Skip to content
Privacy & Security

GoDaddy Sounds Alarm Over How India Law Would Upend Internet Privacy Everywhere

Anonymity remains under attack.
By

Reading time 3 minutes

Comments (0)

The internet is filled with fakes. A court in India is setting out to address the problem by requiring more transparency from domain registrars to make it easier to crack down on fraud. And while the intentions might be good, Reuters is reporting that major American domain registrar GoDaddy is sounding the warning bells that the court’s decision could fundamentally reshape the internet well beyond India’s borders.

Fraudulent domains have been an ongoing issue for India, which has increasingly seen its population become connected in recent years. According to Our World In Data, India went from 15% of its more than 1.46 billion residents having internet access in 2015 to 70% in 2025. That’s a huge leap in a short period of time, meaning there are a lot of people with limited knowledge of online literacy and best practices for cybersecurity. That makes those users a target of online fraud. The nation’s National Technical Research Organization (NTRO) reported identifying more than 1,100 phishing domains in the first quarter of 2025 alone, and new ones are cropping up all the time.

A lot of those fraudulent sites use big brands to try to trick visitors into engaging. That has led to a lot of lawsuits from major American companies, per Reuters, who have pushed courts and the government to block spoofed sites and typo-squatters who rely on mistyped URLs to trick people. But in an effort to be responsive to those companies, the Delhi High Court took things a step further and made it the domain registrar’s problem.

Late last year, the court that sits below the Supreme Court of India ruled that domain registrars can no longer offer domain buyers the ability to obscure their information as a default option—a common service offered to prevent people from being able to simply look up the name and personal information of a domain’s owner. Instead, buyers would have to manually opt in to privacy and potentially pay an additional fee for it. The ruling would also require registrars to undertake Know Your Customer (KYC) protocols, which would require reviewing government-issued IDs or other identifying documents. And if law enforcement or the courts were to come asking for information about a domain owner, registrars would be compelled to provide that data within 72 hours.

All of that is meant to protect trademark owners, who are getting their likeness ripped off, and the public, which keeps falling for scam sites. But, Reuters reported that domain registrar giant GoDaddy warned it’d also fundamentally upend one of the expectations of privacy currently afforded to people on the modern internet.

Should the privacy measures currently afforded to domain purchasers be stopped, GoDaddy said it’d become trivially easy to find out sensitive information about a site’s owner. Simple tools that track WHOIS, a public database and protocol used to look up the registration details of domain names, would reveal things like a person’s name, address, telephone number, and email address.

And because domain names are not region-restricted and can be accessed anywhere, India’s ruling could potentially force companies like GoDaddy to comply in a way that might require it to regulate all domain addresses globally under the court’s order.

GoDaddy is reportedly appealing the ruling, according to Reuters, and the court is expected to hear its objections on July 16. So go ahead and mark that on your calendars, as it could be the date that a pillar of internet privacy crumbles.

Share this story

Sign up for our newsletters

Subscribe and interact with our community, get up to date with our customised Newsletters and much more.