Oh man. The infinite loops of impossible verification by large companies that should know better are massive pain peeve of mine.
This goes right to the top for me, along the ubiquitous "please verify your account" emails with NO OPTION to click "that's NOT me, somebody misused my email". Either people who do this for a living have no clue how to do their job, or, depressingly more likely, their goals are just completely misaligned to mine as a consumer and it's all about "removing friction" (for them).
show comments
iamnothere
The registrar relying on Google Safe Browsing as a “trigger” for suspension is the most horrifying thing I’ve seen in a while. This basically makes the entire TLD unviable for serious use.
show comments
merek
The TLD owner in this case was Radix, which also owns
> The domain ... has been suspended due to its blacklisting on Google Safe Browsing
Et voilà ... ! this is precisely the slippery slope I warned about a decade ago. The indirect censorship becomes direct censorship, defeating all the arguments about the morality of such a list. And:
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
Yet more monopolistic power to Google.
show comments
sbinnee
The product[1] looks super cool! I can immediately think of my use case, though not for gamin. I am using LibreChat to call LLMs, installed on my home server. But when I open a webtab, it has all these browser tabs I don't want to see. I am sure there are many cases where this product can shine.
I wonder if Radix has unknowingly created a negative feedback loop here. From Google's perspective, the DNS records disappear shortly after being flagged by Safe Browsing, which their heuristics may interpret as scammy behavior.
greatgib
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
That should be enough to trigger an antitrust case against Google and a split of its activities. When despite unrelated, it becomes the gatekeeper of your presence in internet.
bjt
It's not about the .online TLD being "weird". The problem is that it was free. That's going to attract a swarm of fraudsters, spammers, etc, and then turn into a strong "this is probably fraud" signal in all kinds of fraud scoring systems.
There are lots of domains out there other than .com that are just fine.
show comments
petterroea
Side note: My empirical experience is that vanity domains are disliked by some enterprise security systems. I have a friend who owns a .homes domain which ended up being blocked by quad9 as well as the enterprise security system of a friend's work for ~half a year. The block cleared by itself.
I had the same experience while buying another TLD. For ~1 month, certain people whose ISP "helpfully" had "safe browsing" features, simply blocked us outright. For being new and different.
The learning for me was that new domains are no longer trusted, and seemingly some vanity domains get even more strict treatment.
show comments
yanis_t
I still remember how Google banned my entire account without providing a reason for a small Android app (more than 12 years ago). To this day I have no idea why, it was absolutely green-area fit tracker or something. There was absolutely no way to know the reason or unblock my account. Turned me away from Android development forever.
We struggled a lot when we opted for the .online domain for https://pinggy.io urls
pil0u
One conclusion is:
> Not adding the domain to Google Search Console immediately.
I don't understand. What is Google Search Console, and should I add all my domains there right now?
show comments
peanut-walrus
It sucks so much that there is no standard way of linking additional domains to your main one and inheriting the reputation.
Want to set up a new domain for whatever purposes (conference, new product, etc)? Be prepared to spend the first half a year fighting the various blacklists before people can actually reliably connect.
Would make so much sense if you could just have a .well-known/other-domains.txt (or something something DNS) with a list of domain names that should be considered just as trustworthy as your main domain.
It's not even about .online or other weird TLDs, it's just that the domain is new and therefore "not trustworthy". Even worse if you need to use your existing branding on the new domain - instantly flagged as a phishing site everywhere.
mustaphah
Worth noting: emails from .online domain (and many other TLDs [1]) are also way more likely to end up in the spam folder.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
I'm not particularly familiar with SEO or the massive black box that is Google Search - is this really as critical as the author makes it seem? I have both .lol and .party domains, both through porkbun (and the TLDs seem to be administrated by Uniregistry and Famous Four Media, respectively), and both are able to be found on Google Search. It seems like this preemtive blacklisting would be the result of some heuristics on Google's end; is .online just one of the "cursed" TLDs like .tk?
show comments
__MatrixMan__
We need to rethink the web so that fewer third parties are involved in things that seem on the surface to be an A-B conversation. To say nothing of the trustworthiness of those parties, having them involved at all is needlessly brittle.
chrishacken
Google loves doing stuff like this. At my last company, before we sold it, I had to reverify our Google Business page about once a week because it would constantly just remove the verification for seemingly no reason.
zadikian
But was this because it's .online? I got one and it was fine.
