GoDaddy finds that employees were indeed bidding on auctions

[equity78]

Paul Nicks posted on The GoDaddy blog,

On March 11, a GoDaddy customer contacted us with serious allegations against multiple employees. These allegations alluded to employees potentially participating in auctions, shill bidding (coordinating bids to drive prices higher), and providing insider information to clients.

We immediately started an investigation into the claims.

What we found
We started investigating the activities of three employees. We were quickly able to rule out the involvement of one employee. As we investigated and interviewed the other two employees, it became clear that only one party violated our employee Code of Conduct. After a thorough review of the circumstances, we terminated the employment of this employee.

This employee created an account not associated with his legal name, and participated in auctions and expiry auctions as a bidder, which is a conflict of interest and a direct violation of our policy. To be clear, our investigation uncovered NO evidence that this employee used any confidential customer information for personal gain, or that he conducted shill-bidding on auctions.

Full story

Maybe it's time for those bidder id's

https://www.namepros.com/threads/should-godaddy-auctions-display-bidder-handles.1070950/page-5

 

[jideofor]

wow... Why do I have a feeling that the bidders are much more but Godaddy has chosen to douse worries of legit bidders? I would guess there are more Godaddy employees involved in this.

 

[Kate]

In the past you could watch auctions without bidding and retain the history in your watchlist.
They removed the functionality, once the auction is over the history has gone.
So they did tweak the system to make it less transparent. But they don't have the time or resources to make the auctions more transparent.

I don't think it would be a big dev job to replace bidder1, bidder2, bidder3 etc with named handles.

I think they don't want more scrutiny, to have to explain what did happen then and why this and that.
As a result it is more difficult for outsiders to spot and ascertain irregularities.
We have to rely on GD to police themselves.

so their reasoning for not using handles is: They prefer to have a domain stand on its own value, not be bid on because of who else is bidding on it. Some agree, some don't that is fine but this is our stance at this time.

In a way it is funny that an auction venue would want to limit bidding wars.

On the other hand, from the POV of the big spenders this could be a disadvantage - they would face increased competition.

 

[xynames]

AVOID GoDaddy hosting company they will shut down all your sites if even one Trademark claim is made

https://www.namepros.com/threads/av...-if-even-one-trademark-claim-is-made.1110373/

 

[Internet.Domains]

Something just doesn't sound right about this. I question whether we are getting the full story. It was mentioned by GD:

"This employee created an account not associated with his legal name"

The question is, how did the employee pay for the domains won?

The name on the payment (credit card or Pay Pal) would not match the name on the "shill" account. This would or should be an immediate red flag. Apparently, this went on for years.

I remember reading about people losing their domains due to making renewal payments with credit cards that did not match their account name. Yet somehow the employee did this for years.....

 

[jberryhill]

Do I understand this part correctly:

This employee created an account not associated with his legal name...

So, one can rule out any women, but since I don't have a GoDaddy auction account, that phrase piques my curiosity as to what sort of identification is needed to open one, if any. I mean, if I opened an account on behalf of a corporation I'd formed, then it wouldn't be associated with my legal name either. Is there a rule against having an "account not associated with [one's] legal name"?

Or is that phrase inserted to indicate something of an explanation as to why GoDaddy didn't catch it? Because where there is a policy, one might expect some reasonable internal controls for enforcing the policy. So that phrase is intended to provide a reason why the account wasn't recognized as belonging to or controlled by an employee.

 

[AbdulBasit.com]

Public bidding handles should've been implemented earlier. GoDaddy team was never interested in having public bidding handles so it looks like they were waiting for some dirty activity to happen. I'm sure they won't agree but there was and is not a single solid reason for not having public bidding handles right from the beginning. It's like not much interested in having transparency. And here is the result you got and clients got the suffering.

It's more of sad to hear it but not shocking because with not much transparency at your platform, this was sooner or later going to happen.

 

[Josh R]

While we are on the topic it would be great to have public auctions tied in with expired auctions.... If I’m having to buy shilled up domains, at least allow me to put some of my own listings in there.

 

[wurdd]

I would love to see the list of domains.

