[HN Gopher] Argentine version of Google falls into "wrong" hands
___________________________________________________________________
Argentine version of Google falls into "wrong" hands
Author : pedro-guimaraes
Score : 250 points
Date : 2021-04-22 15:50 UTC (7 hours ago)
(HTM) web link (en.mercopress.com)
(TXT) w3m dump (en.mercopress.com)
| throwaway_kufu wrote:
| I recently sold cryptocomicbook.com and decided to list some
| additional domains for sale, at the exact time I listed them a
| handful of ua.(TLDs) got listed for sale including ua.com and
| whoever listed them must have done it in bulk and given them all
| the same price ($76).
|
| So I bought the ua.com for $76, at that point the seller must
| have realized what happened and immediately changed the sales
| price of all the other TLDs from $76 (example ua.co went from $76
| to a min of $48,000), the marketplace confirmed the seller was
| verified as the owner or had authority to sell ua.com. Of course
| after the fact the marketplace reversed the transaction, they
| oddly reconfirmed the seller was verified/legit (I thought they
| would say the seller got past their verification but wasn't
| legit), and they have refused to confirm why if the seller was
| legit that they reversed the sale transaction.
| codezero wrote:
| They reversed it because it was an honest mistake and most
| people like to know that if they make the same mistake it can
| be undone.
| throwaway_kufu wrote:
| Maybe...I tested your theory and asked them to reverse my
| recent sale of cryptocomicbook.com on the same basis and my
| request was declined.
|
| In either case there is both contract law and state federal
| law (unfair trade practices) that would support my claim in
| the courts if I were so inclined.
| masswerk wrote:
| It may be worth noting that in most countries a contract
| essentially is established by the consensus of wills by the
| parties involved. An _error in objecto_ ( "I didn't mean the
| thing I accidentally said or listed") is a legitimate excuse
| and nullifies a contract. (The consensus didn't exist and
| thus the contract had never been established in the first
| place).
|
| (This is also a reason why marketplaces, where things "just
| happen", are, let's say, complicated, as they do not adhere
| to this legal tradition.)
| throwaway_kufu wrote:
| It can be a defense in the US but not likely the case here,
| the remedy wouldn't be specific performance (ie give me the
| domain) but damages for a fair market value of what I paid
| for, specific performance is very rare in the US. There
| would also be claims against the marketplace (despite their
| terms of service indemnifying them) other laws apply that
| can't be waived under both federal and state law such as
| fair trade practices acts and deceptive trade practices).
| The whole point being anyone could increase prices that
| were advertised and say oh my ad was in error rendering
| every contract reversible and subject to post hoc price
| increases.
| GordonS wrote:
| I have to agree - although I'm surprised the registrant
| actually used common sense here, it was the fair thing to do.
| supergirl wrote:
| maybe it was a bug in their system, so they were on the
| hook
| clukic wrote:
| As I read this I literally had a config file open in another
| window with references to ua.com. it's owned by UnderArmour and
| serves endpoints to their Fitness API.
|
| This would have been one of the more interesting answers to the
| most common support question at my company: "Why wont my runs
| sync?"
| guytpearson1 wrote:
| Fun article, but they will get it back with relative ease.
| Happens all the time. Trademark domain.
| amelius wrote:
| Is it still a trademark violation if they use the domain to
| sell something completely unrelated, e.g. shoes?
| guytpearson1 wrote:
| The problem with this is that Google isn't some generic term
| for something else. A lot of case law around this kind of
| stuff. Will get transferred back to Google in a heartbeat.
| FridayoLeary wrote:
| Just like that? A court order $4 dollar refund and have a nice
| day? That's a bit anticlimatic.
| techrat wrote:
| Not everything ends up turning into a Michael Bay movie when
| being resolved.
| FridayoLeary wrote:
| an important rule in life.
| FridayoLeary wrote:
| check this out https://news.ycombinator.com/item?id=26907303
| SirSourdough wrote:
| Sounds like a little-used TLD that ICANN has been trying to
| phase out for decades. Google has individual sites for most of
| countries that would have initially been under the umbrella of
| the .su (USSR) TLD, and .su apparently has 2% of the usage of
| .ru where Google already has a site.
|
| Maybe they'll try to snap it up now that it's attracting a
| little attention but they probably just don't really care about
| it...
| FridayoLeary wrote:
| he's running a website under the name of google. You can play
| it down, but that's pretty cool.
| [deleted]
| yuchi wrote:
| I once bought .org.it after some newspapaer misspelled our .it
| domain name as .org.it (which is a non-existant TLD) and I tried
| to regain the exposure.
|
| They didn't let me through though... :(
| Trias11 wrote:
| Google probably threatened to abuse poor guy with legal action.
|
| Similar to what MSFT did to the guy who totally legally
| registered mikerowesoft.com
| utopcell wrote:
| That is not how Google works.
