This is parasitism, or deceptive practice to hold the domain name of a competitor claiming your are to be associated with the other project.
It's best to just ignore them instead of trying to play their games.
This justification is even worse than the domain squatting itself.
Some of the most influential software in history (Linux, Git, GCC, and yes, PuTTY) thrived under community-driven development. The idea that software "dies" without a single corporate owner is not just false, it’s insulting to the open-source ecosystem.
If Bitvise truly believes in their philosophy, they wouldn’t need to borrow PuTTY’s reputation by holding putty.org. Maybe they should spend less time on branding and more time studying how successful open-source projects actually work.
I've always seen Linux and Git not as projects run by a committee, but as projects guided by a single, trusted leader. Linus Torvalds is the owner of the kernel's vision. He has the final say. That isn't community consensus; it's benevolent dictatorship.
So while the putty.org situation is shady, I believe the core idea is right: great software needs a final arbiter with a clear vision, not just a crowd.
Of course you can have discussion about these aspects of the open source ecosystem; this is a long-running discussion where many people have discussed and disagreed in good faith. I don't entirely agree with your take personally, but I also don't entirely disagree and can see where you're coming from, and it's of course an interesting thing to discus.
However, in this context, as an "answer" to that question, it's hard to see it as anything other than just self-serving post-hoc rationalisation for being a selfish wanker. This is classic nihilism where the abuse of everything and everyone is justified as long as you can get away with it. Everything that moves the needle and you can get away with is morally justified because it moves the needle and you can get away with it.
The comments on this submission are pretty strange. What are the chances that a bunch of non-sockpuppet HN type of people are in support of this kind of garbage? Generally with sort of abysmal behaviour like the email communication in the article, there's people going to bat against actually defensible actions purely in the name of civility on HN. These bitvise people seem bad from both angles and yet the of early comments are either ignoring the issue and redirecting (e.g. "who even uses putty") or outright defending their shitty behaviour?
This is a great example of what drives people away from providing anything for free.
EDIT: They're not deceiving users though? The first section on the index page links directly to the real putty site. They're very clear about all of it.
EDIT2: Nope. We really don't want DNS "moderators." All of us have seen what happens with forum moderators. Like I said if that were done the internet would not work. It's not about the cost it's about being unable to clearly define what should be banned.
If you want to see a great example of how moderation like that both stops legitimate use and fails to stop malware go look at smartphone app stores. The result is borderline unusable garbage.
Deceiving users? Warning, temporary ban, permanent ban!
Selling mushy stuff for plumbers and kids? No problem!
It takes a simple reporting system, couple moderators costing peanuts compared to what we pay for the names and a clear set of rules forbidding intentionally misleading users.
Unfortunately this is the world we live in where if you don't then someone else will and they'll abuse it so you have to act defensively.
Either you put the time into the project and care about it in which case you should spend the few dollars a year defending it from drama like this, or you don't care even a few dollars worth about the project in which case just let whatever happens happen because you don't care, a .org is the price of a few coffees.
Only a few parts of the world you can leave a bike unlocked on the street, and the internet contains the whole world.
https://putty.app
https://putty.at
https://putty.click
https://putty.cloud
https://putty.codes
https://putty.co.uk
https://putty.com
https://putty.computer
https://putty.dev
https://putty.digital
https://putty.domains
https://putty.engineer
https://putty.host
https://putty.hosting
https://putty.info
https://putty.io
https://putty.media
https://putty.net
https://putty.network
https://putty.online
https://putty.org
https://putty.software
https://putty.solutions
https://putty.tech
https://putty.technology
https://putty.website
These three are the only legit looking one in that list, it's absurd to pretend things like https://putty.solutions, https://putty.at, https://putty.click, https://putty.codes, etc are even in the running when they actively look like scams.
You only need one legit looking domain because if it's legit and a domain it will be top of the search anyway.
Trademarks are trademarks, regardless of technology. I can't open a store called McDonald's that isn't a McDonald's but I sell cheeseburgers. Simply... moving this online doesn't magically make laws disappear.
