system online · no logs · no tracking · no kyc tor: v3 ready
[never]kyc
login sign up →
root@neverkyc:/blog/njalla-vs-incognet-anonymous-domain-registrar-2026$ cat post.md

Njalla vs IncogNET: Anonymous Domain Registrar 2026

// by ~anon · 2026-05-31 · mock,auto-generated,en

Njalla vs IncogNET: Anonymous Domain Registrar 2026

In March 2026, ICANN finalized the revised RDDS access policy that pushes most registrars to attach a verified phone number to every WHOIS record by default. For anyone publishing a leak archive, a tech blog with an opinion, an opposition newsletter, or just a personal email domain they don't want tied to their passport, that single line in a policy PDF made the choice of registrar suddenly load-bearing again. Two names keep coming up in the privacy threads on Monero subreddits, Kicksecure forums, and the Tor Project's mailing lists: Njalla and IncogNET. They are not the only no-KYC registrars left, but they are the two that have survived four full years of payment processor pressure while still accepting Monero on day one without redirects through a custodial bridge.

This guide compares them the way a careful operator would in 2026 — not by counting marketing bullet points, but by looking at ownership model, jurisdictional exposure, TLD catalogue, payment flow, and what actually happens when somebody sends a legal notice. If you arrived here after buying XMR through MoneroSwapper or an atomic swap and you are now wondering where to spend it, the next 12 minutes should save you a wrong turn.

Why anonymous domain registration matters more in 2026

The pressure on hobby-grade and activist domains tightened from three directions in the last eighteen months. WHOIS redaction, once the default after GDPR, is being chipped away by the new ICANN policy and by national transposition laws in the EU's NIS2 successor. Tier-one payment processors quietly added "domain privacy services" to their high-risk merchant categories in late 2025, and at least four registrars that previously accepted cards anonymously now require a billing address that matches the card's BIN country. And finally, US-style subpoenas under the Stored Communications Act now reach further into infrastructure-as-a-service stacks than they did even two years ago.

  • WHOIS exposure is back: the redaction layer most registrars added in 2018 is being unwound for accredited requestors, which in practice means any law-enforcement liaison desk and a growing list of trademark lawyers.
  • Card payments leak metadata: even with a "privacy" registrar, paying with a Visa or Mastercard binds the domain to your bank's KYC file, which is discoverable in civil and criminal proceedings.
  • Jurisdiction shopping still works: a registrar headquartered outside the Five Eyes and Fourteen Eyes that holds domains in its own name has a different threat surface than one in Delaware that holds them in yours.
  • Monero remains the cleanest rail: RingCT, stealth address output, and CLSAG signatures mean the registrar sees an incoming payment but cannot trivially link it to the sending wallet, prior history, or future spends.

Both Njalla and IncogNET advertise themselves as answers to this environment. They get there by very different routes, and the route is the point.

How Njalla actually works: the proxy ownership model

Njalla launched in April 2017, founded by Peter Sunde and a small team with a Pirate Bay and IPredator background. The legal entity is registered in Nevis (1337 LLC), with day-to-day operations linked to Sweden. The product is intentionally not a normal registrar: when you "buy" a domain through Njalla, the domain is technically registered in Njalla's name, and you receive a contractual usage right governed by their terms of service. You can change DNS records, transfer the domain out, sell it, or let it expire — Njalla treats those decisions as yours — but on paper the registrant is Njalla.

That distinction matters in two opposite directions. On the upside, your name never appears in the registry's records, the registrar's records, or any WHOIS lookup. A subpoena to Verisign or to a ccTLD operator returns Njalla's information. The operator has explicitly stated that they hold no government-issued identification on customers and that the only personal data they require is an email address, which can itself be a one-shot relay. On the downside, a sufficiently motivated adversary can pressure Njalla itself — and because Njalla is the legal registrant, there are theoretical scenarios in which they could be compelled to act before you have a chance to react. Njalla's track record in 2023, 2024 and 2025 was that they refused several takedown demands and lost no domains to forced transfer, but past performance is not a guarantee.

