From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.
https://en.wikipedia.org/wiki/Spite_house
https://en.wikipedia.org/wiki/List_of_Curb_Your_Enthusiasm_e...
However, nothing compares to the George Lucas saga down in Marin County. Was worth it just for the read about Lucas' fight with the county. Nigh incomprehensible.
[1] Forbes Summary, 2012: https://www.forbes.com/global/2012/0507/companies-people-geo...
[2] NYTimes Summary, 2012: https://archive.is/7iSSE
[3] CNET Summary, 2015: https://www.cnet.com/culture/george-lucas-to-build-affordabl...
[4] Pacific Research Institute Summary, 2021: https://www.pacificresearch.org/george-lucas-reluctant-yimby...
> submitted a so-called precise development plan in 2009 [for a] 269,701-square-foot digital studio [2]
> Lucas’ company says it spent “tens of millions” on engineering and environmental reviews and fees since its master plan was approved in 1996. [1]
> The association and others sent a letter to Mr. Lucas requesting that he find a “far more appropriate location for the development.” The project, the letter said, would “pose a serious and alarming threat to the nature of our valley and our community,” “dwarf the average Costco warehouse” and generate light pollution so that “our dark starry skies would be destroyed.” [2] In 2012, Lucasfilm announced that it had scrapped the 263,701-square-foot project. [3]
> "The level of bitterness and anger expressed by the homeowners in Lucas Valley has convinced us that, even if we were to spend more time and acquire the necessary approvals, we would not be able to maintain a constructive relationship with our neighbours" [3] “We were offering to shut down at 11 p.m. and spend $70 million to restore creeks ravaged by erosion and farm debris. Nothing we offered to these people was ever going to be enough. And so we were facing death by delay.” [1]
> In 2012 Mr. Lucas said he would sell the land to a developer to bring “low income housing” here. [2] there was a predictable backlash from residents, who believed that affordable housing would bring crime into the area and lower property values [3] “It’s inciting class warfare,” said Carolyn Lenert, head of the North San Rafael Coalition of Residents. [2]
> That has created an atmosphere that one opponent, who asked not to be identified, saying she feared for her safety, described as “sheer terror” and likened to “Syria.” [2]
> Carl Fricke [...] said: “We got letters saying, ‘You guys are going to get what you deserve. You’re going to bring drug dealers, all this crime and lowlife in here.’ ” [2]
> After three years in stasis, working with the regulations that govern affordable housing grants, George Lucas now plan[ed] to foot the bill himself, to the tune of upward of $150 million (circa 2015). This not only allows the project to proceed without jumping through those hoops, it also means that the housing can be allocated to specific groups, such as seniors, nurses and teachers. [3]
> The plan called for 224 apartments, along with generous residential amenities and a new bus stop [4], situated over 52 acres just north of San Rafael. This consists of 120 two- and three-bedroom workforce residences, and 104 one- and two-bedroom residences for seniors. [3]
> neighboring property owners quickly threatened Lucas with a $70 million environmental lawsuit if the filmmaker didn’t pull back his housing plans. True to California planning tradition, the project remain[ed] in limbo five years later. [4]
[5] https://www.thethings.com/george-lucas-billion-net-worth-spe...
> Lucas and the residents continued to battle over the property for several years until Disney eventually bought the property as part of purchasing LucasFilm. [5]
And the final piece of the story, perhaps the worst:
[6] Daily Mail Summary, 2023: https://www.dailymail.co.uk/news/article-12063777/These-form...
[7] Google Maps View, Binford Rd, 2023: https://www.google.com/maps/@38.1221805,-122.5651918,3a,75y,...
> A line of RVs, trucks, and trailers stretches for nearly 2 miles along Highway 101 in north Marin County
> More than half had lived in Marin County for over a decade, and a further 13% for at least five years.
> 'I've been here four and a half years. I was one of the first here. When I came in mid 2018 there were three motor homes. Now there's over 80.' Sherry and Lyness said they can't afford a normal home any longer, and low-income housing is in short supply.
A fantastic sentiment, I do exactly this as well
Edit: And i'm happy to see that it's working again as of 2024-12-09 12:27 UTC+1
Seems to be a difficult time for hosters and also again a demonstration that copyright law is deeply flawed, even if using stolen assets is a rising problem.
Unfortunately, domain registration is an industry with so many of its own problems that I'm not sure "vote with your wallet" would be an effective strategy for changing things here. I honestly wonder if domain registration might be the more fruitful target for legislation protecting customers if the goal is specifically to avoid situations like this one, but even as someone who's usually unabashedly in favor of consumer protection regulations, I can't say I have a high degree of confidence that any changes here would be done effectively.
Of course services like the registrar need protection here too. And certain false copyright claims probably need consequences as well. The legal industry servers no function here.
Also, it would be legally trivial to make the user accountable for the offense, not the whole of itch.io. Sure, there would be problems here as well, but there is not large barrier to not have a parasitic legal industry and have those responsible that actually commit the offense.
The problem of enforcement cannot be put on the back of the platform itself.
To be honest, I'm not really sure what point you're trying to make at all with your comment. None of it seems to address anything that I said, and if anything, it almost sounds like you managed to infer the opposite of what I meant in most cases.
How have y'all not realized that's how all this works?
It's why DNS is an anti-feature. As long as registrar's exist, it'll be an active lever utilized for basic deplatforming. Until everyone can host their own stuff, and networking is de-hub-and-spoked, this type of behavior will continue.
Easiest? Perhaps. Nothing around law is particularly easy (except breaking it, of course!) :) So, not altering existing laws, or not making new ones, would absolutely be the easiest method to that desired outcome. Many things would be easier to do if they were simply done how they were described, in a manner in which they were excepted, under the terms which they were agreed to. However, can we expect that a lack of laws/codes/statutes could ever result in effective or consistent behavior? Sadly, no. At least, not based upon historical experience. Perhaps the disposition of man will change one day - who knows what the future holds, but God!
Negligence is a thing that is bred in indifference and grown through a lack of consequence. Law and reform is the sole remedy.
