(1 votes, average: 5.00 out of 5)
Loading...I’ll Be Your Guide Today
My name is Yan and I have been an active blackhatworld.com member since 2009. From clients looking for the best providers to host their ‘shady’ websites to ‘grey-area’ businesses, I have consulted for these companies and seen everything.
Over 14 years I have tested and dealt with a ton of domain registrars on a quest to find a truly bulletproof solution.
Njalla is one name that often came up in lists of ‘grey-area’ registrars who turned a blind eye to whatever their clients were doing. So I decided to check them out myself but was quickly disappointed with complaints about them deleting and stealing high-value domain names.
However, I agree with the company on one thing – privacy is an important part of democracy and we all should have the right to be anonymous. In this post, I’ll share and condense all I learned over the last 14 years of testing and searching for a domain registrar to use for my projects so you can choose right, the first time.
In the end, I’ll show you why only Trustname, the registrar I eventually made my domains’ home comes incredibly close to what I’d call a truly bulletproof domain.
The ‘Perfect Domain Registrar’ Myth
Let’s start with some myth-busting. The 100% Bulletproof domain registrar is a myth – any platform or domain name can be taken down since they all operate with certain legal jurisdictions.
However, if I were to rate domain registrars, I’d say some solutions are 50%, 90%, and even 99.99% bulletproof. And what are the ‘bullets’ or ‘attacks’ when it comes to domain registrars? It’s simple – abuse reports from hackers and black hat competitors trying to play dirty.
In 2024, the easiest way to bring down a brand is to damage its reputation online. Scammers are exploiting this by threatening brands to pay ransom amounts or become a target of mass fake abuse report attacks. Competitors, on the other hand, also send fake abuse reports to try to have competing brands de-listed.
The worst part in all of this? Most registrars don’t take the sides of their clients (webmasters) when it matters. Once they receive a few abuse reports, they’d rather suspend or delete the domain, instead of investigating whether these reports are factual.
So, as a business owner (especially if you run a ‘grey-area’ business) in today’s digital age, your number one focus when choosing a domain registrar (aside from generic performance stats) is how they handle abuse reports. Will they maintain a neutral stance and continue to provide their services or bow to the pressure and suspend your domain so they are not ‘canceled’?
Disclaimer: Using a domain name for phishing, fraud, or other unlawful acts is unethical and illegal. Consequently, you should only use your domain name for legal businesses and adhere to the rules and regulations of whatever jurisdiction you operate in.
My Stance on Internet Privacy
I have worked as a cybersecurity specialist and have been super enthusiastic about the Blackhat ecosystem for the past 15 years. During that time, I worked with domain registrars in my quest to discover a foolproof solution.
Why do domain registrars matter? Over the years, I have seen people’s privacy and secrecy get compromised by various governments and three-letter agencies monitoring and surveilling them, and holding domain registrars at the throat to give up customer information.
As a blackhat enthusiast, any kind of monitoring or surveillance by the government is taboo – the internet should be free and private for anyone and should stay that way forever.
In my time as a cybersecurity specialist and business owner myself, I picked a new skill unknowingly – protecting domains from attacks by copyright holders and dishonest competitors who submitted tons of false abuse reports against domains in my portfolio.
I have eaten a lot of crap, understand the market like no one else, and learned how to beat powerful governments and authorities trying to control our freedom, at their own game.
Everyone should have the option to remain anonymous online, and I couldn’t agree more with the fact that privacy is a cornerstone of a democratic society.
In my quest to find a domain registrar to help me stay truly anonymous while using the internet, I’ve been through it all – domain disputes, losing precious domains in my portfolio and transferring my domains every other day.
Take this piece as my ‘life’s work’ to guide you through all I had to learn the hard way over more than a decade, so you don’t have to.
Disclaimer: It is immoral and against the law to use a domain name for fraud, phishing, or any other harmful activity and this post does not encourage using your website for illegal activities.. Therefore, only use your domain name for legal activities.
Shedding Light on the Domain Name Market
First, let’s take a look at the domain name market. At the end of the first quarter of 2024, there were 362 million domain names registered worldwide across all TLDs. Right now, about 33,000 new domains are registered every day, or 231,000 new domains weekly, across the globe.
The most popular top-level domain (TLD) has always been the ‘.com’ with 51.6% of all websites being using it in 2023. However, thanks to other fast-rising TLDs like .io, .ai, and blockchain-oriented domain names, the total number of domain name registrations keeps skyrocketing.
By region, experts predict that by the end of 2024, there will be a total 131.8 million domain names registered in the US alone. And in China, the world’s second-largest economy, the market size is projected to 129.4 million domain names registered by 2030, with a CAGR of 12% from 2024 to 2030. Other notable domain markets include Japan and Canada, which are expected to grow by 2.5% and 5.5% year over year, respectively, between 2024 and 2030.
New to Domains? Here’s the Legal Side to Them
New to domain names? Here’s a quick crash course.
Most of the domain name registrations in the world are regulated by the US-based ICANN (Internet Corporation for Assigned Names and Numbers), an organization responsible for coordinating and overseeing the global Domain Name System (DNS).
The DNS has a record of all domain names with generic top-level domains (TLDs) – e.g: .com, .net, .org, .io, etc. – and country-code top-level domains (ccTLDs) – e.g: .uk, .us, .cn, etc.
What Are Top-Level Domains?
What exactly do generic top-level domains and country-code top-level domains mean?
A top-level domain (TLD) or domain extension is everything after the last dot in a domain name. For example, in the domain name ‘google.com,’ ‘.com’ is the TLD. Some other popular TLDs include ‘.org,’ ‘.uk,’ and ‘.edu.’
TLDs play an important role in the DNS lookup process. When a user is visiting a website for the first time (i.e. it is uncached), they enter the domain name e.g.: ‘google.com’ into their browser window. TheDNS resolves the search by communicating with therelevant TLD server.
How top-level domains are controlled
The Internet Corporation for Assigned Names and Numbers (ICANN) has authority over all TLDs used on the Internet, and it delegates the management of these TLDs to various organizations called domain registries or registries for short.
Different domain registries are in charge of a particular TLD and as an extension, all the domain names that use that particular TLD.
So for example, a U.S. registry called VeriSign is in charge of the ‘.com’ and ‘.net’ TLDs. Whenever you register a domain with the ‘.com’ or ‘.net’ TLD, VeriSign adds your domain to their records as well as the information of who owns the domain. Think of registries like subsidiaries of ICANN that set the policies and regulations around that particular TLD.
TLDs as a website purpose signal
Another important role TLDs play is to help the public know what the particular website’s purpose is. Let’s look at some real-life examples:
- the ‘.com’ TLD was originally intended for commercial websites, even though it has evolved into a generic TLD;
- the ‘.gov’ TLD is reserved for government entities and affiliated organizations;
- the ‘.uk’ TLD is reserved for domains and businesses targeting the United Kingdom region;
- the ‘.au’ TLD is reserved for domains targeting the Australian region.
How Top-Level Domains (TLDs) Are Classified
Top-level domains are classified into several categories, but for this piece, we’ll only be considering the top 3. What are they?
Generic top-level domains TLDs
Some of the most popular and widely used top-level domains are generic TLDs (gTLDs). Some popular gTLDs include ‘.com,’ ‘.net,’ and ‘.org.’ These comprise the largest share of the market; some other emerging gTLDs include ‘.xyz,’ ‘.io,’ etc.
Country-code TLDs
The second type of TLDs, country-code TLDs (ccTLDs) are those reserved for businesses targeting particular countries and regions. Particular registries in these regions are in charge of managing all registrations using ccTLDs. Some of the most popular ccTLDs include .us (for the United States), .uk (for the United Kingdom), and .au (for the Australian region).
Country code top-level domains (ccTLDs) indicate a website’s relation to a specific country or region and are therefore referred to as ‘country code’ TLDs. Every country code top-level domain you’ll come across consists of two letters. The first letter used always matches the first letter of the country’s name, but the second letter is selected randomly, especially when there are current ccTLDs that are similar.
These letters are assigned to a country through the use of the 1974 ISO-3166 standard or may also use the native name of the country. For example, Germany’s ccTLD is .de for Deutschland instead of .ge.
Sponsored TLDs
Sponsored TLDs (sTLDs) are used to represent particular industries or ethnicities and are instantly recognizable by people with specific interests. Some popular sTLDs include the ‘.app’, .gov, .jobs, .int, and .mil.
