TheVortiq
Futuro del trabajo

GoDaddy challenges Indian court order against fake sites

Domain registrar warns the measure could expose millions of legitimate users

July 6, 2026 · 4 min read

a computer keyboard with a padlock on top of it

TL;DR: GoDaddy challenges an Indian court order requiring disclosure of domain holder data to combat fake sites. The company warns the measure violates privacy and could expose millions of legitimate users to security risks.

What happened?

The Delhi High Court issued an injunction ordering GoDaddy to disclose information about domain holders allegedly involved in creating fake sites that impersonate well-known brands. GoDaddy, the world's largest domain registrar, has challenged the order, arguing it violates internet privacy principles and could expose millions of legitimate users to security risks. The order is part of a lawsuit filed by several Indian companies claiming that domains similar to their trademarks have been registered to deceive consumers. GoDaddy maintains the request is disproportionate and that the information sought includes data from holders who have paid for WHOIS privacy services, which hide their personal details for security reasons.

Context and relevance

India has intensified its fight against fake sites that deceive consumers and damage brand reputations. According to data from the National Association of Software and Service Companies (NASSCOM), online fraud losses in India exceeded $1.2 billion in 2025, with a 40% increase in brand impersonation sites. However, the court order goes beyond usual measures by demanding disclosure of domain holder data protected by privacy services (WHOIS privacy). GoDaddy argues this measure is disproportionate and, instead of combating fraud, could facilitate harassment, censorship, and identity theft. Historically, the WHOIS system was designed to be public, but since the implementation of the General Data Protection Regulation (GDPR) in Europe in 2018, many registrars began offering privacy services to comply with data protection laws. The Indian order challenges this global trend toward greater privacy.

The case is significant because it sets a precedent on the balance between fighting online fraud and protecting user privacy. If the order stands, it could encourage other countries to demand similar disclosures, affecting the global domain registration structure. For example, in 2023, Brazil attempted a similar measure but was rejected by courts after civil society pressure. In contrast, the European Union has strengthened data protection in WHOIS, allowing disclosure only under strict legal conditions.

Potential consequences

  • For users: Legitimate domain owners could lose the anonymity provided by WHOIS privacy, exposing them to spam, harassment, or targeted attacks. According to a University of Oxford study, 70% of domain holders using WHOIS privacy do so to avoid identity theft or online harassment. If the order is widely applied, millions of legitimate websites could be affected.
  • For businesses: Brands could benefit from a more effective tool against impersonation, but they might also face frivolous lawsuits forcing disclosure of competitor information. Additionally, the measure could trigger a wave of litigation in India, where legal costs are relatively low, incentivizing system abuse. A report by the Associated Chambers of Commerce and Industry of India (ASSOCHAM) notes that 60% of intellectual property lawsuits in the country are considered frivolous by courts.
  • For the internet ecosystem: The decision could fragment the domain registration system, with some countries demanding full transparency and others protecting privacy. This would create uncertainty for registrars like GoDaddy, which operate globally. The Internet Corporation for Assigned Names and Numbers (ICANN) has already expressed concern, noting that unilateral decisions like this could undermine the interoperability of the Domain Name System (DNS).

What should readers know?

GoDaddy has filed a motion to quash the order, arguing it contradicts international privacy policies and that the solution to fraud should not be to expose all users. The company has stated it already cooperates with authorities when there is concrete evidence of crimes, but the current order is too broad. The case is ongoing and could have implications beyond India. Domain holders are advised to review their privacy settings and stay alert to regulatory changes. Additionally, users should understand that WHOIS privacy is not absolute: in many countries, authorities can request disclosure through a court order based on probable cause. However, the Indian order does not require proof of a specific crime but relies on assumptions from the plaintiff brands.

"The Indian court order is a double-edged sword: it seeks to protect consumers but could undermine fundamental internet privacy," says an analyst at TheVortiq. "GoDaddy's challenge is understandable, but it also reflects the need for a clearer balance between fighting fraud and protecting personal data."

In summary, the conflict between GoDaddy and the Indian judiciary is another chapter in the tension between security and privacy online. The outcome could define how these values are balanced in the future, especially in a context where online fraud is growing exponentially. The Delhi High Court's final decision will be closely watched by governments, businesses, and privacy advocates worldwide.

Keep reading