>Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
I wouldn't be surprised if they are ignoring those complaints because there's no one left to process them. They clearly struggle to keep the lights on, see: https://news.ycombinator.com/item?id=34194555
Since they're ccTLDs, the governments of those countries can designate new operators. The root nameservers (operated by a variety of operators, under ICANN's supervision) would have to update their top level record but they are generally hands off for ccTLDs (because if they were not, a country could just mandate its ISPs use a different set of root servers)
ICANN has EBERO with a standardized escrow format to deal with this exact issue for gTLDs but ccTLDs are pretty much a wild west. I wouldn't use these.
> I wouldn't be surprised if they are ignoring those complaints because there's no one left to process them.
Maybe, but Facebook is arguing otherwise:
“ According to Meta, this isn’t just a case of another domain name registrar ignoring abuse complaints because it’s bad for business. The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.””
“We believe that the genocide against Rohingya was possible only because of Facebook,” (all for the benefit of Facebook)
Happy to see other allegations aired out, especially when the consequences are a little more than squatting .tk domains (I suspect the real problem is those pesky .ml domains).
> The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.””
I'm looking forward to seeing them present evidence to back this alegation.
Also, abuse complaints are themselves abused so much that it's easily to want to tell the complainer to go to hell.
Running 0bin.net, we have complaints from outside of our jurisdiction, false claims, idiotic claims, DMCA used for censorship, and so on.
Once in a while we have a serious one, like CP or doxxing, so we read everything.
But honestly, our hosting is forcing us to delete so much content based of BS complaints it's tiring. And if we refuse, we have to make our case, which unlike complaints, cannot be automatized. 9 times out of 10, the hosting tells us we should delete the content anyway, and if we wait to much, proceed to cut the power cord until we comply.
I'm sure Meta does report some real website and phishing attempts, but I'm certain they also abuse their power like the GAFAM they are.
Domain squatting issues aside, I must be the only person I know that’s actually used Freenom and don’t trash them. Registrars certainly can be held liable for domain squatting but it’s typically when the registrar actually registers the names and sells them, not on when a 3rd party registers them.
I’m only familiar with the .ml and .gq TLDs and at least for those I’d like to see the respective countries allow more reputable registrars to manage them.
Interesting, I thought for stuff like these - you just need to complain to ICANN.
Very interesting to see that Meta feel that it needs to go to court for this. Does this mean that ICANN is broken / does not have the capability to properly take care of these things?
These domains belong to countries, their own sovereign namespace in the Internet. The countries have designated a company to manage the space on their behalf and that’s the company which has authority over the domains. Nothing to do with ICANN “capability”.
ICANN is an American institution (this'll matter in a bit) that basically manages the entirety of domain names. Broadly speaking, there's two kinds of domain names; gTLDs and ccTLDs[0].
gTLDs (general TLDs, so your .com domains) give you some fairly basic rights; when you buy a domain name you will always have the right to transfer it to a new registrar at no charge and IIRC the domain registrar can't suspend you with no reason given (although any reason is sufficient, including "we just don't like you").
ccTLDs (country code TLDs, so .uk for example) on the other hand have the same rights on paper, but not in practice. This mostly comes down to the fact that ICANN as an institution doesn't want to be at the center of a diplomatic incident, so they just allow countries to do whatever they want with their TLDs.
Some run them like any old registrar (or subcontract it out for profit), others restrict purchases to just government entities, others go midway and use the TLD only for government websites while letting regular entities buy a subdomain from a known domain name (.co.uk for example).
With a ccTLD (which are the domains freenom chiefly provides), as long as the government you're getting the rights from approves of your actions, you can basically run it however you want because of this. ICANN rarely if ever moves against ccTLDs (although freenom has already been punished in the past by ICANN over their ccTLD behavior, so it does happen sometimes.)
[0]: There's also a third category which mostly just comprises .gov, which is the TLD used by the US government (why the US government gets access to that TLD instead of say, .gov.usa like all other countries, is for reasons beyond me).
> There's also a third category which mostly just comprises .gov, which is the TLD used by the US government (why the US government gets access to that TLD instead of say, .gov.usa like all other countries, is for reasons beyond me).
1) gov.us exists (but not used) and 2) the DNS system was developed in the US intially for their academe and the military. For example, .arpa, which is now used for certain DNS and non-DNS management, is actually for ARPA (now DARPA).
> ccTLDs (country code TLDs, so .uk for example) on the other hand have the same rights on paper, but not in practice. This mostly comes down to the fact that ICANN as an institution doesn't want to be at the center of a diplomatic incident, so they just allow countries to do whatever they want with their TLDs.
You're saying this as if it's a bad thing that countries can get to make their own rules for their dedicated namespaces.
It makes some degree of sense, but the problem is that there's many countries, usually third world, that sold their namespace off to a shady registrar like Freenom, usually to either try and give their disastrous economies a financial injection or to line the pockets of some corrupt government official. (Or as is often the case, both at the same time.)
