Hacker News new | past | comments | ask | show | jobs | submit login

Yes, that is good advice. We are reviewing all our processes about domain registries right now. Major lesson learned, and I would encourage other companies to think this through and learn from our experience today.



I learned this the hard way just a few months ago with Namecheap. Those guys dumped all of my personal information to some people (my name, address, phone number, etc.). I have kids in my home and all they offered me was $100 in Namecheap credit, which I didn't accept out of principle. I spoke with a lawyer and the privacy laws in the U.S. seem to make it not even worth going after them. Registrars basically can do what they want and it's hard to hold them accountable.


What people? Why are you scared of them? Should I be worried, as I have domains at namecheap.


Check out https://news.ycombinator.com/item?id=14139288

Never use namecheap for anything important.

I almost has a domain frozen with namecheap after one warning. If I missed the warning email or checked my email after 24 hours they would have completely suspended my domain. I'm talking about a site with MILLIONS of visitors per month and ten thousands of posts per day, not some small blog.


I’m in the same position and would love to hear more as well


Here's a quick timeline.

I did some work for a client in 2017 who was starting a cryptocurrency business. This involved buying a domain name for him to transfer to him later.

Well in 2018 there was some internal strife in his business that ended with a lawsuit being started. The opposing party started sending subpoenas to Namecheap asking for all information from 2018 onwards in relation to his account. What ended up happening was they released all of my information about my purchases, domains, personal information(anonymized credit card info, my actual physical address, information about my other unrelated clients domains, etc.)... going back to the start of my account.. several years worth of data prior to 2018. All clearly out of scope of the subpoena they were served.

Not only that, Namecheap never notified me of this.. in violation of their own privacy policy. They're supposed to notify their customers of the release of their information in relation to subpoenas by email or certified mail. Instead I found out much later from my previous client when he was given a copy of all of my information. And presumably his opposing parties in the crypto space were also given all of my information.

Seems kind of messed up to release all of that erroneously, without warning... especially to shady people in the crypto space.. you know, with people getting kidnapped over this stuff.

TL;DR Namecheap will drop your info, even if you paid to protect it as soon as they're given a single demand letter. And they won't stop at just giving up the info that's asked for (with 0 fight and 0 notification to you) there's a chance they'll release ALL of your account information.


Thank you for sharing that awful story. Sorry you had to go through it. Quite disappointing to a customer of Namecheap as well.


See my comment above.

I repeat don't use namecheap for any meaningful business, especially anything that is "enterprise"


Cloudflare Secure Registrar - I know you guys probably in some ways compete with Cloudflare, but maybe give them a call. Or for that matter become your own registrar and get into the corporate registrar business. With this experience under your belt, no doubt you'll crush it!


FWIW, CF's registrar is nice, but also represents an extreme form of lock-in on the part of Cloudflare -- the registrar subscription is specifically tied to your enterprise plan and will be terminated if you are not using other CF products.


That is not the case anymore. We would still allow you to continue to purchase just registrar.


Oh, fantastic! I'll let my former colleagues know, assuming no one else has reached out to them (this was a pretty specific piece of feedback we had re registrar, so great to hear that it's changed).


Do you have enough capital to become a registrar?


It's not just capital, becoming accredited is a major paperwork and logistical hassle, and you have to do it with every TLD you want to support.


Pretty sure they only need to worry about dot com.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: