Also, I could talk your ear off about the design of our infrastructure for hours. Suffice it to say, it's a lot harder than you're making it out to be, particularly as regards to scaling. Our registry platform is open source, so feel free to inspect the code at https://nomulus.foo . And that's not even getting into DNS hosting, which involves a very large number of instances distributed around the entire globe.
However, 10 years of 1 million domains, even if Google's cut is only $1 out of the registration price, is still $10 million per year * 10 years = $100 million.
If Google's own registry is used and you capture more of the ($17/year ?) domain fee, it goes up by multiples of that.
Correct me if I am wrong, but serving the DNS entries of .app will be almost the same as serving up a DNS entry for another domain like .com: the HSTS/https-only requirements will be set up in the browser, not the DNS server.
And serving DNS has been handled successfully and profitably by Namecheap/GoDaddy/Moniker et al for years.
Alphabet made $31B in revenue last quarter. [1] CydeWeys already addressed their costs, but $100M over 10 years doesn't exactly sound like something they get out of bed for, especially considering they're already out $25M and they really will have expenses to cover for this.
I'm seeing prices from $17 - $15,000 for preregistration and the pricing tiers seem very arbitrary... is there any documentation on how Google sets the pricing?
Please see my top level comment here that I've since left.
Note that registrars ultimately set the pricing that you see, which is why it's different across different registrars, same as if you wanted to buy, e.g., a .com domain.
But not only to take care of internet security, but also to protect our children from terrorist and pedophiles, right? I wonder where I have heard similar use of wording that introduced a bunch of new laws harmfull for anything related with freedom...
We're not expecting to make our money back on this one. And these amounts are a drop in bucket compared to many other Google products anyway.
So a cynical profit motive is not why we're doing it. We're doing it for the stated reasons, to move security forward on the Web; see https://security.googleblog.com/2017/09/broadening-hsts-to-s... and https://security.googleblog.com/2018/02/a-secure-web-is-here...
Also, I could talk your ear off about the design of our infrastructure for hours. Suffice it to say, it's a lot harder than you're making it out to be, particularly as regards to scaling. Our registry platform is open source, so feel free to inspect the code at https://nomulus.foo . And that's not even getting into DNS hosting, which involves a very large number of instances distributed around the entire globe.