I'm the one running itch.io, so here's some more context for you:
From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.
Hope you have money to fight them. I stuck to my guns on a wrongful one like this and while Digitalocean and Cloudflare both had my backs (surprisingly before I even asked, both of them got a lot of good will on that - they informed me they already checked and it was spurious!). Google didn't have my back though and immediately caved when they upgraded their sham copyright infringement claim to money laundering and fraud based on nothing - a fully static website with no backend calls. Good luck! I still have the sites exactly as they were just to spite them and will keep running them at a loss until I'm dead. Copyright infringement my ass. This abuse has got to stop sometime.
This issue aside, thanks for doing what you do. I was kind of expecting Itch to get sold to some holdings or casino company at some point, as good things tend to go, but I've been happily surprised to see it mature independently throughout the years.
I run a domain registrar. "serverHold" is not a status that iwantmyname could've set. If they had suspended the domain it'd have "clientHold" set. Server Hold means the registry (i.e. .io directly) has suspended the domain. Your best bet would be to contact the Internet Computer Bureau Ltd who run .io at admin@icb.co.uk, or the registry technical support provider Identity Digital at techsupport@identity.digital.
Interesting, this morning I got a response from a staff member of the parent company that owns iwantmyname saying they didn't get my response with regards to the abuse notification they sent and that's why they took the domain down.
I've heard a ton of stories about .io, IMO, they play fast and loose in a space where that isn't okay, and they get away with it mostly because they are a ccTLD.
The last time someone I knew had an issue, they had to get a senator to make waves to get anything resolved.
iwantmyname was bought out by a conglomerate, “Team Internet[1]”, a few years ago.
Prices went up, service went down. I’d recommend moving your domains when you can (Porkbun have been good, though I haven’t had any incidents like this).
I really wish BrandShield didn't use AI as a marketing term. It just looks like it's doing a generic ctrl-F on webpages?
Then things like this happen, and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place, and the real issue was that they sent a "fraud/phishing report" rather than a "trademark infringement" report.
Then I also wish that people who knew better, that this really has nothing to do with AI (like, this is obviously not autonomously making decisions any more than a regular program is), to stop blindly parroting and blaming it as a way to get more clicks, support and rage.
I find that businesses that bill themselves as ${TOOL}-users instead of ${PROBLEM}-solvers are, as a general rule, problematic. I couldn't possibly care any less whether a product is built on AI or a clever switch statement or a bazillion little gnomes doing the work by hand. I care that it solves a problem.
AI does need to die. Not so much because LLMs are bad, but rather because, like "big data" and "blockchain" and many other buzzwordy tools before it, it is a solution looking for a problem.
> and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place
That haphazard branding and parroting is exactly why the bubble needs to burst. Bubbles bursting take out the gritters and rarely actually kills off all the innovation in the scene (it kills a lot, though. I'm not trying to dismiss that).
It's possible they were using LLMs (or even just traditional ML algorithms) to choose if a certain webpage was fraud/phishing instead of mere trademark infringement, though. In this case it makes sense that one would be angry that a sapient being didn't first check if the report was accurate before sending it off.
When AI is being used as a cover for the bad/questionable behavior the company was already doing then there is no bubble to burst. The performance of the "AI" doesn't matter, only that it throws up a smoke shield in front of the company when people call to complain about the abuse.
I fear that ship has already sailed. I think the grifters and scammers have already abused the term enough that even decent uses of it are now tainted. I know that the two aren't strictly the same, but I would suggest using "Machine Learning" instead, which I think has more respectable connotations.
I mean, whether this has anything to do with AI or not (I’d buy that they’re using LLMs to write abuse letters or similar) it fits very nicely into the general pattern of AI breaking the internet through an endless deluge of worthless misleading spam. So, perhaps call it honorary AI?
I noticed that iwantmyname has very little presence on social media: no bluesky account and a twitter account that posts once or twice a year. That wouldn't necessarily be a problem if they responded to emergencies like this promptly, but they clearly don't so it is.
I also wonder if their "automatically disable" policy takes size/importance of site into account. Is this how they would treat all their domain owners, regardless of significance?