Payment, pricing and TLD coverage at Njalla

Njalla accepts Monero natively, alongside Bitcoin (on-chain and Lightning), Litecoin, Zcash, Dash, Bitcoin Cash, and a small set of fiat options through reseller flows. Pricing in 2026 sits at 15 EUR/year for legacy gTLDs like .com, .net and .org, with most ccTLDs and new gTLDs ranging from 12 to 45 EUR depending on the registry's wholesale. The catalogue covers more than 800 TLDs, including notoriously difficult ones like .is, .li, .ch and a wide spread of Pacific and Caribbean ccTLDs. Email forwarding, DNS hosting, and basic glue records are included. Njalla also resells VPS instances and an in-house DNS service that can be useful if you want your nameservers detached from your hosting provider.

How IncogNET actually works: the true ownership model

IncogNET is a younger operation, incorporated in Pennsylvania in late 2020 and expanded through 2021 with a free-speech and "lawful but inconvenient" niche. Unlike Njalla, IncogNET is a conventional accredited reseller for several TLDs and a partner for others; when you buy a domain through them, your registration goes into the registry under a real legal owner — either yourself, an alias of your choosing, or an LLC if you have one — and IncogNET layers a WHOIS privacy service on top. The trade-off inverts Njalla's: you genuinely own the domain in a way that survives the registrar going dark, but the privacy curtain is a contractual veil that can be lifted by a US court order against IncogNET itself.

The company's marketing leans heavily on US First Amendment framing, which is honest about the threat model: they will defend lawful speech vigorously and they will not roll over for foreign defamation claims, but they are still a US entity and they will comply with valid US warrants. For an operator whose adversaries are spam reports, copyright trolls, or single-jurisdiction smear lawsuits, this is more than adequate. For an operator who expects a federal grand jury subpoena, the model is structurally weaker than Njalla's.

Payment, pricing and TLD coverage at IncogNET

IncogNET accepts Monero through their own BTCPay Server instance, alongside Bitcoin (on-chain and Lightning), Litecoin, and a notable cash-by-mail option for customers who want to avoid even the on-chain footprint. Card payments exist but funnel through a separate processor and break the no-KYC promise. Domain pricing is slightly cheaper than Njalla on legacy gTLDs — roughly 12 to 14 USD/year for .com — and competitive on most new gTLDs, but their TLD catalogue is narrower, with several Pacific ccTLDs and some European ones unavailable. They bundle hosting, VPN, VPS and dedicated server products in the same account, which is convenient for an operator who wants a single payment relationship covering domain, DNS, and origin server.

Side-by-side: the comparison that actually matters

Most comparison posts on this topic spend their word count on feature lists. The features matter less than how the two services answer four questions: who is the registrant on paper, where does that registrant sit jurisdictionally, what does the payment trail look like, and what happens when a takedown request lands. The table below answers those questions in the format you can actually act on.

Dimension Njalla IncogNET
Legal registrant on paper Njalla (1337 LLC, Nevis) You or your alias (real registrant)
Primary jurisdiction Nevis / Sweden operations United States (Pennsylvania)
Monero accepted natively Yes, on-chain XMR + BTC/LTC/ZEC/DASH Yes, via own BTCPay node
Cash-by-mail option No Yes
KYC at signup Email only (any address) Email only for crypto payments
Approximate .com price 2026 15 EUR/year 13 USD/year
TLD catalogue size 800+ including rare ccTLDs 200+ focused on common TLDs
Bundled hosting / VPN / VPS VPS only VPN, VPS, dedicated, web hosting
Response to foreign subpoena Generally refused if not Nevis-issued Evaluates each, complies with valid US
Survival if registrar disappears Loss risk: domain in their name Domain survives in your name

Neither column is universally "better." The Njalla model trades long-term ownership certainty for short-term unlinkability. The IncogNET model trades stronger jurisdictional exposure for the comfort of real, transferable ownership and a slightly leaner price. Pick the one whose trade-off matches the adversary you actually have, not the one you imagine.

Step-by-step: buying a domain anonymously with Monero in 2026

The mechanics of an anonymous purchase look similar at both providers; the differences sit at the edges. The flow below assumes you have already acquired XMR — through a private peer-to-peer trade, through MoneroSwapper's no-account swap from another asset, or out of an atomic swap from BTC. If you are starting from a card-bought stablecoin, do the swap first; otherwise the registrar's wallet sees a payment whose history points straight back to your KYC exchange.