My Insights on TLDs
Generic top-level domains (gTLDs)
There are a ton of popular TLDs on the market today – e.g.: .org, .net, .info, .edu, and newer ones like .app, .blog, etc. While I don’t recommend the .org TLD in most scenarios, it’s still better than using the .com or .net TLDs for ‘grey-area’ websites. An excellent example of the ‘.org’ TLD’s ‘leniency’ is ThePirateBay website. Despite being a frowned-upon platform, it is still online with a .org domain.
And if you must go for a .com TLD, you should go with a Chinese Domain registrar (but not for the .cn TLD). Note, however, that you can still be at risk if your content is very aggressive or forbidden in the region.
Country-code top-level domains (ccTLDs)
ccTLDs over generic TLDs
Generally, if you run a high-risk business, you should always go for ccTLD domains whenever you can instead of the .com and .net TLDs. Why? They are usually less susceptible to attacks on your domain. However, steer clear of the .us TLD as the United States and other allied countries are notorious for taking over domains that contain content that isn’t to ‘their taste.’
Webmaster-friendly regions
While nothing is 100% safe, do yourself a favor and stay away from most domain registrars in western countries with hyperactive court systems (except Trustname, I’ll tell you why later). It is notoriously easy for just about anyone to ask a European court, like a Dutch court, to block or suspend your .nl domain.
Countries like Palestine, Yemen, Russia, China, and others are much more domain-friendly, and getting court orders in these countries is much harder. Few European countries, like Iceland, Estonia, and Sweden, still have strong and active advocates and agencies that fight piracy and webmaster-friendly regulations, so you can go for registrars in these areas.
Privacy-heavy regions for domain registrations
If you are looking for domain registrars situated in developed nations where unsolicited domain reports won’t hold water, I highly recommend Vietnam, Russia, and China. These countries are heavy on privacy and you can use pseudonyms and make cryptocurrency payments for ccTLD domains such as .co, .su, .ru, .cr, .co, .is, .sc, .li, and .se.
Particular ccTLDs I recommend
Here’s a rundown of the ccTLDs I recommend in particular:
For ‘grey area’ businesses I recommend the .CO ccTLD (Colombia), the .SE (Sweden), the .EE (Estonia), the .NU (particularly popular in Sweden, Denmark, and the Benelux region, as nu is the word for “now” in their languages), the .SO (Somalia), the .CR (Costa Rica), and the .RU ccTLD (Russia).
Continuing the list, you have my blessing to go for the .SU ccTLD (Soviet Union), the .IS (Iceland), the .SE (Sweden), the .SC (Seychelles), the .LI (Liechtenstein) and the .VN ccTLD (Vietnam).
The Chinese-controlled .CN ccTLD is also excellent but in order to grab a .CN domain, your business needs to have a physical presence in China. Domains with the .to ccTLD (the Kingdom of Tonga) used to be gold, but the ccTLD is not secure anymore. The Alliance for Creativity and Entertainment (ACE) controls the domain zone and is also notorious for taking down domains.
My very best picks?
If I had to prune down the list even further, from my experience, the .vn ccTLD (Vietnam) and the .se ccTLD (Sweden) are pretty sanction-proof while the .co, .su, and .ru TLDs are definitely the best you can choose.
Countries With Favorable Domain Privacy Climates
Russia
Russia tops my list. Why? According to regulations set by the Russian Federation, a domain registrar in the region does not have the right to independently apply sanctions to a domain name based on claims of third parties.
For example, reg.ru (a Russian-based accredited Registrar) can only take action against a domain name if they are compelled by a Russian court or if they receive an official request from an organization authorized by the National Internet Domain Coordination Center, which is located in Russia.
Sweden
Similarly, Sweden, known as one of the best tech-oriented countries in the world, is also particularly great for domain name owners, thanks to its amazing internet connectivity and policies centered around privacy.
Although Sweden is one of the 14 Eyes Alliance countries, The Swedish Internet Foundation allows the registration of .se and .nu domains to individuals or entities with no physical presence in Sweden or any tangible connection to the country. Want to hear something even better? The .se and .nu TLDs are not controlled by the ICANN and hence not subject to its regulations.
Sweden is also known for its strong stance against domain abuse with a robust legal framework to back it up, and a proactive approach to Internet governance. The country has strict laws against illegal online activities, such as copyright infringement and cybercrime.
However, Sweden’s Internet-heavy climate also means domains are closely monitored and action can be taken against them quickly if they are involved in illegal activities, making Sweden a less favorable jurisdiction for those seeking to avoid legal scrutiny for their online operations.