Brandshield is bad for overreacting, and iwantmyname is very bad for hosting such a crucial infrastructure, and having not responded to a paying customer with a good track record. I honestly don't think time of day matters, as long as the nature of the service is that it's provided and used 24/7, support staff should also be there 24/7.
> Because of this, I honestly think they're the malicious actor in all of this.
While I agree, the people who hired them are equally culpable. You don't get to wash your hands of the mess just because someone else is doing your dirty work.
I'm in the outraged crowd and there should be pretty serious consequences, but it is important in the interest of justice to differentiate between fraud, negligence, and gross incompetence.
It does but there's no actual way to get legal recourse for false DMCA notices or anything similar. The legal system is stacked for the abusers to have their way and the victims to have no recourse, regardless of how egregious the abuse is.
I've had the same thing happening; I run a simple forum, and some years ago people were discussing a manga, posting images of fan translated pages.
My hosting party (Hetzner) forwarded the emails and / or put it in their own system, I removed the offending images / page, replied to the email, and done, right? Wrong, the email said I had to fill in a statement through some online form somewhere; I did that too late and got more and more threatening emails like "pack your shit we're evicting you in 24 hours". Nobody seemed to actually read my replies / explanation, probably because this is so routine for them.
And I get it, nobody can be arsed to read longwinded explanations and the like for routine operations. I hope AI assisted tooling will help the overworked support employees with making decisions in favor of giving people the benefit of the doubt and the help they need; for them it's routine, but for me it was the first time I got anything like that.
It's surprising that this happened at all. Isn't it in most business's best interests to be aware of their most high-profile customers? If this was an automatic process, it's pretty disappointing that it even occurred. If I was running a SaaS, I'd probably want to mark my important accounts so an actual human has to investigate any raised alerts instead of being dealt with by a cron.
Something being in a business's best interests is very far from a guarantee that it'll happen.
I've worked on a team in a household-name big tech company where our mission was almost exactly "make sure we're not blowing up our most important customers for no reason". It's not nearly as easy as it sounds: defining who's important is hard, and defining what should and shouldn't be allowed is hard, and then implementing that all correctly and avoiding drift over time is tricky too.
Domain names themselves are a loss leader for registrars. They make money by upselling customers on hosting, email, certificates, analytics etc. So if you are just paying a couple dollars a year for a domain name and nothing else, your profile doesn't really matter. You are in the lowest tier of customers.
Lemme use this opportunity for having your attention to suggest some form of collaboration or even a merger with the Godot game engine:
• itch.io users could launch the Godot Web Editor to quickly make prototypes or simple games right on itch
• Publish from the native Godot editor directly to itch.io
• Godot adopts itch.io as the official asset store for art packs etc.
• Introduce social features for devs and artists to collaborate with each other:
• A publisher could choose to add a “Fork” or similar button on their itch.io game page that downloads and opens the project source in Godot. • All "forks" published that way would include a link to the original game's page, and so on.
I think Godot+itch could/should become the Github of Games :)
Did this account violate your ToS or the actual law? While I totally understand where are you coming from and I would probably be forced to do the same, I still tend to believe that closing a fan account is exactly the same thing that your registrar did to you.
It's not optimal, but he must choose between every published game there and one fanpage.
Besides that, there are so many websites with copyright content that never changes the domains, is just the domain registration bad or why they just disabled the domain?
Smells like tortious interference to me... and likely some form of perjury. I'd probably stop talking to them now that service is restored and get in touch with legal representation.
I wanted to take the time to thank you for the service you provide. itch.io is unvaluable to the indie community, and I'm perplexed when I see some devs complain about issues like this. Thabks for all your work.
For what it's worth, I know Namecheap gets a meh rep, but we've been on the receiving end of several phishing/copyright reports and have responded across the spectrum in terms of time span. We've responded immediately. We've responded with an hour or so to go. In all cases, Namecheap has somehow responded quickly and resolved the issue.
I coincidentally just this past week ran into a major issue with Namecheap on a fraudulent domain marketplace sale that they did not resolve properly or in a timely manner. They deserve their meh reputation. They were decent about a decade ago. Come renewal my domains up for sale are moving to Dynadot. Was considering porkbun but I sense they are heading the namecheap way.
Hey, perhaps you can mediate the impact by providing an alternate way to access the site (IP, alternative domain) and posting it somewhere people will see it (bsky, here, ...)? Realistically , this may take days to resolve.