| [deleted]
| ThothIV wrote:
| Google will sell you domains that it doesn't own. I've purchased
| .MX and .CO.UK domains from them just recently. I've purchased
| Thoth.zone, Thoth.mx and Thoth.pw from them. From
| networkingsolutions.com I've bought thoth.domains. It's a crazy
| turf war situation right now, given the broad international legal
| overlaps and so on and so forth.
| [deleted]
| why_Mr_Anderson wrote:
| This is still happening? It used to be very annoying decade or so
| ago, but I thought it was already solved/fixed/improved.
|
| Are there really no option to make a domain registration without
| expiration?
| goodcjw2 wrote:
| Actually, it turns out http://google.ar/ might still be owned by
| someone else?
| yreg wrote:
| The article talks about google.com.ar, not google.ar. Secondary
| .ar domains are generaly not available.
| Franciscouzo wrote:
| .ar domains have been available to the public since last
| year.
| iso8859-1 wrote:
| Google has also failed to buy their Soviet domain name:
| http://google.su/
|
| And they even forgot about http://google.xn--vermgensberatung-
| pwb/
| Scoundreller wrote:
| for the longest time, i thought .su meant sudan.
| SllX wrote:
| Can you even buy .su domains anymore? I was under the
| impression that Russia was just sitting on it.
|
| EDIT: answered my own question. It is apparently actively used.
| julienreszka wrote:
| Soviet union is dead, let's keep it that way
| asimpletune wrote:
| Once I told my friend ja.red was available for $9, and after he
| bought it they told him it was a mistake and reversed the
| transaction.
| neonate wrote:
| https://archive.is/7nkiR
| freddyym wrote:
| The domain google.gi is still for sale, because it can only be
| purchased by people who live in Gibraltar.
|
| See also, this post:
| https://tinyprojects.dev/posts/i_bought_netflix_dot_soy
| utopcell wrote:
| google.ar is also parked.
| oauea wrote:
| Wouldn't someone from Gibraltar be able to buy and lease it to
| Google?
| csomar wrote:
| There are 30k people in Gibraltar and probably most of them
| use the .com or .uk domain.
| kortilla wrote:
| Yeah, but Google wouldn't want any part of that type of
| arrangement. Better to let it go un-associated with the
| country than to depend on some other party that can extort at
| renewal time.
| hsbauauvhabzb wrote:
| Can't Domain name providers do pretty much the same thing?
| You're only leasing a domain after all...
| momothereal wrote:
| They own https://www.google.com.gi/ though.
| GordonS wrote:
| If they _really_ wanted it, presumably they could setup a shell
| company in Gibraltar using a local agent?
| schappim wrote:
| I love this line from the article "but when everyone suspected
| that the server had crashed, as is often the case..."
|
| That must be a pretty big server!
| _acco wrote:
| Among other exploits, you could generate an SSL cert and harvest
| cookies. All visitors would have to do is load your site in their
| browser. Right?
| Rohpakle wrote:
| However, minutes later after the manoeuvre, it was confirmed that
| Google has already recovered the domain.
|
| I'm confused. It seems to me that this article just through some
| lines in it without further explanation.
| solids wrote:
| Nobody knows what happened. Last night someone posted on
| twitter that google.com.ar was not working, then another one
| posted a screenshot from the Argentinean domain provider
| highlighting that the domain was registered by a random guy.
| Few hours later google.com.ar started working again, probably a
| single phone call from Google resolved the issue.
| Forbo wrote:
| > >According to the Open Data Cordoba group (which is dedicated
| to tracking expired Argentine domains) Google's domain had not
| expired and, in fact, the expiration date was in July. But the
| group too was unable to explain what had happened or why.
|
| Ouch. I think someone's going to have some explaining to do in
| the post-mortem.
| packetslave wrote:
| Yeah, MarkMonitor is not going to have a good time on this one
| (they're the company Google, and a bunch of other high-profile
| companies) use for domain management and tracking. They're
| supposed to prevent this kind of thing from happening.
| emmelaich wrote:
| It's not known whether Google or the AR NIC made the mistake.
| QUFB wrote:
| It's not quite google.ar, but I'm still trying to figure out what
| to do with https://gnu.gl/
| jshmrsn wrote:
| If GNU Project ever wanted to run a free Google alternative,
| GNUgl at gnu.gl would be a great fit.
| livre wrote:
| Until a year or two ago (can't remember exactly) it wasn't
| possible to register a "naked" .ar domain and they were
| reserved for very special cases (government mostly). It had to
| be a .com.ar or .org.ar etc.
| y-c-o-m-b wrote:
| I see this kind of stuff happening all the time; some of them
| being high-profile sites too (e.g. "Keep America Great" got taken
| from Trump). Is there some website that monitors domain
| expiration and sends out alerts or is this mostly lone-actors?
