Skip to main content

Technology

World's biggest domain seller fears India's fake site crackdown could damage internet

GoDaddy logo in this illustration taken July 2, 2026. REUTERS/Dado Ruvic/Illustration
India's cyber fraud crackdown sparks a legal clash as GoDaddy warns new rules threaten privacy and internet governance. - REUTERS
Advertisement

NEW DELHI: The world's biggest internet domain seller, GoDaddy, has warned that India's crackdown on fake websites impersonating famous brands will make the internet less safe for legitimate businesses and carry global ramifications.

Soaring smartphone and internet use has coincided with a worsening problem of online fraud in India, the world's most populous nation. It's a key challenge for Prime Minister Narendra Modi's government, which last year received 2.4 million complaints of alleged cyber fraud amounting to US$2.4 billion.

Advertisement

Starting in 2019, lawsuits were brought by dozens of Indian and global firms - Amazon against fake shopping sites trading on its name and McDonald's complaining against bogus sites offering franchises. In December, an Indian court blocked more than 1,100 such websites.

The New Delhi judge however went further, ordering sweeping new measures that tech experts say have rewritten rules of internet governance: Domain sellers should not offer buyers free privacy protection by default, the buyer's details should be released to anyone with a "legitimate interest" within 72 hours, and website addresses that are variations of protected brand names must be prohibited.

U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court, according to a Reuters review of non-public filings. It says the ruling will affect legitimate businesses that have names similar to big brands.

Stopping privacy-by-default features, GoDaddy said, will result in public disclosure of name, address, telephone and email of legitimate website owners, exposing them to "foreseeable privacy and security risks" such as stalking and harassment.

As domain names operate globally, not locally, the order could force GoDaddy to regulate website addresses across the world, it said.

On the court's order imposing a 72-hour deadline on companies to provide registration details to anyone with "legitimate interest", GoDaddy argues it has no wherewithal to assess who has legitimate interest or not.

The "commercially destabilising" directives may force domain name companies to "exit India", said one of GoDaddy's appeal documents that ran into 5,121 pages.

The Indian government and GoDaddy did not respond to e-mails from Reuters requesting comment.

'ENGINES FOR LARGE SCALE DECEPTION'

With annual revenues of US$5 billion, GoDaddy manages 80 million domains and serves over 20 million users. In 2024, company executives said India was its biggest region in the emerging market space.

GoDaddy rivals, Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also challenged the New Delhi ruling, court records show, although Reuters could not ascertain details of their appeals. The companies did not respond to Reuters queries.

The legal dispute embroiling GoDaddy and others was triggered by more than 20 companies that sought the court's intervention on fake websites damaging their brand. These included Amazon, McDonald's, Microsoft, Xiaomi and Colgate-Palmolive. None of the companies responded to queries from Reuters.

The December ruling noted the fake websites were "engines for large scale deception".

One of the 14 measures outlined by the court said masking a domain buyer's registration details should now be offered as a payable service as the feature acts "as a cloak" to hide the identity of rogue operators.

Despite the court order, which remains in force, GoDaddy's website still promotes its offering as one which includes "free privacy protection forever ... we redact your name, address, phone number and email" from the public directory.

GoDaddy argues that diluting the privacy feature will run contrary to India's data protection law and the European Union GDPR law which mandates a "privacy by default" approach.

Farzaneh Badii, a New York-based researcher on internet governance, criticised the New Delhi ruling, noting that Europe redacted such details because publishing them had been abused by harassment and targeted phishing.

"The people exposed will be journalists, activists, small business owners, and private individuals. The brand impersonators will not," she said.

MCDONALD A COMMON NAME, GODADDY SAYS

Modi's Home Minister, Amit Shah, said this year that one person falls prey to cybercrime every 37 seconds in India, and lack of action risks turning the menace into a "national crisis."

While the sweeping December directives were issued by a court, they followed government's submissions, documents showed.

An unreported 59-page IT ministry document from 2023, contained in GoDaddy's latest appeal papers, revealed New Delhi conveyed to the judge it was concerned about the "issue of domain name abuse" and "lack of stringent verification".

The home ministry, tasked with handling cybercrime, told the judge registration details "should be readily (made) available" for investigations.

That stand is in line Modi's bitter disagreements and spats with global technology giants in recent years. New Delhi has repeatedly criticised companies like Meta, X, Google and Telegram - and even taken some on in courts - for not doing enough to police content it sees as against national interests.

In cases like one brought by McDonald's MCD.N, the company sought action against 110 websites like mcdonaldsfranchiseindia.com, with some using its Golden Arches logo and selling fake franchises for "huge sums of money".

After blocking those, GoDaddy says the court's additional bar on offering alphanumeric variations of a trademark once it is protected - like McDonald's - will act like "blanket injunctions" which are difficult to implement.

The word "McDonald" is of Scottish origin and derived from a name meaning "son of the world ruler", GoDaddy said, adding that an injunction against using it will effectively "confer a monopoly" over a common name with linguistic and historical meaning.

Reuters found domains like mcdonalds-india-franchise.com were still available on GoDaddy India for around $10.

The U.S. giant also submitted research compiled from the Merriam-Websters website to argue that safeguarding variations of a protected trademark like "HUL" - Unilever's Indian unit, could overlap with 118 English words that contain the string, like "hulk" and "moghul".

It is "virtually impossible to register a domain name containing an English word that does not overlap with a registered trademark," GoDaddy says.

The judges will hear the appeals on July 16.

Must Watch Video