Consider this: It would be far, far safer and more profitable for owners, employees, and customers of restaurants if the restaurant kept their cooking areas clean and tidy. Yet, even with unannounced and routine health inspections, various licensing requirements, annual training & education certifications, and massive fines...in spite of all of that, absurdly high numbers owners can't meet the bare minimum. People still somehow die from unsanitary food every year!
The best we can do then to combat the disposition of disconnected employees, and the blasé, checked-out business owners is to crush their skull. It is a judicial vengeance, a constant protector for all the people who had been abused unfairly; the ones who were discounted as "unimportant nobodies". Law is what gives the common man a temporary illusion of equal treatment. And when that illusion is chipped and broken from time-to-time, well, at least we can put another head up on the spike outside our walls.
It's certainly not quick, or easy, or even preventative(!), but it is the kind of response that is owed to the victims of incompetence and indolence.
From the timeline of the incident given at the top of this thread by the maintainer of the site, it sounds a lot more like the registrar was lazy about investigating whether the report of fraud/phishing was valid than that the registrar was fully aware that the actual intent was to take an entire site offline due to an allegation of a singular user infringing copyright. It sounds like the issue with the registrar could happen just as easily even if we magically waved a wand away and eliminated copyright law; if someone made an allegation of fraud and phishing, it sounds like the registrar might act the exact same way it did in this incident and take the site offline. That's why I'm arguing that copyright law isn't the primary cause of what happened here, and why reforming it seems pretty orthogonal to stopping this specific thing from occurring regardless of its merits as a goal in general.
The last time someone I knew had an issue, they had to get a senator to make waves to get anything resolved.
There isn't really a precedent for a tld with as many domains under it as .io, it's a very strong possibility it will be kept around and given to a private entity or even to GB.
.yu for Yugoslavia ran from 1989 to 2010.
Wikipedia has comprehensive articles on both of those ccTLDs, if you're interested in learning more
Prices went up, service went down. I’d recommend moving your domains when you can (Porkbun have been good, though I haven’t had any incidents like this).
Best of luck!
Namecheap I find is less easier to use and sometimes higher cost over time. I also haven’t had reliable domain renewal service from them when I used them.
Granted this is all a few years back. I was at Cloudflare until this year when I switched to Porkbun and I’ve been very happy
dynadot.com has been superior in my experience.
i’m interested in any potential negatives.
1. Section 6.1 of https://www.cloudflare.com/domain-registration-agreement/
there are very few parts of that contract in all caps, but that's one of them :/
To replace Gandi email (that Gandi went from free to ramping up the pricing for when they were taken over), Cloudflare offer email forwarding so you can receive incoming mail from a custom domain to e.g. a gmail account, and for sending mail you can pair this with a custom SMTP service like https://www.smtp2go.com (1000 emails/month on the free tier).
Apart from that, DNS is something I barely touch for years sometimes so I don't find much difference between registrars beside their pricing and how much you can trust them.
Being able to point your Cloudflare nameserver records would be nice though, so worst case you'd need to move everything if another registrar had some services you were interested in? Would be curious to know more about how common this scenario comes up and why.
I've used their services for ages and even got to briefly meet the founders once in Wellington who gave a talk on Erlang.
Ah well, while it sucks that the good times may be over, I'm glad the founders got their exit :)
I'm not.
I mean, I am happy for them but this concept of growing a business to an exit is not going well for society as a whole (at least the exits that are in my areas of interest, so I assume it extrapolates to all exits).
Every single business that gets bought out gets instantly enshittified in one way or another, always to the detriment of the customer. Depending on how entrenched it was it takes a different amount of time for people to move on as the new shareholders extract its economical value, but it almost always destroys societal value in the process as the company becomes a shadow of its former self (and hopefully dies, leaving way for the cycle to start again).
I wish there was a way for founders to get rich without the need for an exit, so the business could keep running... but I guess ruthless enshittification is the only way to get rich?
Apologies for the tangent, this is something that's been bouncing in my mind for a while...
A business is supposed to be an ongoing, perpetual enterprise. Maybe it grows, maybe it stays the same, but it isn't something that should (in my opinion) be designed as a product, in itself, with a "sell by" date. If it gets brought up, then that's [maybe] good, but it shouldn't actually be in the business plan. It's just a random lifecycle event. We can plan to be ready for it, but it shouldn't be a corporate goal.
It's quite possible to do that. I worked for nearly 27 years, for a company that is over 100 years old. I think the world's oldest company is over 1,400 years old, and just got brought out, for the first time, about 10 years ago.
Nationwide is another example of a successful cooperative as well (large UK bank, particularly in the mortgage space). They're customer and employee owned I believe, my wife and I got £200 last year as a profit share for being customers.
I'm a huge fan of the model, but it's difficult to get going. I think they're also more expensive to run as their operations tend to be a little more complex.
Richer Sounds boss in £3.5m staff giveaway https://www.bbc.com/news/business-48269171
The last thing I want is to be a 70 y/o still supporting a registrar. Especially considering the margins.
And it's not like running a registrar is something what can even have a mission other than earning money.
I would honestly be surprised if that was the case, but if you really tried, then you tried.
You pick who you’d hope would continue the mission OR you try to sell to employees.
> And what if they do 180 a week later?
Then you picked wrong, but the risk of picking wrong is not a good reason to not try to pick correctly.
Oh yeah, I fully agree with the enshittification sentiment.
Admittedly, a DNS registrar for me personally is something I'd just swap without much thought but I can think of a few services I use where I wouldn't be so loosely coupled from the product if those founders were to exit.
It's a bit paradoxical on my part I think and I do wish we had more lifestyle businesses that don't have to become massive.
Mind you, I would have put iwantmyname in that basket now that I think about it.
Domains are like car insurance – there's no reward for loyalty, so makes sense to shop around come renewal time.
Though it was the indie/personal feel they had as a registrar, I might look for alternatives.
I appreciated the indie feel as well, but I can't blame someone for selling out to the tune of 7 figures when the opportunity arises.
