ICANN has accused OpenTLD, the registrar arm of Freenom, of cybersquatting famous brands even after it was threatened with suspension.
The claims may be worrying for some registrars as ICANN may in fact be holding the registrar responsible for the actions of its proxy service customers.
OpenTLD was suspended by ICANN in early July, after two UDRP rulings found the company had cybersquatted rival registrars’ brands in order to poach customers.
The suspension was lifted after just a few hours when OpenTLD took ICANN to arbitration under the terms of its Registrar Accreditation Agreement.
In ICANN’s latest arbitration filing, the organization’s lawyers argue that the suspension should not be stayed, because OpenTLD has been shown to engage in a pattern of cybersquatting.
Like the original suspension notice, the filing cites the two UDRP losses, along with footnotes indicating that as many as seven competing brands had been cybersquatted.
But ICANN has now also escalated its allegations to bring in non-registrar brands where it’s far from clear that OpenTLD is the actual registrant.
ICANN’s filing states:
even a brief review of the domain names in OpenTLD’s portfolio demonstrates that OpenTLD appears to be continuing to engage in bad faith and abusive registration practices. As of 3 August 2015, there were at least 73 gTLD domains registered to Stichting OpenTLD WHOIS Proxy (which is OpenTLD’s proxy service) that are identical to or contain the registered trademarks or trade names of third parties, including, by way of small example, the domain names barnesandnoble.link, sephora.bargains, at-facebook.com, ebaybh.com, googlefreeporn.com, global-paypal.com, hotmailtechnicalsupport.com, and secure-apple.com. ICANN is not aware of any legitimate interest or right that OpenTLD has to use these third-party trademarks and trade names.
Even more concerning is the fact that at least 14 gTLD domain names that contain the registered trademarks or trade names of third parties were registered by OpenTLD’s proxy service after the 23 June 2015 Suspension Notice was issued to OpenTLD, further demonstrating that OpenTLD’s overtures of “cooperation” ring hollow.
To be clear, that’s ICANN accusing OpenTLD of cybersquatting because some of the domains registered via its privacy service appear to be trademark infringements.
It’s basically equating infringing use of OpenTLD’s proxy service (such the registration of barnesandnoble.link) with the infringing behavior of OpenTLD itself (such as the registration of godaddy.cf, a February 2015 screenshot of which can be seen below.)
This may just be legal posturing, but I imagine many other registrars would be worried to know that they could have their accreditation suspended for cybersquatting simply because some of their privacy customers are cybersquatters.
I’d wager that every proxy/privacy service available has been used by blatant cybersquatters at one time or another.
Filings in the arbitration case can be found here.
Go Daddy appears to be putting its money where its mouth is when it comes to arguments about domain privacy.
The company is paying for “sponsored” posts on Facebook that promote the ongoing petition against proposed changes to Whois policy at ICANN.
This has been appearing on Facebook for me all day, seriously interrupting my Farmville time:
Clicking the ad takes you directly to the Save Domain Privacy petition, rather than a Go Daddy sales pitch.
As I reported last week, thousands of internet users have blasted ICANN with template comments complaining about proposed limits on Whois privacy.
There are currently over 10,000 such comments, I estimate, with over a week left until the filing deadline.
Registrars, Go Daddy among them, are largely concerned about a minority proposal emerging from in a proxy/privacy service accreditation working group that would ban transactional e-commerce sites from having private registrations.
They’re also bothered that intellectual property owners could get more rights to unmask privacy users under the proposals.
Despite Go Daddy’s outreach, Repect Our Privacy, letter-writing campaign, backed by NameCheap and the Electronic Frontier Foundation, seems to be responsible for most of the comments filed to date.
Not that it’s necessarily relevant today, but NameCheap and Go Daddy were on opposing sides of the Stop Online Piracy Act debate — a linked controversy — a few years back.
Freenom, the company behind .tk and other freebie ccTLDs, has had its ICANN registrar accreditation suspended for cybersquatting competing registrars including Go Daddy and Key-Systems.
OpenTLD, its registrar business, has been told it cannot accept new registrations or inbound transfers from July 8 to October 6 or until it provides ICANN with a full list of the names it squatted.
I believe it’s the first time ICANN has suspended a registrar for this reason.
The suspension notice states:
ICANN has found that OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest
That’s a long-winded way of saying “massive cybersquatting”.
ICANN is basing its claims on two UDRP cases that Freenom and its CEO, Joost Zuurbier, lost.
According to WIPO panelists in Key-Systems GmbH v. Joost Zuurbier, OpenTLD B.V. and NetEarth Group, Inc. v. Stichting OpenTLD WHOIS Proxy, the company squatted at least seven of its rivals’ trademarks.
The domains were netearthone.biz, rrpproxy.me, key-systems.cc, resellerclub.tk, resellbiz.biz, godaddy.cf and resello.ws.
According to the UDRP decisions, Freenom used the domains to try to entice resellers of the other registrars over to OpenTLD.
It bought the competing registrars’ trademarks as search keywords on Google’s advertising platform, a WIPO panelist found. If you searched Google for Key-Systems trademark “RRPproxy”, for example, you’d get an ad linking to rrpproxy.me.
In some cases the names were registered behind Freenom’s in-house privacy service. In others, Zuurbier and OpenTLD were listed plainly as the registrants.
The WIPO panelists also found that Freenon shirked its duties under the UDRP as registrar, deleting the squatted domains rather than locking them, which essentially amounted to “cyberflight”.
It all looks pretty bad for Freenom, which only gained its accreditation two years ago.
To avoid termination, it has to provide ICANN with a list of all of its trademark infringing names, agree to transfer them to the mark owners or delete them, and bunch of other stuff.
Go Daddy has acquired about 200,000 domain names from Marchex for $28.1 million.
The sale comes as Marchex seeks to extricate itself from the domain name business in order to focus on mobile advertising analytics.
It works out at about $140 per domain.
Go Daddy said that it will make the domains available via its multi-registrar Afternic platform, which should massively increase their visibility among potential buyers.
The deal was a “unique opportunity” that doesn’t represent a change in direction for the registrar.
Domain Name Wire has an interview with company senior VP Mark McLaughlin over here which explains Go Daddy’s plans in a bit more detail.
Marchex said that it has also sold $6.7 million worth of domains from the portfolio separately since January.
Go Daddy has rushed out a fix to a security bug in its web site that could have allowed attackers to steal valuable domain names.
Security engineer Dylan Saccomanni found several “cross site request forgery” holes January 17, which he said could be used to “edit nameservers, change auto-renew settings and edit the zone file entirely”.
He reported it to Go Daddy (evidently with some difficulty) and blogged it up, with attack code samples, January 18. Go Daddy reportedly patched its site the following day.
A CSRF vulnerability is where a web site fails to adequately validate data submitted via HTTP POST. Basically, in this case Go Daddy apparently wasn’t checking whether commands to edit name servers, for example, were being submitted via the correct web site.
Mitigating the risk substantially, attackers would have to trick the would-be victim domain owner into filling out a web form on a different site, while they were simultaneously logged into their Go Daddy accounts, in order to exploit the vulnerability, however.
In my experience, Go Daddy times out logged-in sessions after a period, reducing the potential attack window.
Being phishing-aware would also reduce your chance of being a victim.
I’m not aware of any reports of domains being lost to this attack.