This is a misleading title. Not to attack the merit of the project (it's can still be used to host stuffs), this is not free domain, this is free subdomain.
The main difference is that I don't own the subdomain, and should the organization decide to forgo the domain, my subdomain is also gone. On the other hand, if I buy a domain, my name is attached to it in the registry to denote that I am the "rightful" owner of the domain, and it is going to be way harder for me to lose access to it (I read a post on HN sometimes ago that some governmental cybersec task force can just terminate access to your domain if they deem you are using it for malicious intent, but otherwise you can only deliberately lose the domain)
This is just like a github.io subdomain. IME the only true free domain service is Freenom.
Also there is a Code of Conduct associated with it that's much more restrictive than, "We'll comply with law enforcement requests if you are doing something illegal with the (sub)domain."
This should be less frequent and IMHO, under many circumstance, you are protected by consumer law (citation needed). You also have more freedom when picking the domain name (fuckmicrosoft.co is less than 2$ on GoDaddy, but good luck trying to get fuckmicrosoft.github.io).
Also one issue that I neglected to raise is this can be very unstable. If some scammer/malware use your service (I know that you have a review process, but you still won't know for sure), Google SafeBrowse may mark your whole domain as harmful. I don't know if you have a contingency for this, but you need one in place.
You misunderstood the definition of domain in my context. In terms of ownership, if I tell you I am owning a domain, I am owning something along the format of "${name}.${tld}". I can't say that I own the domain of "example.github.io", because, well, if somebody look up for example.github.io in the ICANN domain (provided it is not redacted), it's not going to be my name in there, it's going to be Github's.
In terms of "string that I can type in the Browser address bar to go to a website", I agree with your definition.
> In terms of "string that I can type in the Browser address bar to go to a website", I agree with your definition.
That isn't a domain either. An address in there is a URL, a partial or complete one (it also recognizes search terms, but that's different).
It's actually really simple.
> In the Domain Name System (DNS) hierarchy, a subdomain is a domain that is a part of another (main) domain.
Having a subdomain be a type of domain is really important for speaking concisely about web security. If I say "what's the domain of the cookie?" and the answer can't be "news.ycombinator.com", that's suboptimal. At the same time for security it is also important to know who the registrar is, but for that there is the term TLD.
You are still not looking at the definition of"domain name" in my context: the ownership context. I totally agree with you on the technical side, in most technical context a root-level domain or subdomain is largely the same thing.
In the ownership context the definition differs. Please if you want to challenge my notion of "subdomain" please only challenge this definition only. You don't own a subdomain as strongly as owning a root-level domain, because in the first case the only attestation is on the database of obl.ong/github.io/etc while in second case your ownership is attested by the ICANN registry, which is how things has been working for the past 20/30 years.
Or your can be me. For some convoluted reasons I had the contract email set to my company mail and the domain was paid for 10 years. I left the company in May and in September the registrar started to send reminders which were of course bounced.
Then around Christmas I realized something is wrong, tried to get the domain back but it was too late.
This was an unfortunate set of circumstances, all my fault, but "deliberate" is a bit too masochist :)
I would like to first sympathize with you. That is a crappy situation to be in.
I also agree, "deliberate" is a bit too strongly worded.
So in order to lose the domain, there is just a very few modes of failure that has a 3rd party factor. In most case, the domain-owning entity is accountable for losing the access.
I’m confused about what “quality domains” means here. I’d honestly never heard of the `.ong` TLD, it seems intended for non-governmental organization. If you’re going to sell subdomains as “quality”, why not get a `.com`?
>The mission and purpose of the .NGO and .ONG top level domain (“TLDs”) is to serve the global Non-Governmental Organization (“NGO”) Community by supplying it with exclusive TLDs that will offer NGOs and associations of NGOs differentiated and verified online identities.
"The PIR simultaneously applied for the top-level domain .ong, which is a similarly recognisable initialism for "organisation non gouvernementale" in French, and equivalent terms in many other Romance languages such as Spanish, Portuguese, Italian and Romanian." [1]
Oh, now you got me started aswell. There are so many good ones.
k.ong - cool word, don't know what it would be for. Maybe the home of the mascot of the K language (I don't think K has a mascot from what I know but they should have one).
not associated with spam yet.
