Business

It starts with an innocuous email:

Hi,

I am sorry I have to write you to e-mail from whois information of the domain. But I could not find contact e-mail or feedback form on your site.
We are looking for new advertisement platforms and we are interested in your site %DOMAIN%
Is it possible to place banner on your site on a fee basis?

Best regards,
Nicolas Gauthier

But it quickly turned strange:

Hi!

Thanks for reply to our proposal!
We like your price.We would like to place 160x600 banner.

To pass to the banner control system follow the link http://webmaster.burgoni.com
To enter use the following data:

login: %DOMAIN%
password: %PASSWORD%

From: Ryan F (ryanf@ggadget.org)
Date: Thu, Feb 16, 2012 at 11:40 AM
Subject: Featured Tech Site Award
To: -------------

My name is Ryan, and I work at Green Gadget -- a PR6 technology and gadget review site located in Austin, Texas.
The reason I'm emailing you today is because we’ve selected you as an exceptional technology site. We would like to highlight you on our site and present you with an official sidebar badge for your site that will distinguish you as a Featured Tech Site.

Our selection criteria are based on several factors that we feel defines a great tech site. We selected you because we feel your website is a great resource that offers exceptional information on technology.

Attached is the html code to insert the badge. We are very excited to have you as a Featured Tech Site and I look forward to hearing back from you.

Best Regards,

Ryan

First off, who mentions their Page Rank (PR6) in a legitimate award?

There is no mention of what my site even is or any indication that it was viewed. It's all probably automated anyway (or should be considering the lack of anything requiring a human to do since nothing is tailored or personalized in any way).

You want to see the 'award'? It's pathetic.

I hope nobody falls for this bullshit but sadly I am sure some people will. This one should go straight to the spam bin.

I took the top 1500 sites from Alexa.com and checked their registrar. Some companies have already said they were moving (Hi StackOverflow!). Huge thanks goes to Mike St John for his help in querying the registry.

Here are the 144 companies using Godaddy as a Registrar :

woothemes.com
proboards.com
stackoverflow.com
alot.com
wowhead.com
xkcd.com
seriesyonkis.com
exoclick.com
flipkart.com
goodreads.com
twitpic.com
babylon.com
bytes.com
opera.com
foursquare.com
r7.com
thechive.com
realclearpolitics.com
yousendit.com
dreamstime.com
justdial.com
ilivid.com
github.com
multiply.com
imesh.com
optmd.com
wimp.com
youm7.com
urbandictionary.com
amung.us
informer.com
pingomatic.com
networkedblogs.com
histats.com
chicagotribune.com
grooveshark.com
infusionsoft.com
buzzfeed.com
trulia.com
yoo7.com
hawaaworld.com
bearshare.com
slutload.com
piriform.com
incredimail.com
noticias24.com
ioffer.com
buysellads.com

The term Social Media refers to the use of web-based and mobile technologies to turn communication into an interactive dialogue. Andreas Kaplan and Michael Haenlein define social media as "a group of Internet-based applications that build on the ideological and technological foundations of Web 2.0, and that allow the creation and exchange of user-generated content." Social media are media for social interaction, as a superset beyond social communication. Enabled by ubiquitously accessible and scalable communication techniques, social media substantially change the way of communication between organizations, communities, as well as individuals.

-Wikipedia

WTF does that even mean? The term social media with this definition is truly focused on media - how we are communicated to and are suddenly empowered to communicate back to the powers which use the media.

I was recently introduced to Amartya Sen's Liberal Paradox and found it quite interesting. The Wikipedia page does an ok job explaining it, I liked this article more.

Sen’s liberal paradox is meant to demonstrate that when autonomous agents act with complete freedom, it is impossible for the agents to produce an outcome that is a net improvement to everyone. While this is not to argue for government intervention, it is to say that a pareto optimal improvement and libertarianism cannot coexist. In other words, the paradox shows us that the invisible hand of the marketplace is incapable of producing net improvements in welfare for a given society.

When you think about the domain industry in the context of the liberal paradox it makes sense why everyone is so unhappy.

One thing that constantly bothers me is how we give advice to other people and how people listen to our advice. I think we are generally predisposed to give our opinions and advice to others; whether it be for our own ego, genuine desire to help others, a social obligation or whatever else may drive us. The underlying reason is somewhat irrelevant to the point of this post.

The thing that bothers me most is when people give unqualified advice, which could vary from simply time wasting to harmful in terms of content.

I receive a few advertising offers on my websites every month and most simply want to buy a banner/link for whatever reason - traffic, sales, branding, seo, etc. Honestly I don't care about their intention as long as it doesn't ruin my user experience.

The worst offers are people trying to get me to signup for their affiliate program.

Here is an example:

Hi,

I am Harish from Allo.com; we develop cost-effective next generation high quality VOIP products, such as Digital Telephony Cards, PBX Systems, Next Generation IP Phones and Analog Telephone Adapters…

We are interested in advertising our products on [my site redacted].

Please let me know who I should talk to.

Regards,

What's wrong with this offer?

It's deceitful.

This looks like a normal advertising request to buy a banner/link. It's not. How do I know it's an affiliate offer?

Seriously? Now my downloaded software is going to spew ads at me and provide a crappier product?

Thank god for Libre Office.

This is a warning to at least one major domain company. I will be naming names Monday (April 25th) unless it gets fixed. This type of behavior puts customer information at risk and has been hacked before.

YOUR PASSWORDS AREN'T SECURELY STORED

They store passwords in plaintext or a system where they can get back to plaintext (which for all intents and purposes are the same).

What does that mean? It means instead of data being stored in the following format:

accountName | 5f4dcc3b5aa765d61d8327deb882cf99

It gets stored like this:

accountName | password

How do I know if my password is securely stored (as a customer)?

There is no way to tell for sure it isn't stored as plaintext. However, the most common giveaway is trying the password recovery system. If they email you your original password, they are storing it in plaintext. If they force you to generate a new password, they most likely are storing it in a hashed form and have to generate a new hash on your new password because neither of you knows your old password.

Why does this matter?

If they were ever broken into, your passwords are exposed and the attacker can simply read them. If they are encrypted, the attacker would have to decrypt them first, which takes an incredible amount of time (assuming they use Salt). Thus making it exceptionally difficult if not practically impossible to do anything with a hashed password.

Huh? what? I am lost...
Ok, here is a simple explanation of how logins work:

User visits website.

User types in account and password.

In a PLAINTEXT system, the computer matches user entered account:password combo with an account:password combo in a user database.

In an encrypted (secure) system, the computer hashes the password using an algorithm (such as MD5) to produce a hash ('password' after md5 encrypt becomes '5f4dcc3b5aa765d61d8327deb882cf99'). The computer then matches the hash to a stored hash in the database, if the hashes match, it is the correct password. Only your password will generate the same hash, but nobody with access to the database will ever know what your password is because it's stored as a hash.

UPDATE: I am not going to recommend MD5 after further reading, there are apparently stronger algorithms such as bcrypt and SHA-2 which will keep passwords more secure than MD5.

If you have any questions - as a company or as a customer - feel free to contact me and ask.

I published a post listing 24,000 available brandable domain names that anyone could register a couple days ago.

It was far more successful than I ever imagined receiving over 17,000 page views. Ranking 3rd on HackerNews frontpage and 2nd in a major subreddit with over 30,000 subscribers.

I wanted to go through the entire setup of the article, the marketing, the goals, the traffic, the results and conclusion.