Privacy concerns regarding NameCheap being purchased for $1.5 billion

Just heard about the Namecheap acquisition - CVC Capital Partners bought them for $1.5 billion this month. Given my privacy concerns and the typical PE playbook of raising prices and changing policies, I’m looking to transfer my domains elsewhere before any potential changes hit. I’ve been researching privacy ratings via PrivacySpy: Namecheap sits at 7.5/10, Gandi drops to 4.6/10, Porkbun shows 2.9/10.

Porkbun seems appealing with competitive .com pricing around $11 including free WHOIS privacy, plus generally positive user feedback. Has anyone here migrated to them recently or can share insights on their current privacy practices?

Looking for recommendations that balance strong privacy protections with fair pricing. I’ve considered Cloudflare Registrar, but from what I understand, you’re forced to use their nameservers which is frustrating. I know of Njalla, but I’d prefer to avoid the middleman approach and maintain direct domain ownership.

https://lowendtalk.com/discussion/209585/namecheap-bought-for-1-5bn

https://www.wsj.com/business/deals/cvc-strikes-1-5-billion-deal-for-godaddy-rival-namecheap-a38fd014

What are your go-to privacy-focused registrars that won’t break the bank?
Cheers!

Porkbun is the typical recommendation these days and I’ve had a pleasant experience with the service, pricing, and support.
Gandi used to be absolutely superb and even supported quite a few FOSS projects like Debian but they too got bought out and started increasing prices dramatically.

Cloudflare appears to be the best option for most, unless you prefer to pay via cryptocurrency or want to change your name servers (pretty annoying that you can’t). While my domain is a personal domain, I appreciate that Cloudflare only complies with court orders and usually resists overreach like Namecheap does. Plus being Cloudflare, it’s likely more secure than any other company.

I was thinking of Gandi or Porkbun but their PrivacySpy ratings, worry me a little to be honest.

Can we really trust PrivacySpy rating?

Some reputable privacy-focused services are rated poorly:
Bitwarden is rated 5.9/10
Tuta is rated 6.4/10

On the other hand, other mainstream services are rated higher:
Telegram is rated 8.8/10
PayPal is rated 7.8/10
Apple is rated 7/10

PrivacySpy scores the privacy policy text — what a company says it’s allowed to do — not the real-world engineering or metadata practices. That’s why small, crypto-private projects can look worse on paper while big firms check more policy boxes. See how the rubric works: About | PrivacySpy as they do address your questions in the text.

1984 and Njalla for me. Have never had a worry or concern with these providers and Njalla even went to bat for us once, which was awesome to see.

Their blog is great: Njalla — Due process? An EU attack on privacy and citizens rights

I haven’t personally used Njalla but reviews written by their users on multiple websites scare me. I think it’s worth checking these before deciding:

• kycnot.me (check the comments section)
• Trustpilot
• BlackHatWorld

All icann accredited registrar for gtld should be similar, privacy wise. They’re contractual obliged to gather your full name, home/office address, email address and phone number for whois records. And since most of them uses traditional visa, mastercard, paypall, ibann bank payment etc as their payment gateway its twice gathering data, for icann and for the specific payment gateway kyc.

For cctld, that depends on the contract between the specific country registry and the registrar but most of the time its similar to the gtlds, need to also gather those details for whois records too.

Proxy registrar like njalla doesn’t need to gather all those data since they’re actually the legitimate owner of the domains registered with them, they’ll reg under their own details and rerent the domain back to you. And if you pay via crypto, login via vpn or tor then theres nothing they’ll know about you at all. Another one i know that could act as proxy registrar similar to njalla is incognet.io

Personally i don’t use those proxy registrars since I’m not feeling comfortable having all my important mail accounts linked to a domain thats not under my own full ownership. If they disappear overnight then icann will attempt to contact them instead of me since from icann pov those proxy registrar are the domain owner, not me.

Well aware of Njalla and their unique nature which is why I included a traditional registrar in 1984 that hits all the privacy points and a non traditional one because it helps to recognize that needs differ and one size fits all isn’t a thing in threat modelling.

Wondering if it’s best buying the domain in the country you are located as you get lower latency if you are also hosting a website.

May be worth adding a recommended section for domains and website hosting.

1984 doesn’t offer WHOIS protection, and I believe Njalla is a reseller of Tucows.

This isn’t how it works

not slamming anyone here, but a couple lines might read to newcomers like blanket verdicts. in privacy that’s a bit dicey — models, risks, jurisdictions all differ, and one size fits none.

two quick clarifications i think help:
• 1984 does offer WHOIS privacy where the TLD allows it (their wording: “domain privacy for the Top Level Domains that allow whois privacy”) — https://1984.hosting/
• njalla uses upstream registrars (e.g., Tucows/OpenSRS) on purpose so njalla can be registrant-of-record (proxy ownership). they even wrote up the 2021 incident where Tucows complied with a forged court order and some domains were briefly transferred; identities weren’t exposed because njalla doesn’t collect them — Njalla — Hi, jack. (background on the model from launch era: Pirate Bay founder launches piracy-friendly domain privacy service - Domain Incite )

why that matters: start from the threat model, not a star rating. if the top priority is anonymity + deniability, the proxy model (njalla) can fit — you accept that in a dispute you might lose the domain, not your identity. if the priority is ownership + portability, being the registrant yourself (1984 or similar) makes sense — you keep control, but OPSEC is on you, and some TLDs expose more by policy. fwiw, the Hitchhiker’s Guide to Privacy and Anonymity Online folks explicitly thank njalla and 1984 in their material, which kind of underlines that different models serve different needs — ./ - Hitchhiker's Guide

on reviews: public reviews skew negative by nature (folks post when they’re mad, not when things just work). even in the links shared, if you read past page one you’ll find both praise and complaints. they’re inputs, not conclusions — especially for anonymity tooling.

either way, privacy is a practice, not a checkbox. you can get burned by misconfig just as fast as by a bad vendor. dont outsource your whole threat model to a logo.

aside (separate from the facts): i use both njalla and 1984 today. i’ve also used and continue to use cloudflare, namecheap, godaddy, ovhcloud, proton’s domain tools, a few others. different jobs, different lanes. i pick based on risk, not vibes.