There's no process in place to prevent that sort of thing from happening, and it's ultimately a bad outcome for all involved. It results in the ccTLD of a country with legitimate citizens getting a bad reputation for transmitting unreasonable amounts of spam (since Freenom gives it away to anyone who asks) and it often doesn't fix the economy of said country anyway.
Countries selling making bad deals when selling off their resources is of course not a good thing, but I'd rather risk that happening than give the US or any one central entity even more power to dictate who can or cannot have an online presence.
At least with domain names the countries in question could technically take the TLD back even if it would be a legal shitstorm - not so much with physical resources that have been removed.
How does an American court have the power to halt registrations for Central African Republic, Malian, etc, domains that are managed by a Dutch company?
Yeah, I'm not even sure if it's even correct to attribute it to Meta to be honest, it's been years that their registration system is known to be broken from time to time. At best the Meta lawsuit is the partial reason (not full reason) why they halted registrations, at worst it's just coincidence since that their systems were already broken for years.
I have a domain paid on there so I don't need to keep a site live on it (there is legacy email stuff pointed there). This past year they let it expire after I paid, took almost 2 months for them to correct it.
Previously this domain was unpaid and suspended for violating free TOS (need a website on the A record). I had to call this Dutch woman, we will call her Freenom lady, like 20 times for months to get her to finally unsuspend it and take my money for a paid registration. I'd say it was the worst but I have dealt with 1&1 and smaller enom resellers that disappeared.
So if my registration gets screwed with now, who do I go after? The country with ccTLD is with?
I am not familiar with the legal specifics but per the article:
"Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States."
>> Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States.
Note that freenom is known for blocking free domains until users pay up once there's a bit of traffic. I thought it was bullshit until it happened to me.
Doesn't even have to be a lot of traffic. They just quietly flag your account after a while. I used their TLDs specifically to host high school projects like a decade ago.
Suddenly, overnight, the DNS got updated and the account got "suspended" (thankfully only after the high school projects were done and over with). I knew it was suspended because while I seemingly wasn't allowed to iterate over the domains list, I was able to see the total amount of domains I had a registration for.
Making an alternate account to try and see if they unregistered the domain (and to see if I could rerequest it) showed them selling the domain for ~$6.
They get away with this due to some clause in their TOS that says that they're the owners of the domain and are just leasing it to you. I'm not sure if that's in-line with broader ICANN rules surrounding domain owner rights (iirc they've actually been suspended a couple times because of this sorta stint), but the company are complete scumbags.
> I'm not sure if that's in-line with broader ICANN rules surrounding domain owner rights.
Doesn't matter, they're ccTLDs, and if the countries-in-question didn't require that Freenom assign the names to actual users. ICANN is irrelevant here, period.
ICANN iirc still has a group that can tell ccTLD registrars to get their shit together and if the company also handles gTLDs (which iirc freenom does), they can still make that a bureaucratic nightmare for them.
It's not one of those things where they can outright say "you can't do that", but it is one of those things where it's "if you don't cooperate we'll make your life hell in other ways".
They also promise to notify you before your domain expires, but don't, and only allow you to renew free domains shortly before expiry. I think they also may disable/release your domain, also without warning, if your web server serves errors.
If you need a throwaway domain for some joke project, sure, but they make their free domains as hard to use as possible to get you to pay, and once you pay, you might as well pay any of the more competent (and more likely to still be around tomorrow) competitors.
My current go-to "I need to host this somewhere with a reasonable name" is Cloudflare with its pages.dev service. You can just upload a ZIP file and get free hosting and a something.pages.dev subdomain.
The incredible irony of Meta complaining that the entire Internet is worse off because of a free Internet service getting abused, and they're tired of the costs of fighting it, and the degraded experience for their (free) users.
please use this opportunity to replace freenom with someone else. their system has been impossible to use for legit use cases, while scammers have managed to keep getting domains.
Oh so people are getting like facebook-login.tk and catching passwords or something, I guess. I'm sure there are tonnes of (free) @gmail.com or @yahoo.com accounts used for phishing though? Or AWS hosted serves? Maybe Meta should be paying engineers instead of lawyers, to protect users, it is kind of an arms race thing. Easy to blame the little guy (Freenom).
But I agree with other commenter - the amount of data Meta is scraping, and time wasted to addiction, is potentially more damaging than a few domain names.
> The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.”
Don't the grand majority of registrar work this way? They usually don't care about unethical activities as long as it brings in profits. Cybersquatting is not illegal in most countries, and registrar themselves often do it themselves.
47 comments
[ 3.1 ms ] story [ 117 ms ] threadI wouldn't be surprised if they are ignoring those complaints because there's no one left to process them. They clearly struggle to keep the lights on, see: https://news.ycombinator.com/item?id=34194555
Maybe, but Facebook is arguing otherwise:
“ According to Meta, this isn’t just a case of another domain name registrar ignoring abuse complaints because it’s bad for business. The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.””
Happy to see other allegations aired out, especially when the consequences are a little more than squatting .tk domains (I suspect the real problem is those pesky .ml domains).
I'm looking forward to seeing them present evidence to back this alegation.
Running 0bin.net, we have complaints from outside of our jurisdiction, false claims, idiotic claims, DMCA used for censorship, and so on.