| I'm always surprised by how quickly they move in on the domain
| folli wrote:
| It's called Domain drop catching or Domain sniping. There are
| tools available that do just that.
|
| https://en.wikipedia.org/wiki/Domain_drop_catching
| wrs wrote:
| There are many such services, which will not only alert you but
| automatically try to buy the domain for you. Search for "domain
| backorders".
| y-c-o-m-b wrote:
| Oh wow even GoDaddy provides the service. Interesting.
| Thanks!
| sixothree wrote:
| I would assume that would just give them more information
| for their domain broker services to raise the price of the
| domain.
| jfrunyon wrote:
| Sure, but so does doing a whois or an NS check. Plenty of
| registrars and registries are known to have abused such
| data in the past.
| lostlogin wrote:
| Keeping it classy as always.
| eli wrote:
| yeah but all the good ones are automatically reregistered way
| faster than you could click the Buy button.
| batch12 wrote:
| I wonder how long it would have taken to be noticed if he
| replicated DNS and sat on it for a while. Better yet, how long if
| he had redirected or cloned the site.
| throwaway3699 wrote:
| Google gets enough DNS traffic that I doubt you could just _sit
| on it_ for very long. Not without an expensive bill.
| 101008 wrote:
| But what if you just point to original Google DNS servers?
| jaywalk wrote:
| Not sure why you're getting downvoted. Setting the NS
| records to their original values would make the whole thing
| transparent unless you dug into the domain ownership.
| kuroguro wrote:
| Wouldn't most of it get cached downstream tho?
| FridayoLeary wrote:
| somebody actually posted it as an 'ask hn' last night! I'm
| actually physically hurting right now. I wonder how much google
| will pay to get their precious domain back.
| whitehouse3 wrote:
| Can't they forcefully take it? [0]
|
| [0]:
| https://www.icann.org/resources/pages/cybersquatting-2013-05...
| FridayoLeary wrote:
| what is this then?
| https://news.ycombinator.com/item?id=26907303
| yosito wrote:
| Meanwhile, I can't even figure out how to buy domains with my
| name in them from people who just buy them and sit on them.
| amelius wrote:
| The internet's implementation of name resolving is wrong.
|
| If you type "apple.com" you should get a disambiguation page
| saying "Did you mean the grocery store, the record company, or
| the computer company?" and from there you can reach the desired
| website. Somewhat like how it works in Wikipedia.
|
| Unlike land, names are not a scarcity and can be shared. So why
| pretend they are like land?
| throwaway3699 wrote:
| Land can be shared just like names, and the reality is
| there's only so many disambiguations one can learn. Even with
| that ability, consumers are only going to remember one
| apple.com.
| JoshTriplett wrote:
| > names are not a scarcity and can be shared
|
| _Domain names_ cannot be effectively shared between non-
| cooperating entities. Someone has to own the DNS A
| /AAAA/CNAME/etc records, and be able to change them at will.
| They have to point to someone's server. It doesn't matter
| what technological implementation underpins name resolution,
| it's a fundamentally important property that it must be
| possible to have exclusive ownership of a domain name.
|
| If I'm trying to reach my bank, I need to _know_ that I 'm
| talking to my bank, and we have a whole technological stack
| designed to ensure that, including cryptographic
| authentication and public logs (Certificate Transparency) to
| make sure nobody can secretly tamper with that
| authentication.
|
| Any system that cannot provide such authentication is not a
| viable naming scheme.
|
| There's a long-standing concept that has been discussed many
| times that naming could be based _entirely_ on that
| cryptographic authentication, without having any kind of
| "human-readable" name at all. However, such a system would
| not solve the full problem that needs solving; it would just
| mean there would then need to be a _separate_ directory
| system to help people find the server they actually want and
| then talk securely to that server.
| scubbo wrote:
| This is a very interesting statement. My gut reaction is "no,
| that's wrong!", but I can't quite articulate _why_ that's
| wrong - so, please consider this reply in the spirit of an
| auto-Socratic dialogue, rather than an argument intended to
| dissuade you.
|
| You're right that names themselves are not truly scarce*, but
| "convenience of being referenced by a name on the internet"
| most certainly _is_ a scarce resource. There can only be one
| "first resolved entity" - this is why companies invest in
| SEO**. So it seems like what you're actually arguing for (and
| apologies if I'm misrepresenting you here!) is a situation
| where it's not possible for the average internet consumer to
| directly reference a particular domain, but rather where all
| name-resolution queries _have to_ go through a hypothetical
| unbiased "top-level" search engine - one which indexes not
| documents, but domains. Is that right?