On the bright side, .se domains can only be taken down by a Swedish court order and the Swedish Internet Foundation turns a blind eye to court orders/decisions from any other country.
The U.S? Steer clear
If you only took one lesson away from this piece, it should be this – steer clear of domain registrars based in the USA, and also make sure that the IP address of the server hosting your website is not pointing to the USA – that’s ‘domain setup 101.’
For example, tonic.to is a Tonga registrar BUT the company is located and based in the USA so the country has the power to request private data from the registrar or take it down.
Do you already have a domain with the .us TLD or are being served by a US-based registrar and want to protect your domain name? Grab any of the ccTLDs I recommend like the .RU, .SU, .SE or .EE TLDs and register your domain. Or transfer your domain to a registrar based in any of these countries (such as Trustname for example).
FYI: The .CO TLD also requires a court order from a Colombian court before any action can be taken against a domain name.
What Are 5, 9, and 14 Eyes Alliances?
The Five Eyes (5 Eyes), Nine Eyes (9 Eyes), and Fourteen Eyes (14 Eyes) are global government surveillance and information-sharing alliances between a particular number of countries.
These alliances are centered around monitoring and sharing data, often about their citizens, for national security and law enforcement.
At the onset of these alliances, five countries came together to coordinate intelligence efforts against the Soviet Union. These were the USA, UK, Canada, Australia, and New Zealand – these countries formed the 5 Eyes Alliance.
Over time, the 5 Eyes Alliance expanded to include other countries and now, there are three main alliances based on the number of member countries and the different levels of information sharing.
The Nine Eyes Alliance (9 Eyes Alliance) comprises members of the Five Eyesalong with Denmark, France, the Netherlands, and Norway. These countries were included to broaden the scope of intelligence sharing and bolster their collective surveillance capabilities.
The Fourteen Eyes Alliance (14 Eyes Alliance) includes all the Nine Eyes countries plus Germany, Belgium, Italy, Spain, and Sweden.
What do the alliances monitor?
The Eyes Alliances were initially focused on monitoring traditional forms of communication and signal information, such as telephone conversations and text messages.
However, in 2013, whistleblower and former American NSA intelligence contractor, Edward Snowden leaked sensitive documents belonging to the Five Eyes’ surveillance, that revealed the scope of these countries’ surveillance being much wider.
As a cybersecurity expert, having alliances like these in the first place feels like an ill. The internet should be completely private and surveillance-free. Since you’re reading this, chances are you feel the same.
Possible solutions? A truly bulletproof domain registrar could be one.
Njalla – Once the Platform for Privacy
Njalla is one of the most popular names among ‘privacy-oriented’ domain registration services. Their slogan – “the world’s most notorious ‘Privacy as a Service” – says it all. When the company first launched, they were heavy on keeping users’ privacy at the forefront. As you can guess, the platform became incredibly popular among Blackhat enthusiasts like me.
Njalla was renowned for emphasizing anonymity and privacy. Peter Sunde, co-founder of The Pirate Bay – the most popular BitTorrent search engine in the world – founded Njalla, so users were confident they were in good hands used to running ‘grey area’ businesses.
But the glory days of Njalla are now in the past. The platform is now rife with many issues and customers have been complaining bitterly. Why should you think twice before signing up on Njalla? Let’s see why. But first…
What made Njalla great?
First, and most importantly, Njalla is not an actual domain registrar. When you ‘register’ a domain on Njalla, in contrast to conventional domain registrars, Njalla buys the domain from Tucows, another domain registrar, and takes ownership of the domain as the official registrant, before delegating it to you.
This model offers excellent anonymity and domain privacy because your personal information is never attached or submitted during the domain registration, and running a WHOIS lookup on the domain will never bring up your contact details.
Njalla also accepts crypto payments for domain registrations, making them a great choice for people who want to ride on the extra anonymity that comes with the blockchain.
Why Njalla Is Flawed
What made Njalla great also became the source of some of its greatest flaws.
You have no legal right over your domain
First, Njalla is not an accredited registrar; rather, they are a middleman registering the domain for you. This means incredibly more risk for you. You are never legally tied to the domain since your details are not linked to it in the first place. The results? This:
All you need is a quick search online and you’ll find dozens of complaints from Njalla customers about the company deleting, suspending, or even confiscating users’ domains, and denying them access. A ton of these complaints came from customers who claimed to have spent thousands of dollars on the domain and their SEO, only to have their domains taken down suddenly.
