170 comments

[ 4.1 ms ] story [ 221 ms ] thread
Wow, the author is not exaggerating when saying it is a scam.

Looking at the .feedback page for Stack Overflow, it says at the top, in fairly large letters "We make Stack Overflow, where the world's developers get answers, share knowledge & find jobs they love. Also proud builders of the @stackexchange Q&A network."

Then at the absolute bottom, in small, washed out print it says "Disclaimer: This site is provided to facilitate free speech regarding Stack Overflow. No direct endorsement or association should be conferred."

So, users are not supposed to confer that a page claiming to be by the makers of stack overflow, are associated with SO? Beyond any reasonable doubt, the people behind that site are trying to scam visitors.

If the creators of the .feedback pages are also the TLD owners, it seems obvious to me that they should face legal charges and be stripped of the TLD.

Consumers will eventually learn, as they always do. Try to educate anyone you meet that brings up .feedback. If anyone on social media talks about it, link them this article.
You must be joking or have no experience beyond 1 or 2 people. The vast majority of the online population does not learn nor care about these details. The massive amount of scams that continue to exist and grow is evidence enough.

If people did something as simple as confirming the domain listed in the address bar is the site they should be on, we would see a major decrease in malware, but alas the situation continues.

The flipside of this is that if nobody visits .feedback domains, they won't be able to scam anyone. Users don't need to learn anything to avoid them, because they probably won't ever hear about them in the first place.

If they have no audience, they can be safely ignored. No reason to pay $600/yr for hypotheticals.

All I meant was, the moment someone brings up a .feedback domain or "Google's new feedback service," just let them know it's a scam and move on.

Let's hope they don't learn about this thing called "SEO"
I'm not sure how much that'll really help. It doesn't take too much imagination to think that perhaps Google's heuristics will rank this TLD poorly.

Trying to scam google over $600 feels like a poor strategy for a scam that depends on being discovered.

They aren't going to scam Google, or any legally capable entity.

I imagine they will follow the Yelp scam model - post bad reviews against smaller companies, out so them, and charge to remove the malicious information.

Scamming is a multi-million dollar sophisticated business. Scammers use various forms of advertisements from online advertisements to cold-calling potential victims to carry out their scams. That's how potential victims fall prey to scams and end up visiting malicious websites. That's how an audience for scamming is created.
The amount of education you spread (and assuming it's remembered and trusted) will never match the advertising and other underhanded methods scammers will use to trick people into visiting and believing this is a real site. They work on the scale of billions of online users.
If that were really true, the BBB might have gone under years ago, and the Nigerians might stop asking for help in transferring great wealth.

There is no shortage of suckers in the world - as the old saying goes, there's one born every minute.

> So, users are not supposed to confer that a page claiming to be by the makers of stack overflow, are associated with SO?

Yes, pretty clearly trademark infringement IMO. Confusingly similar, their websites purport to be run by the very organizations they're trying to extort. The disclaimer is IMO not sufficiently clear.

SO is humorously classified as a "local business". NYC HN-ers, could you drop by the SO offices and ask a Python question for me? I keep getting these `ImportError`s...

I haven't done too much looking, but that seems fairly common so far. Microsoft is also a "local business", and Google is an ISP. I mean, Google Fiber is really cool, but that's not how most people use it
Google Fiber is a part of Alphabet, though...
well, technically anyone with a stackoverflow account can claim that.
Well, the reviews on stackoverflow.feedback are quite informative!

Dan Manny says:

Stack over flow made me loose money!!! Bad code with security wholes in it crashed my clients site!! Warning warning for scammers

and Antonio B. of Indonesia says:

Best site for solving programming issue!!!11!one! The most user and newbie friendly site!

11/10 would recommend

You know you can trust reviews like this!

I think "Stack Overflow Admin"'s response to Dan Manny should speak for itself:

> You fucking moron!!! You lost money because you were so stupid and not being able to differentiate bad code from good code. StackOverflow is not you free personal assistant. You should kill yourself for being so stupid.

From reading the "reviews" at http://www.stackoverflow.feedback/reviews, I get the feeling the entire .feedback TLD will soon be hosting all kinds of 4chan-alike pages and the owners will have to take the sites down because of the NSFW things that will be posted there...
Im pretty sure they're all from here though(including the one I quoted), and the ones before today are somewhat civil.
> !!!11!one!

Is there a word for the feeling you get when you see 15+ year old idiot message board / forum / usenet catchphrases apparently still going strong?

It's a curious mix of nostalgia and revulsion.

