Which domain name registrar affords best digital sovereignty?

This brings me to a new question. What domain name registrar would you recommend for a digital sovereignty minded organizations?

Coming from the discourse world, I went with namecheap.com when I moved registrars recently. Pricing is fine and the UI for managing domains is reasonably straightforward. I should have done a bit more research first.

Is it still gandi.net? Mailinabox recommends that and it’s the first time I’ve seen that name in a while.

Some nice words from the gandi website:

We simply strive to provide a decent and honest service.

On our website, you will not find empty promises, sneaky advertisements, or unwelcome surprises hidden up our sleeves. We simply strive to provide a decent and honest service. Our wish is to provide you with the best products and services at the most reasonable prices. Furthermore, by keeping in direct contact with you (through our blog, Customer Care, FAQ’s and other internet channels) we can listen to your feedback and improve our services. The interests of our customers always come first, since they will be the source of our success.

We invite you to take a look at the Gandi Supports page, which will give you an idea of the kinds of external projects we support. It is here that we try to maintain the “soul” of our company through the support of various initiatives that we care about.

They support many open source projects and also many good human rights and charitable organizations.

From the homepage:

We defend a web that is open to everyone

• Web pioneers: Gandi was born out of the desire to oppose and stand up to the large monopolies, so that domain names, and later cloud hosting, would be accessible to as many as possible.
• For net neutrality: We believe that net neutrality is a founding principle, and because of this, we are against any idea of an Internet of several speeds.
• Open source: Gandi gives preference to open-source solutions that bring transparency and greater liberty to the entire web.
• Supported projects: Gandi has a mission of providing the necessary tools needed, and shining a spotlight on initiatives that share our values.
• Listen to you: From the community manager to the president, and all the product, legal, and of course the support teams, we have an open dialogue with you to build and improve our products.

I am a price conscious consumer and my two top picks are cloudflare and porkbun.

I’m moving my domains to Cloudflare as they expire on (don’t laugh) Network Solutions. They sell domains (they say) at no markup. They are very cheap.

Yet, from sovereignty perspective, I’m a little worried about Cloudflare’s position as a Content Delivery Network (CDN). A globally used DNS resolver or CDN can become a leverage point for governments to demand blocking, filtering, or geoblocking. If Cloudflare caves in to a request from an authoritarian government, the content could be blocked for the whole world.

I don’t follow this too closely, but Cloudflare has stood up to Italy, Russia, and I think Germany.

As a registrar Cloudflare could suspend or seize domains under government pressure. Counterintuitively, smaller registrars might be more resistant.

I don’t want to equate “sovereignty” with “censorship paranoia” but I imagine that sovereign solutions attract paranoids.

It’s in the back of my mind that I want to migrate away from registrars and DNS/CDN providers that are based in the US, and look for ones that resist censorship and advocate for free speech: Njalla, Epik, easyDNS, Lyra… But they aren’t as cheap as Cloudflare.

I believe the opposite is true, smaller registrars lack the financial strength or legal resources to fight the cease and desist requests, while bigger registrars can actually try to defend their stand.

Interesting. I was on enom until recently where I was a reseller back in Kabissa days. I finally let go the last of the domains I was keeping for African NGOs who weren’t getting back to me after a few years just in the last year. I now have just five domains on my list so moving them around is not so hard.

I moved them to namecheap.com because the registration fees felt reasonable and namecheap is recommended by Discourse, because the admin UI for managing DNS is decent and fairly easy and well documented.

For mailinabox setting up the DNS was actually pretty hard on namecheap because I had to create “glue” records to use the box itself for DNS instead of just relying on the registrar DNS. That was confusing in itself because namecheap doesn’t refer to glue but just calls them external or personal DNS and the UI is very confusing for seeing and editing them. The mailinabox setup guide refers to gandi.net where they appear to be pretty easy to set up.