The only issue was the usual trap with all Namecheap domains: They tell you it's all set, and it works, until they randomly email you a week later asking for email verification. If you don't do that promptly, they suspend your domain until you trigger a resend. Which is easy to fix but also strange.
show comments
eappleby
Unfortunate story. It wasn't clear to me that the .online TLD led to Google blacklisting the site. Why did you think that was connected?
show comments
trklausss
Does anyone know which platform this webpage uses? I like the aesthetics and functionality :)
palad1n
Are there any other TLDs that are of this ilk or are we saying nothing but .com will ever do? Or .org, perhaps?
show comments
anonzzzies
So never buy tlds managed by Radix then ; what a crazy thing to kill domains that are blacklisted by Google AI...
trey-jones
I'm sorry that the author got bitten by this. But .com purism is funny to me. I only buy GTLDs for personal projects, and I've never had a problem before. But then, I've never bought .online.
blenderob
Why was the domain blacklisted though? What can we do to prevent blacklisting in the first place?
show comments
shaky-carrousel
Morale of the story: never ever use a registry that bases its decisions on Google Safe Browsing. Radix in this case. A very modern looking website for a really caveman support.
show comments
nelsonic
The first mistake anyone makes is thinking they are “buying” anything with a domain. You’re renting it. And the company you are renting from can arbitrarily push up the price above inflation. NameCheap is good for the basics. But a .site or .online domain is a no-go beyond an MVP/test.
MattSayar
Took me a minute to realize Sid isn't associated with 0xide.computer. Clever domain name!
Getting Google to index my personal site has been a pain. Every other search engine works fine, but ever since I switched the images on my site to .webp (a format created by Google!), my site's content just doesn't get indexed anymore. I've given up since web search traffic matters less and less these days with LLMs, and it only really bothers me when I'm trying to search for my own articles.
show comments
bhartzer
Are you 100 percent certain that the domain name wasn't registered before and then got on the blacklist because of prior misuse?
It's quite possible that the domain you chose was registered previously and dropped because the previous owner misused it and burned that domain. The .ONLINE extension has been around for several years now.
show comments
agentifysh
Does anybody know any good alternative to Name Cheap? It seems like they keep raising prices on all the domains. Website is very sluggish, especially for finding domains quickly.
show comments
siliconunit
tried to roll my own email server on a .xyz domain...basically a big no go, couple of emails went through, then nothing, just a black hole. Thanks corpos and the safety theatre.
show comments
thayne
Google should really be seeing some anti-trust action for requiring you to create an account with them on their search console in order to contest being added to a blacklist used by all the major browsers.
atleastoptimal
Domains are signaling. If you have a .online domain you are signaling you can't afford the equivalent .com domain. All the TLD annoyance is a consequence of the lack of status pressure ameliorating the experience of those domain holders (in the same way you never see public health crises in rich neighborhoods)
A great reminder even if you aren't a Google customer, Google's love of banning people with no notice or recourse will still screw you over.
show comments
Tepix
I blame both the registry and Google.
If you were a lawyer, you could have fun with this.
Btw, perhaps unrelatedly, we had a domain marked as unsafe by Google as well for no particular reason.
basilikum
This sounds like something ICANN should prevent. Is this not against ICANN rules? These fuckers ban emoji domains, maybe they should ban registries from arbitrarily stealing domains with no recourse. Maybe write to them and see if they can move something.
defraudbah
never buy anything than com domain
especially country level domains, they are not regulated and your register can ignore whatever requirements they have to fullfil
lasgawe
also I don't recommend using a .xyz domain for email sending. These domains are often marked as spam, and some email providers don’t support them.
CodeCompost
Last year, my registrar wanted €64,99 to extend an online domain which I had created for fun.
