If your livelihood is based on squatting domains you bought in 1992, you won't find me crying tears of sorrow for your loss when you only make a couple million dollars instead of whatever number you think you're owed for adding zero productive value to the world.
Scratch that; domain "investing" actually removes productive value from the world. Someone else might own that domain and actually do something incredible with it. Microsoft clearly could have; they use it all over their documentation (and they're idiots for doing so, but what's done is done).
> domain "investing" actually removes productive value from the world
Does it? These domains are available for those who want them at fair prices. Why is the current situation any worse than one in which these domains would be snapped up for low effort personal sites?
> Someone else might own that domain and actually do something incredible with it.
Why? What would be an example of "something incredible" that'd require a very specific domain name like this?
It's hard for me to have sympathy for him "protecting his livelihood" when we are talking about a lucky gamble that appreciated by 140000x, he's already successfully sold several of them, and almost the entire value is driven by scamming opportunities
Pretty much any four-letter .com domain (even gibberish) would sell for upwards of a million dollars these days, too. $1.7 million for a recognizable four-letter domain is if anything substantially lowballing it.
The whole affair seems bordering on blackmail: “pay me, MS, or your customers will get hacked”.
If you were truly concerned about security, you’d have just transferred the domain over. If you want to make a good profit off of that, though, please—don’t make a theater.
If you are both genuinely concerned about security but also desperately need money, what you would effectively end up doing is a reverse auction—start high and go lower until the one buyer you want agrees.
Giving security flaws the publicity they deserve: I’m most unreservedly in favor.
Using publicity to hold someone hostage in order to extract money while hiding behind security concern claims: not a good image.
If I were in a situation where I have nothing to eat and urgently need to liquidate such a domain, I would raise awareness publicly but negotiate in private. If I were relatively well-off, I would arrange a pro-bono handover, publicly or privately, and of course try to raise awareness anyway.
To make matters worse, the sale appears to be handled via an auction. The wide publicity given to the event via Brian Krebs’s website must have attracted attention of a wide range of players, motives unknown. For a reputable corporation to find itself bidding against a theoretical Bitcoin millionaire blackhat is far from desirable on a couple levels (I doubt auction’s KYC can really prevent that, but if it is strict enough then I take back this particular concern).
Thus, the situation as it is just seems to smell to me, though I’m not entirely ruling out good faith with unfortunate execution.
Scratch that; domain "investing" actually removes productive value from the world. Someone else might own that domain and actually do something incredible with it. Microsoft clearly could have; they use it all over their documentation (and they're idiots for doing so, but what's done is done).