I remember back in Kabissa days we would use the DNS of rackspace (still have some of the t-shirts I used to get every year in the mail from them!) and then when we moved to network solutions we used network solutions DNS. That was purported to be the preferred, safest solution back then because it allowed the hosting provider to handle any issues in case a server went down or IP addresses had to change.

When I gave up the Kabissa server I moved DNS back to the registrar which felt safest. At that time I also moved all Kabissa members to google apps. If their domains were registered by Kabissa or they were on a kabissa.org subdomain I was on the hook for handing DNS for them and, if they had them hosted elsewhere, their websites. That was not a great situation for them or for me.

It feels very full circle to be thinking and talking about these things again here. Back then I wanted to take care of registration and hosting for NGOs because they couldn’t do it (lack of credit cards to pay for it, lack of experience, lack of time and reliable internet access to gain experience).

Even in our Time To Get Online trainings we did not focus on that. Maybe we should have, so that organizations could have had digital sovereignty back then.

I think for now, someone who wants digital sovereignty needs to have their own domain registrar and hosting provider. These things have become way easier to manage now and don’t need quite so much skill. It’s become easy to do it with big tech, but comes with digital sovereignty compromises, and I am not sure yet what constellation to recommend if you don’t want to give up digital sovereignty.

Perhaps it’s simply a ethical registrar based in Europe like gandi.net plus a VPN cloud hosting provider, also in Europe, like Hetzner.com.

You may be right. I said it’s counterintuitive because big registrars may have no qualms about yielding to government pressure — they have shareholders to worry about, and they rely on webs of partnerships: root servers, cloud giants (AWS, Azure), payment processors, and ICANN compliance, etc. There are multiple leverage points for coercion. Smaller ones, especially those that operate offshore (such as Njalla or Epik) use independent (sovereign?) stacks, that in theory allow them to dodge ecosystem-wide retaliation that could bankrupt a large firm, plus they are more ideologically driven and less shareholder driven.

One wondering I also have is about the TLD to choose. I met some folks from pir.org at the NTEN conference this year. They are the registrar for the .org top level domain along with a bunch of otheres like .gives, .giving, .charity, .ngo, .ong, .foundation.. and that is their source of income which they then use for various initiatives. It’s a great business model if you can get it!

I think .org is still the best TLD for a nonprofit to use for recognition, but it doesn’t really mean anything because anyone can get it. Even I got one for tobiaseigen.org! But I think they also will be beholden given pir.org is a US-based nonprofit themselves?

So having a backup in the .de or another country level domain might be a good idea?

Edit: waat! tobiaseigen.de is available but on gandi.net would cost $39.98 a year?! That is alot.

Slight digression: I have client based in Kuwait (and dealing with a lot of stress right now). Her domain and website right now are parked at GoDaddy with one of those basic website builder systems that registrars give away.

I have proposed that she move her DNS to Cloudflare (for the CDN benefits) and that she host the website on a European web host such as Hetzner. This will help give her future WordPress site faster performance in the The Gulf Cooperation Council (GCC) region where her target clients are. Yet… She’s not a techie. It may be possible to stay with GoDaddy as a one-stop-shop (Registrar, WP Hosting, European Data Center), which would keep things simple for her.

I’m trying not to push a sovereignty agenda on her when that’s not what she asked for. The performance advantages of Hertzner hosting + Cloudflare DNS will be better (presumably), and the costs will be lower (probably). But marginally or significantly? Is it worth complicating her setup?

Not a digression at all! That’s a great case study. I think we need to think of digital sovereignty as a journey.. you don’t (and can’t realistically) do it all at once. That said, moments like this are opportunities to make some improvements, no matter how incremental.

What are the CDN benefits of cloudflare really, for a website that is not expected to get alot of traffic? I have not noticed any issues personally with my self-hosted DNS on hetzner. But then I am not in the gulf region.

I’m souring a bit on WordPress personally given recent history and am looking at Ghost or even a static site using Jekyll.