In late December, I transferred a few dozen domain names to GoDaddy that had been won at auction. The transfers went off without a hitch, and I didn’t think twice about them. Last week, a DomainTools Registrant Monitor alert email for my company name uncovered a big change at GoDaddy that had not been shared with me nor have I seen any mention of it anywhere. GoDaddy is now adding Whois privacy to (eligible) inbound transfers and new registrations. All of my recent .com transfers and new registrations reflect this change.

For a number of years, GoDaddy has been redacting some contact information from Whois records. On my public Whois records, you could see the domain registrant is Top Notch Domains, LLC, but my address, email address, and phone number were redacted from Whois records. On the domain names I recently transferred to GoDaddy and the domain names I registered this week, the registrant name is now “Domains by Proxy, LLC,” the Whois privacy business operated by GoDaddy.

After noticing GoDaddy’s default Whois Privacy details in the registrant field where my company name should have been listed, I asked my Account Manager why Whois Privacy was added to the transfers. I have hardly ever paid the fee to add Whois privacy to my domain names, so this was a surprise. My Account Manager indicated that this was a sweeping change across GoDaddy.

I reached out to a couple of senior management contacts at GoDaddy, and a company representative shared the following statement with me to confirm this change:

This is official – we’re adding DBP to every eligible domain (e.g. domains that can have privacy added to them). We’re doing it to protect our customers.

Right now, it’s only impacting new transfers and registrations, but in the coming weeks, we will be adding privacy to any domain name customers currently have.

My Account Manager initiated the transfers to my GoDaddy account, so I did not see a notification about Whois privacy being automatically added. When I initiated another transfer to my GoDaddy account last week, I saw a message that stated, “All our domains include Privacy Protection to keep your personal information private. Add Full Domain Protection to keep your domain secure and safe.”

I do not use Whois privacy for most of my domain names and would prefer to opt out across the board without having to remember to opt out on individual transactions. There is little incentive for me to shield my registrant name from registrations. For what its worth, the shielded @domainsbyproxy.com email will still be delivered to a registrant’s inbox, but it’s easier for people to find my contact information when the Whois record is public.

According to the GoDaddy representative, domain registrants can opt-out of this Whois privacy if they would prefer:

Any customer can opt-out by following these directions for a single domain: HTTPS://WWW.GODADDY.COM/HELP/CHANGE-MY-CONTACT-INFO-VISIBILITY-32283 or by using the bulk tool. In accounts with a large portfolio, the best way to find that is to select “Filter” and choose “Privacy Protection (WHOIS Redaction)” On. That will show every domain name.

Then, select the domain names on which you want privacy turned off. Click “Settings” and then “Turn off Privacy.”

From the perspective of a domain name buyer, this change is annoying at best and will make it more difficult to perform ownership due diligence. This is particularly the case when a domain registrant changes its email address behind Whois privacy. This has always been the case, but with GoDaddy’s massive presence and the plans for Whois privacy to be enabled across the board, it’s going to become more challenging to confirm ownership.

From a legal perspective, this change can also become problematic for domain registrants. The recent Luma.com UDRP decision covered by Andrew Allemann shows that a prospective UDRP complainant or cybersquatting litigant may see the adoption of Whois privacy as an ownership change and proceed with a UDRP filing: “The Complainant had a legitimate reason to think that the domain had traded hands in 2016 when the Whois record changed to a privacy service.”

For the past several years, public Whois information has been disappearing. GDPR in Europe and CCPA in California have forced many companies to protect the private information and data of their clients. Domain registrars have been redacting Whois information for at least several years due to GDPR. This news from GoDaddy isn’t a major shock, but I don’t think it is very good for domain investors. It would also have been nice for GoDaddy to communicate the change before making the change by default.