Panel hands .sucks squatter a WIN, but encourages action against the registry
A UDRP panel has denied a complaint against .sucks cybersquatter Honey Salt on a technicality, but suggested that aggrieved trademark holders instead sic their lawyers at the .sucks registry itself.
The three-person World Intellectual Property Organization panel threw out a complaint about six domains — covestro.sucks, lundbeck.sucks, rockwool.sucks, rockfon.sucks, grodan.sucks, tedbaker.sucks, tedbaker-london.sucks, and tedbakerlondon.sucks — filed jointly by four separate and unrelated companies.
The domains were part of the same operation, in which Turks & Caicos-based Honey Salt registers trademarks as .sucks domains and points them at Everything.sucks, a wiki-style site filled with content scraped from third-party sites.
Honey Salt has lost over a dozen UDRP cases since Everything.sucks emerged last year.
But the WIPO panel dismissed the latest case without even considering the merits, due to the fact that the four complainants had consolidated their grievances into a single complaint in an apparent attempt at a “class action”.
The decision reads:
although the Complainants may have established that the Respondent has engaged in similar conduct as to the individual Complainants, which has broadly-speaking affected their legal rights in a similar fashion, the Complainants do not appear to have any apparent connection between the Complainants. Rather it appears that a number of what can only realistically be described as separate parties have filed a single claim (in the nature of a purported class-action) against the Respondent, arising from similar conduct. As the Panel sees it, the Policy does not support such class actions
The panel decided that to force the respondent to file a common response to these complaints would be unfair, even if it is on the face of it up to no good.
Making a slippery-slope argument, the panel suggested that to allow class actions might open up the possibility of mass UDRP complaints against, for example, domain parking companies.
So the case was tossed without the merits being formally considered (though the panel certainly seemed sympathetic to the complainants).
But the sting in the tale comes at the end: the panel allowed that the complainants may re-file separate complaints, but also suggested they invoke the Trademark Post Delegation Dispute Resolution Procedure.
That’s interesting because the Trademark PDDRP, an ICANN policy administered by WIPO and others, is a way to complain about the behavior of the registry, not the registrant.
It’s basically UDRP for registries.
The registry for .sucks domains is Vox Populi, part of the Momentous group of companies. It’s denied a connection to Honey Salt, which uses Vox sister company Rebel for its registrations.
According to ICANN: “The Trademark PDDRP generally addresses a Registry Operator’s complicity in trademark infringement on the first or second level of a New gTLD.”
Complainants under the policy much show by “clear and convincing evidence” that the registry operator or its affiliates are either doing the cybersquatting themselves or encouraging others to do so.
There’s no hiding behind shell companies in tax havens — the policy accounts for that.
The trick here would be to prove that Honey Salt is connected to Vox Pop or the Momentous group.
Nothing is known about the ownership of Honey Salt, though Whois records and UDRP decisions identify a person, quite possibly a bogus name, as one “Pat Honeysalt”, who has no digital fingerprint to speak of.
The most compelling piece of evidence linking Honey Salt to Vox is gleaned by following the money.
The current business model is for Everything.sucks to offer Honey Salt’s domains for “free” by publishing transfer authorization codes right there on the squatted domain.
But anyone attempting to claim these names will still have to pay a registrar — such as Rebel — a transfer/registration fee that could be in excess of $2,000, most or all of which flows through to Vox Pop.
If we ignore the mark-up charged by non-Rebel registrars, the only party that appears to be profiting from Honey Salt’s activities appears to be the .sucks registry itself, in other words.
On its web site, Everything.sucks says it’s a non-profit and makes the implausible claim that it’s just a big fan of .sucks domains. Apparently it’s a fan to the extent that it’s prepared to spend millions registering the names and giving them away for free.
An earlier Everything.sucks model saw the domains listed at cost price on secondary market web sites.
The Trademark PDDRP, which appears to be tailor-made for this kind of scenario, has not to my knowledge been used to date. Neither WIPO nor ICANN have ever published any decisions delivered under it.
It costs complainants as much as $30,500 for a three-person panel with WIPO and has a mandatory 30-day period during which the would-be complainant has to attempt to resolve the issue privately with the registry.