 

[jberryhill]

"This employee created an account not associated with his legal name"

The question is, how did the employee pay for the domains won?

The name on the payment (credit card or Pay Pal) would not match the name on the "shill" account. This would or should be an immediate red flag. Apparently, this went on for years.

If I form a business entity, such as a corporation or LLC, then I can of course create an account in the legal name of the corporation or LLC which is not associated with my legal name. I can also open a bank account, appoint a treasurer, etc..

 

[offthehandle]

Caveat Emptor.
These digital platforms should follow industry standard best practices. They also should be licensed.
Here is the code of ethics.

https://www.auctioneers.org/NAA/About-NAA/Governance-And-Financials/Code-of-Ethics.aspx

1. Follow English Absolute or Reserve Auction rules, once on the Block for sale- it's sold to highest bidder or does not meet reserve if it has one. PERIOD. NO closeouts, No renewal bullshit with a "Fine" for those who want to play games or get free current market value appraisals, etc.

2. IMO: "No bidder ID's" fails the code of ethics with Auctioneers General Practices:

What about ID ing who and how API's are used?

BUSINESS PRACTICE: Members should not enter into an agreement with a Client to withhold information from the public, which would prove to be unsafe, illegal, and detrimental to the public or material to making a decision to bid.

3. Ban all outside blog click promotions. Why do paid outside links exist anyway? If they are made by outsiders of the auctions they should not get paid. Opinion blogs get paid for promoting auctions of names within the auction, yet such comments are outside of the Auctioneers control. I hardly believe there is any true oversight by the "Auctioneer", and by passing written "opinions" of value about certain names appears to be riding a fine line of appraisal ethics.

"A true picture in their advertising and representations" - is common sense and by allowing "Outsiders" to promote certain names fails that, as this is a "Pass through" ethical obligation.

ARTICLE IX
Members shall avoid misrepresentation or concealment of material facts. There is an affirmative obligation to disclose adverse factors of which they have personal knowledge.

BUSINESS PRACTICE: Members should be careful at all times to present a true picture in their advertising and representations to the public.

4. Third Party Oversight and audit:


ARTICLE XIII
Members shall participate in all investigations and disciplinary proceedings when requested.

BUSINESS PRACTICE: In order for any professional organization to earn and maintain the confidence of the constituencies it serves, it must demonstrate to them the ability to "police" its own. Members have the unique ability to observe and therefore assist in the stewardship of this trust. Members have an obligation to assist the NAA and its officers in all matters, including the investigation, censure, discipline or dismissal of members.

 

[DN_Hunter]

Wait a second -- I've long suspected something "fishy" about the Expired Auctions. I sometimes have no choice but to put in my MAX bid (because I have to run to a meeting and cannot watch the auction until the end. On MANY occasions there was a second bidder who pushed the bid right up to just before my max bid. So I won the auction, but I paid my Max bid. If some fraudulent bidder did this I want to know. It happened too many times to be a coincidence.

Also, I don't care if he was never the 2nd highest bidder. A fraudulent bid pushes other bidders and changes strategy. More different people bidding on a name could persuade other bidders to join in on the competition. So even though he was never the 2nd highest bidder, his actions could have persuaded someone else to join in the bidding for that name.

 

[Ategy]

Wait a second -- I've long suspected something "fishy" about the Expired Auctions. I sometimes have no choice but to put in my MAX bid (because I have to run to a meeting and cannot watch the auction until the end. On MANY occasions there was a second bidder who pushed the bid right up to just before my max bid. So I won the auction, but I paid my Max bid. If some fraudulent bidder did this I want to know. It happened too many times to be a coincidence.

Now this is a case where often it's normal. As mentioned previously, often people extend auctions just to give more time to research or think about a domain. In many cases someone will try to decide by a certain price point (like an even $100 for example), assuming most advance "proxy" bids are at a rounded numbers.

Also, 50% of the time your secret "proxy" bid is ultimately revealed if the other bidder's last bid is $5 or less than yours. Because the bid will no longer show (auto), and even more obvious in cases where your final amount was $4 or less above their last bid, then they will see the difference is less than $5 and automatically know there can't be another proxy bid above it.