So it sounds like this was DMCA abuse by Funko, aided and abetted by BrandShield, and it resulted in damages to you. Also sounds like iwantmyname just went along with it, they are probably conditioned to do so by the rules.
I would write up a complaint and send it to the incoming FTC Commissioner. Yes, I'm serious. From the signals Trump is sending if there is ever a time when Republicans may support some form of DMCA reform, it's now. He's on record talking about punishing Big Tech and supporting "Little Tech." You're Little Tech. Send copies of your letter to Funko and BrandShield. Also reach out or at least send a copy to Matt Stoller, the guy who publishes a very popular newsletter about monopoly, anti-trust and corporate abuse in America, he will be interested. Go for the throat.
Unfortunately "serverHold" goes above registrars. I learned this the hard way. There's a variety of watchdogs that false flag things all the time, and a handful of tld's that will blindly obey these orders. I'm guessing io is one of these. You'll have to escalate it with them, though I was never successful. Good luck.
Unfortunately the domain has a hold placed on it by the registrar, so I believe transferring is disabled. I also wouldn't want to risk doing a transfer at an hour when their staff aren't available to help with the current issue.
> The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this.
I feel like there's also some missing layer of infrastructure here.
itch.io, like a lot of sites (HN being another), is meant to act as a host of user-generated content, over which the site takes a curatorial but not editorial stance. (I.e. the site has a Terms of Use; and has moderators that take things down / prevent things from being posted according to the Terms of Use; but otherwise is not favoring content according to the platform's own beliefs in the way that e.g. a newspaper would. None of the UGC posted "represents the views" of the platform, and there's no UGC that the platform would be particularly sad to see taken down.)
I feel like, for such arms-length-hosted UGC platforms, there should be a mechanism to indicate to these "brand protection" services (and phishing/fraud-detection services, etc) that takedown reports should be directed first-and-foremost at the platform itself. A mechanism to assert "this site doesn't have a vested interest in the content it hosts, and so is perfectly willing to comply with takedown requests pointed at specific content; so please don't try to take down the site itself."
There are UGC-hosting websites that brand-protection services already treat this way (e.g. YouTube, Facebook, etc) — but that's just institutional "human common sense" knowledge held about a few specific sites. I feel like this could be generalized, with a rule these takedown systems can follow, where if there's some indication (in a /.well-known/ entry, for example) that the site is a UGC-host and accepts its own platform-level abuse/takedown reports, then that should be attempted first, before trying to get the site itself taken down.
(Of course, such a rule necessarily cannot be a full short-circuit for the regular host-level takedown logic such systems follow; otherwise pirates, fraudsters, etc would just pretend their one-off phishing domains are UGC platforms. But you could have e.g. a default heuristic that if the takedown system discovers a platform-automated-takedown-request channel, then it'll try that channel and give it an hour to take effect before moving onto the host-level strategy; and if it can be detected from e.g. certificate transparency logs that the current ownership of the host is sufficiently long-lived, then additional leeway could be given, upgrading to a 24-72hr wait before host-takedown triggers.)
So Linode hosts your server, and iwantmyname provides your domain? If they want they can take down your server and your domain? Is there any server provider / domain provider who doesn't hold that kind of power?
Some companies have always been terrible about this. Fan projects involving companies like Nintendo or Take Two Interactive (GTA) are like lawyer bait. Disney has hired lawyers to sue a daycare center that had (clearly unofficial) character art painted on the walls. It's dystopic, but it's the world we live in.
I didn't really expect Funko or 10:10 Games to be like that, but then again I didn't expect anyone would like Funko enough to make a fan page about their dolls.
Other companies allow fans to do pretty much whatever you want with their IP as long as you don't turn it into (too much of) a business. Sega has even hired a fan for their remasters rather than DMCA his project into oblivion.
When companies do this, I interpret this as the company giving a clear message: "don't be a fan of our work or we may apply legal pressure".
That's extremely disappointing from iwantmyname. While I haven't used it, it was always on my mind as a potential registrar when buying a domain. I think I'll have to reconsider.
A similar thing has happened to me before. There is a company with the same name as my surname with a trademark for it.