Another TLD for a target audience that will never use the TLD because of it's obscurity so it will only be used by people looking for the cheapest domain to spam and scam.
To be fair most TLDs have similar rights and rules. Some don't and they're on most shitlists out there. In the end you're never buying a domain, it's always renting. Unless you're a TLD, then that actually is conceptually a bit different.
I love this idea. I've registered so many domains over the years only to have that project fail and then feel bad about the money I wasted on "the perfect domain". I would love to try stuff without spending (yes even $8) and get live on the internet with this + letsencrypt !
Anyway, I doubt depending on a unknown project may qualify as "quality" for something as important as you domain name. Especially since having you own domain name can cost less than $10 per year, I don't really see the value in something like this (and I never want to live the Freenom debacle again).
To answer the first question, yep it's just "oblong".
We exist so people don't have to go to freenom when they want their own but free domain. I've used Freenom in the past, and they are the worst experience.
I would rather just use a public key. No need for an entity (no matter how benevolent) to manage my identity for me.
In terms of the vibe that something gives off, stuff is usually "cooler" when it seems like you didn't care that much. A random pubkey is as care-free as it gets.
How do such services deal with the danger of getting totally blacklisted (or worse) because of one malicious subdomain? How do they avoid being held responsible for what happens in the subdomains?
The marketing site reads like it wants you to have short-ish, cheap identity; the code of conduct reads like it's trying to make a community. Which is more correct?
The former - the CoC was adapted from the contributor covenant which explains a lot of the community language, we figured it (heavily modified) would work well enough for domain content too. Thanks for pointing that out though, we'll work on it!
No specific hardware. It requires a password manager that supports passkeys. Password managers include major browsers. I’ve only tested with Chrome, but I’ve created passkeys on Android, an iPad, and a Mac.
There will be some way to authenticate to the password manager. On my iPad, it’s a fingerprint sensor. With Chrome on a Mac, I don’t know where it gets stored (keychain?), but it prompts for your Mac password. That’s not no password but it’s no additional password.
My Chromium 114 only allows me to authenticate with a physical security key, or Windows Hello (which then proceeds to also demand a physical security key). Not very user-friendly...
Would prefer if they just accepted my randomly generated 64 character passwords, since I already use a password manager (KeePassXC).
on my firefox it didn't work, just keep asking to connect a security token, with no other option. Firefox 116, Ubuntu 20.04, had an Yubikey in the past, never used passkey.
I think it's asking for the old yubikey, but neither the site nor firefox give me other option or a link about what to do.
No its just super clunky for anyone not on a Mac using Chrome or Safari. Windows implementation right now is pretty basic, and Firefox hasn't really got theirs right at all either.
Honestly unless you have a security key, or a mac I wouldn't bother right now. Going all in on Passkeys when a significant majority of devices don't fully support it yet is a bit silly.
I could probably have a security key in as little time as it would take to flash one of my $3 Pi Picos. I just don't think it would be a very good idea.
Chromium 114 here, it only gives me the option to use a physical security key, or Windows Hello (which then proceeds to also demand a physical security key).
Would prefer if they just accepted my randomly generated 64 character passwords, since I already use a password manager (KeePassXC).
I guess? After they get my email verification code I get a physical usb/nfc request - no idea what it's for/does.
A "email login" would have been less of a blocker.
The main difference is that I don't own the subdomain, and should the organization decide to forgo the domain, my subdomain is also gone. On the other hand, if I buy a domain, my name is attached to it in the registry to denote that I am the "rightful" owner of the domain, and it is going to be way harder for me to lose access to it (I read a post on HN sometimes ago that some governmental cybersec task force can just terminate access to your domain if they deem you are using it for malicious intent, but otherwise you can only deliberately lose the domain)
This is just like a github.io subdomain. IME the only true free domain service is Freenom.