[bunker]/domains
Manifesto

Why bulletproof?

Because the rest can't help you when it matters.

The problem

Every mainstream registrar — GoDaddy, Namecheap, Porkbun, Cloudflare Registrar — replies to DMCA notices within 24 hours, often without reading the underlying claim. Several of them require government ID for select TLDs. They log your registration IP indefinitely. They retain your card details, your billing address, your phone number.

They are built for boring legitimate businesses with insurance and paperwork. Most of their customers are exactly that, and the system works fine for them.

For everyone else, mainstream registrar = single point of failure. One sloppy DMCA, one disgruntled trademark holder, one payment processor that decides your niche is "high-risk", and your business is offline. By the time you find out, it's already gone.

Who needs different

  • Journalists — investigating people who can afford lawyers. Especially in jurisdictions where SLAPP suits have teeth.
  • Whistleblowers — by definition, the targets are well-resourced and motivated.
  • Activists — political opposition, civil society, climate, harm reduction. Standard registrars routinely cave to government pressure.
  • Adult creators — legal in their jurisdiction, but treated as second-class by Visa, Stripe, GoDaddy, etc.
  • Crypto businesses — exchanges, DeFi, mixers, anything Treasury has opinions about. Banks de-bank you, registrars de-register you.
  • Streaming & file-sharing — DMCA-trolled into oblivion at scale.
  • Forums & communities — anything that hosts user speech is an attractive litigation target.
  • Privacy-curious individuals — folks who don't want their hobby project tied to their legal name forever.

What bulletproof actually means

Seychelles entity. bunkerdomains LLC is registered in the Republic of Seychelles. No US, no EU jurisdiction. No subpoena from a Texas magistrate is going to land on us.

No DMCA replies. The DMCA is a US copyright statute. It applies to US service providers. We're not one. So we don't reply. Read the policy for the long version.

No KYC. Account creation needs email, pseudonym, password. Not phone. Not government ID. Not a billing address. Not a name. Ever.

Crypto-only payment. No card, no bank routing, no payment processor that can pull the plug. 15+ cryptocurrencies via OxaPay (BTC, USDT, ETH, XMR, LTC, +10 more).

Free WHOIS privacy. Standard with every domain. We never charge for it. We never bury it behind upsells.

Transparent legal compliance. When a competent court orders us to act, we comply, and we publish the case in our transparency report. You can see the math: roughly 0.4% of total legal requests received resulted in any action last semester.

What it doesn't mean

We are not above the law. We comply with valid legal compulsion via competent jurisdiction (typically Seychelles courts, or foreign judgments enforceable in SC). We won't host CSAM, active malware C2, or live threats — those get yanked the moment they're verified, no court order needed.

We're not anti-legitimate-business either. Plenty of our customers are normal companies who simply object to feeding their data into the surveillance economy. We don't require an excuse.

The trade-offs (real ones)

  • Crypto-only payment. Confirmation takes 1–30 minutes depending on chain. We don't accept cards, and we never will.
  • No live chat. Email + dashboard ticket. Response time 48–72 hours, faster for paid customers in incident state.
  • Minimal UI. Pro, fast, mono-font, dark-only. We don't spend energy on cosmetic choices.
  • No phone number anywhere. Lost your password? Email the recovery flow. We won't reset accounts via voice call.
  • Some TLDs we won't carry. If a registry insists on KYC that we can't honour anonymously, we don't list it.

How to evaluate us

Don't take our word for it. Read the transparency report. Read the DMCA policy. Compare us side-by-side against Njalla, Internet.bs, Namecheap, GoDaddy. Pick on policy, not pricing.

If our model fits your work — welcome. If it doesn't, that's also fine; there are plenty of registrars optimised for the boring legitimate-business case.

FAQ

Is 'bulletproof' the same as 'illegal'?

No. Bulletproof means the registrar won't fold to non-binding pressure (DMCA notices, takedown emails, payment-processor whims). It still complies with valid legal compulsion through a competent court — typically Seychelles or judgments enforceable there.

What can you not do for me?

We can't host CSAM, active malware C2, or live real-world threats. We can't make a court order go away. We can't recover a domain after it's been seized via valid order. We can't help you hide from a SC court.

How is this different from a regular registrar with WHOIS privacy?

Privacy is the floor, not the product. Mainstream registrars still ask for KYC for some TLDs, run cards through US-jurisdiction processors, log IPs forever, and reply to DMCA notices in 24h whether the claim is valid or not. We're operationally different all the way down.

What does 'no DMCA replies' actually mean?

We literally don't read DMCA notices. They hit a mailbox we don't watch. We're not a US service provider, the DMCA's safe harbor doesn't apply, and we don't volunteer compliance.

Will my domain be removed if a court tells you to remove it?

If it's a Seychelles court, yes — we comply. If it's a foreign court, only if the judgment is enforceable in the Seychelles. We document every such case in our transparency report.

Is this anonymous-by-default or anonymous-on-request?

Default. Account creation needs only email + pseudo + password. WHOIS privacy is on free, automatically, on every TLD that supports it. You don't have to ask; you have to opt out (and we won't recommend it).