For one glorious minute this week, Sanmay Ved appeared to be the savviest digital real estate mogul in all of cyberspace. He thought he had purchased the Internet domain Google.com — for $12.
Ved, a Babson College MBA candidate and former Google employee, said he was merely playing around (at 1:20 a.m. on Tuesday) with the website registration service Google Domains, one of many vendors like GoDaddy and Wix where developers can buy site names. For kicks, he entered “Google.com” into a search field, assuming it would be listed as unavailable.
Instead, to his amazement, the name of the world’s most heavily trafficked website was there to be had for the price of a cheese pizza.
“I got the green smiley face,” said Ved, 29, referring to the icon that appears with unclaimed domains. “If I’m getting that, it’s publicly available.”
He added it to his virtual shopping cart. No error message.
He checked out. Still no error.
His credit card was charged. He received a confirmation e-mail.
Ved was so stunned that he took screenshots documenting every step of the transaction.
Then, one minute later, another e-mail arrived. His order had been canceled.
A Google spokesman declined to comment, but in e-mails between Ved and the tech giant’s security team, a Google representative said the company was investigating why it “appears” that he was successful.
Though rare, oversights by large corporations have occasionally allowed famous website names to hit the open market. In 2003, Microsoft Corp. forgot to renew its Hotmail domain the United Kingdom. In 2010, the Dallas Cowboys accidentally allowed their homepage registration to expire.
“Domain names are run by people. There are all kinds of ways it could happen,” said Bruce Schneier, a fellow at Harvard University’s Berkman Center for Internet and Society. “Maybe someone at Google Domains said, ‘Oh my God! Look what we just did! We can’t do that.’”
Multiple domain registration databases report that Google.com, first registered in 1997, won’t expire until 2020.
Could Ved have claimed the site before its expiration?
“It is plausible if the domain was not locked,” said Craig Spiezle, a former data security executive at Microsoft who now heads the Online Trust Alliance, a security consortium in Seattle.
A website’s settings must be set to “locked” to prevent transfers, he explained.
But it’s also possible that Ved’s purchase was a mirage, said Bill Sweetman, president of the domain consulting firm Name Ninja in Toronto. Domain vendors sometimes mistakenly list a site as available — and even accept payment — only to realize that it is already owned.
“We have to make a distinction between being given the impression that you own a domain and actually owning it,” said Sweetman. “This sounds like a database glitch to me.”