Handshake Review: The Logic of Sovereign Naming and the TLD Unhack

You spent four years building a brand on that domain. The backlinks, the email, the muscle memory of every customer who types it without thinking — all of it hangs off one name you renew every January. Then one morning the renewal card declines, or a complaint you never see lands in the right inbox, or a policy shifts in an office on another continent, and the name simply stops resolving. Your site is fine. Your servers are fine. The name that points to them just isn’t yours anymore, and there’s no one to call who can give it back.

The short version: Handshake is a decentralized naming protocol that lets you own a top-level domain — like .yourname — instead of renting a second-level name under someone else’s TLD. It moves the internet’s Root Zone (the master list of who controls which domain endings) off a centrally administered file and onto a proof-of-work blockchain, where ownership is recorded as a cryptographic fact rather than a permission. You buy HNS tokens, win your name in a sealed-bid Vickrey auction, and hold it with a wallet seed. The honest catch: most people’s browsers won’t resolve a Handshake name without a resolver or extension, so today it’s a sovereignty layer you run alongside traditional DNS, not a drop-in replacement for it.

How does domain ownership actually work today?

Here’s the part no registrar puts on the checkout page. The entire internet runs on a single file — the Root Zone — and it’s administered by a small set of people and one coordinating authority. When you “buy” a domain, you buy nothing. You’re paying an annual fee for permission to use a name that the system agrees to point at you, for now, as long as you stay compliant with rules you don’t write.

This isn’t a hypothetical. In 2020, registrars seized domains over alleged intellectual-property disputes without a court order. In 2022, payment processors pressured domains belonging to political figures out of existence. The pattern is the same each time: a court or a corporation tells the authority, the authority tells the registrar, and your address vanishes — with no recourse that runs faster than the takedown.

The reframe that makes Handshake click is this: you never owned a domain, you leased a name from a landlord who can evict you by editing one file. Handshake’s move is to take that file — the Root Zone itself — and put it on a proof-of-work blockchain where no single authority can edit it. Your TLD becomes a ledger entry secured by the same kind of mining that secures Bitcoin, and revoking it would require controlling a majority of the network rather than sending one email. You stop being a tenant under someone else’s root. You become the root.

What is Handshake, and what’s actually wrong with traditional DNS?

Legacy DNS carries three structural weaknesses, and naming them plainly is the point. First, centralized seizure: the chain from court to authority to registrar to your dead domain has no step where you get a vote. Second, perpetual rent: you pay forever, and miss a single renewal and a squatter can inherit your entire brand history and backlinks for the price of a coffee. Third, dependence on a foreign authority: if you operate outside the jurisdiction that hosts the system, your address lives at the mercy of laws and corporate policies you had no part in setting.

Handshake removes all three by replacing the administered Root Zone with a blockchain ledger and settling ownership through Vickrey auctions — a sealed-bid format where you don’t see anyone else’s bid, which blocks the price manipulation that open bidding invites. The naming stack has three layers worth understanding:

• The HNS blockchain. The proof-of-work ledger that records every TLD’s owner. No central admin can alter an entry.
• The Vickrey auction. You bid HNS tokens for a name in a sealed auction. The winner’s coins are burned — removed from supply — rather than paid to a registrar, which quietly tightens the token’s economics rather than enriching a middleman.
• The resolver ecosystem. Software like Beacon or HDNS that translates Handshake names into IP addresses, so you can route around the big public resolvers and the surveillance that rides on them.

The result is the thing legacy DNS can never offer: you own the namespace, so you can issue and sell subdomains under your own root without asking anyone’s permission.

How do you buy and manage a Handshake TLD?

The mechanics are more approachable than the jargon suggests, and the first step is cheap enough to treat as a learning exercise rather than a commitment.

1. Set up a wallet. Install Bob Wallet or run HSD (the Handshake daemon) and generate a seed phrase. That seed is your TLD — guard it accordingly and never paste it into a browser.
2. Get HNS tokens. Buy HNS on an exchange that lists it (Kraken, among others) and move it to your wallet. Niche names need only a small amount; sought-after generic names can run into serious money.
3. Bid in the auction. Find your TLD in the wallet and open a Vickrey auction: roughly a 10-day sealed-bidding window followed by a 5-day reveal where bids become public and the highest wins. The winning HNS is burned, not refunded.
4. Set up a resolver. Install Beacon or point your operating system at HDNS resolvers so your own browser can actually reach Handshake sites. Without this, the parallel internet stays invisible to you.
5. Manage your records. Use the wallet to point subdomains at IP addresses or IPFS hashes, and to set mail and CNAME records as you would anywhere.
6. Renew roughly every two years. Renewal is a simple transaction costing only a small network fee — but skip it and the name returns to auction. Set a calendar reminder.

Make step one a $20 experiment: buy a little HNS, win a throwaway niche name, and install a resolver — feeling the mechanics once teaches more than any amount of reading.