No thanks.
show comments
drcongo
Google have way too much power to mess people's lives up. Especially for an organisation with basically zero customer support.
bradgessler
I got og.plus that expands to OpenGraphPlus.com.
At first I was stoked to have a two letter domain, but then I looked into it and learned these companies will get you hooked with a low initial price, then jack up the prices as the domain becomes established.
Quite the grift. My plan is to tread lightly on that domain and be ready to back away from it when the rent seekers move in.
You’d think there would be some sort of rules to the neutrality of these TLD administrators, but nope.
The second time around I wised up and go ogplus.net for an API domain instead of ogplus.media. I’ll take neutrality over vanity any day.
jarek83
So this happened only because google is so big, that it can point to any website and say that it's not safe. Even if owner of a site just don't want to be in their search engine in the first place.
How on earth we ended up with this company bother anyone including those that want their services? Imagine that you could get your driving license banned because you did not buy a toyota...
account42
> Update: Within 40 minutes of posting this on HN, the site has been removed from Google's Safe Search blacklist. Thank you, unknown Google hero! I've emailed Radix to remove the darn serverHold.
I wouldn't party too soon - from my experience getting something removed from Google's libel machine doesn't mean the same process that put it there in the first place is fixed and it you will most likely go through the same thing again and again.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
This is just another way how Google has inserted themselves as the gatekeeper of the web.
fortran77
Never use a “free” domain is a better rule. Even if there were no technical or administrative issues, nobody trusts them.
show comments
OutOfHere
The logic doesn't automatically extend to other TLDs unless they too are owned by the same firm. Alternative TLDs are often preferable because they're so much cheaper than wasting money on a .com, etc.
show comments
dzonga
why not just buy a .co.xx (country) or simply .com / .net
and if hectic maybe .io
tamimio
.com is definitely the gold standard, I got an .io more than a decade ago and if I would go back in time, I would just use .com, the pricing for .io been increasing for no apparent reason.
show comments
ranger_danger
One time I bought a .dev domain, which is/was run by Google, and after missing the renewal deadline by less than 24 hours, the renewal price jumped from less than $30, to $800.
show comments
dangus
I don’t know that the advice is solid in terms of never buying an alternate TLD.
show comments
cmsp12
honestly all of these weird tld are expensive in the long term i dont see the point of getting them
metalliqaz
Top of HN. Well, I guess you could say that Radix's strategy to give away domains backfired spectacularly.
elAhmo
Another case of Google extorting users and showing mafia-like behaviour.
mystraline
So, how is this not libel by Google? The claim was that you were running an "unsafe site". Its their job to prove that, and not just "black box says so".
And you have system and reputational damages.
Go for small claims suit, $5000. It'll cost more than that for their attorney to go to your jurisdiction.
show comments
tucnak
The .com purist advice is sound but you're not getting four-letter domain names that way, and in some ccTLD zones you can still.
I was price-gouged out of owning a single, rare .icu domain when renewal fee for it went from 20 usd to 220 usd overnight, just for this one domain... I'm pretty sure it's not Gandi, but the TLD opetator, because other .icu domains I've had were fine. I decided to eventually abandon them all anyway. Moved away from Gandi later when they started doing gouging of their own, too.
What is HN's opinion on Dynadot?
show comments
squeefers
sorry but you cant have a domain if google ban it? how does this work?
icase
“never buy a non-.(com|net|org) domain”
ftfy
show comments
soco
Enshittification at its peak (or is it at its peak already?)
show comments
twapi
OP shouldn't blame .online registry operator Radix.
show comments
nickweb
Hot Take: the proactive action of the registrar here is probably more beneficial than the number of false positives captured. If the registrar is aware that Google is hot on blocking potentially harmful sites, it's right that they take action expeditiously.
The bigger problem is the unbanning - for which there should be a better system, probably that should take the form of the registrar having a short grace period to aid in the Google stuff (DNS verification etc.) with additional checks by the registrar to make sure it's not being used for spam/malicious content.
