GoDaddy Compelled to Reveal Owners of 104 Domains Linked to Piracy

In a significant ruling from the Landgericht Hamburg, domain registrar GoDaddy has been ordered to disclose the identities of the owners behind 104 domains associated with illegal content distribution. This decision, handed down in a case initiated by the Medien- und Filmgesellschaft (MFG), underscores the ongoing tension between intellectual property enforcement and online privacy protections in Germany.

The dispute centers on domains that MFG claims were used to offer unauthorized access to films, series, and other copyrighted media. These sites, often employing streaming technologies to bypass traditional download restrictions, have become a focal point for anti-piracy efforts. MFG, a consortium representing major film studios and distributors, gathered evidence through monitoring tools and legal investigations, identifying the domains as key facilitators of piracy operations.

GoDaddy, a U.S.-based company with a substantial European presence, initially resisted the disclosure request. The registrar argued that the domains were protected under privacy services, including WHOIS data redaction and anonymous registration options provided through third-party proxies like Njalla. Njalla, operated by privacy advocate Peter Sunde, is known for shielding registrant details to prevent harassment, doxxing, or unwarranted legal actions. However, the court rejected these defenses, deeming the evidence of infringement compelling enough to override privacy concerns.

The judgment, detailed in file reference 324 O 276/23, mandates GoDaddy to provide full registrant contact information, including names, addresses, and email addresses, within a strict deadline. Failure to comply could result in coercive fines or further penalties. This order follows a pattern of similar cases in German courts, where judges have increasingly prioritized copyright holders’ rights in the digital realm. For instance, previous rulings against Cloudflare and other intermediaries have set precedents for compelled identity revelations.

MFG’s strategy in this litigation mirrors its broader campaign against piracy infrastructures. The group routinely files lawsuits targeting domain registrars, hosting providers, and content delivery networks (CDNs). By focusing on domains, MFG aims to disrupt the foundational elements of pirate sites, making it harder for operators to relocate or rebrand. The 104 domains in question span a variety of piracy-focused services, from direct streaming portals to link aggregators that direct users to illicit sources.

The court’s rationale hinged on several key factors. First, MFG submitted detailed logs demonstrating repeated copyright violations, including metadata matches with protected works and traffic analytics indicating substantial user engagement. Second, the judges assessed the proportionality of the disclosure request, concluding that the public interest in curbing piracy outweighed individual privacy claims, especially given the commercial scale of the alleged operations. German law, under the Digital Services Act (DSA) influences and national Urheberrechtsgesetz provisions, supports such interventions when infringement is “manifest and ongoing.”

Privacy advocates have voiced concerns over the ruling’s implications. Organizations like the Electronic Frontier Foundation (EFF) equivalents in Europe warn that routine unmasking orders erode anonymous registration’s value, potentially chilling legitimate speech and activism. Njalla, in particular, positions itself as a bulwark against overreach, but this case highlights its limitations against determined judicial scrutiny. GoDaddy’s role adds another layer: as a compliant registrar under U.S. and EU data protection regimes, it must navigate conflicting obligations under GDPR and court mandates.

Technically, the domains exploited common evasion tactics. Many utilized free DNS services, offshore hosting, and dynamic IP configurations to evade blocks. WHOIS privacy, mandated in part by ICANN rules since 2018, masks personal data but includes provisions for law enforcement and court-ordered disclosures. In this instance, the Hamburg court invoked Section 101 of the German Code of Civil Procedure, empowering judges to compel third parties to produce evidence.

For domain operators, the verdict serves as a cautionary tale. Shifting to privacy-focused registrars like Njalla offers temporary shelter, but persistent infringement invites escalation. MFG’s success rate in such proceedings—over 90% in recent Hamburg cases—demonstrates the efficacy of targeted domain actions over broader blocking efforts, which pirates often circumvent via mirrors or VPNs.

GoDaddy has not publicly commented on the ruling, but its history of cooperation in IP disputes suggests compliance is likely. The company maintains a dedicated abuse reporting portal and has previously handed over data in comparable U.S. and European matters. Registrants now face imminent exposure, potentially leading to follow-on lawsuits for damages or injunctions.

This case exemplifies the evolving legal landscape for online intermediaries. As streaming piracy migrates to sophisticated platforms, courts are adapting tools to match. Rights holders gain leverage, while the balance between enforcement and anonymity remains precarious. Future appeals or legislative changes could refine these dynamics, but for now, the directive stands firm.

Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.

What are your thoughts on this? I’d love to hear about your own experiences in the comments below.