GoDaddy has been involved in many controversies since its foundation in 1997.
In 2002, GoDaddy sued VeriSign for domain slamming[1] and again in 2003 over its Site Finder service.[2] This latter suit caused controversy over VeriSign's role as the sole maintainer of the .com and the .net top-level domains. VeriSign shut down Site Finder after receiving a letter from ICANN ordering it to comply with a request to disable the service.[3] In 2006, GoDaddy was sued by Web.com for patent infringement.[4] [5]
On December 19, 2006, GoDaddy received a third party complaint of invalid domain contact information in the WHOIS database for the domain FamilyAlbum.com.[6] GoDaddy wrote a letter to the owner of FamilyAlbum.com saying, "Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the WHOIS database is valid data or not... On 12/19/2006 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain." The editor of "Domain Name Wire" said that since domain names are valuable it was reasonable to expect that the registrar would try to contact the domain owner by phone or postal mail. On February 28, 2007, GoDaddy offered to get the domain name back for the previous owner if he would indemnify GoDaddy from legal action by the new registrant.[7] GoDaddy stated that the new owner paid $18.99 for the domain, the price of a backorder, not a regular registration. On November 2, 2007, Domain Name Wire reported that it appears that GoDaddy no longer cancels domains for invalid WHOIS.[8] The editor on Domain Name Wire received a message from a reader who is trying to acquire a domain with obviously false WHOIS information. The message from GoDaddy said, "The domain has been suspended due to invalid WHOIS. The domain will remain in suspension through expiration, including the registry's redemption period, unless the owner updates the contact information before that time."
On January 24, 2007, GoDaddy deactivated the domain of computer security site Seclists.org, taking 250,000 pages of security content offline.[9] The shutdown resulted from a complaint from MySpace to GoDaddy regarding 56,000 user names and passwords posted a week earlier to the full-disclosure mailing list and archived on the Seclists.org site as well as many other websites. Seclists.org administrator Gordon Lyon, who goes by the handle "Fyodor", provided logs to CNET showing GoDaddy de-activated the domain 52 seconds after leaving him a voicemail and he had to go to great lengths to get the site reactivated. GoDaddy general counsel Christine Jones stated that GoDaddy's terms of service "reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever."[10] The site seclists.org is now hosted with Linode. The suspension of seclists.org led Lyon to create NoDaddy.com,[11] a consumer activist website where dissatisfied GoDaddy customers and whistleblowers from GoDaddy's staff share their experiences.[12] [13] On July 12, 2011, an article in The Register reported that, shortly after Bob Parsons' sale of GoDaddy, the company purchased gripe site No Daddy. The site had returned a top 5 result on Google for a search for GoDaddy.[14] [15]
On March 11, 2008, GoDaddy shut down RateMyCop.com — a RateMyProfessors-type site where people would comment on their interactions with law enforcement officers. Some reports said there had been complaints from police. A GoDaddy spokesperson said, "Basically, he was paying for compact car, when he really needed a semi-truck."[16] The registrar for the name, Name.com, continued to allow the DNS to resolve, and it is now hosted at Lunarpages. GoDaddy stated the reason for shutting down the Web site had nothing to do with censorship or complaints but that the site was receiving too many simultaneous connections.[17] In 2006, GoDaddy locked access to the Irish Web site RateYourSolicitor.com after the Irish high court issued an order to remove offensive material about a barrister from the site.[18]
In March 2010, GoDaddy stopped registering .cn domains (China) due to the high amount of personal information that is required to register in that country. Some called it a public relations campaign, since it closely followed Google's revolt in China.[19] GoDaddy's top lawyer Christine Jones told Congress, "We were having to contact Chinese users to ask for their personal information and begrudgingly give it to Chinese authorities. We decided we didn't want to become an agent of the Chinese government."[20]