The German word for it is Beinaheleidenschaftsgegenstand, apparently.
In 22 years of living in germany, ive never once heard anyone use that atrocity of a word or anything close to it - I guess it's a joke-word from the tv series How I met your mother making fun of the fact that many complex german words are just glued together from other words, eg. Krankenhaus ("ill building" or "building for the ill"). This does not mean that every compound word you theoretically could form is actually a valid german word.
Yes, truly an old recycled joke that was never that funny in the first place, kind of like !!11!!!!one!
Here in the Anglosphere, any sufficiently compound word is indistinguishable from German. ;-)
Isn't that true? After 2 years in Germany, it was my feeling that you could freely associate several words into one. I'll defer to your 22 years of expertise, obviously.
You can combine words, but the result has to be a logical structure. The word by OP is nonsensical. It can't exist.
You totally can. Technically sometimes you need a certain conjugation or a linking "s", but usually you just combine the words.

I guess they meant that not every compound word is one that Germans actually use (as you would expect when somebody claims "it's a German word"). But you can totally make up words on the spot that every German will understand

Yep. Anything with more than one of "schaft", "stand", "gegen", "-biet", etc., is either a joke, or a government office.
Bietstandgegenwitgeschaft is real though
Googling that word returns only your comment.
I do use such constructs from time to time as a mix of nostalgia and tongue in cheek.
Everyone knows adults mix in cos(0) somewhere among the 1's
Really??!!!11-i^21?
I always mixed in lim x->0 sin(x)/x.
I agree!!!!!!!!!!!!!!!11111!!!!!!!1onemilliononehundredeleventhousandonehundredelevenpointoneoneoneoneoneoneoneoneone!!!1
Having a quick look through I think most of the responses are just trolls.
It is a scam, but the reality is nobody will ever go to these domains, they will never be ranked in google or bing. So who cares. I could create a site called myfeedbacksite.com/google or google.myfeedbacksite.com.. same thing.
If you owned one of those sites, you'd probably be a bit concerned. You're probably wondering right now if it's worth it to take action, wait for another company to do so, or hope that it never gets traction, like you suggest.

Also, the domains you suggested are quite different from the current situation. A site like myfeedbacksite.com/google is clearly not owned or operated by Google. Very few people would be confused. Whereas a site named google.feedback is far more confusing. Not sure anyone would know if it's an official Google site or not.

You should only be concerned about people who know enough to tell that `google.com.feedba.ck` is probably not owned by google, but don't know enough to tell the same about `google.feedback`. I really don't think this covers a lot of people.
Two points: - I do think they are concerned about google.com.feedba.ck, those lawyers need to fill up their day. - google.com.feedba.ck is far more sketchy looking than google.feedback. It's far easier to fool someone with the latter, and therefore far more of a thread.
For now. Give it 5 years and everyone will know that something.random_tld is sketch too.
(comment deleted)
Good time to test those DDOS attack tools.
Pretty much RipoffReport 2.0, except scaled to hyperbolic levels! Yay!!!!
> Looking at the .feedback page for Stack Overflow, it says at the top, in fairly large letters "We make Stack Overflow, where the world's developers get answers, share knowledge & find jobs they love. Also proud builders of the @stackexchange Q&A network."

Plus it also looks decently designed and not like an easy to spot scam. I could easily see the average, non tech-savvy users fall for that.

If someone puts up a site or page claiming to be a company or entity that they're not (i.e., "We make Stack Overflow, where the world's developers get answers...") then that's not a domain name or TLD issue.

It's another issue altogether that should be dealt with legally.

(comment deleted)
Looks like all their pages have the word "scam" on them somewhere now. I also see some script alert() and other stuff that suggest they've got a lot of security bugs and people, either on here or elsewhere, have taken it upon themselves to inject/change a bunch of content so people realize it's all scammy.
I wonder how they can get away with this, and not be sued into oblivion.

On an amusing note, the pages barely load for me. Could this be the first time the HN hug of death took down a whole TLD?

Ick. In a way, it is a sort of corporate version of those mugshot sites.

I understand a lot of other scams. (Not condone, but I see the attraction of running it.) This one just seems like a lot of work to put into something that I really don't see the targeted companies choosing to go along with. Seems like borrowing a ton of grief - at the very least, they'll be hearing from a bunch of crabby lawyers.

$600 is less than the cost of lawyer time for a worthwhile response, so they may well collect more than we would like to think...
It's also about half the cost of starting an ICANN dispute resolution process.... even without a lawyer.
Especially since an ICANN dispute resolution against the registry seems a bit like uncharted waters...
> $600 is less than the cost of lawyer time for a worthwhile response

I'd love to see NewEgg get involved in this. They have a history of going after patent and other legal trolls for the sole purpose of discouraging that type of behaviour. [0]

Sadly, it seems no one has bothered to register newegg.feedback...

