ICANN content policing power grab may be dead

A move by ICANN to grant itself more formal “content policing” powers may be dead, after the community was split on the issue and governments failed to back the move.

The Governmental Advisory Committee yesterday sent comments essentially opposing, for now at least, the idea of ICANN reforming its bylaws to give it more powers over internet content, making it very unlikely that ICANN would be able to get such amendments approved by its community overseers.

The comments came a few days after ICANN extended the deadline for responses to a December 2023 consultation on whether applicants in the next new gTLD round should be able to sign up to so-called Registry Voluntary Commitments that regulate content in their zones.

RVCs would be an appendix to ICANN Registry Agreements which would commit a registry to, for example, ban certain types of registrant or certain types of content from domains in their gTLDs.

They’re basically a rebadged version of the Public Interest Commitments found in RAs from the 2012 round, in which the likes of .sucks agreed to ban cyberbullying and .music agreed to ban piracy.

But they’ve got ICANN’s board and lawyers worried, because the Org’s bylaws specifically ban it from restricting or regulating internet content. They’re worried that the RVCs might not be enforceable and that ICANN may wind up in litigation as a result.

ICANN has therefore proposed a framework (pdf) in which RVCs would be enforced by ICANN only after an agreed-upon third-party auditor or monitor found that a registry was out of compliance.

The board sent out several pages of questions to all of its Supporting Organizations and Advisory Committees in December, asking among other things whether the bylaws needed to be amended to clarify ICANN’s role, but the responses were split along traditional lines.

Registries and registrars were aligned: there’s no need for a bylaws change, because ICANN should not allow RVCs that regulate content into its contracts at all.

“ICANN should maintain its existing bylaws which exclude content from its mission, and allowing any changes to this could be a slippery slope opening ICANN to becoming a broader ‘content police’,” the Registrars Stakeholder Group said in its response, giving this amusing example:

An example of a content restriction is provided in the proposed implementation framework for .backyardchickens (e.g. no rooster-related content). Restricting rooster-related content would require a significant amount of policing, and could even prohibit valuable content that would benefit such a TLD. For example, a backyard hen farmer might want to promote the pedigree lineage of the roosters that helped sire the hens, show pictures of the roosters that were the fathers, etc. All of this could in theory be prohibited,but would also require review and subjective analysis. This would be a very slippery slope for ICANN, and a substantial departure from its mission. Restricting rooster content would then put ICANN in the place of enforcing laws that prohibit backyard roosters, rather than relying upon the competent government authorities charged with overseeing residential animal husbandry.

The Non-Commercial Stakeholders Group was more strident in its tone, even raising the possibility of legal action if ICANN went down the content policing route, saying “the best way for the Board to address content-related PICs and RVCs is to make it clear that it will reject them categorically.” It added:

The prohibition on content regulation in ICANN’s mission is extremely important and very clear. Mission limitations were a critical part of the accountability reforms that were required before ICANN would be released from US government control in 2016… NCSG will mount a legal challenge to any attempt to dilute this part of the mission.

The opposing view was held by the Business Constituency, the Intellectual Property Constituency, and the At-Large Advisory Committee, which is tasked with representing the interests of ordinary internet users.

They all said that ICANN should be able to allow content-related RVCs in registry contracts, but the IPC and BC said that no bylaws amendment is needed because the bylaws already have a carve-out that enables the Org to enforce PICs in its agreements. The ALAC said a bylaws amendment is needed.

“There is a distinction between ICANN regulating, i.e imposing ‘rules and restrictions on’ services and content, versus the registry operator voluntarily proposing and submitting to such rules and restrictions,” the IPC wrote.

“There is also a distinction between ICANN directly enforcing such rules and restrictions on third parties, i.e. registrants, versus ICANN holding a registry operator to compliance with the specifics of a contractual commitment,” it added.

The last community group to submit a response, fashionably late, was the GAC, which filed its response yesterday having reviewed all the other responses submitted so far. The GAC arguably has the loudest voice at ICANN, but its comments were probably the least committed.

The GAC said that ICANN should only go ahead with a bylaws amendment if it has community backing, but that the community currently lacks consensus. It said, “at this stage there are not sufficient elements to justify commencing a fundamental bylaws amendment to explicitly enable the enforcement of content-related restrictions”.

However, the GAC still thinks that RVCs “will continue to serve as tools for addressing GAC concerns pertaining to new gTLD applications during the next round” and that it wants them to be enforceable by ICANN, with consequences for registries found in breach.

The GAC said that it “will continue to explore options to address this important question”.

This all means that ICANN is a long way from getting the community support it would need to push through a bylaws amendment related to content policing. That’s considered one of the “Fundamental Bylaws” and can only be changed with substantial community support.

Such amendments require the backing of the Empowered Community. That’s the entity created in 2016 to oversee ICANN after it severed ties with the US government. It comprises individuals from five groups — the GAC, the GNSO, the ccNSO, the ALAC and the Address Supporting Organization.

For a fundamental bylaws amendment to get over the line, at least three of these groups must approve it and no more than one must object.

With the GNSO, given its divisions, almost certainly unable to gather enough affirmative votes, the GAC seemingly on the fence, and the ASO and ccNSO recusing themselves so far, only the ALAC looks like a clear-cut yes vote on a possible future bylaws amendment.

Perhaps that’s why ICANN chair Tripti Sinha has written to the ASO and ccNSO in the last few days to ask them whether they’d like to think again about ducking out of the consultation, giving them an extra two weeks to submit comments after the original March 31 deadline.

The ccNSO handles policy for country-code domains and the ASO for IP addresses. Both have previously told ICANN that gTLD policy is none of their business, but Sinha has urged them both to chip in anyway, because “the ICANN Bylaws govern us all”.

Content police? ICANN mulls bylaws change

ICANN could change its bylaws to allow it to police internet content to an extent, it emerged this week with the publication of the Operational Design Assessment for the next stage of the new gTLD program.

Currently, ICANN’s bylaws state that the Org may not “regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide”, and it’s been adamant that it is not the “content police”.

But the community has recommended that future new gTLD applicants should be able to agree to so-called Registry Voluntary Commitments, statements of registry policy that ICANN would be able to enforce via contract.

RVCs would be much like the Public Interest Commitments many registries agree to in the 2012 application round, implemented before ICANN’s current bylaws were in effect.

As an example I’ve used before, Vox Populi Registry has PICs that ban cyberbullying and porn in its .sucks gTLD, and in theory could lose its contract if it breaks that rule by allowing .sucks sites to host porn (like this NSFW one, for example).

ICANN’s board of directors expressed concern two years ago that its bylaws may prevent it from approving the RVC recommendation.

But Org staff have now raised, in writing and on a webinar today, the prospect that the board could change the bylaws to permit RVCs to go ahead. The ODA published on Monday states:

The Board may wish to consider how and whether it can accept the recommendations related to PICs and RVCs. One option may be to amend the Bylaws with a narrowly tailored amendment to ensure that there are no ambiguities around ICANN’s ability to agree to and enforce PICs and RVCs as envisioned

How worrying this could be would depend on the wording, of course, but even the chance of ICANN meddling in content is usually enough to raise eyebrows at the likes of the Electronic Frontier Foundation, not to mention supporters of blockchain alt-roots, many of whom seem to think ICANN is already censoring the internet.

It’s not clear whether the change is something the board is actively considering, or just an idea being floated by staff.

Vox Pop defends its favorite cybersquatter

The .sucks registry, Vox Populi has complained to ICANN about the fact that its biggest customer keeps losing cybersquatting cases.

In its submission to ICANN’s recently closed public comment period on UDRP reform, Vox Pop bemoans the fact that panels keep finding that Honey Salt, a shell company based in a tax haven, isn’t really engaging in non-commercial free speech.