When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good. The problem was that the registrar and its support then ghosted me and also never refunded me for the money already paid to lease the domain for a year. Overall it was a bad experienced with bad communication that made me switch registrar (note: this was a different registrar than mentioned here).
I think one of the problems is that as more and more individual consumers buy domains, certain legal processes and automation are not ready for that. A good registrar should anticipate that an individual private consumer may not have the legal experience or knowledge to deal with just being hit with something they were never explicitly warned of.
> When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good.
I don't think this is good.
Trademarks are country-specific, not global like domains. Further, within a country trademarks are only valid within the scope of certain classes, which means:
* There will often be more than one trademark holder of even non-surname trademarks.
* You can't trademark a surname to prevent its use generally, you can only restrict its use in a narrow sphere.
I understand why domain registrars automatically overenforce their country's trademark laws (they can't deal with the legal complications that will result from them not doing so), but it's very much not good that someone like you can get to a domain for your surname first and be told you can't have it in case the trademark holder (for which class???) might want it.
> Trademarks are country-specific, not global like domains.
Domains are also subject to local law! For ccTLDs, it's usually that of the country in question; for gTLD, to my knowledge the US has effective jurisdiction (through ICANN) over at least some of the popular gTLDs such as .com and .net.
"Local law" in this case doesn't just include actual laws on the books, but also the risk and cost of getting sued by either a trademark holder or a non-trademark-infringing domain owner.
This is exactly the type of issue that people usually don't consider when picking a TLD, vanity or otherwise.
> I think one of the problems is that as more and more individual consumers buy domains
Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking. As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
> Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking.
Yes, but a segment of the domain market still buys their name domains and defends them on the Internet.
I bought my fname+lname domain a few years ago, but I'm not planning to surrender it to a random conglomerate.
> As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
A deep part of me hopes this part of the market never dies, for the good health of the Internet's sovereignity.
The percentage share of personal domains doesn’t tell you everything. More and more consumers probably are buying personal domains just by the nature of it getting cheaper and easier to host and there being more people on the internet year over year. Could be proven wrong though because I don’t know how to get the numbers.
Trademarks are country specific while domain names are not. Would be interesting to know what happens if they took this to trial (in which country though).
The chain of culpability, in my view as an outsider, goes iwantmyname > BrandShield > Funko Pop.
Funko Pop hired BrandShield, but from what I understand they did so exactly because the latter does all the work without you having to intervene. Kind of like you hiring a lawyer and them using ChatGPT to present the case, full of errors and non-existent sources. The lawyer might have been acting on your behalf, but they didn’t really do so according to your intentions and their fuck up isn’t your fault. On first view I’d say BrandShield is a culprit here, but can’t be so sure about Funko Pop yet.
On the other hand, iwantmyname is absolutely at fault. They took down a client’s website without asking or recourse, then sat on their asses. That’s who you sue, because they’re the ones who ultimately had the power and made the decision that affected itch.io. If iwantmyname wants to sue BrandShield and/or Funk Pop or whatever else in turn, none of your concern. The one’s who hurt the business were iwantmyname by not doing due diligence or contacting the client but just automatically bending over.
Now if they should be sued in Britain or New Zealand, that’s for the lawyers to know.
In fact, all of this is for the lawyers to figure out. I’m not one. I’m merely expressing what makes logical sense to me, which could be incredibly wrong.
You don't necessarily have to sue them in their place of registration if they're doing business elsewhere. "Defending trademark rights" probably counts as that.
Of course the problem is that legally speaking, they don't cause any damage - service providers they target cause the damage. BS have no true authority over these service providers, just the threat of some legal claim. The service providers comply voluntarily as they don't want to spend time checking if the claim is valid.
Eh, dunno about that. They made what would appear to be a false complaint; hard to really consider what was going on here ‘fraud and phishing’!
That the magic robot perhaps did it for them matters not at all, in terms of whose fault it is, though a proliferation of magic robots does make junk services like this more of a problem, in that they can flood the internet with nonsense more effectively.
Then there needs to be some cost associated with sending a completely false claim.
Doesn’t need to be huge – just enough to cover their cost and thereby make it uneconomical to outsource the work these companies are charging their customers for to their targets.