Can regular people visit Handshake sites? The honest adoption barrier

Yes — but with friction you should hear about before you bet on it. Most people use the big ICANN-aligned resolvers, which won’t resolve Handshake names by default. To reach your site, a visitor needs a Handshake-aware browser extension, a change to their operating system’s DNS to point at a Handshake resolver, or a gateway site that bridges the two worlds. That’s a real barrier, and pretending otherwise would be selling you something.

It is, however, the same kind of friction every parallel system starts with — email was useless until enough people had an address. The pragmatic posture is dual-rail: run Handshake for permanence and control, and mirror your content on traditional DNS for reach, so you own an uncensorable root without sacrificing the audience you already have. Even in the pessimistic case where adoption stays niche, you still hold a permanent, unrevokable name for your own community.

The economics also do real work against the abuse that plagues legacy DNS. Because each name costs burned HNS and each block costs electricity to mine, flooding the registry with junk isn’t cheap the way an $8-a-year squat is. A squatter on traditional DNS faces a laughable barrier; a squatter on Handshake faces thousands in burned tokens plus ongoing renewal, which prices most of them out entirely.

What are the real risks, and how does Handshake compare to ENS? The trade-offs

No honest review ends on the upside, so here are the failure modes stated straight:

• Wallet compromise. Your seed is your domain. Steal the seed, steal the name. Use a hardware wallet such as Ledger or Trezor for anything valuable, and keep the seed off every screen.
• Resolver centralization. Lean on one resolver and you’re exposed if it goes down. Run your own HSD node or keep several resolvers as backups.
• Registry forking. A hard fork could theoretically produce two conflicting ledgers of who owns what. It’s an edge case that coordination among miners and node operators prevents in practice, but it’s not zero.
• Auction sybil incidents. An incidenter could try to flood a name’s auction with bids to inflate the price; hash-locked early commitment and proof-of-work on each bid make this expensive and impractical for most names.

Against the alternatives, the comparison is where Handshake earns its claim. Ethereum Name Service (ENS) is popular but lives on Ethereum, inheriting that chain’s governance and centralization pressures. Unstoppable Domains markets decentralization while operating a fundamentally centralized registry. Handshake’s independent proof-of-work chain is the genuinely sovereign option of the three — which is exactly why it’s harder to use, because real independence doesn’t come with a friendly corporate help desk.

A TLD is your identity layer, and it slots into a wider stack: link it to encrypted email like Proton Mail instead of Gmail, host your site on IPFS so no provider can host-ban it, keep your naming keys on separate seeds from your trading keys, and route traffic through a no-log VPN such as Private Internet Access. Together that’s a name no one can seize, mail no one can read, a site no one can take down, and traffic no one can trivially trace. For the broader picture of owning digital territory, see The Metaverse Ledger.

Frequently asked questions

Can I move my existing domain to Handshake?

Not directly — ICANN domains and Handshake names are separate systems with no migration path between them. What serious operators do instead is claim a parallel TLD on Handshake and run both at once: the legacy domain for reach, the Handshake root for permanence. You point your audience to whichever they can resolve and keep the uncensorable copy regardless.

What happens if I lose my wallet seed?

Your TLD is gone, permanently — there is no reset and no support line, because that absence of a central authority is the entire feature. Handshake uses standard BIP39 seed phrases, so treat the seed like a bearer bond: write it on paper, store multiple copies in separate secure physical locations, and never digitise or email it. This is the one non-negotiable discipline of sovereign naming.

How much does a Handshake name cost?

It depends entirely on demand. A generic niche name can cost only a handful of HNS — single digits to low tens of dollars at typical prices — while contested generic names run into the thousands or far more. There’s also a tiny transaction fee to bid and to renew. The high ceiling on desirable names is deliberate: it’s the economic wall that keeps spam and squatting out.

Will browsers ever support Handshake names natively?

Unlikely in the near term — the incumbent authorities and browser vendors have little incentive to add it, and some to resist it. If adoption ever reaches critical mass, that pressure could shift; until then, resolvers and extensions are the working bridge, and you should plan around needing them rather than waiting for native support.

You started reading this because the name you’ve poured years into never actually belonged to you, and somewhere you already knew it. That’s the uncomfortable part, and it’s also the door. Handshake doesn’t ask you to abandon the domain you have — it offers you a root beneath it that no court, registrar, or processor can quietly delete. The cost is honest: a wallet seed to guard, an auction to learn, a resolver to run. It is not for the casual blogger and it doesn’t pretend to be. But if you’re an operator, a creator, or anyone building something you intend to outlast a policy change, you stop being a tenant at the mercy of a file in someone else’s office and become the owner of your own name on a ledger nobody can edit for you. Buy a little HNS, win one small name, and feel the difference. You’re not renting your identity anymore. You hold the root.