Network Solutions Tries To Auto-Enroll Users Into Its $1,850/Year Domain 'Protection Plan'
from the network-solutions-execs-decide-to-take-company-down-from-the-inside dept
Any service that is going to require additional time, money or labor from a user should be opt in, period. Making something opt out is for cowards and scammers. If you think the new whatever might be unpopular but you want to make it happen anyway, you make it opt out and delay the outrage until after the implementation. That's how cowards run the shop. If you're just trying to generate some income without actually earning it, you make the new paid service (or pricier service) opt out, and hope that the additional funds outweigh the cost of lost business.
Here's what hosting company Network Solutions (a.k.a. Web.com) recently tried to hit software developer Brent Simmons with, in the form of an "opt out" service. (via Techdirt reader Andrew F)
I got an email from Network Solutions — where I still have two domains, originally registered in the ’90s — that informed me I have been enrolled in their WebLock Program.That's must be some pretty hefty security, especially considering Web.com hosting usually runs about $40 a year. Simmons first thought was that it was a scam (which it kind of is…) being run by someone not related to Network Solutions. He contacted the company and was somewhat surprised to hear that it was indeed planning to jack his plan up from $40/year to $1,850/year on the anniversary date. Needless to say, Simmons informed Network Solutions that he would find somewhere else to host his domains.
To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.
Kevin Poulsen at Wired followed up with Network Solutions to see if it could explain why it was planning on increasing Simmons' rates by 2,300% and, as if that wasn't bad enough, doing it as an opt out program. Web.com's COO, Jason Teichman, offered this explanation:
“I will admit that email is not worded properly, and not worded in any way what represents what we’re going to do,” says Teichman. “No customer will be enrolled in this program without their consent, period. No customer will have to opt out, period.”"Not worded properly." Simmon's has a screenshot of the entire email at his website, and to say the email wasn't "worded properly" is to call into question much of the language surrounding the astronomical leap in price.
Teichman declined to elaborate on how the email came to be phrased as it did. He says the email went to only 50 customers, and that only 30,000 customers — about one percent of Network Solution’s base — will even be offered the program. “Our intent is to focus on customers who have a lot of traffic and who have highly visible brands,” he says. “When these domains are hijacked the cost is insane.”
The first few paragraphs rationalize the price jump, citing stats about the increase in domain hijackings. It's when the email finally starts talking money that phrasing becomes important. There's nothing in here that indicates a word or two was simply out of place.
Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.This doesn't look ambiguous. Whether Simmons wants or needs "WebLock," he's getting it, starting on Feb. 4th.
To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.Nothing here seems unclear, either. Maybe the email was supposed to say "opt in" instead of "opt out" in this paragraph, but the wording earlier in the letter seems to indicate the choice has already been made for Simmons by Network Solutions. That definitely makes it "opt out" in the context.
Now, Web.com's apology and non-explanation is accurate about one thing: this won't be happening to all of its users. It's targeted at the more popular sites it hosts. Larry Seltzer at ZDNet tracked down exactly who Web.com is (well, was) attempting to force to "take advantage" of its auto-enroll, opt out, extremely expensive service.
Web.com's criteria for selecting sites for WebLock were:(Sidebar: always great to see a forward-thinking internet hosting company is relying on Alexa for traffic rank data… [insert eyeroll emoji before going to press])
1. Domains registered to a Fortune 1000 or a Global 5000 company
2. High Traffic: Domains that fell within Google Page Rank >6 and an Alexa rank of 1-250,000.
If Network Solutions had been able to auto-bill 50 users for $1,850, then it grosses almost $200k for a service that's about as useful as an extended warranty. Sure, if you do get hijacked, it's worth it, but the odds are low that it will happen and any hosting company should be doing its best to prevent this from happening anyway, even without stealthily lifting nearly two grand from your credit card balance (almost) unannounced. And there's no way this service should cost this much. Seltzer points out that "any honest registrar" already offers Weblock-style protection… for free.
First, a little background: Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them. Good luck getting it back when that happened.Seltzer also notes that he spoke to another rep from Network Solutions, CTO Jane Landon, who explained the email to Simmons was a mistake (because his domains weren't ranked high enough to qualify for the extra protection) and that making it opt out was a completely legit way to do business. Obviously, things changed in the few hours between ZDNet's conversation and Wired's conversation.
It took a long time, but to address the situation a new feature was added which is standard with domain names: the REGISTRAR-LOCK option. When you turn this option on, then modification of the domain name or contact details, as well as deleting or transferring the domain, are all prevented. You have to unlock it first, and the procedures for that are intentionally cumbersome. And REGISTRAR-LOCK is free from any honest registrar.
But Landon's wrong there as well. Chances are the big name customers wouldn't even give the email a second glance if it landed in their inboxes. This is the subject line Network Solutions chose to use:
Your domain is being enrolled in the WebLock Security ProgramTo anyone scanning their inbox, it looks like nothing more than a commonplace announcement from a company they do business with. It would possibly prompt a "well, that's nice" from the recipient and not much else. Nothing indicates there's an $1850 charge hiding in the wings. Nothing about it demands additional attention -- and that seems to be the point.
Network Solutions meant to target big names and popular sites, ones whose inboxes are stuffed full every day and who would very likely not notice a large expenditure being billed to the corporate card. While the service does indeed have some value, it relies on trusting your hosting company to have your back when your site is compromised. But sneaking a rate hike in under the cover of "A boring, routine announcement about your site" eliminates that trust and results in a growing number of former customers.
Maybe Network Solutions felt it could mitigate the losses in its customer base by collecting $1850 a piece from a percentage of the 30,000 customers it chose to opt in to its program. If so, that's an even worse way to run a business. Service providers should not be actively undermining their customers' expectations and trust in this fashion, and even with all the post-exposure explanations and hand-waving, there's no indication that the company thought handling it this way was a bad idea until it was caught.