Honey Salt was the registrant of thousands of .sucks domains, all matching famous trademarks, that redirected visitors to a wiki-style gripe site, populated with content scraped from third-parties, at Everything.sucks.

After a long series of lost UDRP cases, Honey Salt started allowing its domains to expire and zone files suggest only a couple hundred or so remain today.

Neither Honey Salt nor Everything.sucks responded to ICANN’s public comment period, which was seeking input on possible changes to UDRP.

But Vox Pop did on their behalf, complaining bitterly that “forum shopping and bias obstruct free speech” and citing mostly Honey Salt’s lost UDRP cases to evidence its arguments:

Despite 4(c)(iii) of the UDRP stating “noncommercial or fair use” is legitimate use of a domain name – numerous UDRP decisions contradict the Policy’s express recognition of fair use and free speech rights in favor of trademark owners. Several recent UDRP decisions have jeopardized free speech rights for all domain name registrants because of the lack of guidance from ICANN and/or a misapplication of free speech rights and/or bias as it relates to criticism sites.

Honey Salt had consistently argued, UDRP decisions show, that Everything.sucks was non-commercial free speech and as such was not cybersquatting under UDRP precedent and WIPO guidance.

But panels repeatedly pointed out that Everything.sucks was in fact commercial.

At first, the site hosted banners linking directly to sales landers for the domains in question — basically asking the brand owners or others to fork out hundreds or thousands of dollars to claim their matching domains.

When panelists got wise to that, the site started instead publishing the transfer authorization codes for the domains in question, so literally anyone could initiate a transfer and take ownership of the name without even asking Honey Salt’s permission — if they were willing to pay the transfer fee.

Everything.sucks and Honey Salt would not have benefited financially from these transfer fees, which often were thousands of dollars, but Vox Pop, and sometimes its registrar sister company Rebel, which sells .sucks names at cost, would.

Everything.sucks has removed the AuthCodes, but in the most-recent .sucks UDRP case Eutelsat v Honey Salt, the panel called the AuthCode scheme “little more than a ruse to generate registration fees in the thousands of dollars range”.

Vox Pop is now complaining to ICANN, I’m guessing with a straight face, that transfer fees are ICANN-mandated and therefore registrants cannot be blamed if registrars charge for transfers:

The panelist, in an unfounded grasp, used the ICANN-mandated transfer fee, charged by the registrar as rationale to find commercial use by the registrant and hence bad faith by the registrant. Other UDRP panels have similarly disingenuously blamed registrants for ICANN-mandated transfer and renewal fees imposed by registrars; panelists argue that the ICANN-mandated transfer is bad faith even though the registrant has no say or participation.

It’s an incredibly ballsy complaint by Vox Pop, given that it is Vox Pop, as the registry, that sets the price for transfers and renewals in .sucks, and that it is Vox Pop, as the Eutelsat panel noted, that has flagged many trademarks as “premium”-tier names that costs thousands of dollars to transfer and renew.

Vox also argues that it is possible for trademark-owners to “forum shop” between the various UDRP providers, in the hope of finding a panel more favorable to intellectual property interests over free speech rights.

It’s certainly not the only ICANN commenter to make this point, but it’s a pretty thin argument in the case of Honey Salt and .sucks.

Vox argues that WIPO repeatedly favors IP rights over free speech rights, and the outcome of Honey Salt’s UDRP cases may indicate why it holds that view.

Of the 20-odd UDRP cases Honey Salt has defended, most were filed with WIPO and all those filed with WIPO resulted in a complainant win. Three were filed with the National Arbitration Forum and three were filed with the Czech Arbitration Court.

The only case Honey Salt won on the merits was Miraplex v Honey Salt, one of the first cases, filed with the Czech Arbitration Court. That panel bought the defense that Everything.sucks was non-commercial free speech.

But one of the panelists in that case later sat on another Czech Arbitration Court case, Cargotec v Honey Salt, which decided in favor of the complaint. The same guy ruling two different ways on almost identical facts does not suggest panelist bias.