We have arrived at peak hypocrisy.
So I don't see the hypocrisy
Then things like this happen, and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place, and the real issue was that they sent a "fraud/phishing report" rather than a "trademark infringement" report.
Then I also wish that people who knew better, that this really has nothing to do with AI (like, this is obviously not autonomously making decisions any more than a regular program is), to stop blindly parroting and blaming it as a way to get more clicks, support and rage.
AI does need to die. Not so much because LLMs are bad, but rather because, like "big data" and "blockchain" and many other buzzwordy tools before it, it is a solution looking for a problem.
One exception: personal projects. "This is an NES emulator that is built in Rust, and it uses Rust because I wanted to learn Rust" is a perfectly good description of a project (but not a business).
Arguably, in this scenario, learning rust is the "business need" and the NES emulator is the tool :)
But yeah, exactly. A blockchain is, technically, just a content-addressable linked list. A Merkle tree is the same, as a tree. Git's core data structure is a DAG version of this. These things are useful. Yet nobody calls Git "blockchain technology", because what we all care about is Git's value as a version control tool.
That haphazard branding and parroting is exactly why the bubble needs to burst. Bubbles bursting take out the gritters and rarely actually kills off all the innovation in the scene (it kills a lot, though. I'm not trying to dismiss that).
For example, in my country, we are still dealing with the fallout from a decision made over a decade ago by the Tax Department. They used a poorly designed ML algorithm to screen applicants claiming social benefits for fraudulent activity. This led to several public inquiries and even contributed to the collapse of a government coalition. Tens of thousands of people are still suffering from being wrongly labeled as fraudulent, facing hefty fines and being forced to repay so-called fraudulent benefits.
(Layman here, obviously.)
The legal system already acts that way when the issue is in its own wheelhouse: https://www.reuters.com/legal/new-york-lawyers-sanctioned-us... The lawyers did not escape by just chuckling in amusement, throwing up their hands, and saying "AIs! Amimrite?"
The system is slow and the legal tests haven't happened yet but personally I see no reason to believe that the legal system isn't going to decide that "the AI" never does anything and that "the AI did it!" will provide absolutely zero cover for any action or liability. If anything it'll be negative as hooking an AI directly up to some action and then providing no human oversight will come to be ipso facto negligence.
I actually consider this one of the more subtle reasons this AI bubble is substantially overblown. The idea of this bubble is that AI will just replace humans wholesale, huzzah, cost savings galore! But if companies program things like, say, customer support with AIs, and can then just deploy their wildest fantasies straight into AIs with no concern about humans being in the loop and turning whistleblower or anything, like, making it literally impossible to contact humans, making it literally impossible to get solutions, and so forth, and if customers push these AIs to give false or dangerous solutions, or agree to certain bargains or whathaveyou, and the end result is you trade lots of expensive support calls for a company-ending class-action lawsuit, the utility of buying the AI services to replace your support staff sharply goes down. Not necessarily to zero. Doesn't have to go to zero. It just makes the idea that you're going to replace your support staff with a couple dozen graphics cards a much more incremental advantage rather than a multiplicative advantage, but the bubble is priced like it's hugely multiplicative.
[0] https://www.grammarly.com/blog/punctuation-capitalization/co...
You can then analyze when such pauses are used in formal language, and infer rules for their use. But those rules aren’t going to be 100% consistent, and a violation of those rules is not a grammatical error in the sense that subject-verb disagreement would be.
TL;DR you said “majority” not “every.” That distinction is key.
Also, here is a blog post[2] warning about the improper use of algorithmic enforcement tools like the one that was used in this scandal.
[1] https://en.wikipedia.org/wiki/Dutch_childcare_benefits_scand...
(After the previous AI bubble, no-one mentioned the dread term for about 20 years, instead using the safely ultra-broad umbrella term.)
I also wonder if their "automatically disable" policy takes size/importance of site into account. Is this how they would treat all their domain owners, regardless of significance?
While I agree, the people who hired them are equally culpable. You don't get to wash your hands of the mess just because someone else is doing your dirty work.
If companies hide behind negligence/incompetence, then we need to make it costly for them to be negligent/incompetent.
It's like having a dangerous dog that usually doesn't bite, but you really cannot know if it will change its mind one day. Do you just let such dog walk the streets without owner supervision?
In other words, a pit bull.
It’s irresponsible to deploy AI if you don’t know what it will do, especially when there are actual stakes.
Maybe we’ll have less AI bullshit then.
It does, but they never mess with anyone with big enough pockets to get sued for it.
My hosting party (Hetzner) forwarded the emails and / or put it in their own system, I removed the offending images / page, replied to the email, and done, right? Wrong, the email said I had to fill in a statement through some online form somewhere; I did that too late and got more and more threatening emails like "pack your shit we're evicting you in 24 hours". Nobody seemed to actually read my replies / explanation, probably because this is so routine for them.
And I get it, nobody can be arsed to read longwinded explanations and the like for routine operations. I hope AI assisted tooling will help the overworked support employees with making decisions in favor of giving people the benefit of the doubt and the help they need; for them it's routine, but for me it was the first time I got anything like that.
I've worked on a team in a household-name big tech company where our mission was almost exactly "make sure we're not blowing up our most important customers for no reason". It's not nearly as easy as it sounds: defining who's important is hard, and defining what should and shouldn't be allowed is hard, and then implementing that all correctly and avoiding drift over time is tricky too.
Doubtful. Registrars have almost no costs - any markup over the registry fees is almost pure profit.
• itch.io users could launch the Godot Web Editor to quickly make prototypes or simple games right on itch
• Publish from the native Godot editor directly to itch.io
• Godot adopts itch.io as the official asset store for art packs etc.
• Introduce social features for devs and artists to collaborate with each other:
• A publisher could choose to add a “Fork” or similar button on their itch.io game page that downloads and opens the project source in Godot. • All "forks" published that way would include a link to the original game's page, and so on.
I think Godot+itch could/should become the Github of Games :)
Did this account violate your ToS or the actual law? While I totally understand where are you coming from and I would probably be forced to do the same, I still tend to believe that closing a fan account is exactly the same thing that your registrar did to you.