[0] https://blog.newegg.com/newegg-vs-patent-trolls-when-we-win-...

That's a depressingly good point.
An unethical and shamefully pathetic extortion scheme. This is really a disappointing and completely uninnovative, destructive direction to take the internet in
Reminds me of GetSatisfaction back in the day. It was never as much of an outright scam as this, but they definitely had that protection racket vibe about it.
I do remember the pitchforks and burning effigies around the GetSatisfaction drama a while back.

For those that don't know, GetSatisfaction is/was a 'user support' site designed for users of a particular app/service to provide support to each other - only the fact that it wasn't an official support page was not immediately obvious. They had a line somewhere on the page that said something like "We hope that a support rep from the company will chime in on these threads" but not much else.

People ended up getting extremely frustrated with the companies in question, believing that the company was ignoring them when questions went unanswered.

To their credit, I think they changed things and made the situation clearer when several companies lambasted them on social media, but I don't know that they ever fully recovered and became as popular as they were before that.

Get satisfaction was a really bad place filled with dark patterns. Sad to see it still alive.
How is this a scam? The result is obviously just a ratings site which never purports to be the sites referenced in their URL...why does it matter if you type in google.feedback or feedback.com/google or google.feedback.com into your browser? No reasonable person could be misled to believe that google.feedback/ was at all related to Google.

edit: Okay, I guess it is a pretty messed up website. If you go to reply to something, it gives you the ability to "officially" reply (as, say Google) for a mere $29 per message. This doesn't seem like extortion, but it is a pretty horrible business idea.

Seriously?
Yes - feel free to reply with something more substantial.
> No reasonable person could be misled to believe that google.feedback/ was at all related to Google.

Mate, that is 100% confusing to anyone on the internet.

Especially more so now that google uses their own TLD for some of their blogs/services. So `blog.google` is google. `google.com` is google, but `google.feedback` isn't. Please explain...

People who don't understand how domain names work are probably just as likely to be fooled by 'feedback.com/google' as they are by 'google.feedback'. I don't really get this either. It's obvious from the content of the site that it's not run by Google.
I'm on the internet, and it was not confusing to me.

Is google.reddit.com 100% confusing to anyone on the internet too?

I might want to include that IMHO all new TLDs are trick. Brand proprietors are compelled to enroll their name in a large portion of them.
I consider any "non standard" tld as crap. If you have a weird tld i wont go to your website.
Where do you draw the line on this? I can understand that unknown companies running on some obscure GTLD might raise suspicion, but what about a personal blog or someone's side project?
TLD more than 3chrs? Not for me.

.info is the furthest I'd go. At a push. I'll also still click on ".google" and other reputable corp vanity domains if the content appears on HN and looks interesting enough.

Could the major browser providers start just blacklisting these kinds of TLD's? Or grey listing with huge warnings?
That's a scary precedent... Sure, similar things have been done to prevent visitors from attacks, but this is at best a platform for expressing criticism and at worst a sleazy shakedown of the companies being criticized (not the visitors), and to my knowledge the anti-phishing/malware warnings haven't been used to merely oppose competing interests or stifle ideas.
It's also a massive trademark violation.
Google provides a huge DNS service. Could they just return NXDOMAIN for the entire .feedback TLD?
Yes, but I feel that it would cause a very large mob in Mountain View.
I can think of a lot of parties that would love precedent for Google censoring stuff from their DNS. Parties Google really doesn't want to be seen as on the same side with.
(comment deleted)
(comment deleted)
The whole point of arbitrary TLDs was to enforce self-segregation for some industries (porn above all), so I expect systems dedicated to web-filtering have adopted or will eventually adopt some policy on the subject. I guess .feedback should be considered "fraud, scam".
Interestingly, amazon.feedback redirects to amazon.com, so Amazon did pay
Or threatened to sue them into a smoking hole in the ground..
Amazon makes that money in about 6 seconds. I don't think they would even bother to threaten them, but that's just my opinion. Maybe that's the motivation behind the scam as well?
You did the math, seemed small to me but that's how many seconds it takes to make 600 , assuming ~900 mil profit per quarter.
Maybe because it is less hassle than getting a purchase order authorised.
Well, lawyers got to earn their pay...
Yeah, this is way more likely than paying 600. Amazon lawyers are a very very brutish sort. I've worked with them.

Another possibility is that the site is trying to give the impression big companies are paying so when they go after small fry it'll go easier on them.