The six domains in the UDRP case appear to have all gone into early “pending delete” status since the decision was delivered and do not resolve.
Honey Salt stops responding to .sucks cybersquatting complaints
.sucks cybersquatter Honey Salt has stopped responding to UDRP and URS complaints related to the affiliated Everything.sucks web site.
Three UDRP decisions and one URS decisions resolved since early April have stated that the shadowy Turks & Caicos company defaulted or did not respond to the complaints.
It lost all four cases, all on pretty much the same grounds, losing its domains or having them suspended as a result.
Panelists concluded that while Everything.sucks presents itself as a grassroots free-speech wiki populated by user-generated content, in reality it’s just stuffed with undated, anonymous, context-free comments scraped from third-party web sites and designed to pressure brand owners into buying their .sucks domains.
Honey Salt has been hit with 19 UDPR and URS complaints covering 27 .sucks domains since last September. It’s lost all bar one of those that have been decided, an early UDRP in which the panelist bought its free-speech defense.
With the precedent that Everything.sucks is a cybersquatting enterprise pretty solidly set, it presumably doesn’t make much sense for Honey Salt to pay expensive lawyers to put up a defense any more.
In earlier cases, when Honey Salt was still responding, the company was represented by Orrick, Herrington & Sutcliffe, the US law firm that has also worked for .sucks registry Vox Populi.
Now celebrities and politicians can block their porn names
Celebrities and holders of unregistered trademarks are now able to buy porn domain blocks from MMX.
The company’s subsidiary, ICM Registry, has broadened its eligibility criteria in order to shift more units of the product, upon which it is banking much of its growth hopes.
Previously, to get an AdultBlock subscription you either had to have previously blocked your brand using ICM’s Sunrise B scheme, which ran in 2011, or to have a trademark registered in the Trademark Clearinghouse.
Now, you don’t need to be in the TMCH, and your trademark does not even need to be legally registered.
Celebrities and politicians are explicitly covered. They have to provide evidence to prove their fame, such as IMDB profiles or movie posters. Politicians need to provide links or documentation proving their political activities or government roles.
AdultBlock prevents brands being registered in MMX’s .porn, .adult, .xxx and .sex gTLDs, as an alternative to defensive registrations. The AdultBlock+ service also blocks homographs.
When .xxx launched a decade ago, thousands of celebrity names, largely harvested from Wikipedia, were blocked by default and free of charge.
ICM even blocked the names of 2011-era ICANN executives and directors. Then-CEO Rod Beckstrom benefited from a block on rodbeckstrom.xxx that survives to this day. Current CEO Göran Marby does not appear to have afforded the same privilege.
My name is also blocked, because it’s a match with goodness knows how many famous people called Kevin Murphy.
Despite the obviously sensitive nature of the TLDs for many brands, there’s been very little cybersquatting in .xxx in the near-decade since its launch. There have been a few dozen UDRP complaints, and most of those were filed in 2012.
MMX, amid poor renewals for its less porny gTLDs, has placed a lot of focus on AdultBlock renewals for its short-term growth.
The company is in the process of having its assets acquired by GoDaddy for $120 million, with the deal expected to close in August, subject to various approvals.
Everything.sucks publishes transfer auth codes for thousands of domains in latest .sucks pimpage
Everything.sucks, which is quickly emerging as one of the world’s most prominent organized cybersquatting projects, has a novel new way to sell .sucks domains without, technically, selling them.
The company, which casts itself as a “non-profit organization and communications forum for social activism” has published the transfer authorization codes for what appears to be the thousands of .sucks domains in its portfolio.
This means that anyone can transfer any of the company’s .sucks domains into their own registrar account with just a few clicks and without asking the current registrant — if they can afford the exorbitant transfer fee and don’t mind legal exposure.
You may recall that Everything.sucks is a Wikipedia-style web site that is fed by traffic from thousands of .sucks domains that, as the company freely admits, match the trademarks of famous companies.
Typing poptarts.sucks into your browser address bar will take you to the Everything.sucks wiki pages for Pop-Tarts, which contains content critical of the brand scraped from third-party web sites.