Besides that, there are so many websites with copyright content that never changes the domains, is just the domain registration bad or why they just disabled the domain?
But yes, no doubt, that system is broken and the registrar should have known better.
If they have a customer like steam would they just cut off the domain? Probably not.
Other domain registrations would just ignored this and nothing would happened.
I expect total ignorance from a typical domain registrar.
> If they have a customer like steam would they just cut off the domain? Probably not.
Take a look who is they registrar and then look their prices up.
> Other domain registrations would just ignored this and nothing would happened
Yeah, they would totally ignore their customer just like that one did.
Unfortunately, providing proper support and protecting own customers in digital realm is an unsustainable business practice for most registrars.
So, in case anyone is interested, their registrar is MarkMonitor Inc., with a pricing of "contact us". The only pricing info I could find [0] said that it's 20$/yr for a .com, but with a minimum spend of 10k$ (probably reached by using their other services, such as the stated purpose of monitoring of trademarks).
Godspeed!
What makes you say that?
I would write up a complaint and send it to the incoming FTC Commissioner. Yes, I'm serious. From the signals Trump is sending if there is ever a time when Republicans may support some form of DMCA reform, it's now. He's on record talking about punishing Big Tech and supporting "Little Tech." You're Little Tech. Send copies of your letter to Funko and BrandShield. Also reach out or at least send a copy to Matt Stoller, the guy who publishes a very popular newsletter about monopoly, anti-trust and corporate abuse in America, he will be interested. Go for the throat.
I feel like there's also some missing layer of infrastructure here.
itch.io, like a lot of sites (HN being another), is meant to act as a host of user-generated content, over which the site takes a curatorial but not editorial stance. (I.e. the site has a Terms of Use; and has moderators that take things down / prevent things from being posted according to the Terms of Use; but otherwise is not favoring content according to the platform's own beliefs in the way that e.g. a newspaper would. None of the UGC posted "represents the views" of the platform, and there's no UGC that the platform would be particularly sad to see taken down.)
I feel like, for such arms-length-hosted UGC platforms, there should be a mechanism to indicate to these "brand protection" services (and phishing/fraud-detection services, etc) that takedown reports should be directed first-and-foremost at the platform itself. A mechanism to assert "this site doesn't have a vested interest in the content it hosts, and so is perfectly willing to comply with takedown requests pointed at specific content; so please don't try to take down the site itself."
There are UGC-hosting websites that brand-protection services already treat this way (e.g. YouTube, Facebook, etc) — but that's just institutional "human common sense" knowledge held about a few specific sites. I feel like this could be generalized, with a rule these takedown systems can follow, where if there's some indication (in a /.well-known/ entry, for example) that the site is a UGC-host and accepts its own platform-level abuse/takedown reports, then that should be attempted first, before trying to get the site itself taken down.
(Of course, such a rule necessarily cannot be a full short-circuit for the regular host-level takedown logic such systems follow; otherwise pirates, fraudsters, etc would just pretend their one-off phishing domains are UGC platforms. But you could have e.g. a default heuristic that if the takedown system discovers a platform-automated-takedown-request channel, then it'll try that channel and give it an hour to take effect before moving onto the host-level strategy; and if it can be detected from e.g. certificate transparency logs that the current ownership of the host is sufficiently long-lived, then additional leeway could be given, upgrading to a 24-72hr wait before host-takedown triggers.)
Will you be moving away from this registrar? It seems like it could very easily be abused again.
I didn't really expect Funko or 10:10 Games to be like that, but then again I didn't expect anyone would like Funko enough to make a fan page about their dolls.
Other companies allow fans to do pretty much whatever you want with their IP as long as you don't turn it into (too much of) a business. Sega has even hired a fan for their remasters rather than DMCA his project into oblivion.
When companies do this, I interpret this as the company giving a clear message: "don't be a fan of our work or we may apply legal pressure".
Unless a project is going viral in the media, raking up in a significant amount of money via a paywall or is directly competing with a current game, the chances of it getting shut down are incredibly low.
The courts have told Nintendo numerous times that they are in the wrong in this behavior and outlook. They have no legal means to keep Dolphin off Steam and it is a matter of judicial record that emulators are not an infringement of your IP on their own. Nintendo doesn't care and openly discusses their intent to make you suffer through lawfare. A just system would smack them down with a vexatious litigant label, but our system gives businesses infinite benefit of the doubt.
Not from iwantmyname, never heard of them, but of course now that I have, I couldn't do business with them in light of the situation.
I'd expect them to remove that, they're not a host for fan pages.
DMCA passed in 1998. it was short lived.
There's obviously somebody to blame. Somebody getting a legitimate domain taken down for hours should have consequences, if only to make mistakes more expensive for trigger-happy automated "IP protection" services (the only signal they'll probably understand).
The question is just if itch.io has the funding and energy to actually pursue the matter legally, now that it's technically resolved. I couldn't blame them for just changing registrars instead.
One registrar off the list of registrars you wanna use.
I'm surprised about their slowness. Again, 2 days ago I sent a request via their web-form and less than 24h later it was resolved.
Disclosure: I know the founder (Lenz).
So the question should be if Lenz is happy with how those who brought his company are now running it?
Of course that is not the kind of question that a founder should ever answer candidly on the internet :)
When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good. The problem was that the registrar and its support then ghosted me and also never refunded me for the money already paid to lease the domain for a year. Overall it was a bad experienced with bad communication that made me switch registrar (note: this was a different registrar than mentioned here).
I think one of the problems is that as more and more individual consumers buy domains, certain legal processes and automation are not ready for that. A good registrar should anticipate that an individual private consumer may not have the legal experience or knowledge to deal with just being hit with something they were never explicitly warned of.
I don't think this is good.
Trademarks are country-specific, not global like domains. Further, within a country trademarks are only valid within the scope of certain classes, which means:
* There will often be more than one trademark holder of even non-surname trademarks.
