Man registers Google.com via Google domain service....

Started by JasonD, October 01, 2015, 09:39:28 AM

Previous topic - Next topic

JasonD

https://www.linkedin.com/pulse/i-purchased-domain-googlecom-via-google-domains-sanmay-ved

Quote

A strange thing happened at 1:20 AM Eastern Time on Tuesday, September 29. I was learning more about the Google Domains interface, and typed google.com and clicked search domains. To my surprise, Google.com was showing as available!

I clicked the add to cart icon beside the domain (which should not appear if the domain is not available for sale). The domain actually got added to my cart as seen by the green check-box, and the domain appeared in my cart.

I was hoping I would get an error at sometime saying transaction did not go through, but I was able to complete purchase, and my credit card was actually charged!





As soon as I completed purchase, I received two emails, one from sc-noreply@google.com, and one from wmt-noreply@google.com, which is not the norm when you book domains via Google Domains as I have booked new, previously un-registered domains before, and I have never received emails from the above aliases on booking the domains.  I will not share the contents of the emails here given they relate to the Google.com domain. The domain also successfully appeared in my Google Domains order history.

Additionally, my Google Search Console (aka Google Webmaster Tools) was auto-updated with webmaster related messages for the Google.com domain which actually means ownership was transferred to me! One gets the below messages in Search Console only for those domains for which one is the verified admin/verified owner (of course access was removed when domain was taken back by Google).



Additionally, I started receiving notifications, for when ownership changed (along with new owner details etc.) in the Google Search Console for websites (I will not name them) that are powered by Google Sites (which makes sense given that websites powered by Google Sites rest on the master domain Google.com). Quite clearly, ownership had been granted to me. Order was successful.

Though purchase had successfully gone through, and domain now belonged to me as evident above, the purchase was followed by an order cancellation email from Google Domains. Google could do this given the registration service used by me (aka Google Domains) belonged to Google, unlike the 2003 event in which Microsoft forgot to renew their Hotmail UK domain which was registered with Nominet UK. As a result, the Hotmail UK domain was returned to the open market for pickup by anybody who fancied it. Somebody else picked it up, and as Microsoft wasn't the registrar themselves, Microsoft wasn't able to cancel the order, and take it back automatically. In my case, I don't know what caused Google to lose ownership of the domain Google.com as a result of which it was available in the open market.

The purchase got completed and the card was charged (which would not have happened unless I actually successfully completed checkout, as otherwise I would have received an error). The charge was not a pre-auth.



The order history page auto-updated itself with a new message (missed taking a screenshot when the canceled message was not appearing).

On searching again for the domain Google.com, it now finally shows as unavailable.



The Indian Prime Minister's visit did work wonders...it ended up convincing Google to sell the most visited domain on the internet to a person from the Kutch region of the Indian Prime Minister's home state...albeit just for a minute or so :)

-----

Note: I have reported the incident to Google Security. Google has reverted back, and has acknowledged the incident.

littleman

I wonder if this guy could make a legal claim for the domain, given that the seller was google which actually owns the domain name?  Could the transaction be a legally binding contract?  Say he immediately sold it for $2m, would Google be obliged to reimburse him?

JasonD

You know what, it probably could have been.... prior to him posting his thread at least.

Now, it's out there in the wild, that he shouldn't have been able to buy it and hence accepted it was a mistake.

ergophobe

Ah... what Apple would have paid, sitting there on all that cache.

Imagine going to Google.com and having Siri's voice ask how she can help you

Rooftop

Looks like Google gave the guy a $10,000 bounty through their vulnerability programme.    He gave it to charity so they doubled it.   Happy ending I guess,  but he's going to the wondering "what if"  for a while

JameyLapp

It was just a mistake from the registration company, it was not sold, but it was just a minor error.