While at least one UDRP panel has suggested Honey Salt is just a front for the .sucks registry, Vox Populi has previously denied any connection exists.

Is the .sucks mass-cybersquatting experiment over?

The Everything.sucks experiment is mass-cybersquatting .sucks domains may be over and done with.

Thousands of .sucks domains have been deleted in a huge junk drop, newly created domains at Everything.sucks’ registrar of choice have dried up, and there have been no new UDRP cases filed in months.

Everything.sucks, you may recall, is a wiki-style web site where thousands of famous brands and public figures have pages populated by content scraped from third-party sites discussing, on the rare occasion when the scraping works, how terrible they are.

When the site emerged in 2020, it was a redirect destination for around 2,000 .sucks domains that exactly matched those brands. You typed jackdaniels.sucks into your browser, you wound up at the Jack Daniels page at Everything.sucks.

Various attempts were made at monetizing these names by persuading the brand owners to purchase or transfer them for fees measured in the hundreds, or more usually thousands, of dollars.

The domains were registered to a Turks & Caicos company called Honey Salt and a likely fictitious individual named Pat Honeysalt or Pat Collins. The registrant has fought 21 UDRP cases, most of which it lost, since July 2020.

There hasn’t been a UDRP complaint filed against a .sucks domain since November 2021, and this may be because most of Honey Salt’s domains were only registered for one year and have since expired and dropped.

Registry transaction reports filed with ICANN by .sucks registry Vox Populi show the registrar Rebel.com — Vox’s sister company and Honey Salt’s registrar of choice — deleted 2,179 .sucks domains in September 2021.

That’s very close to the 2,184 one-year adds Rebel recorded in June 2020.

The most likely interpretation of this data, in my view, is that it’s Honey Salt’s first junk drop — the company let the domains go on expiry having failed to sell them to the brand owners and failed to convince UDRP panels that it wasn’t cybersquatting.

At least couple thousand more .sucks domains were registered via Rebel over the year to June 2021, most likely to Honey Salt, but since then the registrar has been selling no more than two or three new .sucks domains per month.

It looks like Honey Salt stopped buying .sucks domains in bulk several months ago.

And zone files show that the total number of active .sucks domains has continued to decline by the thousands since Vox’s last transaction report, from an August 2021 peak of over 13,000, to fewer than 9,000 today.

If these trends continue, it looks like the experiment in mass cybersquatting might be over by the third quarter, when Honey Salt’s last remaining .sucks domains drop.

UDRP panelists and yours truly have speculated that Vox/Rebel and Honey Salt are probably affiliated, because the registry/registrar are the only parties that stood to benefit from Everything.sucks’ monetization techniques, but Vox has denied a connection.

Court denies .sucks trademark bid

Vox Populi Registry has lost its ballsy bid to have its .sucks brand trademarked in the US.

The US Court of Appeals for the Federal Circuit yesterday denied Vox’s latest appeal in its fight with the Patent and Trademark Office, which had rejected two .sucks trademark applications in 2018.

Vox had tried to register the string .sucks itself and also its stylized logo, in which “.SUCKS” appears pixelated. Both were rejected, but the registry appealed on the logo application.

It’s one of a great many trademark attempts by actual and wannabe gTLD registries to be rejected by the USPTO, which usually finds that the marks do not act as “source identifiers”.

The court instead found that people and companies, including registrars, “use .SUCKS to refer to a product being sold to the public rather than as an identifier for Vox’s services”.

In this case, Vox tried to show that it had crossed the line into service mark partly on the basis that its two leading registrars filed declarations swearing it is a distinctive service mark.

Showing that Vox’s chutzpah knows no depths, one of those registrars was its own sister company, Rebel, which is also owned by Momentous. The other was Uniregistrar, years prior to its acquisition by GoDaddy.

But the USPTO wasn’t buying it, and the Federal court agreed with its analysis.

The court also agreed that the stylized .sucks logo was not distinctive enough — too “ordinary” — to allow it to be trademarked.

