When it comes to registering your own domain, you want to make sure that your information isn’t going to end up exposed in whois records. Most registrars nowadays offer whois privacy (some charge extra for it). I honestly believe almost everyone should get the whois privacy protection, even if you aren’t “into privacy”. Otherwise your info gets put out there and you end up getting endless spam emails and phone calls. Maybe even physical junk mail. Point is, don’t waste your time with a registrar that doesn’t offer it, and maybe think about if they charge extra for it or if it is included.
There are a handful of registrars that are commonly recommended in the privacy community. Those are OrangeWebsite, 1984 Hosting, and Njalla. OrangeWebsite and 1984 tend to be recommended based on their policies and jurisdiction (Iceland). Though, the most commonly recommended registrar in the privacy community is Njalla. This is because they actually register the domain and let you manage it. This way, you don’t have to provide your personal details in order to register a domain. Most other sites require your information, even if they provide whois privacy. They want to know who is registering the domain.
OrangeWebsite and 1984 seem to be similar to other hosting providers, so I’ll focus on Njalla’s differences here. Njalla lets you manage the domain that they technically own, and even let you transfer the domain if you so wish. So it sounds like there isn’t much downside, but there is a certain level of trust you must give them in order for them to be the owners of your domain. After all, they could always just take the domain away from you if they wanted, they could shut it down, change the dns records to something else. Really, anything they want, since they’re the owners. You have to trust them, and that’s a deal breaker for some.
That being said, Njalla arguably offers the best privacy protection because you only provide them with an email or XMPP (and payment). Also, since you don’t own the domain, it isn’t going to be tied to you. So if you’re willing to accept the risk and trust Njalla with owning your domain, they’re likely the best option for privacy.
Now, I’m going to talk about my experience with Njalla. When first looking for a domain name, of course Njalla ended up at the top because of how much it is recommended in the privacy community and how little information you have to hand over in order to get a domain name. So naturally I went with them. I was fairly happy with them for a while, was even impressed with how fast they addressed a website vulnerability that I discovered. Then one day my domain just stopped resolving. When I logged into my account I couldn’t manage my domain anymore. The option was there, but nothing happened when I clicked the link. Further inspection I noticed a “disabled” tag next to the manage option. So I tried contacting support and received nothing but silence. After a few attempts at contacting support and more than a week a silence, I realized that Google had marked my site as dangerous in their safe browsing product. I assume this was because I had an example phishing page on my site to show family/friends how believable a phishing page can look. Of course I disputed the verdict with google, and they reversed the verdict. I even took the page down and tried contacting Njalla support again, only to be met with more silence.
Finally, I created a brand new account with Njalla and submitted a support ticket there asking a general question at first and got a reply within hours. I then followed up with my situation and asked them to enable my account again and said that even though it wasn’t a malicious phishing page, I would not re-host it. I was again met with silence. So, I have to assume that Njalla uses Google’s safe browsing product and any domain of theirs that gets flagged instantly gets disabled and ignored. The real kicker is that paid for multiple years up front. So essentially I paid for Njalla to have a domain for the next couple years. Once they disable your account, you can no longer manage or transfer the domain. They essentially steal your domain from you.
The big problem with the way they handle a dangerous verdict for a domain, is that they ignore you after that. So even if you aren’t playing around with anything suspicious like an example phishing page or something else that Google safe browsing would flag on, your domain could still get flagged. All it takes is someone to report your domain and Njalla will take it from you. Google has the option to dispute a verdict for a reason, it has false positives. For me, that increased the risk WAY too much for me to attempt using their service again. If all it would take is for someone to click report on my domain for me to totally lose it again and any remaining money I paid for the registration… I’m not doing that again. Thankfully I wasn’t depending on the domain for email or anything vital yet, though that was part of the future-plan.
The decision on if that risk is worth it to you or not is a personal one. It isn’t worth it to me anymore. That being said, they do offer more privacy (as far as how much information you hand over) than the other two options, and they respond to vulnerability disclosures quickly which is nice to see. I can’t say I’d recommend them to anyone anymore, but if you have a domain you don’t depend on and wouldn’t care if you lost (and don’t pay for multiple years up front) then maybe they’re a good option for you. Otherwise, I’d probably recommend OrangeWebsite or 1984Hosting for your domain.
Bryan's Blog 