The other point being why was Google banning you so quickly? This is the opaque part. Was the site reported? Was there some URL hijinks? That's the thing you'll probably never find out.
Oh man. The infinite loops of impossible verification by large companies that should know better are massive pain peeve of mine.
This goes right to the top for me, along the ubiquitous "please verify your account" emails with NO OPTION to click "that's NOT me, somebody misused my email". Either people who do this for a living have no clue how to do their job, or, depressingly more likely, their goals are just completely misaligned to mine as a consumer and it's all about "removing friction" (for them).
The registrar relying on Google Safe Browsing as a “trigger” for suspension is the most horrifying thing I’ve seen in a while. This basically makes the entire TLD unviable for serious use.
The TLD owner in this case was Radix, which also owns
.store .online .tech .site .fun .pw .host .press .space .uno .website
https://radix.website/
> The domain ... has been suspended due to its blacklisting on Google Safe Browsing
Et voilà ... ! this is precisely the slippery slope I warned about a decade ago. The indirect censorship becomes direct censorship, defeating all the arguments about the morality of such a list. And:
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
Yet more monopolistic power to Google.
The product[1] looks super cool! I can immediately think of my use case, though not for gamin. I am using LibreChat to call LLMs, installed on my home server. But when I open a webtab, it has all these browser tabs I don't want to see. I am sure there are many cases where this product can shine.
[1] https://getwisp.online/
I wonder if Radix has unknowingly created a negative feedback loop here. From Google's perspective, the DNS records disappear shortly after being flagged by Safe Browsing, which their heuristics may interpret as scammy behavior.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
That should be enough to trigger an antitrust case against Google and a split of its activities. When despite unrelated, it becomes the gatekeeper of your presence in internet.
It's not about the .online TLD being "weird". The problem is that it was free. That's going to attract a swarm of fraudsters, spammers, etc, and then turn into a strong "this is probably fraud" signal in all kinds of fraud scoring systems.
There are lots of domains out there other than .com that are just fine.
Side note: My empirical experience is that vanity domains are disliked by some enterprise security systems. I have a friend who owns a .homes domain which ended up being blocked by quad9 as well as the enterprise security system of a friend's work for ~half a year. The block cleared by itself.
I had the same experience while buying another TLD. For ~1 month, certain people whose ISP "helpfully" had "safe browsing" features, simply blocked us outright. For being new and different.
The learning for me was that new domains are no longer trusted, and seemingly some vanity domains get even more strict treatment.
I still remember how Google banned my entire account without providing a reason for a small Android app (more than 12 years ago). To this day I have no idea why, it was absolutely green-area fit tracker or something. There was absolutely no way to know the reason or unblock my account. Turned me away from Android development forever.
We posted this warning on HN before: https://news.ycombinator.com/item?id=40195410
We struggled a lot when we opted for the .online domain for https://pinggy.io urls
One conclusion is:
> Not adding the domain to Google Search Console immediately.
I don't understand. What is Google Search Console, and should I add all my domains there right now?
It sucks so much that there is no standard way of linking additional domains to your main one and inheriting the reputation.
Want to set up a new domain for whatever purposes (conference, new product, etc)? Be prepared to spend the first half a year fighting the various blacklists before people can actually reliably connect.
Would make so much sense if you could just have a .well-known/other-domains.txt (or something something DNS) with a list of domain names that should be considered just as trustworthy as your main domain.
It's not even about .online or other weird TLDs, it's just that the domain is new and therefore "not trustworthy". Even worse if you need to use your existing branding on the new domain - instantly flagged as a phishing site everywhere.
Worth noting: emails from .online domain (and many other TLDs [1]) are also way more likely to end up in the spam folder.
https://www.spamhaus.org/reputation-statistics/gtlds/malware...
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
I'm not particularly familiar with SEO or the massive black box that is Google Search - is this really as critical as the author makes it seem? I have both .lol and .party domains, both through porkbun (and the TLDs seem to be administrated by Uniregistry and Famous Four Media, respectively), and both are able to be found on Google Search. It seems like this preemtive blacklisting would be the result of some heuristics on Google's end; is .online just one of the "cursed" TLDs like .tk?