The case has a layer of irony as .sucks’s biggest customer is a serial cybersquatter that some UDRP panels have speculated is connected to the registry itself.

Read the decision (pdf) here.

.sucks registry probably “connected” to mass cybersquatter, panel rules

Vox Populi, the .sucks registry, is probably affiliated with and financially benefiting from a mass cybersquatter, a panel of domain experts has said.

In the UDRP case of Euromaster v Honey Salt, a three-person panel handed the complainant the domain euromaster.sucks, ruling that it was a case of cybersquatting.

It’s one of 21 .sucks UDRP complaints filed against Honey Salt, a Turks & Caicos company operating under unknown ownership believed to own hundreds or thousands of brand-match .sucks domains.

It’s lost 17 of the 19 so-far decided cases. It also won one case on a technicality and another early case on the merits after mounting a free-speech defense that subsequent panels have not bought.

What’s new about this one is that the WIPO panel — Lawrence Nodine, Douglas Isenberg and Stephanie Hartung — is the first to follow the money and openly infer a connection between Honey Salt and Vox Pop.

The panel said that it “infer[s] that the Respondent [Honey Salt] and Registry [Vox Pop] are connected”, and that Vox is probably trying to make money by charging trademark owners premium fees for their own brands.

Vox Pop has previously denied such a connection, when I first made the same inference last October.

Regular readers will recall that Honey Salt has registered hundreds of .sucks domains and pointed them to a wiki-style web site called Everything.sucks, ostensibly run by a third-party, US-based non-profit.

Rather than containing original “gripe” content, which could easily enable it to win a free-speech UDRP defense, Everything.sucks simply populates its site with poor-quality, context-free content scraped by bots from social media and third-party web sites such as TrustPilot and GlassDoor.

Originally, each page carried a banner linking to a secondary market page at Uniregistry or Sedo where the domains could be purchased, often at cost price.

That quickly disappeared when the first UDRP cases started rolling in, and earlier this year Everything.sucks said on each page that it refused to sell its domains to anyone, instead offering a free transfer.

It even published the pre-authorized transfer codes on each page, meaning literally anyone could seize control of the domain in question without asking permission from or negotiating with Honey Salt in advance.

The problem with that is that transfers are not free. Some domains are flagged as premium — including lots of brand-matches — and have transfer fees in the thousands of dollars. Even the cheapest still carry the base registry fee.

Many registrars steer well clear of this model, disallowing any .sucks transfers.

One registrar that reliably does allow .sucks transfers is Rebel, which is sister company to Vox Pop under the Momentous group of companies. It offers .sucks domains at the registry wholesale fee, which is $200 for an non-premium.

It’s been painfully obvious since the outset that the only parties that stand to make a profit on the Everything.sucks business model are the registry and its affiliated companies — it simply doesn’t make sense that Honey Salt would invest hundreds of thousands of dollars in trademark-infringing domains, simply to hand them over at cost.

But the Euromaster panel is the first to infer the connection, or at least the first to publicly infer the connection.

Euromaster had filed a supplemental document in its complaint pointing out that the “free” transfer of euromaster.sucks would in fact cost a “premium” fee of $2418.79. The registrar quoting that fee is not revealed.

The WIPO panel asked Honey Salt for an explanation and it sounds like it got a bunch of procedural waffle in response.

This led to the following discussion, to which I’ve added some emphasis:

The Panel also finds that Respondent [Honey Salt] has failed to show that it has no financial interest in the Disputed Domain Name. Complainant’s Supplemental submissions demonstrate that Complainant’s chosen registrar quoted a fee of USD 2418.79 to transfer the Disputed Domain Name. Complainant’s report is consistent with M and M Direct Limited v. Pat Honey Salt, Honey Salt Limited, WIPO Case No. D2020-2545, where a different panel conducted an independent investigation and reported that the domain name at issue in that case was not offered “free” as promised, but instead that registrars classified the domain names at issue as “premium” and quoted transfer fees of USD 3,198 and USD 4,270 respectively.