They could always switch it to feedback about the river.
I think Amazon could probably still "get them" by putting them through legal costs.
Or they buy every amazon.$TLD before anyone else does.
Com Laude, a company that "manages domain name portfolios for brand owners", paid and Amazon presumably paid Com Laude for their services.

Source: whois & it's hosted on a CL server

Amazon seems to have semi-embraced the new GTLDs; http://amazon.horse and many others redirect to appropriate sections and products on Amazon.com.
Fucking genie's out of the bottle now isn't it. :)

A bit late to call party foul when absurd tlds are available more and more. Ocean of piss and all that. Embrace the chaos.

It's essentially the same business model -- attract user-generated content that looks bad for a company, then demand money from them to make it go away.
On the topic of scams, has anyone ever discovered what ICANN did with the enormous amount of money it raised by selling these TLDs at a premium?

I recall .blog being purchased by Automattic for 15-20M (that being just 1 example).

ICANN is to tech what the SEC is to finance: A corporate revolving-door where you join to do your corporate-masters bidding and then move back to your 7-figure job.

Can you substantiate that a bit more?

Is that even how it works in the SEC?

That how the conspiracy-minded assume it works because it fits their world view better, but there's little evidence to support it. Insightful finance journalist (and former investment banker) Matt Levine often suggests that the revolving-door incentives are the reverse: Create tough and complicated regulations while you work at the SEC so that a big bank will have to hire you to help navigate those regulations.

Some examples where he has written about this issue: https://news.ycombinator.com/item?id=11545117

The real scammers here are ICANN and the atrocious way they handled the generic TLDs.
Not necessarily. TLDs don't rank any better than anything else. Google/Bing don't rank you just because you have a word in your tld. It's a minor signal.
It's not so much what the machines think, it's that moving from the convention of `company.domain` to `.company` confuses users and allows scams like this to happen.
They're also fingerprinting every user. I noticed because it caused Firefox to hang for over a minute.
You can't do "or pay $600/year to take the web site down". There are laws against that. It's called extortionate. That being said, they could be more subtle like Glassdoor / Yelp / etc. People would actually have to find .feedback domains useful for that to happen however. My sense is that this will just go nowhere, no business will be made, and it's all a lot of sound and fury over nothing.
Well they word it differently I'm sure.
Wording things differently rarely has any significant legal impact.

(Except in advertising, right?)

Wording things differently very often has significant legal impact, depending on the situation and context.

I have no legal training, but regularly review lengthy legal contracts and discuss them with lawyers, and tiny changes in wording can have huge implications in what they mean.

Outside of legal contracts, many agreements (such as an agreement over email, or even verbal) can be considered legally binding, and so could be affected similarly when it comes to wording.

An example away from contracts (written or otherwise): salesmen and bribing. "I'd like you to buy my company's product, let me take you to an expensive restaurant to discuss the opportunity" is fine (roughly, in some cases and depending on the monetary value of the meal it might be against company policy or in some cases even illegal, but usually fine), vs. "If you buy my company's product I will take you to an expensive restaurant" which isn't fine. (Speaking from experience, having a) had plenty of experience on both sides of the sales table, including being specifically offered bribes and including being "client entertained" including some cases where I couldn't accept even though it would have been legally not considered bribery, and also from the experience of having to write, and enforce, anti-bribery / anti-corruption company policies.)

I was a bit sloppy in my original statement. Yes, if you word a contract differently it will often have a different meaning, that's not really just a rewording, that's a material change. Same with other agreements. The different wording describes different requirements for fulfilling a contract.

An example of what I'm talking about is the difference between gifts and loans. Say you're applying for a mortgage, and I give you $50k as a gift. Sure, you can use that as a down payment. But if I make you agree to pay the $50k "gift" back as a condition, it's not a gift, it's a loan, and calling it a gift is mortgage fraud. No matter how you word it, you can't change a loan into a gift.

Just like with extortion. Extortion is an act, and you can carefully word it all you want, but it doesn't change the fact of extortion, but it may make it easier or more difficult to prove.

But I'm not trying to say something especially deep here, just that it's common for people to look at the language of the law and believe that they can avoid consequences by rewording a few things.

> You can't do "or pay $600/year to take the web site down".

Okay, IANAL, but that probably is not true.

Well, at least not in that way. They could for example, sell the .feedback domain to company owners, in regards that owner can either enable or disable user-given feedback.

Else, they could run the .feedback domain that point for a specific company, and nothing stops them, reason is pretty clear - it's their TLD, and if they got approved by ICANN, then nothing stops them in illegal way (copyright infringement are as powerful as ICANN is).

I'm normally thrilled to hear about new TLDs.