GoDaddy resumed registering .cn domain names in February 2016 as part of its push into the Asia market.[21]
On April 1, 2011, animal rights groups including PETA complained when a video of GoDaddy founder & CEO Bob Parsons shooting and killing an elephant at night on a safari in Zimbabwe was made by Parsons and posted on his personal blog.[22] PETA said they would be closing their account with GoDaddy.[23]
In response to the shooting, Gawker called Parsons "insane"[24] and "ridiculous."[25] NBC News said "It's definitely the kind of thing only a super rich CEO/founder of a held company could get away with."[26]
On January 27, 2015, GoDaddy released its Super Bowl ad on YouTube. Called "Journey Home", the commercial featured a Retriever puppy named Buddy who was bounced out of the back of a truck. After making a journey home his owners are relieved because they just sold him on a website they built with GoDaddy. GoDaddy claims the ad was supposed to be funny and an attempt to make fun of all the puppies shown in Super Bowl ads. Most notably, Budweiser's famous Super Bowl ad also featured a Retriever puppy.[27] The ad found very few fans from the online community. Animal advocates took to social media calling the ad disgusting, callous and that the commercial advocated puppy mills. An online petition collected 42,000 signatures.[28]
GoDaddy's CEO, Blake Irving, wrote a blog entry later that day promising that the commercial would not air during the Super Bowl. He wrote on his blog "At the end of the day, our purpose at GoDaddy is to help small businesses around the world build a successful online presence. We hoped our ad would increase awareness of that cause. However, we underestimated the emotional response. And we heard that loud and clear." He goes on to say that Buddy was purchased from a reputable breeder and is part of the GoDaddy family as Chief Companion Officer.[29]
In July 2011, GoDaddy introduced a policy of blocking DNS queries from some outside DNS servers, in order to prevent other DNS queries from being too slow. Among other things, this prevents some bots from visiting websites, forcing some search engines to exclude domains hosted with GoDaddy.
With this policy, they are choosing to allow their DNS servers to be under-provisioned (meaning that their servers are unable to gracefully handle their normal load). To prevent slow DNS, which would generate complaints quickly, they decided to block 100% of packets from hand-picked DNS servers based on volume and visibility. This reduces load somewhat, while making it difficult for customers to pinpoint GoDaddy as the problem. This policy also affects search engine ranking for various GoDaddy customers who have multiple domains with different registrars.
GoDaddy has refused to comment on the policy or the perception that their servers cannot handle the load or they are giving preference to their platinum level customers at first. It has also interfered with projects that collect Internet statistics.[30]
In September 2011, GoDaddy made an official statement from Rich Merdinger, now Vice President of Domains at GoDaddy, and claim that this is to protect GoDaddy users' privacy, and that they're ensuring that DNS records are being accessed properly and not being harvested for unintended uses.[31]
On December 11, 2011, Rival domain name registrar Namecheap claimed that GoDaddy was in violation of ICANN rules by providing incomplete information in order to hinder the protest moves of domain names from GoDaddy to Namecheap,[32] an accusation which GoDaddy denied, claiming that it was following its standard business practice to prevent WHOIS abuse. GoDaddy still maintains the strict policy of 60 days lock in inter registrar domain transfers, if there was a change in registrant information. Many other registrars are giving an option for their customers to opt out from this 60 days lock as per the ICANN Policy which states: "The Registrar must impose a 60-day inter-registrar transfer lock following a Change of Registrant, provided, however, that the Registrar may allow the Registered Name Holder to opt out of the 60-day inter-registrar transfer lock prior to any Change of Registrant request".
At this time GoDaddy does allow customers who update their domain contact information to opt-out of the 60 day lock upon verification.