Everything.sucks emerged last year, and in October I reported that hundreds of .sucks domains were pointing there.
At the time, the web site carried banner ads on each brand’s page that took visitors to secondary-market sales pages at Sedo or Uniregistry, where the price was usually the same as the .suck’s registry’s wholesale price of $200.
I thought it was weird that a registrant at the very least flirting with cybersquatting would put up their domains at cost price, but Vox Populi, the registry, denied any involvement with the domains.
The registrant of these names, according to several UDRP decisions that it lost, is a probably fictitious individual named Pat Honeysalt, from a company called Honey Salt Ltd based in either Turks & Caicos or the UK.
Honey Salt has told UDRP panels that it registers the names on behalf of Everything.sucks. Given the volume of registrations, it must have spent many millions of dollars.
In any event, shortly after the UDRP cases started trickling in and not long after DI’s initial coverage, the banner ads on the .sucks pages disappeared.
And now, the auth codes have appeared. It looks like this:
Publishing auth codes right there on its web site appears to be the latest stage in a cat-and-mouse game Everything.sucks is playing with the trademark lawyers pursuing it through the UDRP process.
The boilerplate reads:
We occasionally buy a dot sucks domain and point it at a specific page. We do this to bring awareness to our site and because, well, we love the dot sucks domain. If you ask us if we would sell the domain, our answer is simple. Absolutely not. We will give it to you.
It’s not technically offering to sell these domains any more, right? As far as this nominal non-profit is concerned, it’s giving them away for free to anyone who wants them, including the brand’s owner.
But if you want the names, you’ve still got to pay for the transfer, of course. In the case of poptarts.sucks, it’s $2,399 at the registrar screen-capped below. Another registrar has the same name priced at $2,599.99.
If we’re following the money here, the only beneficiaries that spring to mind are Vox Pop, which gets its fat-margin registry fee, and the hapless registrar, which gets whatever its markup on a .sucks domain transfer is.
I tried these auth codes at six leading registrars and found that four of their shopping carts informed me point-blank that they do not support .sucks transfers at all.
Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit
Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.
The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.
While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.
Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.
But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.
While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.
Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.
It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.
Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.
One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.
The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.
Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.
Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.
Here’s the complaint (pdf).
.sucks mystery deepens. Who the hell is Pat Honeysalt?
Another two .sucks domain names registered by the gTLD’s most prolific registrant have been found to be cases of cybersquatting, but now the squatter’s true identity is becoming more opaque.
In two recently decided UDRP cases before WIPO, registrant Honey Salt Ltd was found to have cybersquatted by registering and offering for sale bfgoodrich.sucks, uniroyal.sucks and tetrapak.sucks.
While earlier cases filed with the Czech Arbitration Forum had identified Honey Salt as a Turks & Caicos company, the latest few WIPO cases say it is a UK-based company.
However, searches at UK Companies House do not reveal any company matching that name.
The latest WIPO cases also identify an individual allegedly behind said company as a respondent, one “Pat Honeysalt”.
That’s either a pseudonym, or we’ve found one of those people who have somehow managed to keep their name out of Google’s index despite being well-funded and tech-savvy.
Honey Salt is believed to be the registrant of thousands of .sucks domains, all matching the trademarks of big companies, which all point to Everything.sucks, a wiki-style web site comprising scraped third-party criticism targeting the brands in question.
Its defense in its UDRP cases to date has been that it is providing non-commercial free speech criticism, and that the inclusion of “.sucks” in the domain means users could not possibly believe the site is officially sanctioned by the brand.
All but one UDPR panel has so far not believed this defense, with panelists pointing out that the domains in question are usually listed for sale on the secondary market (sometimes at cost, sometimes at an inflated price).
They further point out that the criticism displayed on the Everything.sucks site was written by third parties, often prior to the registration of the domain in question, so Honey Salt cannot claim to be exercising its own free-speech rights.
Honey Salt is represented in its UDRP cases by the very large US-based law firm Orrick, Herrington & Sutcliffe, which also represents .sucks registry Vox Populi.