Yes, but also you need to bring your legislators to heel. It is entirely their fault.
That you have grifters like brandshield is a symptom. Although you should never employ their lawyers for anything either of course. Make the taint stick to them.
Personally use Porkbun since Namecheap's API is poorly-documented and they attempted a KYC audit for purchasing a $100 domain.
I am fine with the identity verification, but their ticketing system seems to have sent all of my e-mail to their spam box, because they would never respond. I attempted opening tickets explaining the e-mail situation, but they wouldn't listen. In the end, I gave up and let them deactivate the account.
Moved to Porkbun, purchased the exact same domain (no KYC required!), and have been a happy user of their API for about two years now. They also have much more lax requirements for API usage compared to Namecheap. Porkbun also supports WebAuthn and logging in with a security key. It's overall a much nicer service than Namecheap.
I've been using IONOS (formerly 1und1) for the last 20 years for all of my DNS and hosting needs and couldn't be happier. Their uptime, non-obtrusive policies, and customer support have all been top notch. Can't recommend enough. As an example; I had a dedicated server that I was leasing that I wanted to upgrade, the sales tech noticed that the plan I was currently on had been retired/replaced and credited my account with difference of what I had payed vs the new payment tier which amounted to six months of billing on the upgraded server. You can't really put a price on that kind of honesty!
I strongly encourage people to only recommend domain registrars if they have verified that customer support won’t completely fuck you over when something goes wrong. Recommending registrars when you’ve only experienced the happy path is doing a disservice to the people you are trying to help out.
easyDNS still seems good for those who want a more old style "full fat" registrar like gandi was? I know some folks I respect who have long used it alongside Route 53. Though they don't appear to support hardware tokens which is a major black mark in my book in 2024.
As well as Gandi, DNSimple was another higher service one I really liked that went crazy on pricing. Agreed the registrar scene nowadays seems like a quite small "do use" list vs a couple of "don't use" :(.
I’ve been using Hover since they advertised on 5by5 a decade and a half ago, and never had a single issue. They never bother me nor do I need to remember they exist. I only hear from them when they need ICANN contact confirmation or to remind me a domain is expiring.
I've used Register4Less for over a decade and I've been thrilled with them. They're slightly more expensive than the cheapest options (by a buck or two), but this is more than made up for by the fact that they're the only registrar I've ever used who have proactively reached out about minor issues. Every time I've needed to email them, I've gotten a response from somebody who can fix the problem within minutes.
Namecheap has horrendous billing UI with their products, also not PDF so makes it hard for freelancers when you have many domains and your accounts want an PDF. Easiest is a registrar that mails you invoices in PDF.
I'd prefer a 'do not' list, because 'experience quoted'. Any one of the names you mention could be bought/ new CEO etc tomorrow and start the turdification (tm) slide.
We actually had almost the exact same thing happen to Notebook.ai last month:
- automated notice of trademark infringement from some posted user content, accusing us of "fraud and phishing" (filed by a third party on behalf of Meta)
- that user content was immediately deleted upon receiving the notice
- exactly a week later, our host (Heroku) banned our account with a generic no-reason "Your account has been banned."
Total downtime of about 24 hours until it was resolved; luckily, Heroku's support simply unbanned the account whenever I reached out to ask why we were banned. Migrating to another host wouldn't have taken much longer, but would have been a pain.
Goes to show layering a couple automated processes together can have pretty devastating false-positives. I'm glad there was a human in the loop at Heroku I could reach to get things sorted out relatively quickly; also glad to see Itch.io is back up and got it sorted out relatively quickly as well.
Hm. So Funko sells merchandise related to the Jurassic World franchise.[1] But, according to Licensing International, Mattel licenses the toy rights to that franchise from Universal Products and Experiences, the merchandise arm of Universal Pictures. [2] Also, Funko sells Disney Princess dolls.[3] Mattel announced a multi-year licensing deal with Disney to license the doll rights for Disney Princess dolls. “The courage and compassion found throughout our Disney Princess and Frozen stories and characters continue to inspire fans around the globe,” said Stephanie Young, President of Disney Consumer Products, Games and Publishing. “By furthering our longstanding relationship with Mattel, we look forward to expanding the worlds of Disney Princess and Frozen, introducing an innovative new era of these beloved franchises through captivating products and play opportunities.”