  1. Prepare a clean email identity. Use a fresh address from a service that does not require a phone number — for example a hosted Mailbox.org alias paid with crypto, a Tutanota account opened over Tor, or a self-hosted catch-all on a previously purchased anonymous domain. Do not reuse an address that is already linked to your real identity in any breach corpus.
  2. Connect over Tor or a no-log VPN. Both Njalla and IncogNET accept Tor connections. If you prefer a VPN, choose one that publishes warrant canaries and accepts Monero directly. Avoid free VPNs, which routinely log and resell traffic metadata. Disable WebRTC and browser fingerprinting features for the session.
  3. Create the account with email only. Skip every optional field. Do not upload an avatar. Do not link a Twitter or Telegram handle. The fewer attributes you attach, the smaller the correlation surface in any future breach.
  4. Search the TLD and add to cart. Choose the TLD that matches your audience and your threat tolerance. ccTLDs operated by adversarial registries (for example .ru, .cn or .ir for Western operators, and the inverse for opposition use) are technically available but carry registry-level seizure risk that the registrar cannot insulate you from.
  5. Pay in Monero from a fresh subaddress. Generate a new subaddress in your wallet for this purchase. Do not consolidate outputs from this transaction with outputs that touch your identity. Wait the recommended 10 confirmations for the payment to clear and the domain to provision.
  6. Configure DNS and nameservers. Point the domain at your origin (a privacy VPS, an Onion service with a Tor v3 hidden service, or a CDN like Cloudflare configured with a generic account). At Njalla you can use their in-house nameservers; at IncogNET you can use theirs or any external provider.
  7. Set a renewal reminder outside the registrar. Both providers send renewal reminders to the account email, but a single missed renewal collapses the whole privacy stack. Track the expiry in your own calendar and keep a small XMR balance ready specifically for renewal.
The registrar that knows the least about you is the registrar that has the least to hand over when a subpoena arrives. Every optional form field is a future liability.

Threat models and which option fits which operator

The right answer depends on who you are and who you are hiding from. The shorthand below maps common 2026 operator profiles to the registrar that tends to fit them best, with the reasoning made explicit so you can argue with it.

Independent journalists and leak publishers

If you are running a leak site, an opposition newsroom, or a tip-line subdomain, the dominant threat is a court-ordered seizure attempt from a state actor that cooperates poorly with Nevis and Swedish authorities. Njalla's proxy ownership is the better fit here precisely because the registrant of record is not you, and Njalla has a documented history of refusing politically motivated takedown demands. Pair it with a Tor v3 hidden service for the actual content and the domain becomes a convenience pointer rather than a single point of failure.

Privacy-tech projects and open-source maintainers

For an open-source project running a download site, a Matrix homeserver, or a public mirror, the dominant threat is takedown spam from copyright trolls and the occasional trademark complaint. Either registrar works, but IncogNET's bundled hosting, VPN and VPS catalogue makes the operational stack simpler. Real ownership of the domain also matters more here because the community expects continuity if the maintainer ever steps back.

Personal email and identity domains

For an individual who wants a non-KYC personal email domain — perhaps mail.yourname.tld for use with Mailbox.org or a self-hosted Stalwart server — IncogNET's cheaper renewal pricing and broader hosting bundle wins on operational cost. The threat model is realistic: nobody is sending a federal grand jury subpoena over a personal email address. Pay with Monero from a swap routed through a no-KYC venue like MoneroSwapper and the only correlation point is the domain itself.

Operators in legally hostile jurisdictions

For an operator inside a jurisdiction that criminalizes the underlying speech — opposition activists, harm-reduction NGOs in prohibitionist states, LGBTQ resources in jurisdictions that ban them — Njalla's Nevis incorporation is structurally safer. Combine it with Tor-only access, no real email, and Monero paid from a wallet that has never touched a centralized exchange. Treat the domain itself as compromise-able and architect the underlying service for graceful degradation if it is seized at the registry level.

Operational details people miss

Three details disproportionately decide whether an anonymous domain registration holds up over years. None of them are obvious from the front page of either provider.