Everything.sucks, in losing UDRPs, puts the lie to the .sucks business model
The World Intellectual Property Organization has delivered its first UDRP decision concerning a .sucks domain name, ruling that the name sanofi.sucks is in fact cybersquatting.
The three-person panel ruled that the domain was identical or confusingly similar to a trademark owned by Sanofi, a French pharmaceuticals manufacturer involved in producing vaccines for the COVID-19 virus.
That was despite the fact that the registrant, affiliated with the Everything.sucks project, argued that nobody would think a domain name ending in “.sucks” would be affiliated with the trademark owner.
That argument flies in the face of official .sucks registry marketing from Vox Populi Registry, which positions .sucks as a place for brand owners to consolidate and manage customer criticism, feedback and support.
The sanofi.sucks case is one of two UDRP losses in the last few weeks for Honey Salt, a Turks and Caicos-based company that is believed to account for over a third of all .sucks registrations.
Honey Salt has registered thousands of brand names in .sucks, linking them to a wiki site operated by Everything.sucks Inc that contains criticism of the brands concerned copied from third-party web sites such as TrustPilot and GlassDoor.
There’s evidence that Everthing.sucks and Honey Salt are affiliated or share common ownership with Vox Pop, but the registry has denied this.
In the Sanofi case, Honey Salt mounted a free speech defense, saying it was providing a platform for legitimate criticism of the company and that Sanofi was using the UDRP to silence such criticism.
Sanofi claimed that the domain had in fact been registered for commercial purposes and to unfairly suggest an official connection to the company.
But what’s interesting is how Honey Salt argues that the domain itself, regardless of the associated web site’s content, is not confusingly similar to the Sanofi mark. The WIPO panelsts wrote, with my added emphasis:
The Respondent maintains that the disputed domain name is not identical or confusingly similar to a trademark in which the Complainant has rights. According to it, the “.sucks” gTLD is not like other generic TLDs, and its pejorative nature renders the disputed domain name as a whole nonidentical and prevents confusion, and the inclusion of “.sucks” in the disputed domain name makes clear that the associated website is not affiliated with the Complainant, but instead contains criticism of it and of its business.
In other words, if you visit a .sucks domain, you automatically will assume that the site is not associated with the brand owner.
Honey Salt seems to have made an identical argument in the UDRP case of cargotec.sucks, which it also lost at the Czech Arbitration Forum last month. The panelists in that decision summarized the company’s defense like this:
The TLD at issue here, however, .sucks, is not like other generic top level domains. Its pejorative nature renders the domain name as a whole nonidentical and prevents confusion… The inclusion of “.sucks” makes abundantly clear that the website is not affiliated with Complainant and instead contain criticism of its business.
Again, this is completely contrary to the stated goal of the .sucks registry.
Vox Pop has from the outset claimed that .sucks domains are a way for brands to aggregate customer feedback and criticism in one place, using a .sucks domain controlled by the brands themselves.
That purpose goes all the way back to its 2012 ICANN new gTLD application and continues to this day on its official web site and Twitter feed, which is primarily used to goad companies undergoing media controversies into registering and using their .sucks exact-match.
Hey, @WWE, everyone gets criticized, but not everyone has the stones to own it. You? I mean, you likely already control https://t.co/qHuEXjfVn5, why not use it? What do you think, @bleedingcool? https://t.co/Yv6b9OEaFp
— DotSucks (@dotsucks) January 24, 2021
Back in 2015, Vox Pop CEO John Berard told us:
A company would be smart to register its name because of the value that consumer criticism has in improving customer loyalty, delivering good customer service, understanding new product and service possibilities… They’re spending a lot more on marketing and customer service and research. This domain can another plank in that platform
Vox Pop even owns and uses voxpopuli.sucks and dotsucks.sucks, where it hosts a little-used forum welcoming criticism from people who say the company sucks.
But Honey Salt, its largest registrant by a significant margin, is now on-record stating that .sucks domains only imply ownership by third parties and could not possibly be confused with brand-owner ownership.