Might be useful to send letters to Disney's and Mattel's legal departments. Mattel paid a lot of money for that Disney license. Disney is very protective of those licenses. Mattel lost the Disney license to Hasbro for a few years due to overproduction of low quality dolls. I'm surprised to see Funko selling low-quality Disney dolls. They degrade a Disney brand.
Why on earth would you send letters? These are all huge corporations with sizeable legal departments. They either know or they should, and most importantly, are paid to handle this. Moreover, you're not likely to be heard or understood by the first line of customer care there, even if this was something they weren't aware of (quite unlikely) but wished they were. It's a waste of time, and something even the biggest altruist would find hard to defend as a sensible effort.
Besides, Disney is perfectly capable of degrading their own brand.
I sent a request to the registrar, and they emailed with this response. They're claiming it wasn't their fault.
--------
Your request has been updated. To add additional comments, reply to this email.
9 Dec 2024, 10:57 UTC
Hello and thank you for your message.
The domain name was already reinstated earlier today after the registrant finally responded to our notice and took appropriate action to resolve the issue
Readit News
From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.
https://en.wikipedia.org/wiki/Spite_house
https://en.wikipedia.org/wiki/List_of_Curb_Your_Enthusiasm_e...
Edit: And i'm happy to see that it's working again as of 2024-12-09 12:27 UTC+1
Deleted Comment
The last time someone I knew had an issue, they had to get a senator to make waves to get anything resolved.
Prices went up, service went down. I’d recommend moving your domains when you can (Porkbun have been good, though I haven’t had any incidents like this).
Best of luck!
1: https://en.m.wikipedia.org/wiki/Team_Internet
I've used their services for ages and even got to briefly meet the founders once in Wellington who gave a talk on Erlang.
Ah well, while it sucks that the good times may be over, I'm glad the founders got their exit :)
Though it was the indie/personal feel they had as a registrar, I might look for alternatives.
Then things like this happen, and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place, and the real issue was that they sent a "fraud/phishing report" rather than a "trademark infringement" report.
Then I also wish that people who knew better, that this really has nothing to do with AI (like, this is obviously not autonomously making decisions any more than a regular program is), to stop blindly parroting and blaming it as a way to get more clicks, support and rage.
AI does need to die. Not so much because LLMs are bad, but rather because, like "big data" and "blockchain" and many other buzzwordy tools before it, it is a solution looking for a problem.
That haphazard branding and parroting is exactly why the bubble needs to burst. Bubbles bursting take out the gritters and rarely actually kills off all the innovation in the scene (it kills a lot, though. I'm not trying to dismiss that).
I also wonder if their "automatically disable" policy takes size/importance of site into account. Is this how they would treat all their domain owners, regardless of significance?
While I agree, the people who hired them are equally culpable. You don't get to wash your hands of the mess just because someone else is doing your dirty work.
Deleted Comment
It does, but they never mess with anyone with big enough pockets to get sued for it.
My hosting party (Hetzner) forwarded the emails and / or put it in their own system, I removed the offending images / page, replied to the email, and done, right? Wrong, the email said I had to fill in a statement through some online form somewhere; I did that too late and got more and more threatening emails like "pack your shit we're evicting you in 24 hours". Nobody seemed to actually read my replies / explanation, probably because this is so routine for them.
And I get it, nobody can be arsed to read longwinded explanations and the like for routine operations. I hope AI assisted tooling will help the overworked support employees with making decisions in favor of giving people the benefit of the doubt and the help they need; for them it's routine, but for me it was the first time I got anything like that.
I've worked on a team in a household-name big tech company where our mission was almost exactly "make sure we're not blowing up our most important customers for no reason". It's not nearly as easy as it sounds: defining who's important is hard, and defining what should and shouldn't be allowed is hard, and then implementing that all correctly and avoiding drift over time is tricky too.
• itch.io users could launch the Godot Web Editor to quickly make prototypes or simple games right on itch
• Publish from the native Godot editor directly to itch.io
• Godot adopts itch.io as the official asset store for art packs etc.
• Introduce social features for devs and artists to collaborate with each other:
• A publisher could choose to add a “Fork” or similar button on their itch.io game page that downloads and opens the project source in Godot. • All "forks" published that way would include a link to the original game's page, and so on.