* You can't trademark a surname to prevent its use generally, you can only restrict its use in a narrow sphere.
I understand why domain registrars automatically overenforce their country's trademark laws (they can't deal with the legal complications that will result from them not doing so), but it's very much not good that someone like you can get to a domain for your surname first and be told you can't have it in case the trademark holder (for which class???) might want it.
Domains are also subject to local law! For ccTLDs, it's usually that of the country in question; for gTLD, to my knowledge the US has effective jurisdiction (through ICANN) over at least some of the popular gTLDs such as .com and .net.
"Local law" in this case doesn't just include actual laws on the books, but also the risk and cost of getting sued by either a trademark holder or a non-trademark-infringing domain owner.
This is exactly the type of issue that people usually don't consider when picking a TLD, vanity or otherwise.
Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking. As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
Yes, but a segment of the domain market still buys their name domains and defends them on the Internet.
I bought my fname+lname domain a few years ago, but I'm not planning to surrender it to a random conglomerate.
> As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
A deep part of me hopes this part of the market never dies, for the good health of the Internet's sovereignity.
s/domain names are not/DNS is not/
And I don't get what DNS has to do with any of this; this is a registrar/legal dispute, not a nameserver/technical one.
Of course I'm not talking about the DNS implementation!
But you're right, I could be more concise with my words, in the interest of making this a more inclusive forum.
First things first:
>I don't get what DNS has to do with any of this
DNS means Domain Name System. Domain names are resolved to IP numbers (think of that like the unique phone number of a particular computer in the internet) using DNS. Registrars manage what entries go in/out of this DNS. Registrars are a player in this whole technical/social system we agreed to follow called DNS.
With regards to intellectual property and domain names, consider all of these scenarios:
A. Someone owns trademark.com, somebody else owns "The Trademark" in the US. Is there copyright infringement?
B. Someone owns trademark.com, somebody else owns "The Trademark" in Vanuatu. Is there copyright infringement?
C. Someone owns trademark.de, somebody else owns "The Trademark" in the US. The site is overwhelmingly accessed by people who reside in the US. The site provides a service identical to the one provided by "The Trademark" in the US. Is there copyright infringement?
D. Someone owns trademark.de, somebody else owns "The Trademark" in the US. The site is overwhelmingly accessed by people who reside in Germany. The site provides a service identical to the one provided by "The Trademark" in the US. Is there copyright infringement?
E. Someone owns trademark.de, somebody else owns "The Trademark" in Germany. The site provides a service identical to the one provided by "The Trademark" in the Germany. Is there copyright infringement?
F. Someone owns trademark.de, somebody else owns "The Trademark" in Germany. The site provides a service completely different to the one provided by "The Trademark" in the Germany. Is there copyright infringement?
Can you see now, how domain names and trademarks are naturally decoupled?
Edit: Sorry! On a 2nd read I caught myself making the same mistake again. By "naturally decoupled" I mean that effects (set of rules, jurisdiction, law, etc...) that apply to the first entity (domain names) do not necessarily apply to the other one (trademarks).
Basically I didn’t notice the very slight indentation on my phone. Whoops.
I don’t know who sureglymop‘s registrar is. I’d encourage them to name and shame, refusing to refund is unacceptable.
By following the reference they provided, which is to a post by the person running itch.io stating just that.
I don't know if the linked comment is actually correct, but the link to a comment plus quoteof the relevant part seems as factual as it gets.
Funko Pop is an American Company.
BrandShield, the "Brand Protection Software" they used, is based out of Israel.
iwantmyname, the registrar, is from New Zealand.
They got bought out by Team Internet, which is British.
And who knows where all of them are actually registered.
They are all going to point the finger at each other for the problem. Who do you sue, and where?
Funko Pop hired BrandShield, but from what I understand they did so exactly because the latter does all the work without you having to intervene. Kind of like you hiring a lawyer and them using ChatGPT to present the case, full of errors and non-existent sources. The lawyer might have been acting on your behalf, but they didn’t really do so according to your intentions and their fuck up isn’t your fault. On first view I’d say BrandShield is a culprit here, but can’t be so sure about Funko Pop yet.
On the other hand, iwantmyname is absolutely at fault. They took down a client’s website without asking or recourse, then sat on their asses. That’s who you sue, because they’re the ones who ultimately had the power and made the decision that affected itch.io. If iwantmyname wants to sue BrandShield and/or Funk Pop or whatever else in turn, none of your concern. The one’s who hurt the business were iwantmyname by not doing due diligence or contacting the client but just automatically bending over.
Now if they should be sued in Britain or New Zealand, that’s for the lawyers to know.
In fact, all of this is for the lawyers to figure out. I’m not one. I’m merely expressing what makes logical sense to me, which could be incredibly wrong.
BrandShield, Funko, and iwantmyname all caused serious financial harm through, at a minimum, tortious negligence.
I'm not a lawyer, but even a yokel like me knows there's more to this legally than a shrug and "the software did it".
The strongest case would be something along the lines of breach of contract via the domain registrar, but your standard internet contract has a term in it that amounts to "we get the right to fuck you", so I assume that applies here, so no breach of contract actually exists. This also kills every claim that's dependent on breach of contract, so tortious interference is also dead.
Fraud will fail because itch.io itself isn't being defrauded at the very least. Business disparagement, and anything else along the lines of defamation, is going to fail because you need something like actual malice--specific knowledge of falsity--there, and that's essentially impossible to prove, not without somebody admitting that they knew all along everything was false.
Tortious interference is dead for several reasons. First, you need an underlying tort, which, as detailed above, probably doesn't exist. Next, you need specific knowledge of the contract being broken. Finally, you need intentionality here: it's not "I did something that caused the contract to be broken", it's "I did something to cause the contract to be broken." Outside of somebody jumping up and down shouting "I'm tortiously interfering with your contracts," it's basically impossible to prove tortious interference.
IANAL, but as I understand it the definition of malice also includes "reckless disregard for the truth". I'm sure a good lawyer can argue that not having human lawyers review, investigate, and confirm computer-generated abuse reports before sending them to outsiders constitutes a reckless disregard for the truth.