We need to rethink the web so that fewer third parties are involved in things that seem on the surface to be an A-B conversation. To say nothing of the trustworthiness of those parties, having them involved at all is needlessly brittle.
Google loves doing stuff like this. At my last company, before we sold it, I had to reverify our Google Business page about once a week because it would constantly just remove the verification for seemingly no reason.
But was this because it's .online? I got one and it was fine.
The only issue was the usual trap with all Namecheap domains: They tell you it's all set, and it works, until they randomly email you a week later asking for email verification. If you don't do that promptly, they suspend your domain until you trigger a resend. Which is easy to fix but also strange.
Unfortunate story. It wasn't clear to me that the .online TLD led to Google blacklisting the site. Why did you think that was connected?
Does anyone know which platform this webpage uses? I like the aesthetics and functionality :)
Are there any other TLDs that are of this ilk or are we saying nothing but .com will ever do? Or .org, perhaps?
So never buy tlds managed by Radix then ; what a crazy thing to kill domains that are blacklisted by Google AI...
I'm sorry that the author got bitten by this. But .com purism is funny to me. I only buy GTLDs for personal projects, and I've never had a problem before. But then, I've never bought .online.
Why was the domain blacklisted though? What can we do to prevent blacklisting in the first place?
Morale of the story: never ever use a registry that bases its decisions on Google Safe Browsing. Radix in this case. A very modern looking website for a really caveman support.
The first mistake anyone makes is thinking they are “buying” anything with a domain. You’re renting it. And the company you are renting from can arbitrarily push up the price above inflation. NameCheap is good for the basics. But a .site or .online domain is a no-go beyond an MVP/test.
Took me a minute to realize Sid isn't associated with 0xide.computer. Clever domain name!
Getting Google to index my personal site has been a pain. Every other search engine works fine, but ever since I switched the images on my site to .webp (a format created by Google!), my site's content just doesn't get indexed anymore. I've given up since web search traffic matters less and less these days with LLMs, and it only really bothers me when I'm trying to search for my own articles.
Are you 100 percent certain that the domain name wasn't registered before and then got on the blacklist because of prior misuse?
It's quite possible that the domain you chose was registered previously and dropped because the previous owner misused it and burned that domain. The .ONLINE extension has been around for several years now.
Does anybody know any good alternative to Name Cheap? It seems like they keep raising prices on all the domains. Website is very sluggish, especially for finding domains quickly.
tried to roll my own email server on a .xyz domain...basically a big no go, couple of emails went through, then nothing, just a black hole. Thanks corpos and the safety theatre.
Google should really be seeing some anti-trust action for requiring you to create an account with them on their search console in order to contest being added to a blacklist used by all the major browsers.
Domains are signaling. If you have a .online domain you are signaling you can't afford the equivalent .com domain. All the TLD annoyance is a consequence of the lack of status pressure ameliorating the experience of those domain holders (in the same way you never see public health crises in rich neighborhoods)
A list of all registered (3,231,464 domain so far) .online domains is here: https://allzonefiles.io/zone/online
On a side note, thanks for wisp. I was looking for something like it so I could use it to quickly test the web builds of my tauri mobile app.
This is one of the pains of centralization. And honestly, it could happen with any TLD.
So Google can single-handedly break any domain? Sounds like total control of the Web.
Having .online already 5 years. No problems with email or website. Don’t understand that blog post. More problems can be with .xyz
https://www.icann.org/compliance/complaint
A great reminder even if you aren't a Google customer, Google's love of banning people with no notice or recourse will still screw you over.
I blame both the registry and Google.
If you were a lawyer, you could have fun with this.
Btw, perhaps unrelatedly, we had a domain marked as unsafe by Google as well for no particular reason.
This sounds like something ICANN should prevent. Is this not against ICANN rules? These fuckers ban emoji domains, maybe they should ban registries from arbitrarily stealing domains with no recourse. Maybe write to them and see if they can move something.
never buy anything than com domain
especially country level domains, they are not regulated and your register can ignore whatever requirements they have to fullfil
also I don't recommend using a .xyz domain for email sending. These domains are often marked as spam, and some email providers don’t support them.