This directly contradicts any claim to be offering a free and noncommercial service, and given that any registration would result in a fee being paid to the Registry by a registrar, leads the Panel to infer that the Respondent [Honey Salt] and Registry [Vox Pop] are connected.

Given the prior decision in M and M Direct, and the evidence that Complainant’s Supplemental submissions, the Panel afforded Respondent an opportunity to submit additional argument and evidence to explain the inconsistency. Respondent made no effort to do so, but instead only opposed consideration of Complainant’s supplemental evidence and repeated its previous contentions. The Panel rejects the objections to Complainant’s Supplemental submission, and emphasizes that Respondent was given an opportunity fully to respond.

The Panel finds that Complainant’s evidence raises substantial questions about the credibility of Respondent’s assertion that it has no financial interest in the Disputed Domain Name and whether Respondent’s offer to transfer the Disputed Domain might, directly or indirectly, financially benefit Respondent. Accordingly, the Panel finds that Respondent has not carried its burden to show that its use is noncommercial

In other words, the panel suspects that Vox Pop is in on Honey Salt’s bulk-cybersquatting game.

The closest any other UDRP panel has come to making this link was in a recent case filed by multiple, unrelated trademark owners, where the panel, while denying the complaint on procedural grounds, suggested that aggrieved trademark owners instead invoke ICANN’s Trademark Post Delegation Dispute Resolution Procedure.

The Trademark PDDRP is a mechanism — so far unused and untested — that allows trademark owners to allege registry complicity in cybersquatting schemes. Think of it like UDRP for cybersquatting registries.

Frankly, I’m amazed it hasn’t been used yet.

Panel hands .sucks squatter a WIN, but encourages action against the registry

A UDRP panel has denied a complaint against .sucks cybersquatter Honey Salt on a technicality, but suggested that aggrieved trademark holders instead sic their lawyers at the .sucks registry itself.

The three-person World Intellectual Property Organization panel threw out a complaint about six domains — covestro.sucks, lundbeck.sucks, rockwool.sucks, rockfon.sucks, grodan.sucks, tedbaker.sucks, tedbaker-london.sucks, and tedbakerlondon.sucks — filed jointly by four separate and unrelated companies.

The domains were part of the same operation, in which Turks & Caicos-based Honey Salt registers trademarks as .sucks domains and points them at Everything.sucks, a wiki-style site filled with content scraped from third-party sites.

Honey Salt has lost over a dozen UDRP cases since Everything.sucks emerged last year.

But the WIPO panel dismissed the latest case without even considering the merits, due to the fact that the four complainants had consolidated their grievances into a single complaint in an apparent attempt at a “class action”.

The decision reads:

although the Complainants may have established that the Respondent has engaged in similar conduct as to the individual Complainants, which has broadly-speaking affected their legal rights in a similar fashion, the Complainants do not appear to have any apparent connection between the Complainants. Rather it appears that a number of what can only realistically be described as separate parties have filed a single claim (in the nature of a purported class-action) against the Respondent, arising from similar conduct. As the Panel sees it, the Policy does not support such class actions

The panel decided that to force the respondent to file a common response to these complaints would be unfair, even if it is on the face of it up to no good.

Making a slippery-slope argument, the panel suggested that to allow class actions might open up the possibility of mass UDRP complaints against, for example, domain parking companies.

So the case was tossed without the merits being formally considered (though the panel certainly seemed sympathetic to the complainants).

But the sting in the tale comes at the end: the panel allowed that the complainants may re-file separate complaints, but also suggested they invoke the Trademark Post Delegation Dispute Resolution Procedure.

That’s interesting because the Trademark PDDRP, an ICANN policy administered by WIPO and others, is a way to complain about the behavior of the registry, not the registrant.

It’s basically UDRP for registries.

The registry for .sucks domains is Vox Populi, part of the Momentous group of companies. It’s denied a connection to Honey Salt, which uses Vox sister company Rebel for its registrations.

