Neustar wins back Colombia's controversial .co domain contract after slashing profit margin by 75 per cent

After claims of dodgy deals and rigged procedures, the contract is finally inked

After a controversial rebidding process that provoked industry outrage, accusations of corruption, and resignation calls for a government minister, Colombia's .co contract has been returned to its current operator, Neustar.

The deal will see Colombia receive 81 per cent of the profits from the 2.3-million-strong top-level domain beloved by trendy startups, an enormous leap from the 6 or 7 per cent it received under the previous contract.

The contract will also only run for five years, as opposed to the previous ten, and the government will have more of a say in how the registry is run under a “new operating model,” where the ministry’s own “technical personnel with knowledge and ability to manage and administer the domain” will be deeply involved, according to a government statement.

After a delay caused by the coronavirus, the Colombian government announced the decision in a lengthy and somewhat convoluted online process, bringing an end to months of scandal, most of it involving Neustar’s main rival, Afilias, and Colombia’s technology minister Sylvia Constain.

The government announced the rebid process back in November, but almost immediately people started crying foul. The government’s official documents quoted .co domain registration statistics that were questionable, and put out technical requirement documents that effectively excluded everyone in the market except for one company: US-based Afilias.

The fact that even the existing operator of the .co registry for the previous 10 years, Neustar, was not eligible to bid put a spotlight on the process, and soon Colombia's Constain was being asked about any private meetings she had had with Afilias representatives.

Constain denied there had been any, though shortly after photographs emerged of her sitting next to Afilias’s CTO Ram Mohan at a public round-table meeting in Bogota in mid-2019, several months before the rebid was announced.

Who forgot to scrub the docs?

Then, we at El Reg noted that the technical documents included several references to Public Interest Registry, aka PIR – the organization that runs the .org registry and which contracts out its back-end to Afilias. In other words, the technical requirements for .co mirrored Afilias's operations for .org.

Colombia on a map with a location pin in it

Afilias vanishes from battle to run Colombia's trendy .co after El Reg probes technical docs, allegations of a stitch-up


Neither the Colombian government nor Afilias would comment on the appearance of the PIR references, leading many to speculate that Afilias had provided the documents in the first place but failed to scrub them. Shortly afterwards, the files were reissued and Afilias stepped away from its bid.

In the end, there were still several companies interested: Neustar, .uk operator Nominet, and global registry operator Centralnic in conjunction with two others. The Colombian government decided to stick with Neustar, which has an office in Bogota and long-standing local connections, though it drove a hard bargain.

The .co contract is no longer a cash-cow for Neustar, and it looks likely the Colombian government will look at taking over the registry entirely in five years.

In many respects, it is a sad end to what was a success story in the internet world. Before it was taken from a Colombian university and given to a scrappy company with an entrepreneur at its head, the .co registry only had a few thousand domains. But the new operators embarked on a massive rebranding campaign that saw .co domains marketed to entrepreneurs, global startups, and Colombian businesses – even being featured repeatedly during America's annual Superbowl.

The result was an explosion in registrations and big profits, thanks to a registration price that was double the market average. Since then, dozens of other companies have tried to copy .co’s approach, with limited success.

Money, money, money

It was inevitable Colombia would want to grab some of those profits when the contract was up for renewal. However, its rebid approach surprised the industry by going for a lowest-possible-cost contract, failing to even account for the marketing efforts that had made .co a success in the first place.

Afilias, meanwhile, has been in a long battle with Neustar to snatch one another’s contracts: Neustar made a bid for the .org registry in 2016 - which Afilias won but only after slashing its invoices by a third. Afilias then took Australia’s .au contract from Neustar in 2017, and Neustar retaliated by winning India’s .in contract in 2018 from Afilias. Afilias then went all-out to grab the .co contract but ended up having to withdraw over the technical requirements controversy.

The irony is that Neustar will likely only hold the contract for a few months. On Monday, it announced it was selling its entire registry business to registrar GoDaddy for an undisclosed sum.

GoDaddy’s COO Andrew Low Ah Kee told The Register the deal had been in the pipeline for over a year but the companies had held off pending the .co contract decision because it “didn’t want to be seen to be influencing the decision.”

In truth, the contract probably decided the final price of the GoDaddy deal. ®

Other stories you might like

  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading
  • Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

    All together now - R, A, N, S, O...

    A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't be restored until next week at the earliest.

    The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won't be penalised for being unable to pay their bills because of the incident.

    "We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go," DMEA chief exec Alyssa Clemsen Roberts told a public board meeting, as reported by a local paper.

    Continue reading

Biting the hand that feeds IT © 1998–2021