Last year, my registrar wanted €64,99 to extend an online domain which I had created for fun.
No thanks.
Google have way too much power to mess people's lives up. Especially for an organisation with basically zero customer support.
I got og.plus that expands to OpenGraphPlus.com.
At first I was stoked to have a two letter domain, but then I looked into it and learned these companies will get you hooked with a low initial price, then jack up the prices as the domain becomes established.
Quite the grift. My plan is to tread lightly on that domain and be ready to back away from it when the rent seekers move in.
You’d think there would be some sort of rules to the neutrality of these TLD administrators, but nope.
The second time around I wised up and go ogplus.net for an API domain instead of ogplus.media. I’ll take neutrality over vanity any day.
So this happened only because google is so big, that it can point to any website and say that it's not safe. Even if owner of a site just don't want to be in their search engine in the first place.
How on earth we ended up with this company bother anyone including those that want their services? Imagine that you could get your driving license banned because you did not buy a toyota...
> Update: Within 40 minutes of posting this on HN, the site has been removed from Google's Safe Search blacklist. Thank you, unknown Google hero! I've emailed Radix to remove the darn serverHold.
I wouldn't party too soon - from my experience getting something removed from Google's libel machine doesn't mean the same process that put it there in the first place is fixed and it you will most likely go through the same thing again and again.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
This is just another way how Google has inserted themselves as the gatekeeper of the web.
Never use a “free” domain is a better rule. Even if there were no technical or administrative issues, nobody trusts them.
The logic doesn't automatically extend to other TLDs unless they too are owned by the same firm. Alternative TLDs are often preferable because they're so much cheaper than wasting money on a .com, etc.
why not just buy a .co.xx (country) or simply .com / .net
and if hectic maybe .io
.com is definitely the gold standard, I got an .io more than a decade ago and if I would go back in time, I would just use .com, the pricing for .io been increasing for no apparent reason.
One time I bought a .dev domain, which is/was run by Google, and after missing the renewal deadline by less than 24 hours, the renewal price jumped from less than $30, to $800.
I don’t know that the advice is solid in terms of never buying an alternate TLD.
honestly all of these weird tld are expensive in the long term i dont see the point of getting them
Top of HN. Well, I guess you could say that Radix's strategy to give away domains backfired spectacularly.
Another case of Google extorting users and showing mafia-like behaviour.
So, how is this not libel by Google? The claim was that you were running an "unsafe site". Its their job to prove that, and not just "black box says so".
And you have system and reputational damages.
Go for small claims suit, $5000. It'll cost more than that for their attorney to go to your jurisdiction.
The .com purist advice is sound but you're not getting four-letter domain names that way, and in some ccTLD zones you can still.
I was price-gouged out of owning a single, rare .icu domain when renewal fee for it went from 20 usd to 220 usd overnight, just for this one domain... I'm pretty sure it's not Gandi, but the TLD opetator, because other .icu domains I've had were fine. I decided to eventually abandon them all anyway. Moved away from Gandi later when they started doing gouging of their own, too.
What is HN's opinion on Dynadot?
sorry but you cant have a domain if google ban it? how does this work?
“never buy a non-.(com|net|org) domain”
ftfy
Enshittification at its peak (or is it at its peak already?)
OP shouldn't blame .online registry operator Radix.
Hot Take: the proactive action of the registrar here is probably more beneficial than the number of false positives captured. If the registrar is aware that Google is hot on blocking potentially harmful sites, it's right that they take action expeditiously.
The bigger problem is the unbanning - for which there should be a better system, probably that should take the form of the registrar having a short grace period to aid in the Google stuff (DNS verification etc.) with additional checks by the registrar to make sure it's not being used for spam/malicious content.
The other point being why was Google banning you so quickly? This is the opaque part. Was the site reported? Was there some URL hijinks? That's the thing you'll probably never find out.