HOWEVER ... there was a time (unfortunately before I started seriously domaining .. lol), where there was indeed a backdoor that allowed people to actually view the highest "supposedly secret" proxy bid. For example, if you made a proxy bid of $500 .. through this system I could see your $500 bid even if the current bid was $30. Again .. I'm pretty sure this was more the result of sloppy coding and not actual malice .. but without going further into the specifics, it was a huge flaw that effectively completely eliminated the integrity of the auctions. For example, there was nothing stopping someone from bidding up to $499 and making you pay 10x more than you would have. Definitely a great strategy for depleting your competing auction bidders funds.

Again though .. it bugs me that many assume GoDaddy to be this big evil corporation. The problem at GoDaddy is that they have a massive platform with multiple departments .. things get built upon older things .. tweaked .. often with unintended and unforeseen results. Heck .. I've won auctions I didn't bid on .. lost auctions I was the highest bidder on. It boggles my mind how many issues and bugs there are with their platform. A few are a very serious, but most of them are relatively benign or are a pain in the butt. Sometimes they are actually helpful (I used to be able to renew domains up to 42 days after expiration without paying any redemption fees .. unfortunately they actually did ultimately find and close that trick .. lol).

For the most part I think the majority of people at GoDaddy genuinely want to do the right thing and have things as fair as possible for as many as possible. But at the end of the day sometimes they need to choose between two non-perfect choices ... sometimes people make mistakes .. and as I think is the biggest problem at GoDaddy: sometimes in big organisations the right hand does things while having no clue how it affects the left hand.

I could go on for ages .. but I've kinda given up on the dream of GD ever being a perfect bug-free platform. I've written so many lengthy emails to my rep over the years about bugs and other issues ... each time it's the standard "thanks for reporting the issue .. it will be given to the proper department" .. and then ... silence. It actually got to the point where I would sometimes start my email to my rep by apologising .. lol. For a while I was probably the biggest pain in the ass customer because I kept finding so many bugs.

But these days I'm more in a put-up or shut-up mode ... GD will always have issues and bugs .. and being a big company most people will just sweep them under the rug or pass it on like a hot potato to the next person. It's not ideal or good .. but it's not evil .. they aren't out to cheat domainers unfairly out of our money (anyways .. in the end we spend all our money with them either way .. lol) .. it's just one of those things that are a fact of life with big bulky multi-department companies or organisations. Fact is .. they have the best expiring domain auctions and you can get good domains cheaper than anywhere else ... at the end of the day that in itself has to count for a lot .. and is ultimately why I'm their client.


On a positive note, a couple of weeks ago my rep invited me to be one of a few people chosen to help their development team with some possible changes to their platform (not sure which part yet). I've done it before .. and as I said .. many of you would be surprised at how genuinely the people at GoDaddy in general want to build a better ship for all of us. That being said .. just a couple of bad apples could do a significant amount of damage (and for that let me be VERY clear that I'm VERY grateful to some of the NamePros members who regularly dig deep into such issues looking for patterns that reveal fraud) .. so I'm not saying there is no evil at GoDaddy .. just that in general the vast majority are good people with good intentions who want to do things in the most ethical way possible.

 

[IMEZI]

and the matter of this shillbid by their own employees just go like that?
the damage already done, it could be millions of usd taken from customer
this kind of act should be investigated as money theft

 

[bmugford]

Paul answered @bmugford at Domain Investing with some stats,

Paul Nicks March 28, 2019 at 11:06 pm


Brad,

Thanks for the questions. Hopefully this information will help answer your questions.

1.) From 2014 – early 2018, the ex-employee was involved in 354 auctions.
2.) They won 54 auctions .
3.) Of the 300 completed auctions they did not win,
• 154 were just the $12 initial bid
• 74 had only two bids, with $25 dollars as the highest proxy bid, they were not the 2nd highest bidder on any of these
• Of the remaining 72 where more than two bids were placed, the ex-employee never finished 2nd in an auction. Meaning even without them, the auction most likely would have sold for the price the actualized price.

