For the past ten years, I’ve worked with domain registrars in my quest to discover a foolproof solution; I’ve been a cybersecurity specialist and super enthusiastic about the Blackhat world since 2013. Over the years, I have seen how people’s privacy and secrecy get compromised due to monitoring and surveillance by various governments and other regulatory authorities.
I totally don’t like any kind of monitoring or surveillance because the internet is a free world and it should remain the same, always.
I am an excellent specialist in protecting domains from attacks by copyright holders and dishonest competitors that submitted tons of false abuse reports against my domain portfolio. I have eaten a lot of crap, understand the market like no one else and don’t give a shit to how powerful governments and authorities try to control our freedom.
Everyone should have the option to remain anonymous online, and I couldn’t agree more with the fact that privacy is a cornerstone of a democratic society. Since I could not locate a domain registrar that met my project requirements, more specifically, to stay anonymous while using the internet I felt obliged to write this comprehensive article.
Here, I’ve chosen to share some important findings and recount my experiences over the last ten years. From what I can discern, the idea of a completely bulletproof domain registrar is nothing more than a myth. Still, there are domain registrars that are 50% proof, 90%-proof, and 99.99%-proof against allegations of abuse, even from a Blackhat competitor.
Disclaimer: It is immoral and against the law to use a domain name for fraudulent activities, phishing, or any other type of harmful activity.
Therefore, be lawful in your usage and adhere to all restrictions.
Shedding lights on the domain name market
First, we will have a look at the domain name market. There will be 350 million domain names registered worldwide in 2024. About 42,000 new domains are added every week across the globe. The top-level domain (TLD) has always been .com which is the most popular in domain history; as of 2023, 51.6% of all websites were using it.
The domain name market in the United States is expected to reach 131.8 million domain names registered by 2022. China, the world’s second-largest economy, is expected to reach a projected market size of 129.4 Million Domain Names Registered by 2030, with a CAGR of 12% from 2022 to 2030. Other notable geographic markets include Japan and Canada, which are expected to increase at 2.5% and 5.5%, respectively, between 2022 and 2030.
Here’s some basic info for those who are relatively new in the bulletproof domain niche. Usually, all domain name registrations are regulated by the US-based ICANN (Internet Corporation for Assigned Names and Numbers) which is responsible for coordinating and overseeing the global Domain Name System (DNS).
The DNS includes both top-level domains (TLDs) and country-code top-level domains (ccTLDs).
Top-Level Domains (TLDs): In the DNS hierarchy, a top-level domain (TLD) represents the first stop after the root zone. In simpler terms, a TLD is everything that follows the final dot of a domain name. For example, in the domain name ‘google.com’, ‘.com’ is the TLD. Some other popular TLDs include ‘.org’, ‘.uk’, and ‘.edu’.
TLDs play an important role in the DNS lookup process. For all uncached requests, when a user enters a domain name like ‘google.com’ into their browser window, the DNS resolvers start the search by communicating with the TLD server.
The Internet Corporation for Assigned Names and Numbers (ICANN) has authority over all TLDs used on the Internet, and it delegates the responsibility of these TLDs to various organizations. For example, a U.S. company called VeriSign operates all ‘.com’ and ‘.net’ TLDs.
Another purpose of TLDs is to help classify and communicate the purpose of domain names. Every TLD will tell you something about the domain that precedes it; let’s look at some examples:
’.com’ is intended for commercial businesses. ’.gov’ is for government entities. ’.uk’ is for domains from the United Kingdom .au’ is for domains from Australia
These are some other generic domains such as .org, .net, .info, .edu, and newer ones like .app, .blog, etc. Here the best option is .org (.org is not very safe but is better than using .com or .net) ThePirateBay is still online with .org domain.
Unless your content is very aggressive or highly forbidden you should go with a Chinese Domain registrar for .com domain (but not for .cn)
Country Code Top-Level Domains (ccTLDs): Country code top-level domains (ccTLDs) are used to indicate the site’s relation to a specific country or region and are therefore referred to as country code TLDs.
Every country code top-level domain you’ll come across will be formed of two letters. The first letter used is always the first letter of the country’s name, but the second letter is selected randomly so as not to clash with any current ccTLDs. These letters are assigned to a country through the use of the 1974 ISO-3166 standard and use the native name of a country. For example, Germany’s ccTLD is .de for Deutschland instead of .ge relating to Germany.
Generally, ccTLD domains would be far better than TLDs such as .com and .net in terms of repelling attacks on your domain. However, the US decided to give itself and other countries the power to take over domains that contain content that isn’t to their taste.