This is an exception. It'd be great in theory, but the preregistered scam domains are absolutely ridiculous.

I hope the likes of Google and Facebook come down on these sites, and come down on them hard.

Can the TLD just be blackholed by major DNS providers?
just lodged a complaint on icann.feedback, should fix it.
It seems that ICANN have gone for the $600/year deal.
That was suspiciously fast.
Comment from the article:

> I would like to add that IMHO all new TLDs are scam. Brand owners are forced to register their name in many of them.

.feedback is just the tip of the iceberg.

I think this is the core issue here. I remember that a few of ICANN's new TLDs caused similar issues. The idea of selling TLDs to companies for use at their discretion is horrible enough, but they also seem to be completely ignorant of this problem.

This feels as if ICANN is trying to become the new FIFA.

(I don't really have much empathy for google etc having to pay $600 a year, but the same problem could also hit lots of small sites. Also with the current trend, TLDs seem to loose all structure and meaning and just turn into another brand vehicle or trade asset)

I actually did a fairly robust empirical analysis of the extent to which brand owners did 'register their name in many of them' back when the round of ICANN gTLD expansions was happening.

The conclusion was that both currently-fashionable arguments were kinda bogus: the new gTLDs couldn't deal with 'artificial scarcity' in any real sense, if it even existed, and yet few brand owners were defensively registering in the existing domains (even .org) so claims that it would extract massive economic rent were also overblown.

It was eventually published in the Journal of Information Policy (vol.3, pp.464-484). There's a full-text copy on https://ora.ox.ac.uk/objects/uuid:ba4ca100-2f81-43ea-b207-84... if anyone's interested...

Comparing ICANN to FIFA is exactly how I have described them in the past. Having been to ICANN conferences, I can confidently say they answer to no-one at this point and it shows.
The whois data for domains under this TLD is kind of interesting

whois stackoverflow.feedback returns a phone number with a CNAM of STACK OVERFLOW, and the same address listed on https://stackoverflow.com/company/contact

whois google.feedback returns the phone number +1.1978600872, which is not a valid US area code last I checked. The address appears to be a PO box in Seattle.

facebook.feedback has the same bogus phone number and the same PO box as google.feedback.

myaccount.feedback (where they send you if you try to vote on anything, presumably other things too) has a residential address on Mercer Island, WA and a Google Voice number listed.

Calling the Google Voice number results in a voicemail where a person identifies themselves as "Jay" (presumably Jay Westerdal[0] of Top Level Spectrum, Inc who owns the .feedback TLD[1])

Another thing of interest is that myaccount.feedback encourages you to login with Google/Facebook/Twitter/LinkedIn

[0]: https://icannwiki.org/Jay_Westerdal [1]: https://icannwiki.org/Top_Level_Spectrum,_Inc.

Casual browsing of Jay's Twitter suggests he might be behind it. Also from:

http://www.dnsfan.com/2015/11/hammer-nails-and-feedback.html

> ICANN's core values are creativity, innovation, and respect the flow of information. The .Feedback registry is innovating and following those core values by allowing transparency with an independent review system that can be operated by anyone willing to sponsor a name. The .Feedback domain is different from all the other registries. It is human nature to fear change and innovation, this registry doesn't want to be in the business of selling just DNS domains like every other registry. We want to innovate!

(Innovation my ass...)

Also2, this seems to be the official page for the operation:

http://www.nic.feedback/

EDIT: Jay seems to be a big fish in the industry, so this is somewhat surprising.

Go to http://feedback.feedback/ and write a sternly-worded review, that'll teach'em.
Also feeedback.feedback (3 e's) is still available to register for free. Someone should squat it and extort the .feedback owners to get it back.
A site that provides uncensored free speech aimed at companies is considered a huge scam? It looks like the comments are not manipulated, and I appreciate that authenticity more than practices happening around Google, YouTube, Facebook etc.
It's a scam because they purport to be affiliated with the company everywhere except the disclaimer at the bottom.
Thanks for the feedback, .feedback guy.
GTLDs were introduced only a few years ago, but it's clear the implementers were conflicted by reckoning the freedom of the "earlier internet" with what the internet has become today. They wanted to honor the freedom of the DNS system. But they also recognized the internet has changed enormously. Today, the internet is largely ruled by large brands, just as most mainstream media is.

The GTLD system is a pretty poor compromise between those two positions. User's don't have freedom of the early DNS system, and brands now have a huge enforcement burden to mange. Registering sites like coca-cola.fun and coca-cola.shopping are almost certainly not allowed, and will be shut-down eventually, but it now costs Coke a sizable sum to monitor and take down the infringing websites.

There's some stellar reviews popping up there already