As far as bidder IDs go, we’re looking at all options right now. I hope to have more information in the coming weeks.

https://domaininvesting.com/godaddy-catches-employee-participating-in-auctions/

I appreciate Paul answering.

I will say, it seems odd to me in all those auctions they would never finish as the 2nd bidder.

GoDaddy needs to make changes including bidder IDs. There have been way too many games and shenanigans over the years from people abusing the system. It is long overdue.

Brad

 

[jideofor]

and the matter of this shillbid by their own employees just go like that?
the damage already done, it could be millions of usd taken from customer
this kind of act should be investigated as money theft

I had always suspected this due to the increased bidding going on at Godaddy auctions. Some last minute bids are so f**king weird that you begin to wonder how did these guys know a name like that is there.

Whether anybody accept this or not,it does not negate the fact that there are some things odd about the auctions at Godaddy.

 

[lennco]

I would love to see the list of domains.

YES!

I am sure we have all felt at one time or another we were getting run up on our bidding.

The ones that always made me a little suspicious were the times I was the only bidder, I would make my bid around the 5 minute mark and a within seconds someone would show up with about 4 minutes to go and run me up. Just the two of us.

It would go from $12 to well into the Hundreds $$$.

 

[Josh R]

You know that was so yesterday right?

Adam has long since moved on from Godaddy.

I do business with him on occasion and can tell you in all certainty that he is no longer involved with Godaddy.

Fortunately for GoDaddy...

 

[DomainVP]

1.) From 2014 – early 2018, the ex-employee was involved in 354 auctions.
2.) They won 54 auctions .
3.) Of the 300 completed auctions they did not win,
• 154 were just the $12 initial bid
• 74 had only two bids, with $25 dollars as the highest proxy bid, they were not the 2nd highest bidder on any of these
• Of the remaining 72 where more than two bids were placed, the ex-employee never finished 2nd in an auction. Meaning even without them, the auction most likely would have sold for the price the actualized price.

1 bad apple does not spoil the entire batch, but this is hard to digest. Especially this whole "2nd in an auction" justification. It is not acceptable.

Sometimes it only takes 1 bid to draw attention to a domain and incite a bidding war.

154 auctions were abandoned by the employee as soon as someone else placed a bid, however if they did not place the initial bid it's possible to say that bidder 2 would have been the outright uncontested winner without the employees participation.

I would publicize the domain names in these 354 auctions, place the 54 domains back into the expired pool or have a bulk auction for them, and most importantly provide a 100% full refund to the winner of each auction.

I don't think a public dialogue or firing the employee will settle this in the eyes of even the most GoDaddy faithful.

 

[jberryhill]

AS LONG AS GoDaddy employees do not have any more access to internal information than we do, then I actually don't see a problem with them bidding.

https://dropengine.com/about

DropEngine is a proprietary algorithm and domain purchasing engine that we've developed through years of investing, studying purchase patterns and measuring underlying domain data.

https://ecorp.azcc.gov/BusinessSearch/BusinessInfo?entityNumber=L22200648

Member CORY LODDER

Member MICHAEL ROGERS

 

[farouk20]

Godaddy is minimizing this shit.. isn't it obvious this employee went way way above what Gd is telling us.

Forgive me if i dont believe them. Would really appreciate the list of names bidded upon.

 

[offthehandle]

I don't think it would be a big dev job to replace bidder1, bidder2, bidder3 etc with named handles.

Well at least those “group bids” should be Bidder1, Bidder1a, Bidder1b, Bidder1c. Lol.

 

[Bob Hawkes]

While highly concerning, especially since lasted so long, commend @Paul Nicks for the transparency in this post. The data provided in response to @bmugford provides answers to what I think a lot of us were wondering - it seems to suggest that the impact on significant value auctions was slight in this case. The key will be how the changes mentioned (like staff training) or possible other measures (like steps to make auction authenticity more high develop. The important question is always how we learn going forward. I hope that in coming weeks we will hear more about positive changes going forward. Thank you for bringing the story to our community @equity78. The question about bidding from corporations that @jberryhill brings up is an important one. Are registered company owners matter of public record always?