It seems like providers could remove themselves from the situation by just giving their clients a "fair use!" response button?
https://law.stackexchange.com/questions/51541/has-anyone-bee...
They do mention a case where the defendant acted in bad faith and was found liable for damages though.
That the magic robot perhaps did it for them matters not at all, in terms of whose fault it is, though a proliferation of magic robots does make junk services like this more of a problem, in that they can flood the internet with nonsense more effectively.
Doesn’t need to be huge – just enough to cover their cost and thereby make it uneconomical to outsource the work these companies are charging their customers for to their targets.
That you have grifters like brandshield is a symptom. Although you should never employ their lawyers for anything either of course. Make the taint stick to them.
- Namecheap
- Cloudflare
- Route 53 (if on AWS)
Any others?
I am fine with the identity verification, but their ticketing system seems to have sent all of my e-mail to their spam box, because they would never respond. I attempted opening tickets explaining the e-mail situation, but they wouldn't listen. In the end, I gave up and let them deactivate the account.
Moved to Porkbun, purchased the exact same domain (no KYC required!), and have been a happy user of their API for about two years now. They also have much more lax requirements for API usage compared to Namecheap. Porkbun also supports WebAuthn and logging in with a security key. It's overall a much nicer service than Namecheap.
Is it really? Or just contact info is enough?
Namecheap is on my NO NO NO list, along with GoDaddy (and a bunch of others). Google Domains was also on this OH GOD NO list, but thankfully Google did the Google thing and killed the product.
E: https://registry.terraform.io/providers/cullenmcdermott/pork...
Not sure if it works though
As an example; I had a dedicated server that I was leasing that I wanted to upgrade, the sales tech noticed that the plan I was currently on had been retired/replaced and credited my account with difference of what I had payed vs the new payment tier which amounted to six months of billing on the upgraded server. You can't really put a price on that kind of honesty!
Why didn't they proactively inform you that your service was retired and there was an alternative available?
It sounds like this must have been going on for a while to be worth 6 months of service in difference alone.
I left 1and1 close on 2 decades ago. If you consider this a story of good service, then I would suggest you try some other provider.
Without a doubt, Porkbun is one of the best. Their staff is knowledgeable, helpful and efficient. Highly recommend them.
The full thread is worth reading for more feedback on a range of registrars, particularly Namecheap: https://news.ycombinator.com/item?id=18086522
I strongly encourage people to only recommend domain registrars if they have verified that customer support won’t completely fuck you over when something goes wrong. Recommending registrars when you’ve only experienced the happy path is doing a disservice to the people you are trying to help out.
Apart from their UI being, huh, I've had no problems.
As well as Gandi, DNSimple was another higher service one I really liked that went crazy on pricing. Agreed the registrar scene nowadays seems like a quite small "do use" list vs a couple of "don't use" :(.
The backup mail spool is nice too...
all in all - not the cheapest - but worth the piece of mind in my book :-D
Route53's .com is $14/yr. So the three year price is $42.
Three year prices from a few registrars (there's so many pricing games the "per year" price is nonsense in most cases):
Cloudflare: $31.32 (-0.06)
GoDaddy: $46.93 (+15.55)
Namecheap: $41.24 (+9.86)
Namesilo: $51.87 (+20.49)
Porkbun: $29.61 (-1.77)
Route53: $42 (+10.46)
Spaceship: $28.98 (-2.40)
Not sure how that qualifies as "outrageously expensive".
You can make your own trade-offs, but for something that's literally the foundation of my online identity, business, etc I'm willing to pay $3.50/yr over wholesale for a company with a reputation, support, and generally aligned incentives.
You may choose to instead tie your online identity and business to someone charging less than cost to save half the price of a big mac a year. But I will find it hard to dig up much sympathy when we all find out _how_ they're planning to make money doing that.
Netim
But they seemed quite proactive on Twitter around the time people left Gandi en masse.
I have one on dynadot because Hover doesn't support the TLD, and the website sure is a lot more awkward.
It's either full access to everything or, thanks to their support for creating a special account on request, only full access to DNS management.
I currently have some domains there (moved a few years ago from Godaddy), so is there something I need to worry about?
I think the HN consensus is that Cloudflare is a reasonably safe bet.
Porkbun is great.
The only issue I experience with Namecheap are included redirects which have something like 90% uptime.
Route53 domains is seriously not needed for anything - just add zone in AWS and point your registrar to new NS.
If you're already hosting on AWS, then you'd only have one potentially hostile company to deal with instead of 2.
They support credit/debit cards, bitcoin, and Paypal. I went with Namecheap especially because of their seamless payment method, Used to struggle at times paying for my domains with Gandi, etc.
Namecheap payment system works just fine.
You: "their billing works just fine" [then talking about payments, when I wasn't talking about payments but billing, "The process of sending an invoice (a bill) to customers for goods or services" -Wikipedia]
They have their billing for domains and products spread over several pages, there is not one place in the UI where they have all payments/billing combined, they don't have PDFs as I've stated and they don't sent invoices by email. Their billing UI is horrendous.
Auth-codes given on the website were expired and they took 2 weeks to give me the correct ones near the end of the registry period.
Support was extremely unresponsive. As this this was a side project I couldn't spent time on every day my domain went into quarantine for a short time. They answered 2 days before the end of the rental period, when requesting the auth codes ~2.5 weeks before.
Will never use them again after this experience.
Porkbun is my new home for most stuff and domains.lt for .lt which porkbun doesn't offer yet sadly.
Others might be good, but no idea who exactly, many small unknown companies in the list that could be either great or shitty.
Went back on their contract obligations already, hiked prices, etc. Will be milked to death.
Best to consider them dead.
i am guessing they are milking their existing customers who don't notice or don't have the knowhow or resources to move their domains, and once those wise up to that they will lose a lot of them
apart from prices their operation didn't seem to change after the sale. although i only have a few domains so i probably didn't interact with them enough to notice anything else
seems like gandi didn't just multiply the prices but raised them exponentially.
beware of namecheap though. see https://news.ycombinator.com/item?id=42364240
I point my nameservers somewhere else and then forget about Namecheap for a year.