I think Godot+itch could/should become the Github of Games :)
Did this account violate your ToS or the actual law? While I totally understand where are you coming from and I would probably be forced to do the same, I still tend to believe that closing a fan account is exactly the same thing that your registrar did to you.
Besides that, there are so many websites with copyright content that never changes the domains, is just the domain registration bad or why they just disabled the domain?
Godspeed!
I would write up a complaint and send it to the incoming FTC Commissioner. Yes, I'm serious. From the signals Trump is sending if there is ever a time when Republicans may support some form of DMCA reform, it's now. He's on record talking about punishing Big Tech and supporting "Little Tech." You're Little Tech. Send copies of your letter to Funko and BrandShield. Also reach out or at least send a copy to Matt Stoller, the guy who publishes a very popular newsletter about monopoly, anti-trust and corporate abuse in America, he will be interested. Go for the throat.
Deleted Comment
I feel like there's also some missing layer of infrastructure here.
itch.io, like a lot of sites (HN being another), is meant to act as a host of user-generated content, over which the site takes a curatorial but not editorial stance. (I.e. the site has a Terms of Use; and has moderators that take things down / prevent things from being posted according to the Terms of Use; but otherwise is not favoring content according to the platform's own beliefs in the way that e.g. a newspaper would. None of the UGC posted "represents the views" of the platform, and there's no UGC that the platform would be particularly sad to see taken down.)
I feel like, for such arms-length-hosted UGC platforms, there should be a mechanism to indicate to these "brand protection" services (and phishing/fraud-detection services, etc) that takedown reports should be directed first-and-foremost at the platform itself. A mechanism to assert "this site doesn't have a vested interest in the content it hosts, and so is perfectly willing to comply with takedown requests pointed at specific content; so please don't try to take down the site itself."
There are UGC-hosting websites that brand-protection services already treat this way (e.g. YouTube, Facebook, etc) — but that's just institutional "human common sense" knowledge held about a few specific sites. I feel like this could be generalized, with a rule these takedown systems can follow, where if there's some indication (in a /.well-known/ entry, for example) that the site is a UGC-host and accepts its own platform-level abuse/takedown reports, then that should be attempted first, before trying to get the site itself taken down.
(Of course, such a rule necessarily cannot be a full short-circuit for the regular host-level takedown logic such systems follow; otherwise pirates, fraudsters, etc would just pretend their one-off phishing domains are UGC platforms. But you could have e.g. a default heuristic that if the takedown system discovers a platform-automated-takedown-request channel, then it'll try that channel and give it an hour to take effect before moving onto the host-level strategy; and if it can be detected from e.g. certificate transparency logs that the current ownership of the host is sufficiently long-lived, then additional leeway could be given, upgrading to a 24-72hr wait before host-takedown triggers.)
Deleted Comment
Will you be moving away from this registrar? It seems like it could very easily be abused again.
I didn't really expect Funko or 10:10 Games to be like that, but then again I didn't expect anyone would like Funko enough to make a fan page about their dolls.
Other companies allow fans to do pretty much whatever you want with their IP as long as you don't turn it into (too much of) a business. Sega has even hired a fan for their remasters rather than DMCA his project into oblivion.
When companies do this, I interpret this as the company giving a clear message: "don't be a fan of our work or we may apply legal pressure".
Dead Comment
Dead Comment
One registrar off the list of registrars you wanna use.
I'm surprised about their slowness. Again, 2 days ago I sent a request via their web-form and less than 24h later it was resolved.
Disclosure: I know the founder (Lenz).
When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good. The problem was that the registrar and its support then ghosted me and also never refunded me for the money already paid to lease the domain for a year. Overall it was a bad experienced with bad communication that made me switch registrar (note: this was a different registrar than mentioned here).
I think one of the problems is that as more and more individual consumers buy domains, certain legal processes and automation are not ready for that. A good registrar should anticipate that an individual private consumer may not have the legal experience or knowledge to deal with just being hit with something they were never explicitly warned of.
I don't think this is good.
Trademarks are country-specific, not global like domains. Further, within a country trademarks are only valid within the scope of certain classes, which means:
* There will often be more than one trademark holder of even non-surname trademarks.
