjamin Linus from Lost!!! No, wait...it's Agent Smith!

Shit, they cut the hard line! Get out...It's a trap!!!!

Yes, no mistake. They were pushing this even before it became available for sale:

http://community.godaddy.com/godaddy/co-claim-your-opportunity/

'Pre-registration is now open for the newest truly global and recognizable domain name extension to come along in years: .co -- It's used everywhere as an abbreviation for Company, Corporation, and Commerce. Let it vault your company into the global Internet marketplace!

Here's your chance to grab domain names that have been taken for years with the .com extension. Pre-registration includes application periods for trademark holders and others.'

Run by Shane Neman, who also runs "Club Texting," both companies are known for sending out unsolicited text spam, which is illegal under the Telephone Consumer Protection Act (because the recipient has to pay to receive the message). When not avoiding disclosure of legal liabilities to their customers, they're quietly lobbying the FCC to get the same odious protections Congress gave junk faxers.

http://www.commlawblog.com/tags/club-texting/

EZ Texting makes sure to send their messages from obfuscated domains with "private" registration information (spammers apparently don't like being spammed, or being served lawsuits).

I doubt this is less about the content of the advertising and more about T-Mobile responding to customer complaints and attempting to cut off an unlawful advertiser who's trespassing on their networks. A spammer is a spammer is a spammer.

Run by Shane Neman, who also runs "Club Texting," both companies are known for sending out unsolicited text spam, which is illegal under the Telephone Consumer Protection Act (because the recipient has to pay to receive the message). When not avoiding disclosure of legal liabilities to their customers, they're quietly lobbying the FCC to get the same odious protections Congress gave junk faxers.

http://www.commlawblog.com/tags/club-texting/

EZ Texting makes sure to send their messages from obfuscated domains with "private" registration information (spammers apparently don't like being spammed, or being served lawsuits).

I doubt this is less about the content of the advertising and more about T-Mobile responding to customer complaints and attempting to cut off an unlawful advertiser who's trespassing on their networks. A spammer is a spammer is a spammer.

According to the website's domain registration, the contact details are: The Nerd Support +91.9680115111 Phone 280-A, Talwandi KOTA, Rajasthan 324005 India (see GoDaddy whois page, though those details may well be fake as well)

Looks like they did not take their own advice, then.

http://help.godaddy.com/article/2653

It's amazing how often 'Admin' etc. works...the other day I was invited by a CIO to take a look at their security, (which he thought was great; (they'd actually done a pretty good job).
Since they were in the middle of rolling out their new 'secure' portal, I tried 'demo' and 'demo'...worked fine, and with full access rights too...Oops

Just for your information, Proud Domains is using Wild West Domains, a sister company of GoDaddy, to register and manage your domains. Granted, the support you're getting is likely from people employed by or running Proud, but the actual product is still a GoDaddy-managed item. IAAWWDR (Wild West Domains Reseller)

A GoDaddy Virtual Dedicated Server is *not* the property of the party who purchases the service, it is the property of GoDaddy. Read the product literature and the service agreement, and you will find that at no point are you granted the right to take sole control of the root account. This would be like insisting on changing the lock on an apartment so that only you have access to it. The strongest promise they make is that you will have administrative access so that you can install whatever you want.

GoDaddy did nothing wrong, but it's good that they put the best possible face on it.

A GoDaddy Virtual Dedicated Server is *not* the property of the party who purchases the service, it is the property of GoDaddy. Read the product literature and the service agreement, and you will find that at no point are you granted the right to take sole control of the root account. This would be like insisting on changing the lock on an apartment so that only you have access to it. The strongest promise they make is that you will have administrative access so that you can install whatever you want.

GoDaddy did nothing wrong, but it's good that they put the best possible face on it.

hulu.com

This domain is for sale! Click here to register!

You're giving free advertisement to some jerk who registered the domain to grab attention to his site. http://who.godaddy.com/WhoIsVerify.aspx?domain=donothijackme.com&prog_id=godaddy

There may be some merit to that thought - GoDaddy's Whois tells says:

Registrant:
Michael Sharp
12932 SE Kent-Kangley Rd.
Box 238
Kent, Washington 98030
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ITSBETTERWITHWINDOWS.COM
Created on: 05-Dec-08
Expires on: 05-Dec-09
Last Updated on: 05-Dec-08

Administrative Contact:
Sharp, Michael rdcpro@hotmail.com
12932 SE Kent-Kangley Rd.
Box 238
Kent, Washington 98030
United States
(877) 788-8066

Technical Contact:
Sharp, Michael rdcpro@hotmail.com
12932 SE Kent-Kangley Rd.
Box 238
Kent, Washington 98030
United States
(877) 788-8066

Domain servers in listed order:
NS61.DOMAINCONTROL.COM
NS62.DOMAINCONTROL.COM


Registry Status: clientDeleteProhibited
Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited

http://who.godaddy.com/whoischeck.aspx?Domain=ITSBETTERWITHWINDOWS.COM

Check out the owner's Expert-Exchange profile
http://www.experts-exchange.com/M_1301691.html

"I am an independant web and application developer, specializing in Content Management and Collaboration. My company, CollaborationPeople, Inc. serves clients in Seattle, Washington and the greater Puget Sound Region, although I have clients as far away as Los Angeles and Santa Barbara, CA and Portland, Or."

Registrant:
Michael Sharp
12932 SE Kent-Kangley Rd.
Box 238
Kent, Washington 98030
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ITSBETTERWITHWINDOWS.COM
Created on: 05-Dec-08
Expires on: 05-Dec-09
Last Updated on: 05-Dec-08

Administrative Contact:
Sharp, Michael rdcpro@hotmail.com
12932 SE Kent-Kangley Rd.
Box 238
Kent, Washington 98030
United States
(877) 788-8066

Technical Contact:
Sharp, Michael rdcpro@hotmail.com
12932 SE Kent-Kangley Rd.
Box 238
Kent, Washington 98030
United States
(877) 788-8066

Domain servers in listed order:
NS61.DOMAINCONTROL.COM
NS62.DOMAINCONTROL.COM

Registry Status: clientDeleteProhibited
Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited