Controversies surrounding GoDaddy
GoDaddy has been involved in many controversies since its foundation in 1997.
Verisign lawsuit
[edit]In 2002, GoDaddy sued VeriSign for domain slamming[1] and again in 2003 over its Site Finder service.[2] This latter suit caused controversy over VeriSign's role as the sole maintainer of the .com and the .net top-level domains. VeriSign shut down Site Finder after receiving a letter from ICANN ordering it to comply with a request to disable the service.[3] In 2006, GoDaddy was sued by Web.com for patent infringement.[4][5]
Deletion of FamilyAlbum.com
[edit]On December 19, 2006, GoDaddy received a third party complaint of invalid domain contact information in the WHOIS database for the domain FamilyAlbum.com.[6] GoDaddy wrote a letter to the owner of FamilyAlbum.com saying, "Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the WHOIS database is valid data or not...[6] On 12/19/2006 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain."[6] The editor of "Domain Name Wire" said that since domain names are valuable it was reasonable to expect that the registrar would try to contact the domain owner by phone or postal mail.[6] On February 28, 2007, GoDaddy offered to get the domain name back for the previous owner if he would indemnify GoDaddy from legal action by the new registrant.[7] GoDaddy stated that the new owner paid $18.99 for the domain, the price of a backorder, not a regular registration.[7] On November 2, 2007, Domain Name Wire reported that it appears that GoDaddy no longer cancels domains for invalid WHOIS.[8] The editor on Domain Name Wire received a message from a reader who is trying to acquire a domain with obviously false WHOIS information.[8] The message from GoDaddy said, "The domain has been suspended due to invalid WHOIS. The domain will remain in suspension through expiration, including the registry's redemption period, unless the owner updates the contact information before that time."[8]
Suspension of Seclists.org and purchase of No Daddy
[edit]On January 24, 2007, GoDaddy deactivated the domain of computer security site Seclists.org, taking 250,000 pages of security content offline.[9] The shutdown resulted from a complaint from MySpace to GoDaddy regarding 56,000 user names and passwords posted a week earlier to the full-disclosure mailing list and archived on the Seclists.org site as well as many other websites. Seclists.org administrator Gordon Lyon, who goes by the handle "Fyodor", provided logs to CNET showing GoDaddy de-activated the domain 52 seconds after leaving him a voicemail and he had to go to great lengths to get the site reactivated. GoDaddy general counsel Christine Jones stated that GoDaddy's terms of service "reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever."[10] The site seclists.org is now hosted with Linode. The suspension of seclists.org led Lyon to create NoDaddy.com,[11] a consumer activist website where dissatisfied GoDaddy customers and whistleblowers from GoDaddy's staff share their experiences.[12][13] On July 12, 2011, an article in The Register reported that, shortly after Bob Parsons' sale of GoDaddy, the company purchased gripe site No Daddy. The site had returned a top 5 result on Google for a search for GoDaddy.[14][15]
Shutdown of RateMyCop.com
[edit]On March 11, 2008, GoDaddy shut down RateMyCop.com — a RateMyProfessors-type site where people would comment on their interactions with law enforcement officers. Some reports said there had been complaints from police. A GoDaddy spokesperson said, "Basically, he was paying for compact car, when he really needed a semi-truck."[16] The registrar for the name, Name.com, continued to allow the DNS to resolve, and it is now hosted at Lunarpages. GoDaddy stated the reason for shutting down the Web site had nothing to do with censorship or complaints but that the site was receiving too many simultaneous connections.[17] In 2006, GoDaddy locked access to the Irish Web site RateYourSolicitor.com after the Irish high court issued an order to remove offensive material about a barrister from the site.[18]
China domains
[edit]In March 2010, GoDaddy stopped registering .cn domains (China) due to the high amount of personal information that is required to register in that country. Some called it a public relations campaign, since it closely followed Google's revolt in China.[19] GoDaddy's top lawyer Christine Jones told Congress, "We were having to contact Chinese users to ask for their personal information and begrudgingly give it to Chinese authorities. We decided we didn't want to become an agent of the Chinese government."[20]
GoDaddy resumed registering .cn domain names in February 2016 as part of its push into the Asia market.[21]
Animal rights
[edit]Elephant shooting
[edit]On April 1, 2011, animal rights groups including PETA complained when a video of GoDaddy founder & CEO Bob Parsons shooting and killing an elephant at night on a safari in Zimbabwe was made by Parsons and posted on his personal blog.[22] PETA said they would be closing their account with GoDaddy.[23]
In response to the shooting, Gawker called Parsons "insane"[24] and "ridiculous."[25] NBC News said "It's definitely the kind of thing only a super rich CEO/founder of a privately-held company could get away with."[26]
Super Bowl XLIX Puppy Ad
[edit]On January 27, 2015, GoDaddy released its Super Bowl ad on YouTube. Called "Journey Home", the commercial featured a Retriever puppy named Buddy who was bounced out of the back of a truck. After making a journey home his owners are relieved because they just sold him on a website they built with GoDaddy. GoDaddy claims the ad was supposed to be funny and an attempt to make fun of all the puppies shown in Super Bowl ads. Most notably, Budweiser's famous Super Bowl ad also featured a Retriever puppy.[27] The ad found very few fans from the online community. Animal advocates took to social media calling the ad disgusting, callous and that the commercial advocated puppy mills. An online petition collected 42,000 signatures.[28]
GoDaddy's CEO, Blake Irving, wrote a blog entry later that day promising that the commercial would not air during the Super Bowl. He wrote on his blog "At the end of the day, our purpose at GoDaddy is to help small businesses around the world build a successful online presence. We hoped our ad would increase awareness of that cause. However, we underestimated the emotional response. And we heard that loud and clear." He goes on to say that Buddy was purchased from a reputable breeder and is part of the GoDaddy family as Chief Companion Officer.[29]
Implementation of Selective DNS Blackout policy
[edit]In July 2011, GoDaddy introduced a policy of blocking DNS queries from some outside DNS servers, in order to prevent other DNS queries from being too slow. Among other things, this prevents some bots from visiting websites, forcing some search engines to exclude domains hosted with GoDaddy.
With this policy, they are choosing to allow their DNS servers to be under-provisioned (meaning that their servers are unable to gracefully handle their normal load). To prevent slow DNS, which would generate complaints quickly, they decided to block 100% of packets from hand-picked DNS servers based on volume and visibility. This reduces load somewhat, while making it difficult for customers to pinpoint GoDaddy as the problem. This policy also affects search engine ranking for various GoDaddy customers who have multiple domains with different registrars.
GoDaddy has refused to comment on the policy or the perception that their servers cannot handle the load or they are giving preference to their platinum level customers at first. It has also interfered with projects that collect Internet statistics.[30]
In September 2011, GoDaddy made an official statement from Rich Merdinger, now Vice President of Domains at GoDaddy, and claim that this is to protect GoDaddy users' privacy, and that they're ensuring that DNS records are being accessed properly and not being harvested for unintended uses.[31]
Namecheap rivalry
[edit]On December 11, 2011, Rival domain name registrar Namecheap claimed that GoDaddy was in violation of ICANN rules by providing incomplete information in order to hinder the protest moves of domain names from GoDaddy to Namecheap,[32] an accusation which GoDaddy denied, claiming that it was following its standard business practice to prevent WHOIS abuse.[citation needed] GoDaddy still maintains the strict policy of 60 days lock in inter registrar domain transfers, if there was a change in registrant information. Many other registrars are giving an option for their customers to opt out from this 60 days lock as per the ICANN Policy which states: "The Registrar must impose a 60-day inter-registrar transfer lock following a Change of Registrant, provided, however, that the Registrar may allow the Registered Name Holder to opt out of the 60-day inter-registrar transfer lock prior to any Change of Registrant request".[citation needed]
At this time GoDaddy does allow customers who update their domain contact information to opt-out of the 60 day lock upon verification.[citation needed]
Backing of SOPA and resultant boycott
[edit]On December 22, 2011, a thread[33] was started on the social news website Reddit, discussing the identity of supporters of the United States Stop Online Piracy Act (SOPA), which included GoDaddy. GoDaddy subsequently released additional statements supporting SOPA. A boycott and transfer of domains were proposed. This quickly spread across the Internet, gained support, and was followed by a proposed Boycott GoDaddy day on December 29, 2011.[34] One strong supporter of this action was Cheezburger CEO Ben Huh, who threatened that the organization would remove over 1,000 domains from GoDaddy if they continued their support of SOPA.[35] Wikipedia founder Jimmy Wales also announced that all Wikipedia domains would be moved away from GoDaddy as their position on SOPA was "unacceptable".[36] After a brief campaign on Reddit, imgur owner Alan Schaaf transferred his domain from GoDaddy.[37]
GoDaddy pulled its support for SOPA on December 23, releasing a statement saying "GoDaddy will support it when and if the Internet community supports it."[38][39] Later that day, CEO Warren Adelman couldn't commit to changing GoDaddy's position on the record in Congress when asked, but said "I'll take that back to our legislative guys, but I agree that's an important step."[40] When pressed, he said "We're going to step back and let others take leadership roles."[40] He felt that the public statement removing their support would be sufficient for now, though further steps would be considered. Further outrage was due to the fact that many Internet sites and domain registrars would be subject to shutdowns under SOPA, but GoDaddy is in a narrow class of exempted businesses that would have immunity, where many other domain operators would not.[41]
By December 24, 2011, GoDaddy had lost 37,000 domains as a result of the boycott.[42] GoDaddy gained a net 20,748 domains.[43][44]
Service outage
[edit]On September 10, 2012, a major networking failure caused by corrupted router tables resulted in a DNS outage intermittently affecting millions of customers' sites for a period of 4.5 hours.[45][46] Initial reports attributed it to a DDOS attack. This claim was disputed by Wagner, who stated that the isolated incident was due to internal mistakes that led to corrupt data tables. Wagner stood by the quality of GoDaddy's infrastructure, citing a 99.999% uptime.[47] GoDaddy later said in an apology e-mail to its customers on September 14, 2012, that the outage was due to the corruption of router data tables,[48][49] confirming indications that millions of web sites and e-mails were affected.
Fraudulent subdomains
[edit]In April 2019, GoDaddy removed more than 15,000 fraudulent website sub-domains after Jeff White, a cyber-security researcher at Palo Alto Networks' Unit 42 threat intelligence team, discovered a massive scam where criminals were selling products, such as weight loss pills, through an affiliate marketing program using compromised websites to add legitimacy to their products and services.
The products and services were also shown to be endorsed by celebrities, such as Stephen Hawking, Jennifer Lopez and Gwen Stefani, although none of them are believed to have been involved in these activities.[50]
Security breach
[edit]On October 19, 2019, GoDaddy experienced a security breach that affected 28,000 customer's hosting accounts. The breach lasted for a period of six months before detection by the company's security team on April 23, 2020. The breach was conducted by utilizing an altered SSH file and targeted customer's hosting information, compromising the usernames and passwords of the accounts involved.[51][52]
On November 17, 2021, GoDaddy discovered unauthorized third-party access to their Managed WordPress hosting environment that affected up to 1.2 million of their clients, thus exposing their email addresses and phone numbers. In addition to that it had also exposed WordPress admin passwords, SSL keys and sFTP passwords.[53][54]
On February 16, 2023, GoDaddy revealed it had been hacked again by the same actors from the previous breaches, with customer's websites being intermittently redirected.[55][56]
Kata'ib Hezbollah
[edit]In October 2020, US Justice Department seized Kata'ib Hezbollah propaganda websites hosted by GoDaddy. The seized websites, aletejahtv.com and kataibhezbollah.com, were used by the group to recruit new members and promote extremist propaganda.[57][58] A number of counter terrorism organisations, including Counter Extremist Project (CEP) has previously called on GoDaddy to stop providing domain registrar services to such parties.[59]
COVID-19 fake employee bonus stunt
[edit]In December 2020, during the COVID-19 pandemic and the associated economic crisis the company tricked employees into thinking they had earned a bonus of $650.00, instead they were told they had failed a phishing test and were required to do social engineering training. After significant criticism in the media as 'cruel' and 'stupid' the company apologized to its staff but did not offer actual bonuses.[65]
Deplatforming clients in protest
[edit]On January 11, 2021, the company deplatformed the web forum AR15.com following the U.S. Capitol attack.[66] GoDaddy told Axios that the action was due to the site's failure to moderate content "that both promoted and encouraged violence."[67] The National Shooting Sports Foundation, in a message from its president, condemned what it called the "de-platforming of gun sites" as a "dark harbinger" for discussion of controversial issues and an "indiscriminate silencing of opinion and debate."[68]
Texas Heartbeat Act
[edit]In September 2021 the company cancelled a contract with the anti-abortion group Texas Right to Life who were running a website encouraging whistleblowing of those who were breaking the Texas Heartbeat Act. Owned by the Texas Right to Life group, the website was used as a platform for the public to submit tips on suspected pregnancy terminations in Texas. In a statement to Ars Technica, Texas Right to Life Director of Media and Communication Kimberlyn Schwartz noted that, "We will not be silenced. If anti-Lifers want to take our website down, we'll put it back up."[69][70][71]
DNS API restriction
[edit]On May 1, 2024, the company restricted access to their DNS API to accounts that had either 10 or more domains or a Discount Domain Club subscription, breaking websites that use Let's Encrypt or other ACME CAs with the DNS-01 challenge unless the site owner has a DDC subscription or uses workarounds such as acme-dns.[72][73][74][75][76][77]
References
[edit]- ^ TheRegister.co.uk: VeriSign slammed for domain renewal scam
- ^ "CircleID 9/22/03". Circleid.com. 2003-09-22. Retrieved 2009-04-20.
- ^ "10/3/03". Internetnews.com. Retrieved 2009-04-20.
- ^ Berr, Jonathan (2006-06-21). "GoDaddy Gets Sued". TheStreet.com. Archived from the original on 2006-07-16. Retrieved 2006-08-12.
- ^ Mills, Elinor (2006-06-19). "Domain registrars in court". CNET. Archived from the original on 2011-06-16.
- ^ a b c d "Domain Name Wire. "GoDaddy Deletes Domain Name for Inaccurate Email Address." February 27, 2007". 27 February 2007. Archived from the original on 2007-03-02. Retrieved 2009-04-20.
- ^ a b "Domain Name Wire. "GoDaddy Responds to Deletion Over Invalid Email Address." February 28, 2007". 28 February 2007. Archived from the original on 2007-03-02. Retrieved 2009-04-20.
- ^ a b c "Domain Name Wire. "Has GoDaddy Done a 180 on Invalid Whois?" November 2, 2007". Domainnamewire.com. 2 November 2007. Retrieved 2009-04-20.
- ^ McCullagh, Declan (2007-01-25). "GoDaddy pulls security site after MySpace complaints". CNET. Archived from the original on 2014-07-14.
- ^ "Legal agreement". GoDaddy.com. July 26, 2011. Retrieved January 27, 2012.
- ^ "Archived copy of NoDaddy.com". Archived from the original on 2011-06-27.
- ^ Poulsen, Kevin (2007-01-29). "GoDaddy, Meet NoDaddy | Threat Level from Wired.com". Blog.wired.com. Retrieved 2009-04-20.
- ^ Newitz, Annalee (2007-02-05). "The Self-Appointed Censors of GoDaddy". AlterNet. Retrieved 2009-04-20.
- ^ Murphy, james smith (July 12, 2011). "GoDaddy admits domain transfers on rise". heluxtech. Retrieved November 27, 2011.
- ^ Murphy, Kevin (July 12, 2011). "GoDaddy no-no means No Daddy is no-go". The Register. Retrieved December 23, 2011.
- ^ Mills, Elinor (2008-03-12). "Go Daddy shuts down police-rating Web site". CNET.
- ^ Nussenbaum, Evelyn (2008-03-12). "Censorship: GoDaddy is fightin' mad". Valleywag.com. Archived from the original on 2008-09-12. Retrieved 2009-04-20.
- ^ Trailer park (2006-09-16). "American company blocks off access to 'rate your lawyer' site". Independent.ie. Retrieved 2009-04-20.
- ^ After Google, GoDaddy pulls out of China.
- ^ Godaddy stops selling cn domains over china censorship concerns, Wired, March 2010
- ^ "GoDaddy reintroduces China's .Cn domain name". Domain Name Wire. 2016-02-29. Retrieved 8 June 2021.
- ^ "Technology". Los Angeles Times. 2011-04-01.
- ^ "GoDaddy CEO Named 'Scummiest'". 29 March 2011.
- ^ Chen, Adrian. "Has GoDaddy's Elephant-Killing CEO Finally Gone Too Far?". Gawker.com. Archived from the original on February 13, 2014.
- ^ Chen, Adrian. "Meet GoDaddy's Ridiculous Elephant-Killing CEO". Gawker.com. Archived from the original on February 20, 2014. Retrieved 2014-02-02.
- ^ "GoDaddy CEO kills elephant, videotapes act". NBC News Business Insider. Retrieved 2014-02-02.
- ^ "– GoDaddy Pulls 2015 Super Bowl Ad After Slew Of Negative Feedback From Animal Advocates". Huffington Post. 2015-01-28. Retrieved 2015-01-27.
- ^ Frankilin, Dallas (28 January 2015). "GoDaddy pulls controversial Super Bowl puppy ad". KFOR-TV. Retrieved 8 October 2017.
- ^ "– We're listening, message received". GoDaddy.org. Retrieved 2015-01-27.
- ^ Perry, R. Scott. "GoDaddy's New "Selective DNS Blackouts" Policy". Retrieved 1 September 2011.
- ^ Perry, R. Scott. "UPDATE on GoDaddy's New "Selective DNS Blackouts" Policy". Retrieved 2 September 2011.
- ^ "Namecheap accuses GoDaddy of stalling anti-SOPA defections". Electronista. 2011-12-26. Archived from the original on 2013-07-29. Retrieved 2013-07-14.
- ^ "GoDaddy supports SOPA, I'm transferring 51 domains & suggesting a move your domain day". 22 December 2011. Retrieved 22 December 2011.
- ^ "Boycott GoDaddy Over Their Support of SOPA". Retrieved 22 December 2011.
- ^ Greg, Kumparak (22 December 2011). "Cheezburger's Ben Huh: If GoDaddy Supports SOPA, We're Taking Our 1000+ Domains Elsewhere". Techcrunch Article. techcrunch. Retrieved 23 December 2011.
- ^ Wales, Jimmy [@jimmy_wales] (23 December 2011). "I am proud to announce that the Wikipedia domain names will move away from GoDaddy. Their position on #sopa is unacceptable to us" (Tweet). Retrieved 13 January 2016 – via Twitter.
- ^ Schaaf, Alan (23 December 2011). "Alan Schaaf Reddit post". Retrieved 24 December 2011.
- ^ Lowensohn, Josh (2011-12-23). "GoDaddy spanks SOPA, yanks support". CNET. Archived from the original on 2011-12-25.
- ^ "GoDaddy No Longer Supports SOPA". GoDaddy. Retrieved December 23, 2011.
- ^ a b Coldewey, Devin (23 December 2011). "GoDaddy CEO: "There Has To Be Consensus About The Leadership Of The Internet Community"".
- ^ Franzen, Carl (15 December 2011). "SOPA Hearing Will Never End | TPM Idea Lab". talkingpointsmemo.com. Archived from the original on 28 December 2011. Retrieved 23 December 2011.
- ^ Peckham, Matt. "GoDaddy Boycott over SOPA Support Still On, Exodus Looms". TIME. Retrieved 1 September 2019.
- ^ "Godaddy Boycott Fizzles;Twice as many domains transfer in as out". Techdirt. 30 December 2011.
- ^ "GoDaddy Boycott Fizzles And May Work In Company's Favor". Business2Community.
- ^ Goodin, Dan (2012-09-11). "Ars Technica". Retrieved 2012-09-11.
- ^ "GoDaddy Outage Takes Down Millions Of Sites, Anonymous Member Claims Responsibility". 10 September 2012. Retrieved 2012-09-10.
- ^ "GoDaddy Site Outage Investigation Completed". GoDaddy.
- ^ "GoDaddy stopped by massive DDoS attack". theregister.co.uk.
- ^ "GoDaddy Says Crash Wasn't Anonymous, It Wasn't A Hack, It Wasn't A DDoS. It Was Internal Network Issues". TechCrunch. 2012-09-11. Retrieved 2013-07-14.
- ^ "GoDaddy Takes Down 15,000 Fraudulent Subdomains of Compromised Websites". Beebom. 2019-04-29. Archived from the original on 2020-12-01. Retrieved 2019-04-30.
- ^ Sergiu, Gatlan. "GoDaddy confirms security breach affecting 28,000 hosting accounts". bleepingcomputer.com. Bleeping Computer. Retrieved 6 May 2020.
- ^ Winder, Davey. "GoDaddy Confirms Data Breach: What Customers Need To Know". Forbes. Retrieved 6 May 2020.
- ^ "GoDaddy security breach exposes WordPress users' data". Reuters. 2021-11-22. Retrieved 2021-11-23.
- ^ "GoDaddy Announces Security Incident Affecting Managed WordPress Service". 2021-11-17.
- ^ Goodin, Dan (2023-02-17). "GoDaddy says a multi-year breach hijacked customer websites and accounts". Ars Technica. Retrieved 2023-02-20.
- ^ "Statement on recent website redirect issues". aboutus.godaddy.net. Retrieved 2023-02-20.
- ^ Hall, Kevin G. (2020-10-21). "Despite U.S. sanctions, Iranian broadcaster pumps out propaganda with aid of Broward firm". Miami Herald.
- ^ "US blocks propaganda websites registered by Iran-backed militia". Stars and Stripes. Retrieved 2020-11-05.
- ^ "U.S. Justice Department Seizes Kata'ib Hezbollah Propaganda Websites". Counter Extremism Project. 2020-10-27. Retrieved 2020-11-05.
- ^ Sottek, T. C. (2020-12-24). "GoDaddy wins our 2020 award for most evil company email". The Verge. Retrieved 2020-12-24.
- ^ "GoDaddy phishing 'test' teased employees with a fake holiday bonus". Engadget. Retrieved 2020-12-24.
- ^ "GoDaddy apologises for fake Christmas bonus email security test". France 24. 2020-12-25. Retrieved 2020-12-26.
- ^ "GoDaddy apologizes for "insensitive" phishing email offering bonuses to employees". www.cbsnews.com. 25 December 2020. Retrieved 2020-12-26.
- ^ Murillo, Ana Lucia (2020-12-26). "GoDaddy Apologizes for Email Baiting Employees With Fake Holiday Bonus". The Daily Beast. Retrieved 2020-12-26.
- ^ [60][61][62][63][64]
- ^ Michael Lee (January 11, 2021). "Amazon partner GoDaddy boots gun site from its servers". Washington Times.
- ^ Markay, Lachlan (13 January 2021). ""GOP digital operatives aim to avoid "deplatforming"". Axios.
- ^ "De-platforming of Gun Sites is a Dark Harbinger". NSSF. 2021-01-15. Retrieved 2021-11-23.
- ^ "GoDaddy Is Booting A Site That Sought Anonymous Tips About Texas Abortions". NPR.org. Retrieved 2021-09-04.
- ^ Hollister, Sean (2021-09-03). "GoDaddy is cutting off Texas Right to Life's abortion 'whistleblowing' website". The Verge. Retrieved 2021-09-04.
- ^ "GoDaddy kicks Texas abortion "whistleblower" website off its platform". TechRadar.com. Retrieved 2021-09-04.
- ^ "How Replace GoDaddy API for DNS Challenge". Let's Encrypt Community Support. 2024-05-12. Retrieved 2024-09-30.
- ^ "DNS Challenge with GoDaddy API Failed". Let's Encrypt Community Support. 2024-04-03. Retrieved 2024-09-30.
- ^ iamyogo (2024-05-21). "PSA: GoDaddy has changed its API access. Affects ACME/LetsEncrypt". r/PFSENSE. Retrieved 2024-09-30.
- ^ varmintp (2023-02-01). "Issue with Godaddy DNS API". r/letsencrypt. Retrieved 2024-09-30.
- ^ "GoDaddy no longer allows API access to clients (e.g. for DNS-based cert renewal) if you have less than 50 domains". Let's Encrypt Community Support. 2024-06-02. Retrieved 2024-09-30.
- ^ whole_kernel (2024-05-08). "Warning: Godaddy silently cut access to their DNS API unless you pay them more money. If you're using Godaddy domain with letsencrypt or acme, be aware because your autorenewal will fail". r/selfhosted. Retrieved 2024-09-30.