Comment by kdasme

Comment by kdasme 2 days ago

15 replies

View on Hacker News

> You probably know this already, but people should have their own domain.

Until they forget or unable to renew. And then their PII is in the hands of the person who gets the domain.

tombert 2 days ago

That happened to me, but fortunately it didn't end up being a huge deal.

I had forgotten to renew my domain from Gandi, it expired, and I stopped getting emails. I also could not find my password for Gandi, and I couldn't get the password reset to work, so I panicked, but fortunately Gandi will let you renew someone else's domain. Not a transfer, just if account A wants to pay to renew account B's domain without any change of ownership, they allowed that, so I made a quick throwaway account, and renewed everything for eight years.

Reply View 0 replies
SR2Z 2 days ago

I mean, sure, but I and probably 99% of other folks have a credit card set up to autorenew. This is a security problem, but not a very serious one.

Reply View 10 replies
  • stubish 2 days ago

    Credit cards have expiry dates, or at least they do over here. I expect my partners domain to expire 10 years after my death, as I can only pay 10 years in advance. To many people, there are more important things to worry about (and often second thoughts after the fact).

    Reply View 9 replies
    • koolba 2 days ago

      Why hasn’t anyone made a TLD with infinite expiration?

      The price should just be the present value of the annual fee cash flows.

      Reply View 8 replies
      • easygenes a day ago

        Hate to say, but might actually be a legitimate use case for blockchain here. Identity provider which is responsible for being a source of truth on aliveness tied to a smart contract for paying annual registrar fees.

        Though the traditional way would just be finding a registrar which can direct debit (e.g. CSC Global or MarkMonitor) or setting up a trust account for someone to manage it for you. Or just power of attorney plus escrowed account.

        Reply View 1 reply
        • palata 3 hours ago

          Apart from cryptocurrencies, I don't think that there are any legitimate use-cases for blockchain.

          Then the question is whether we want cryptocurrencies or not (I don't).

          Reply View 0 replies
PaulDavisThe1st 2 days ago

Taking over a domain is not particularly connected to access to PII.

You own/control the name, not the set of files on a hosting service somewhere.

Reply View 2 replies
  • squiggleblaz 2 days ago

    If you buy someone's domain name, then they'll probably have emails going to it. So you set up a catchall address and discover what accounts are related to it, then you can use the reset password functionality to get access to the accounts. In some cases, they'll have a backup gmail account - and perhaps you can guess what it is (e.g. emails come through to Paul Davis so you guess, oh, maybe they have the paul.davis google account, and reset password on that).

    Reply View 0 replies
  • mkl 2 days ago

    But if someone else gets the name, they get your email going forward, and therefore access to a lot of your accounts.

    Reply View 0 replies