Bob

 

[offthehandle]

10 years ago news story. Kinda funny how similar it is.

“The company recently "discovered that an employee had set up an account on the SnapNames system under a false name and, under this name, bid in SnapNames auctions," it said in the notice. "This is a clear violation of our internal policy and was not approved by the company."

“He's been frustrated by the process for years," Santiago Cueto said. "I think the entire industry needs to be cleaned up."

“SnapNames.com, a subsidiary of Oversee.net, sent out notices last week that it had discovered the employee bidding on domain name auctions. SnapNames, which resells expired domain names, calls itself the largest resale marketplace for domain names. The company runs hundreds of auctions a day, it says on its Web sites.”

“In a notice sent out last week, SnapNames said the shill bidding affected about 5 percent of all its auctions since 2005, with most of the activity happening between 2005 and 2007. Some auctions in 2008 and 2009 were also affected, it said. The former employee won the auction in less than 1 percent of the cases, the company said.”

https://www.cio.com/article/2423046/domain-auction-site-faces-shill-bidding-lawsuit.html

 

[Ategy]

I'm seeing quite of bit of conspiracy theories being thrown around about auction behaviour .. and most of the "suspected" activity is completely normal. Most buyers wait until the final 6 minutes before bidding specifically to draw as little attention to the domain as possible. It's not only not "suspicious" .. but it's the smartest way to do it.

As for the bids a few seconds after your own .. don't forget that a lot of people play the numbers game. Let's say they target 100 a day ... for them it's not about individual auctions ... so they might risk letting the domain go to closeout where they might lose the domain to someone else .. they still end up with a bunch of domains at $11 instead of a bunch of domains with multiple bids.

In the same sense .. if you bid with less than 6 minutes left, automated bots that were hoping to get the domain at closeout, now know they can't so place their bid as fast as possible to avoid longer auction extensions.

AS LONG AS GoDaddy employees do not have any more access to internal information than we do, then I actually don't see a problem with them bidding. That being said .. it still comes down to perception .. in that there is no way for us to truly know what information that do or do not have access to.

That being said .. although it was against their policy (and again also a perception problem), I think what the employee did by only being the first bidder and never increasing their bid after someone else made a bid was a clever way to be involved without affecting the integrity of the auction. This isn't anything near on the same scale of seriousness as shill bidding is.

And let me be clear .. that just because I don't think this set of particular incidents isn't a huge deal, I think the bigger eye opener is that it was actually a GoDaddy customer that found the issues as opposed to GoDaddy themselves. It also does not mean that there aren't bigger more serious infraction going on (although *IF* there are, I don't think it's on the huge scale of hundreds of employees that some suspect) .. nor does it even mean their platform is even 100% secure (I've discovered some extremely critical bugs on their platform over the years that would make your heads spin 1000x worse than this ... most of the time it's likely not malice .. but just sloppy coding).

I think the real problem is transparency vs privacy debate. There are legitimate positives and negatives on both sides of the public handle debate .. but at the end of the day the more transparent a platform is, the more we can trust it. But let's also be clear that simply adding user handles will not make much of a difference as people really want to get around it will create multiple accounts.

I think a big part of GD not showing information is indeed both privacy and reporting related. It would be great if they could simply make all auction information permanently public. But then would you want a potential buyer for a $4999 domain to know you got it at closeout for $5? lol .. Yes making everything public for domains that go into the thousands of dollars would help the industry .. but at the end of the day I use GoDaddy auctions specifically because I can find some gems at closeout or with only a couple of other bids. Given my domaining strategy I'm really conflicted on what I think they should actually do .. because while ironically I share about 400 domains a day with everyone here and at NameCult, ultimately I do keep a select few to myself.

I think a good "quick" temporary compromise could be just a very minor tweak in having bidder user names continue to be hidden during auction, but then revealed to those who participated in the auction after the auction ends. The only problem with that is that it still makes fraud investigations by outsiders (like us) difficult because of the very limited data set available to crosscheck .. ultimately it wouldn't really make things significantly more transparent .. but it's a step in the right direction until a better broader ultimate solution is found.