Always remember that nothing is 100% safe. But no matter what, stay away from registrars in Europe and other western countries with up-to-date court systems. It is easy for anyone to ask a European court, like a Dutch court, to block or suspend your .nl domain. In places like Palestine, Yemen, China, and others, it’s not always that easy. Some European countries, like Iceland, Estonia, and Sweden, still have strong and active advocates and agencies that fight piracy.
If you are seeking a reliable alternative domain registrar situated in a truly sovereign nation, I highly recommend considering Vietnam, Russia, and China. You have the option to utilize pseudonyms and anonymous cryptocurrency payments for purchasing ccTLD domains such as .su, .ru, .cr, .co, .is, .co, .sc, .li, and .se.
Here the best options are .CO (Colombia) .NU (particularly popular in Sweden, Denmark, and the Benelux region, as nu is the word for “now” in their languages), .SO (Somalia), .cr (Costa Rica), .ru (Russia), .su (Soviet Union), .is (Iceland), .co (Colombia), .sc (Seychelles), .li (Liechtenstein) and .vn r (Vietnam). Chinese .cn domains are also safer but in order to grab a Chinese ccTLDs domain .cn you need a physical presence in China.
Domain with .to (the Kingdom of Tonga) is not secure anymore. ACE (The Alliance for Creativity and Entertainment) has more possibilities to take it down. It is still difficult but not out of reach like it was before.
Based on my experience, .vn (Vietnam), .se (Sweden) are pretty good sanction-proof solutions while .CO, .SU. RU are definitely the best options.
According to the legislation of the Russian Federation, the Registrar does not have the right to independently apply sanctions to a domain name based on claims of third parties. For example, reg.ru as an accredited Registrar, takes action against the domain administrator based on an effective court decision from Russia or an official request from an organization authorized by the National Internet Domain Coordination Center which is located in Russia.
Reg.RuSimilarly, Sweden is a well-known country due to its great internet, decent political climate for privacy and for historical reasons. Although Sweden is a part of 14 Eyes Alliance countries, The Swedish Internet Foundation allows the registration of .se and .nu domains to individuals or entities with no physical presence in Sweden or any tangible connection to the country. Because .se and .nu-domains do not go under ICANN accreditation and the ICANN does not control it.
However, Sweden is also known for its strong stance against domain abuses due to its robust legal framework and proactive approach to Internet governance. The country has strict laws against illegal online activities, such as copyright infringement and cybercrime.
Consequently, domains registered in Sweden are closely monitored and subject to action if involved in illegal activities, making Sweden a less favorable jurisdiction for those seeking to avoid legal scrutiny for their online operations. .se domains can only be taken down by a Swedish court decision because the Swedish Internet Foundation does not accept court orders/decisions from a different country other than Sweden.
Swedish FoundationMake sure the registrar is not based in the USA and also make sure the server IP is not located in the USA and then you are pretty much safe. For example, tonic.to is a Tonga registrar BUT it’s located and based in the USA so they can easily take it down.
So if you want to move fully away from the U.S. then grab any cctld, like .RU, .SU or .CO. FYI: .CO requires a court order from Colombia too.
What are 5, 9 and 14 Eyes Alliance?
The Five Eyes, Nine Eyes, and Fourteen Eyes are global government surveillance and information-sharing alliances. These alliances center around monitoring and sharing data, often about their citizens, for national security and law enforcement. Initially, only five countries worked together to coordinate intelligence efforts against the Soviet Union. These are USA, UK, Canada, Australia and New Zealand.
With time, the 5 Eyes Alliance expanded to include other countries. Now, there are three main alliances with differing levels of information sharing.
The Nine Eyes alliance comprises members of the Five Eyes along with Denmark, France, the Netherlands, and Norway. These countries were included to broaden the scope of intelligence sharing and bolster the collective surveillance capabilities.
The Fourteen Eyes Alliance includes all the Nine Eyes countries plus Germany, Belgium, Italy, Spain, and Sweden.
The Eyes Alliances were initially focused on monitoring traditional forms of communication and signal information, such as telephone conversations and text messages. However, the 2013 leaks of sensitive documents on the Five Eyes’ surveillance practices by Edward Snowden revealed that the scope of surveillance was much wider.
Being a cybersecurity expert, I don’t like these nuances and want a surveillance-free internet. And just like me, you would also want to bypass all the alliances. Considering the fact, a bulletproof domain registrar would be the ultimate solution.
Njalla is one such platform that is considered the world’s most notorious “Privacy as a Service” provider for domains. As a bulletproof domain registrar, they want to keep users’ privacy at the forefront. Initially, the platform was very popular among Blackhat enthusiasts.