With a regular registrar, these customers may have been able to contest the actions taken against their domains in court. However, with Njalla, the company owns the domain and has the right to do anything they want with it.
It hit close to home
One of my close friends used Njalla to register his domain and Flokinet as an offshore hosting solution to power his domain and website. He had found a BHW thread recommending Njalla as one of the best anonymity-focused registration services on the market.
Then, suddenly, only 5 days after he registered the domain, it was taken down by Tucows (the actual registrar supporting the Njalla ecosystem) and Njalla was completely powerless as they were also at the mercy of Tucows.
Customers are not singing their praises
After this sad incident, I took a closer look at Njalla and discovered more complaints about the company. Some of the complaints were very serious including claims that the company was stealing premium domains and had completely dysfunctional support.
Before my friend’s incident, I already had plans of moving my money site to Njalla despite seeing the initial complaints but his losing his domain was the final straw and I decided to steer clear.
You can find more details and see Njalla customer reviews for yourself in the BHW forum threads. Or better still, you can just have a look at their reviews on Trustpilot – Njalla has a rather disappointing 2.2 out of 5 rating – a Horror Story, for a company that’s meant to be the Robin Hood for ‘grey area’ businesses:
Incredibly poor customer service
Thirdly, Njalla’s customer service is practically dead. Their customer service agents are usually very unprofessional and rude. What’s worse? There is a problematic language barrier as 95% of Njalla’s customer service representatives are from eastern countries. Their agents write and speak English poorly and as an English speaker, you’ll find it incredibly hard to understand the messages they type or what they say when on a call.
Most of their agents don’t also have the technical know-how to resolve customer inquiries. Their responses are very limited and sometimes, too funny to be real. Check this one out:
“You know why”… what?!
Njalla’s clients have been going MIA
Another reason why Njalla may not be the best for you if you run a ‘grey area’ business? According to multiple reports, pirate websites using the Njalla domain registration service have been taken offline. Some popular examples include “1337x.is,” “Flixtor.is,” “Getpopcorntime.is,” and also “stream2watch.is.” All these websites were taken down with no heads up.
Now, Njalla isn’t a free ticket to host your porn, opioid, or illegal website. If you run a website publishing content that’s illegal in most regions, you can rest assured that your domain will be deactivated soon – they still have to comply with Internet laws.
Njalla is pretty lenient in some areas, but you need to use the platform carefully. If you are not sure if your website or business content is illegal or not it’s better to check with them first (not that you can rely on a clear response from their agents).
What this piece is not
Now, it’s important to specify that I didn’t create this piece just to attack Njalla. Chances are the overly aggressive reviews of Njalla were from customers who were running illegal or unethical websites and were taken down.
Using any of the company’s products means you agree to Njalla’s terms of service and you have to follow them meticulously while using their platform. They have the right to seize your domains and ban you from their service if they don’t like what you’re doing – and their power over your domain is more profound than an actual registrar since you’ll never legally be the registrant.
Njalla doesn’t allow phishing, fraud, pharma, drugs, carding, scams and they will suspend domains found to engage in these activities.
Njalla’s limited authority
Since Njalla is not a registrar and only registers the domain on your behalf, they cannot deal with abuse reports directly – Tucows is the actual registrar, and Njalla is just one of their customers.
Peter Sunde, Njalla’s founder couldn’t even protect his own domain. He is also the founder of Sarek, another domain registrar that the ICANN refused to accredit due to Peter’s ‘Background’ as a founder of ‘Pirate Bay.’
Sarek registers domains under the Tucows domain reseller program. Tucows is an American-Canadian publicly traded Internet service and is definitely not Bulletproof at all (my friend’s story makes a strong case).
The Best Njalla Alternatives
It’s loud and clear – Njalla used to be a great platform but their poor customer service, limited authority, and dwindling credibility make them a very risky home for your domain.
So, are there any other solutions and privacy-oriented registrars that I recommend? Luckily, the answer is yes! There are several other options with better customer service, affordable rates, and product stacks that rank them closer and closer to the perfectly bulletproof domain registrar status.
We will take a closer look at these super domain registrars in part two of this article, which will be published soon!
Author Details
Head Modafinil Researcher
MBBS, Doctor Of Medicine MD
Head Modafinil Researcher