If the Many Worlds interpretation of quantum mechanics is correct, there exists a corner of the multiverse in which Honey Salt and Everything.sucks are just fronts for the entities that also control Vox Pop and its top registrar, Rebel.com. In that universe, it would be trippy indeed for the registry’s own affiliates to admit its entire stated business model is bullshit.
In our universe, that particular cat, which very probably has a goatee, is still firmly in the box, however.
Speculative forays into science fiction aside, Honey Salt’s record on UDRP is now three losses versus one win. It has six more cases pending at WIPO
Facebook lawsuit brings one country’s domain to a screeching halt
Bangladesh’s ccTLD registry has reportedly frozen all registrations and transfers after a cybersquatting lawsuit filed by Facebook.
According to local reports a couple weeks back, Bangladesh Telecommunications Company Ltd has implemented Draconian pre-registration roadblocks to registration, such that only exact-match domain names are available to individuals and organizations.
And Western corporate registrar CSC said today that BTCL has “implemented a temporary suspension to registration and transfer orders due to an ongoing legal matter” and is “diligently working to draft new regulations and procedures for registration orders.”
Registrants can still manage their Whois and DNS settings as normal, CSC said.
Facebook sued the registrant of the domain facebook.com.bd last November, asking for the domain to be cancelled and for $50,000 in damages, dragging BTCL into the case.
According to reports, the domain had been registered in 2008 when the registry used a largely paper-based system, but Facebook only resorted to the courts last year when the registrant listed it for sale for $6 million.
It’s a textbook case of cybersquatting, but .bd evidently does not have the mechanisms — such as UDRP — to handle such malfeasance outside of the courts.
While a Dhaka court reportedly issued an injunction against the domain in question, it’s still resolving and still listed for sale at $6 million.
Security firm sues Facebook to overturn UDRP loss of “good faith” typo domains
Security company Proofpoint has sued Facebook in order to keep hold of several typo domains that are deliberately intended to look like its Facebook and Instagram brands.
Proofpoint wants an Arizona court to declare that facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net and instagrarn.org are not cases of cybersquatting because they were not registered in bad faith.
Proofpoint — a $7 billion company that certainly does not phish — uses the domains in anti-phishing employee training services, as it describes in its complaint:
Proofpoint uses intentionally domain names that look like typo-squatted versions of recognizable domain names, such as
, and the other Domain Names at issue in these proceedings. By using domain names similar to those of well-known companies, Proofpoint is able to execute a more effective training program because the workforce is more likely to learn to distinguish typo-squatted domains, which are commonly abused by bad actors to trick workers, from legitimate domain names.
Employees who click the bogus links are taken to harmless web pages describing how they were duped.
The court case comes shortly after Facebook prevailed in a UDRP case filed with WIPO.
In that case, the panelist decided that Proofpoint had no legitimate interest in the domains because they led to web sites that linked to Proofpoint’s web site, where commercial services are offered.
He therefore found that the names had been registered in bad faith, because visitors could assume that Facebook or Instagram in some way endorsed these services.
Proofpoint wants the court to reverse that decision and allow it to keep the names. Here’s the complaint (pdf).
It strikes me as at the very least bad form for Facebook to go after these domains, given that Proofpoint is tackling the Facebook phishing problem at source — user idiocy — rather than the reactive, interminable UDRP whack-a-mole Facebook seems to be engaging in.
WIPO handles 50,000th UDRP case as coronavirus drives complaints
The World Intellectual Property Organization handled its 50,000th UDPR case on November 20, the organization has announced.
It’s taken WIPO, which designed the policy and was the first to administer it back in 1999, over two decades to reach this milestone.
WIPO said that the 50,000 cases cover almost 91,000 domains, with complaints and respondents from over 180 countries.
The organization believes the coronavirus pandemic this year has driven growth, with an 11% increase in cases recorded between January and October. There were 3,405 cases over this period.
Erik Wilbers, director of the WIPO Arbitration and Mediation Center, said in a press release:
With a greater number of people spending more time online during the pandemic, cybersquatters are finding an increasingly target-rich environment. Rights owners, meantime, are stepping up their brand enforcement on the Internet as they further shift to marketing and selling online.
Recent Comments