The first is wallet hygiene at the moment of payment. Both registrars expose a single Monero address per invoice. Sending from a wallet that already contains exchange-withdrawn outputs taints the privacy of the transaction, not for the registrar — who sees nothing useful thanks to RingCT and stealth addresses — but for you if you later try to argue in a recovery context that the domain is not yours. Use a fresh subaddress and ideally a sub-wallet specifically for infrastructure spends.

The second is renewal continuity. Most "anonymous domain lost" stories online end in the same way: the operator stopped checking the email and the domain expired into the grace period, then the redemption period, then the drop. Both providers send three to five reminder emails before expiry, but if your alias provider rotated, you may not see them. Set a calendar reminder 30 days before expiry and keep ~50 EUR in XMR set aside specifically for two-year renewals.

The third is the link between domain and origin. A domain anonymously registered through Njalla and pointed at an AWS instance in Frankfurt that you paid for with a personal Visa card is not anonymous; it is a Visa-linked domain with one extra hop. Match the privacy level of the registrar to the privacy level of the origin. A VPS provider that accepts Monero, a Tor hidden service, or an IncogNET-hosted VM keeps the stack consistent.

FAQ

Is Njalla or IncogNET more anonymous in practice?

Njalla offers a stronger structural answer because you are not the registrant of record. Your name never enters a registry or registrar database. IncogNET offers a strong contractual answer through its WHOIS privacy service, but you remain the underlying legal owner. For maximal unlinkability, Njalla wins; for ownership certainty plus reasonable privacy, IncogNET wins.

Can either registrar see the Monero wallet I paid from?

No. Monero's RingCT, Bulletproofs+ range proofs, and stealth address outputs mean the registrar sees only that an invoice was paid. They do not see your wallet's other outputs, your balance, or which exchange (if any) the funds originated from. This is structurally different from a Bitcoin payment, where the input UTXOs are visible to anyone with a block explorer.

What happens if Njalla gets hacked or goes out of business?

Because Njalla is the registrant of record, a catastrophic failure could in theory complicate transferring your domains out. In practice, Njalla has published recovery procedures and the company has been operating since 2017 without an incident of that kind. Mitigate by keeping a backup record of your domains and your account credentials in encrypted offline storage.

Can I transfer a domain from Njalla to IncogNET or vice versa?

Yes for most TLDs, with normal registrar transfer mechanics (unlock, EPP/auth code, 5–7 day window). The catch is that transferring out of Njalla means the new registrant will be the receiving registrar's customer — usually you — which moves you out of the proxy-ownership model. Transferring into Njalla works the other direction. Plan transfers around renewal cycles to avoid double-paying.

Do I need a no-log VPN if I am already on Tor?

Tor alone is sufficient for the registration flow. Adding a VPN in front of Tor (VPN-to-Tor) can hide Tor usage from your ISP but adds a single point of trust at the VPN. Tor-to-VPN is rarely useful for this workflow. If you only have a VPN and no Tor, choose a VPN that accepts Monero, publishes a warrant canary, and has been independently audited. Mullvad and IVPN are common 2026 picks among privacy practitioners.

What about ENS or Handshake domains as an alternative?

ENS (.eth) and Handshake names solve a different problem: they remove the registry as a takedown vector. They do not give you a name that resolves in a default browser without a gateway or an extension, which limits audience reach. For a leak site, a hybrid stack (Njalla for the resolvable mirror, ENS or Handshake for the censorship-resistant backup) is increasingly common in 2026.

Conclusion

Njalla and IncogNET are both honest answers to a problem most registrars pretend does not exist. They answer it differently: Njalla by becoming the registrant so you do not have to be, IncogNET by giving you real ownership behind a WHOIS curtain. Pick Njalla if your adversary is a foreign state or a politically motivated takedown campaign, and you can tolerate the proxy ownership trade-off. Pick IncogNET if your adversary is a copyright troll, a spam reporter, or just the casual snooper, and you want a single-vendor bundle for domain, hosting and VPN.

Either way, the payment layer is the part most people get wrong. Use Monero, send from a fresh subaddress, and source the XMR through a private channel — a no-account swap on MoneroSwapper, a peer-to-peer trade, or an atomic swap — so that the registrar sees an unlinkable payment rather than the tail end of a card-bought stablecoin trail. The domain is only as private as its quietest input, and in 2026 that input is almost always the wallet you paid from.

← back to blog