Once in a while we have a serious one, like CP or doxxing, so we read everything.
But honestly, our hosting is forcing us to delete so much content based of BS complaints it's tiring. And if we refuse, we have to make our case, which unlike complaints, cannot be automatized. 9 times out of 10, the hosting tells us we should delete the content anyway, and if we wait to much, proceed to cut the power cord until we comply.
I'm sure Meta does report some real website and phishing attempts, but I'm certain they also abuse their power like the GAFAM they are.
I’m only familiar with the .ml and .gq TLDs and at least for those I’d like to see the respective countries allow more reputable registrars to manage them.
Very interesting to see that Meta feel that it needs to go to court for this. Does this mean that ICANN is broken / does not have the capability to properly take care of these things?
gTLDs (general TLDs, so your .com domains) give you some fairly basic rights; when you buy a domain name you will always have the right to transfer it to a new registrar at no charge and IIRC the domain registrar can't suspend you with no reason given (although any reason is sufficient, including "we just don't like you").
ccTLDs (country code TLDs, so .uk for example) on the other hand have the same rights on paper, but not in practice. This mostly comes down to the fact that ICANN as an institution doesn't want to be at the center of a diplomatic incident, so they just allow countries to do whatever they want with their TLDs.
Some run them like any old registrar (or subcontract it out for profit), others restrict purchases to just government entities, others go midway and use the TLD only for government websites while letting regular entities buy a subdomain from a known domain name (.co.uk for example).
With a ccTLD (which are the domains freenom chiefly provides), as long as the government you're getting the rights from approves of your actions, you can basically run it however you want because of this. ICANN rarely if ever moves against ccTLDs (although freenom has already been punished in the past by ICANN over their ccTLD behavior, so it does happen sometimes.)
[0]: There's also a third category which mostly just comprises .gov, which is the TLD used by the US government (why the US government gets access to that TLD instead of say, .gov.usa like all other countries, is for reasons beyond me).
1) gov.us exists (but not used) and 2) the DNS system was developed in the US intially for their academe and the military. For example, .arpa, which is now used for certain DNS and non-DNS management, is actually for ARPA (now DARPA).
You're saying this as if it's a bad thing that countries can get to make their own rules for their dedicated namespaces.
It makes some degree of sense, but the problem is that there's many countries, usually third world, that sold their namespace off to a shady registrar like Freenom, usually to either try and give their disastrous economies a financial injection or to line the pockets of some corrupt government official. (Or as is often the case, both at the same time.)
There's no process in place to prevent that sort of thing from happening, and it's ultimately a bad outcome for all involved. It results in the ccTLD of a country with legitimate citizens getting a bad reputation for transmitting unreasonable amounts of spam (since Freenom gives it away to anyone who asks) and it often doesn't fix the economy of said country anyway.
At least with domain names the countries in question could technically take the TLD back even if it would be a legal shitstorm - not so much with physical resources that have been removed.
Previously this domain was unpaid and suspended for violating free TOS (need a website on the A record). I had to call this Dutch woman, we will call her Freenom lady, like 20 times for months to get her to finally unsuspend it and take my money for a paid registration. I'd say it was the worst but I have dealt with 1&1 and smaller enom resellers that disappeared.
So if my registration gets screwed with now, who do I go after? The country with ccTLD is with?
"Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States."
Suddenly, overnight, the DNS got updated and the account got "suspended" (thankfully only after the high school projects were done and over with). I knew it was suspended because while I seemingly wasn't allowed to iterate over the domains list, I was able to see the total amount of domains I had a registration for.
Making an alternate account to try and see if they unregistered the domain (and to see if I could rerequest it) showed them selling the domain for ~$6.
They get away with this due to some clause in their TOS that says that they're the owners of the domain and are just leasing it to you. I'm not sure if that's in-line with broader ICANN rules surrounding domain owner rights (iirc they've actually been suspended a couple times because of this sorta stint), but the company are complete scumbags.
Doesn't matter, they're ccTLDs, and if the countries-in-question didn't require that Freenom assign the names to actual users. ICANN is irrelevant here, period.
It's not one of those things where they can outright say "you can't do that", but it is one of those things where it's "if you don't cooperate we'll make your life hell in other ways".
If you need a throwaway domain for some joke project, sure, but they make their free domains as hard to use as possible to get you to pay, and once you pay, you might as well pay any of the more competent (and more likely to still be around tomorrow) competitors.
My current go-to "I need to host this somewhere with a reasonable name" is Cloudflare with its pages.dev service. You can just upload a ZIP file and get free hosting and a something.pages.dev subdomain.
Does anyone have a mirror handy?
Setting that up was arguably the best technical decision I've ever made, after setting it up for my parents!
> The 10 Most Abused Top Level Domains
(updated daily?)
https://www.spamhaus.org/statistics/tlds/
But I agree with other commenter - the amount of data Meta is scraping, and time wasted to addiction, is potentially more damaging than a few domain names.
Don't the grand majority of registrar work this way? They usually don't care about unethical activities as long as it brings in profits. Cybersquatting is not illegal in most countries, and registrar themselves often do it themselves.