However, recently I have observed that they have many issues while offering services to the users. I have pointed out the problems below so you can think twice before signing up for the platform.
Problem with Njalla
A domain name registration service called Njalla is renowned for emphasizing anonymity and privacy. Peter Sunde, a former spokesperson and co-founder of The Pirate Bay, a BitTorrent search engine that is currently not under his control, founded it.
In contrast to conventional domain registrars, Njalla buys the domain from Tucows registrar on behalf of its clients and takes over as the official registrant, allowing the real users to keep control and use of the domain.
Njalla Rating on TrustPilotThe configuration, according to the home page, offers an extra degree of anonymity because personal information about the user is not directly linked to the domain registration in publicly accessible databases such as WHOIS.
Njal.la is a privacy-aware domain service that accepts crypto payments for the registration of a domain, buys it for the client, and then lets them have full control of it. So, it works like an in-betweener needed for the operator of a website to remain anonymous.
Njalla is not a registrar; rather, they are a middleman who takes the heat for you, which may be a suitable option if you simply want a DMCA-friendly register. However, I never read a single favorable experience with njal.la.
Every day, there are several complaints on the internet regarding Njalla deleting, suspending, or even confiscating users’ domains, leaving them with no access to their own asset. Imagine the pain of a person who spent $3,000 on a domain (buying domains and investing in site SEO) and it was apparently taken down.
One of my close friends used Njalla plus Flokinet as off shore hosting solution. He decided to sign up for it after reading the BHW threads that they are good with anonymity and stuff. But after only 5 days his domain was taken down by Tucows (actual registrar behind Njal.la ) and Njalla obviously could not do anything about it.
STAY AWAY FROM NJA.LAAfter this sad incident, I took a closer look at Najalla and discovered that there are tons of complaints about Njalla. Some are very serious like they are stealing the domain, not answering to questions properly, having miserable customer service and so on.
A few days before my friend’s incident, I was thinking of moving my money site to Njalla but stopped after seeing all the complaints. You can find or read more details in the BHW forum threads. Or you can just have a look at their reviews on Trustpilot where Njalla rated 2.1 out of 5.
What’s wrong with Njalla. Lack of support, stealing domain names from customers, and unprofessional conduct.On top of that, Njalla’s customer service system is very unprofessional and rude. There is a language barrier as 95% of customer service representatives of Najalla are not native speakers. They don’t understand English properly and their written or verbal communications are difficult to understand.
Moreover, Njal.la has appointed teenage children who don’t have English knowledge or technical knowledge. Their responses are very limited and ironic. Even a small business with sole proprietorship would have better customer service than Njalla.
According to multiple reports over the past couple of days, pirate websites using the Njalla domain registration service have gone offline. Examples include “1337x.is”, “Flixtor.is”, “Getpopcorntime.is”, and also “stream2watch.is”, all being down right now without having published anything in relation to the outage beforehand.
Obviously, Njalla isn’t a free ticket to go host your porn, pharma, or illegal websites with them or with a domain that is owned by them. If you want to do shit expect to be deactivated soon as they still have to comply with laws too. They’re pretty lenient in some areas, but you have to use the platform carefully. If you are not sure if your website or business is illegal or not it’s better to check with them first.
I can almost guarantee that all these other aggressive and ‘not good’ reviews are the outcome of someone doing something illegal or unethical. That is why they got removed from the platform.
You do not own a domain with NjallaAlways remember, you have agreed to Njalla’s terms of services https://njal.la/tos/ and you have to follow them meticulously while using their platform. They have the right to seize your domains and ban you from their service if they don’t like what you’re doing.
Again, think wisely and act accordingly. njal.la don’t allow phishing, fraud, pharma, drugs, carding, scams and they will suspend you if they detect it.
So, because Technically Njalla is not a registrar, they only register the domain on your behalf so basically they “own” your domain and cannot deal with abuse reports directly.
Peter Sunde couldn’t even protect his own domains in 2022. ICANN refuses to accredit his own domain registrar Sarek Due to Peter’s ‘Background’ so they’re working under Tucows reseller program and Tucows being an American-Canadian publicly traded Internet service is not Bulletproof at all.
With that said, Njalla is not reliable to register your domains with. Just stay away from Njal.la as much as you can.
So, are there any other solutions and privacy-oriented registrars that can potentially serve your purposes? Luckily, the answer is yes! There are several other options with better customer service, affordable rates and efficient operations. I will talk about them in more detail in the second part of this article (coming April, 2024).