|
| If that's the case, then we've then opened up several other
| problems: - who decides the order in which those results get
| displayed? You may not think it matters, but I can promise
| you that NEO ("Name Engine Optimization") would then become a
| lucrative industry. Apple-the-computer-company certainly
| wouldn't stand for being the third result for apple.com - how
| do direct links and bookmarks work? - If there's some sub-
| identifier ("apple.computer.com" resolves directly), then who
| assigns those sub-identifiers? If ICAAN or a similar
| organization, then we're right back at the current situation,
| but one level deeper - the IT company for the Apple grocery
| store would be fighting (with their wallet) against the Apple
| Computer company. - If direct links only work via IP
| addresses, well, the average consumer wouldn't be delighted
| with that; nor would print advertisers trying to share a
| human-memorable address
|
| It's a tempting idea, for certain, but I can't see a way of
| implementing this that doesn't immediately give rise to the
| same problems one layer deeper. You've clearly thought about
| this more than I have, though, so I look forward to hearing
| more about it!
|
| * though to an extent, they are; since there can not
| practically be multiple items of a given name within a
| category - if every man was named John, then we would need
| some other way to distinguish them, and so
| "John<-identifier>" would _become_ their name
|
| ** where, here, the "name" is a search term rather than a
| specific one-to-one address - and, yes, I recognize that
| that's not _quite_ the same thing
| [deleted]
| danielmeskin wrote:
| If you figure it out let me know.
| cyberlab wrote:
| If you're looking for domains potentially getting 'dropped' by
| Google, look no further:
| https://infogalactic.com/info/List_of_Google_domains
| HowardStark wrote:
| Took a quick glance and noticed that this article is claiming
| "duck.com" is owned by Google, even though it redirects to
| DuckDuckGo.
|
| That domain has Namecheap's Whois Guard enabled, so there's no
| registrant information. However, I'm still inclined to think
| that it isn't Google's domain since the NS records for
| "duck.com" point to "nsXX.quack-dns.com"...
| Sephr wrote:
| iirc this was originally owned by Google and then given to
| DDG.
| butt__hugger wrote:
| This is correct. It used to redirect to Google.
| jordanmoconnor wrote:
| Wouldn't it be funny if DDG was actually Google.
| julienfr112 wrote:
| Even more funny, what about google financing a competiting
| browser ? wait ...
| vmception wrote:
| Hilarious even, but I wouldn't be mad though
| cigaser wrote:
| It is using Bing engine and data.
| magnusmundus wrote:
| ...among other sources. "Over four hundred" [1] of them.
|
| [1] https://help.duckduckgo.com/results/sources/
| Seirdy wrote:
| Those apply only to non-organic results (instant answers,
| zero-click info). Organic results are proxied from Bing
| (or sometimes Yandex) verbatim.
|
| DuckDuckGo's crawlers only fetch icons and scrape data
| for some of their instant answers.
| anoonmoose wrote:
| That would make it even funnier!
| cigaser wrote:
| It is not a joke. There is a partnership with Microsoft.
| Search engines are hard.
| kortilla wrote:
| Whoosh. The joke is that Google owns DDG despite it being
| backed by Bing.
| celestialcheese wrote:
| duck.com was owned by google from an acquisition in 2010.
|
| It was sold to DDG in 2018
| https://www.theverge.com/2018/12/12/18137369/duckduckgo-
| duck...
| gtirloni wrote:
| _In December 2018, it was reported that Google transferred
| ownership of the domain name Duck.com to DuckDuckGo. It is
| not known what price, if any, DuckDuckGo paid for the domain
| name_
|
| https://en.wikipedia.org/wiki/DuckDuckGo
| sneak wrote:
| Being a "competitor" that a monopolist can point to as faux
| evidence of their not-monopoly status is far beyond any
| simple integer price.
| vmception wrote:
| Especially since we need BigNumber to represent the real
| dollar value at stake
| gtirloni wrote:
| Does anyone know what cobrasearch.com was?
| FredPret wrote:
| It's like Find My iPhone but much scarier
| Rebelgecko wrote:
| How was he able to register the domain months before it was
| supposed to expire? Did he hack the registrar itself?
| judge2020 wrote:
| Either the registrar or the registry - the registry seems more
| likely as there are no requirements to running a country code
| TLD's registry on account of ICANN not wanting to anger any
| government or seem like they have power over 'government
| property'.
| jfrunyon wrote:
| There are also very little requirements to running a
| registrar...
| sixothree wrote:
| > The technical term for this type of manoeuvre is called
| "Cybersquatting" in English.
| canada_dry wrote:
| Yah. This gives him some bragging rights at most. If he hacked
| something, it'll be a different story though.
| 0xdba wrote:
| No, that's buying a domain in the hopes someone will want it in
| the future. This was "domain sniping".
| 1vuio0pswjnm7 wrote:
| Out of curiosity, I queried about 100 DoH servers (open
| resolvers) for "google.com.ar". Every A record returned contained
| an IP address registered to Google.
___________________________________________________________________
(page generated 2021-04-22 23:00 UTC)