According to ICANN: “The Trademark PDDRP generally addresses a Registry Operator’s complicity in trademark infringement on the first or second level of a New gTLD.”

Complainants under the policy much show by “clear and convincing evidence” that the registry operator or its affiliates are either doing the cybersquatting themselves or encouraging others to do so.

There’s no hiding behind shell companies in tax havens — the policy accounts for that.

The trick here would be to prove that Honey Salt is connected to Vox Pop or the Momentous group.

Nothing is known about the ownership of Honey Salt, though Whois records and UDRP decisions identify a person, quite possibly a bogus name, as one “Pat Honeysalt”, who has no digital fingerprint to speak of.

The most compelling piece of evidence linking Honey Salt to Vox is gleaned by following the money.

The current business model is for Everything.sucks to offer Honey Salt’s domains for “free” by publishing transfer authorization codes right there on the squatted domain.

But anyone attempting to claim these names will still have to pay a registrar — such as Rebel — a transfer/registration fee that could be in excess of $2,000, most or all of which flows through to Vox Pop.

If we ignore the mark-up charged by non-Rebel registrars, the only party that appears to be profiting from Honey Salt’s activities appears to be the .sucks registry itself, in other words.

On its web site, Everything.sucks says it’s a non-profit and makes the implausible claim that it’s just a big fan of .sucks domains. Apparently it’s a fan to the extent that it’s prepared to spend millions registering the names and giving them away for free.

An earlier Everything.sucks model saw the domains listed at cost price on secondary market web sites.

The Trademark PDDRP, which appears to be tailor-made for this kind of scenario, has not to my knowledge been used to date. Neither WIPO nor ICANN have ever published any decisions delivered under it.

It costs complainants as much as $30,500 for a three-person panel with WIPO and has a mandatory 30-day period during which the would-be complainant has to attempt to resolve the issue privately with the registry.

The six domains in the UDRP case appear to have all gone into early “pending delete” status since the decision was delivered and do not resolve.

Honey Salt stops responding to .sucks cybersquatting complaints

.sucks cybersquatter Honey Salt has stopped responding to UDRP and URS complaints related to the affiliated Everything.sucks web site.

Three UDRP decisions and one URS decisions resolved since early April have stated that the shadowy Turks & Caicos company defaulted or did not respond to the complaints.

It lost all four cases, all on pretty much the same grounds, losing its domains or having them suspended as a result.

Panelists concluded that while Everything.sucks presents itself as a grassroots free-speech wiki populated by user-generated content, in reality it’s just stuffed with undated, anonymous, context-free comments scraped from third-party web sites and designed to pressure brand owners into buying their .sucks domains.

Honey Salt has been hit with 19 UDPR and URS complaints covering 27 .sucks domains since last September. It’s lost all bar one of those that have been decided, an early UDRP in which the panelist bought its free-speech defense.

With the precedent that Everything.sucks is a cybersquatting enterprise pretty solidly set, it presumably doesn’t make much sense for Honey Salt to pay expensive lawyers to put up a defense any more.

In earlier cases, when Honey Salt was still responding, the company was represented by Orrick, Herrington & Sutcliffe, the US law firm that has also worked for .sucks registry Vox Populi.

Everything.sucks publishes transfer auth codes for thousands of domains in latest .sucks pimpage

Everything.sucks, which is quickly emerging as one of the world’s most prominent organized cybersquatting projects, has a novel new way to sell .sucks domains without, technically, selling them.

The company, which casts itself as a “non-profit organization and communications forum for social activism” has published the transfer authorization codes for what appears to be the thousands of .sucks domains in its portfolio.

This means that anyone can transfer any of the company’s .sucks domains into their own registrar account with just a few clicks and without asking the current registrant — if they can afford the exorbitant transfer fee and don’t mind legal exposure.

You may recall that Everything.sucks is a Wikipedia-style web site that is fed by traffic from thousands of .sucks domains that, as the company freely admits, match the trademarks of famous companies.