On December 22, 2011, a thread[33] was started on the social news website Reddit, discussing the identity of supporters of the United States Stop Online Piracy Act (SOPA), which included GoDaddy. GoDaddy subsequently released additional statements supporting SOPA. A boycott and transfer of domains were proposed. This quickly spread across the Internet, gained support, and was followed by a proposed Boycott GoDaddy day on December 29, 2011.[34] One strong supporter of this action was Cheezburger CEO Ben Huh, who threatened that the organization would remove over 1,000 domains from GoDaddy if they continued their support of SOPA.[35] Wikipedia founder Jimmy Wales also announced that all Wikipedia domains would be moved away from GoDaddy as their position on SOPA was "unacceptable".[36] After a brief campaign on Reddit, imgur owner Alan Schaaf transferred his domain from GoDaddy.[37]
GoDaddy pulled its support for SOPA on December 23, releasing a statement saying "GoDaddy will support it when and if the Internet community supports it."[38] [39] Later that day, CEO Warren Adelman couldn't commit to changing GoDaddy's position on the record in Congress when asked, but said "I'll take that back to our legislative guys, but I agree that's an important step."[40] When pressed, he said "We're going to step back and let others take leadership roles." He felt that the public statement removing their support would be sufficient for now, though further steps would be considered. Further outrage was due to the fact that many Internet sites and domain registrars would be subject to shutdowns under SOPA, but GoDaddy is in a narrow class of exempted businesses that would have immunity, where many other domain operators would not.[41]
By December 24, 2011, GoDaddy had lost 37,000 domains as a result of the boycott.[42] GoDaddy gained a net 20,748 domains.[43] [44]
On September 10, 2012, a major networking failure caused by corrupted router tables resulted in a DNS outage intermittently affecting millions of customers' sites for a period of 4.5 hours.[45] [46] Initial reports attributed it to a DDOS attack. This claim was disputed by Wagner, who stated that the isolated incident was due to internal mistakes that led to corrupt data tables. Wagner stood by the quality of GoDaddy's infrastructure, citing a 99.999% uptime.[47] GoDaddy later said in an apology e-mail to its customers on September 14, 2012, that the outage was due to the corruption of router data tables,[48] [49] confirming indications that millions of web sites and e-mails were affected.
In April 2019, GoDaddy removed more than 15,000 fraudulent website sub-domains after Jeff White, a cyber-security researcher at Palo Alto Networks' Unit 42 threat intelligence team, discovered a massive scam where criminals were selling products, such as weight loss pills, through an affiliate marketing program using compromised websites to add legitimacy to their products and services.
The products and services were also shown to be endorsed by celebrities, such as Stephen Hawking, Jennifer Lopez and Gwen Stefani, although none of them are believed to have been involved in these activities.[50]
On October 19, 2019, GoDaddy experienced a security breach that affected 28,000 customer's hosting accounts. The breach lasted for a period of six months before detection by the company's security team on April 23, 2020. The breach was conducted by utilizing an altered SSH file and targeted customer's hosting information, compromising the usernames and passwords of the accounts involved.[51] [52]
On November 17, 2021, GoDaddy discovered unauthorized third-party access to their Managed WordPress hosting environment that affected up to 1.2 million of their clients, thus exposing their email addresses and phone numbers. In addition to that it had also exposed WordPress admin passwords, SSL keys and sFTP passwords.[53] [54]
On February 16, 2023, GoDaddy revealed it had been hacked again by the same actors from the previous breaches, with customer's websites being intermittently redirected.[55] [56]
In October 2020, US Justice Department seized Kata'ib Hezbollah propaganda websites hosted by GoDaddy. The seized websites, aletejahtv.com and kataibhezbollah.com, were used by the group to recruit new members and promote extremist propaganda.[57] [58] A number of counter terrorism organisations, including Counter Extremist Project (CEP) has previously called on GoDaddy to stop providing domain registrar services to such parties.[59]
In December 2020, during the COVID-19 pandemic and the associated economic crisis the company tricked employees into thinking they had earned a bonus of $650, instead they were told they had failed a phishing test and were required to do social engineering training. After significant criticism in the media as 'cruel' and 'stupid' the company apologised to its staff but did not offer actual bonuses.
On January 11, 2021, the company deplatformed the web forum AR15.com following the U.S. Capitol attack.[60] GoDaddy told Axios that the action was due to the site's failure to moderate content "that both promoted and encouraged violence."[61] The National Shooting Sports Foundation, in a message from its president, condemned what it called the "de-platforming of gun sites" as a "dark harbinger" for discussion of controversial issues and an "indiscriminate silencing of opinion and debate."[62]
In September 2021 the company cancelled a contract with the anti-abortion group Texas Right to Life who were running a website encouraging whistleblowing of those who were breaking the Texas Heartbeat Act. Owned by the Texas Right to Life group, the website was used as a platform for the public to submit tips on suspected pregnancy terminations in Texas. In a statement to Ars Technica, Texas Right to Life Director of Media and Communication Kimberlyn Schwartz noted that, "We will not be silenced. If anti-Lifers want to take our website down, we'll put it back up."[63] [64] [65]