If you are in Germany donaindiscount24.com is good option too.
https://news.ycombinator.com/item?id=42364033
If you take a look at:
https://www.domaindiscount24.com/en/about-us
You will see that Team Internet owns them as well. So I would personally bve on the fence if I would consider them good or not.
They were my second registrar. In fact more like the first "real" registrar, because before and in the 90s I registered via a one-man show.
But of course things can change. Let's see how this develops.
- automated notice of trademark infringement from some posted user content, accusing us of "fraud and phishing" (filed by a third party on behalf of Meta)
- that user content was immediately deleted upon receiving the notice
- exactly a week later, our host (Heroku) banned our account with a generic no-reason "Your account has been banned."
Total downtime of about 24 hours until it was resolved; luckily, Heroku's support simply unbanned the account whenever I reached out to ask why we were banned. Migrating to another host wouldn't have taken much longer, but would have been a pain.
Goes to show layering a couple automated processes together can have pretty devastating false-positives. I'm glad there was a human in the loop at Heroku I could reach to get things sorted out relatively quickly; also glad to see Itch.io is back up and got it sorted out relatively quickly as well.
Might be useful to send letters to Disney's and Mattel's legal departments. Mattel paid a lot of money for that Disney license. Disney is very protective of those licenses. Mattel lost the Disney license to Hasbro for a few years due to overproduction of low quality dolls. I'm surprised to see Funko selling low-quality Disney dolls. They degrade a Disney brand.
[1] https://funko.com/pop-tyrannosaurus-rex-fossil/80225.html
[2] https://licensinginternational.org/news/mattel-and-universal...
[3] https://funko.com/fandoms/animation-cartoons/disney-princess...
[4] https://corporate.mattel.com/news/mattel-and-disney-announce...
Besides, Disney is perfectly capable of degrading their own brand.
But I agree this is most probably futile :)
Disney chases down little daycare centers: https://www.snopes.com/fact-check/daycare-center-murals/
They would not miss Funko.
--------
Your request has been updated. To add additional comments, reply to this email.
9 Dec 2024, 10:57 UTC
Hello and thank you for your message.
The domain name was already reinstated earlier today after the registrant finally responded to our notice and took appropriate action to resolve the issueI believe we've reached a point where any activity on the web can vanish overnight due to an AI or an algorithm making decisions based on obscure criteria.
I've had these domains for ten years, now all of a sudden this is super urgent and if I'm on holiday that'd be a real shame I guess
So I contact the registrar and a link to the relevant legislation was sufficient to send them a perfectly agreeably censored version of my identity document (removing just irrelevant information they can't use or verify anyway), but apparently all they do is forward it to support@afnic.fr and not actually mark the domain holder as verified. So AFNIC, predictably, rejects it because GDPR doesn't exist in France
I saw no other choice but to send everything into AFNIC's email inbox / support system, which famously never get leaked and they assured me was "highly" secured when I asked to at least remove it after verification
With just 7 days' notice and half of that going to the distraction of a registrar, there's also no way to figure out what's even going on or have any sort of conversation. They hold all the cards and you jump when they say hop
I'm considering my options for any TLDs owned by AFNIC... evidently .io isn't better, but how to know who is
Maybe your domains are affected buy a new or old policy?
But that's not the case for the domains AFNIC did grant. They registered successfully and I can still use them, also after this verification sham, AFNIC just insisted that I confirm immediately that I e.g. live where I said I live over ten years ago
I'm well aware that GDPR exists in France btw, but AFNIC is not — or at least has a different interpretation of what "not processing data unnecessarily" and "treating racial, biometric, and gender data as extra sensitive" means (they insisted I send all of these categories over plain email to a helpdesk system; I tried giving them an https link to a .jpg on the domain in question instead, but that was rejected with a "please attach to the email")
Also, why is the domain registrar even being contacted here? I thought the general idea was that you'd first contact the site owner and wait for a response, and if there's no response in a certain amount of time, then you might contact the registrar or something. No one should be going over the heads of website owners and creators for matters like this, especially not as their first resort.
In a logical world, they'd contact Itch.io and Itch.io would take down the page (which they did), and that would be it. No need to involve the registrar at all in a case like this one.
Besides, with 26K followers on BlueSky vs 173K on Twitter, I'd say the engagement on the former is significantly higher any way.
This one uses the "DID", not the handle, and will not 404: https://bsky.app/profile/did:plc:oy37ivqnriw6nx3lrbcht2u3/po... (cc dang)
Open issue regarding making bsky URLs less fragile while also not looking ugly: https://github.com/bluesky-social/social-app/issues/1221
(Though, if you use a moderation service which flags/hides accounts with AI generated imagery, that's close to 100% effective for catching crypto scam stuff. Apparently, your average crypto scammer just can't resist a bit of AI-generated banner.)
This certainly changed my morning routine! I am glad to hear that the reason wasn't me deleting my Twitter from my page. My first panic reaction was thinking it was me who's caused it, due to some kind of ad revenue conflict.
Ever seen the movie Summer Wars? I felt like the protagonist for a moment there, but glad it turns out it was just some 2020s AI nonsense.
Either way, there's surely an engineer somewhere who's very busy right now.
The fact that lawyers and the "lawyer system", in conjunction with prosecutorial offices and the police, has made this expensive and pretty impossible for 99% of people and companies is a huge problem. It basically nullifies the whole point of government as protector of people's rights and enforcer of laws.
At the very least what happened here is lying in a commercial context. Arguably something that should be illegal, and sometimes is illegal under the banner of "fraud". Again, the definition of fraud is not obvious (despite them arguing it is super explicit in the laws) and we have to rely on the lawyer priesthood to determine what the "sacred texts" say about it. Maybe even rolling some conjured up lawyer-dice and seeing what the Oracle at the Court says about it after they convene a little "ritual" known as a court meeting or deposition.