Typing poptarts.sucks into your browser address bar will take you to the Everything.sucks wiki pages for Pop-Tarts, which contains content critical of the brand scraped from third-party web sites.

Everything.sucks emerged last year, and in October I reported that hundreds of .sucks domains were pointing there.

At the time, the web site carried banner ads on each brand’s page that took visitors to secondary-market sales pages at Sedo or Uniregistry, where the price was usually the same as the .suck’s registry’s wholesale price of $200.

I thought it was weird that a registrant at the very least flirting with cybersquatting would put up their domains at cost price, but Vox Populi, the registry, denied any involvement with the domains.

The registrant of these names, according to several UDRP decisions that it lost, is a probably fictitious individual named Pat Honeysalt, from a company called Honey Salt Ltd based in either Turks & Caicos or the UK.

Honey Salt has told UDRP panels that it registers the names on behalf of Everything.sucks. Given the volume of registrations, it must have spent many millions of dollars.

In any event, shortly after the UDRP cases started trickling in and not long after DI’s initial coverage, the banner ads on the .sucks pages disappeared.

And now, the auth codes have appeared. It looks like this:

Publishing auth codes right there on its web site appears to be the latest stage in a cat-and-mouse game Everything.sucks is playing with the trademark lawyers pursuing it through the UDRP process.

The boilerplate reads:

We occasionally buy a dot sucks domain and point it at a specific page. We do this to bring awareness to our site and because, well, we love the dot sucks domain. If you ask us if we would sell the domain, our answer is simple. Absolutely not. We will give it to you.

It’s not technically offering to sell these domains any more, right? As far as this nominal non-profit is concerned, it’s giving them away for free to anyone who wants them, including the brand’s owner.

But if you want the names, you’ve still got to pay for the transfer, of course. In the case of poptarts.sucks, it’s $2,399 at the registrar screen-capped below. Another registrar has the same name priced at $2,599.99.

If we’re following the money here, the only beneficiaries that spring to mind are Vox Pop, which gets its fat-margin registry fee, and the hapless registrar, which gets whatever its markup on a .sucks domain transfer is.

I tried these auth codes at six leading registrars and found that four of their shopping carts informed me point-blank that they do not support .sucks transfers at all.

.sucks mystery deepens. Who the hell is Pat Honeysalt?

Another two .sucks domain names registered by the gTLD’s most prolific registrant have been found to be cases of cybersquatting, but now the squatter’s true identity is becoming more opaque.

In two recently decided UDRP cases before WIPO, registrant Honey Salt Ltd was found to have cybersquatted by registering and offering for sale bfgoodrich.sucks, uniroyal.sucks and tetrapak.sucks.

While earlier cases filed with the Czech Arbitration Forum had identified Honey Salt as a Turks & Caicos company, the latest few WIPO cases say it is a UK-based company.

However, searches at UK Companies House do not reveal any company matching that name.

The latest WIPO cases also identify an individual allegedly behind said company as a respondent, one “Pat Honeysalt”.

That’s either a pseudonym, or we’ve found one of those people who have somehow managed to keep their name out of Google’s index despite being well-funded and tech-savvy.

Honey Salt is believed to be the registrant of thousands of .sucks domains, all matching the trademarks of big companies, which all point to Everything.sucks, a wiki-style web site comprising scraped third-party criticism targeting the brands in question.

Its defense in its UDRP cases to date has been that it is providing non-commercial free speech criticism, and that the inclusion of “.sucks” in the domain means users could not possibly believe the site is officially sanctioned by the brand.

All but one UDPR panel has so far not believed this defense, with panelists pointing out that the domains in question are usually listed for sale on the secondary market (sometimes at cost, sometimes at an inflated price).

They further point out that the criticism displayed on the Everything.sucks site was written by third parties, often prior to the registration of the domain in question, so Honey Salt cannot claim to be exercising its own free-speech rights.

Honey Salt is represented in its UDRP cases by the very large US-based law firm Orrick, Herrington & Sutcliffe, which also represents .sucks registry Vox Populi.