Tech people have a strange misconception that tech overrides laws. No, it doesn't. Calling it "disruption" doesn't count, either.
If bought googlesearch.org but it's my own search engine that's illegal. You can't do that. Even if I did g00glesearch.org that's still illegal.
Even if I don't use the Google name, but I use something similar, maybe with a similar font, that's still illegal. Because, obviously, the intent is to deceive consumers. You can't do that. You can't pretend to be a brand you're not.
I think if they actually have a problem with it and are not just repeating that to cope they need to start acting like they have a problem with it. Trademarks need defending and you come out the door with the mental model that it's yours, you own it, the other group are in the wrong. If you opened your trademark dispute with "Well our trademark has always been X and people know to find us at X" you're gonna lose your dispute.
It's just hard to argue it's actually a real problem if the individual it's affecting keeps sort of pretending and saying that it's not even if deep down it is.
This has never changed.
Just because someone likes to use short circuit routing in their head doesn't make putty.org the official site for putty.
That is the same attitude as telling the Keepass folks that https://keepass.info/ is wrong...
edit:
Maybe also have a look at the putty FAQ, especially 9.3
https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#...
Still there were multiple requests to the Keepass project to change that domain to "a proper" domain like keepass.com
Is my intent more clear with that second try to explain? If not, I'm more then welcome to talk about a better way to phrase it :)
Suggest: That is the same attitude as critics telling the Keepass maintainer to migrate the (official) keepass.info domain to a .com...
There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.
They just need to be more careful.
Here's an analogy.
Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.
No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.
Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."
Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."
It is sad to hear the level of victim blaming from the big industry.
Therefore I think you are missing the point with your analogy.
The results shows as:
Download PuTTY - a free SSH and telnet client for Windows.
PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source...From that doc:
A.9.3 Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned) ...
Searching for "putty ssh" on both DDG and Google now return putty.org as their top result.
1: putty.org
2: "People also ask, What is putty and why is it used?" then 4 other questions about the material putty taking up most of the page
3: Videos "How to use Putty to SSH on Windows"
----- Fold -----
4. Video "How to Use Putty?"
5: Video "How to SSH Without a Password with Putty"
6: https://www.chiark.greenend.org.uk/~sgtatham/putty/ the actual site
That's the problem when the metrics are focused on how the company is doing and not how the user is doing, but when there is barely any competition that is not dogshit you don't have to care about how the customer feels because they can't go anywhere anyway so you can feel free to extract the maximum profit from them.
That's also why Google, Facebook, Microsoft and OpenAI are all so hellbent on AI: they all want to be the one and only place that you interact with to get answers to your questions so that as much of your "eyeball time" as possible (and with it, ad income) stays in their respective walled gardens.
putty.org has this on their page:
> On July 13, 2025, Bitvise was contacted by a political interrogator posing as a journalist.
They are doing a great job of making themselves look like assholes.
the Bitvise owner shouldn't have responded so unprofessionally, and their views on open source software are strange - but they're correct that the domain was never "historically associated with PuTTY", it just uses its name.
additionally, the usage of unformatted markdown in each "journalist" email makes me think this story was at least partially assisted by an LLM (https://putty.org/20250713-MiraiF-Emails.txt)
in short this is a nothing story
This seems a bit misleading. The domain has never, as far as I know, belonged to the project, so it can only have been "long associated" in the minds of users mistakenly trying to guess the URL and "historically" navigating to the wrong website.
> “The PuTTY project never had this domain”
Right.
> Search engines treat domain names like putty.org as authoritative.
Do they? Domain names "like" putty.org in what sense? Which search engines, by what mechanism?
"Below suggestions are independent of PuTTY. They are not endorsements by the PuTTY project."
Above of this is a direct link to PuTTY's website.
I'm afraid this is a non-issue. Sure, you are free to rant, and I appreciate the good intentions behind it, but count me out on raging.
www.putty.org SHOULD be the correct address. Failing that, LINKING to the correct website is an acceptable measure, specially when such linking is on top.
Want to blame someone? Blame SEO, where a decent 2000 website with no issues whatsoever is pushed down the results.
andreareina•6mo ago