Invalid takedowns don’t open you up to anything. The only risk to takedowns is misrepresenting the purported owner but that’s not the case here and the risk would be from Funko not Itch.
Much of the reason for DMCA abuse is that beyond the notice being assumed legitimate there is basically no risk to the complaining party until they dispute a counter-notification.
Not that this is relevant in this case, as it was not a DMCA takedown. A takedown notice would have been addressed to Itch.
Don’t look to large, well-known registrars. I would suggest that you look for local registrars in your area. The TLD registry for your country/area usually has a list of the authorized registrars, so you can simply search that for entities with a local address.
Disclaimer: I work at such a small registrar, but you are not in our target market.
The simple answer is: Choose a registrar without significant external investors.
I never was able to get it cleared. It's crazy the power that those spam list can have and they care very little about false positives
In short: centralised = 1 owner/operator, federated = many semi-autonomous operators to choose from, decentralised/distributed = everyone's an operator on the same level.
With DNS you still have groups of operators who can tell you what to do and they have the main agencies on top of that. I subscribe to the "it's not really decentralised" view.
It's not that you are not giving me source because your time is valuable and I'm dumb. It's because there is no source and these concepts don't have any standard rigorous definition.
https://www.google.com/search?q=decentralized+vs+federated
Google gives me trash. These are trash concepts, nothing written by academics or professionals or standard textbooks, or proceedings of magazines or publications.
Just blogs and cryptonerds (with different definitions).
You can choose different TLDs. Don't like VeriSign's .com? Go with a country tld or make your own tld. Also tld are regulated it isn't even an independent private entity.
Finally switching registrars does NOT require cooperation of the losing registrar, but of the upstream DNS.
The sane take is just don't chose a meme registrar from a bullshit country just because it sounds like something else.
Itch.io: "This is not a joke, Funko just called my mom"
If you want to get with a registrar who is actually clueful about takedowns, we can help you out.
1. internet.bs No Bullshit Domains. I am using them since 10 years, and I am very happy. Email is comparatively expensive, but you can buy this separately from infomaniak.com for 18 EURO a year.
2. If you need country TLDs, this may be a good option: inwx.com
I think that sounds like a good source.
I'd say that it's normal on this site. You are misintepreting the intentions of commenters. No one is doxxing the CEO of a public company by posting a link to their profile.
People should be telling them they screwed up when their corporate behemots run over a small village and they don't notice. Any good CEO can capitalize on that.
Crazy? Idk. Overreacting, perhaps. Surely the risk of someone planning an assassination over a bit of internet outage is negible. It isn't even clear who the culprit is.
I am hoping it's all internet machismo. Not that it makes is any better..
It's hard for me to read this any other way.
[1]: https://www.theguardian.com/uk-news/2024/oct/04/mike-lynch-d...
Go to the nearest mirror and take a good look at yourself.
I've never heard of itch.io before but from what I can tell:
- Itch.io is a platform where people unaffiliated with itch.io can create pages and sell video games
- An itch.io user created a game that used Funko's brand without authorization
- Itch.io (correctly) removed that page when they were made aware of that by their registrar and server host, then responded to both letting them know they'd taken care of it
- The server host (Linode) said that was great and closed the issue. The registrar (iwantmyname) did not respond, then a few days later yanked the domain.
This is exactly the sort of thing the DMCA exists for (assuming itch.io is located in the United States) and it's exactly why the safe harbor provisions exist.
It's like if someone posted a copyright-infringing picture to Facebook and Facebook's registrar responded by taking down the entirety of facebook.com.
So no, this is not on itch.io's shoulders, this is on iwantmyname's (for disabling itch.io's domain even after being made aware of the circumstances) and Brand Shield (for not submitting a complaint to itch.io first and waiting to see if they'd take down the infringing user's content before escalating to itch.io's ISP and server host).
Itch Corp might be in the USA - but their registrar is in New Zealand. That seems like a poor strategic choice for both customer service reasons and legal compatibility reasons.
I never said this was Itch's fault. But I do wonder how many takedown requests iwantmyname received, and whether that caused them to drop their customer. E.g. https://duckduckgo.com/?q=%22tagged+marvel%22+site%3Aitch.io...
But they got no response and instead the domain went down today.
Perhaps it comes naturally ;)
No, but seriously, you may be giving them a bit too much benefit of the doubt.
There's a little more context here: https://news.ycombinator.com/item?id=42364033
Note the "fraud and phishing" complaint. Like, I don't see _any_ way to get to that from what's going on, and of course registrars (correctly) take such complaints far more seriously than DMCA complaints (which shouldn't really be going to the registrar in the first instance, of course).
I wouldn't particularly blame the registrar here, though now that 'AI' spamware is doing this, registrars will presumably have to take fraud complaints a lot less seriously, and the internet will get a little bit worse. But certainly this isn't itch.io's fault; the blame lies squarely with the spamware, and with Funko for using such spamware in the first place.
Then I think it would be pretty reasonable to ask for it to be taken down.
But none of us know what was on that page or whether it was an overreaction.
I mean... we do? It is described here; top post: https://news.ycombinator.com/item?id=42364033
To be clear, there is no issue with them making a DMCA takedown. This should be made to the operator (ie itch.io). They _did not do this_. Instead they complained to the registrar of phishing/fraud. Registrars, not unreasonably, take complaints of fraud seriously, and many will nuke first and answer questions later. However, clearly, no fraud was involved.
(I'm not sure if you're being wilfully obtuse, or if you suffer from the ol' Hackernews "reading the linked material is forbidden" problem, but I just don't see how you can defend the false complaint of fraud.)
You and I have know knowledge of what was actually on there. Neither of us have seen the complaint nor the page itself.
Occam's razor very much says that they are not lying, and that this is simply a false report by 'AI' spamware.
Similarly, the other side have made a claim which - apparently - was accepted by the registrar.
Why does Occam's razor not say that the claimant isn't lying?
FWIW, I think Itch are probably right. But there is a lot of IP infringement on there. Is it unreasonable to think that one of those page might have a phishing form on it?