* You can't trademark a surname to prevent its use generally, you can only restrict its use in a narrow sphere.
I understand why domain registrars automatically overenforce their country's trademark laws (they can't deal with the legal complications that will result from them not doing so), but it's very much not good that someone like you can get to a domain for your surname first and be told you can't have it in case the trademark holder (for which class???) might want it.
Domains are also subject to local law! For ccTLDs, it's usually that of the country in question; for gTLD, to my knowledge the US has effective jurisdiction (through ICANN) over at least some of the popular gTLDs such as .com and .net.
"Local law" in this case doesn't just include actual laws on the books, but also the risk and cost of getting sued by either a trademark holder or a non-trademark-infringing domain owner.
This is exactly the type of issue that people usually don't consider when picking a TLD, vanity or otherwise.
Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking. As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
Yes, but a segment of the domain market still buys their name domains and defends them on the Internet.
I bought my fname+lname domain a few years ago, but I'm not planning to surrender it to a random conglomerate.
> As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
A deep part of me hopes this part of the market never dies, for the good health of the Internet's sovereignity.
Funko Pop is an American Company.
BrandShield, the "Brand Protection Software" they used, is based out of Israel.
iwantmyname, the registrar, is from New Zealand.
They got bought out by Team Internet, which is British.
And who knows where all of them are actually registered.
They are all going to point the finger at each other for the problem. Who do you sue, and where?
Funko Pop hired BrandShield, but from what I understand they did so exactly because the latter does all the work without you having to intervene. Kind of like you hiring a lawyer and them using ChatGPT to present the case, full of errors and non-existent sources. The lawyer might have been acting on your behalf, but they didn’t really do so according to your intentions and their fuck up isn’t your fault. On first view I’d say BrandShield is a culprit here, but can’t be so sure about Funko Pop yet.
On the other hand, iwantmyname is absolutely at fault. They took down a client’s website without asking or recourse, then sat on their asses. That’s who you sue, because they’re the ones who ultimately had the power and made the decision that affected itch.io. If iwantmyname wants to sue BrandShield and/or Funk Pop or whatever else in turn, none of your concern. The one’s who hurt the business were iwantmyname by not doing due diligence or contacting the client but just automatically bending over.
Now if they should be sued in Britain or New Zealand, that’s for the lawyers to know.
In fact, all of this is for the lawyers to figure out. I’m not one. I’m merely expressing what makes logical sense to me, which could be incredibly wrong.
BrandShield, Funko, and iwantmyname all caused serious financial harm through, at a minimum, tortious negligence.
I'm not a lawyer, but even a yokel like me knows there's more to this legally than a shrug and "the software did it".
That the magic robot perhaps did it for them matters not at all, in terms of whose fault it is, though a proliferation of magic robots does make junk services like this more of a problem, in that they can flood the internet with nonsense more effectively.
Doesn’t need to be huge – just enough to cover their cost and thereby make it uneconomical to outsource the work these companies are charging their customers for to their targets.
That you have grifters like brandshield is a symptom. Although you should never employ their lawyers for anything either of course. Make the taint stick to them.
Deleted Comment
- Namecheap
- Cloudflare
- Route 53 (if on AWS)
Any others?
I am fine with the identity verification, but their ticketing system seems to have sent all of my e-mail to their spam box, because they would never respond. I attempted opening tickets explaining the e-mail situation, but they wouldn't listen. In the end, I gave up and let them deactivate the account.
Moved to Porkbun, purchased the exact same domain (no KYC required!), and have been a happy user of their API for about two years now. They also have much more lax requirements for API usage compared to Namecheap. Porkbun also supports WebAuthn and logging in with a security key. It's overall a much nicer service than Namecheap.
Without a doubt, Porkbun is one of the best. Their staff is knowledgeable, helpful and efficient. Highly recommend them.
The full thread is worth reading for more feedback on a range of registrars, particularly Namecheap: https://news.ycombinator.com/item?id=18086522
I strongly encourage people to only recommend domain registrars if they have verified that customer support won’t completely fuck you over when something goes wrong. Recommending registrars when you’ve only experienced the happy path is doing a disservice to the people you are trying to help out.
As well as Gandi, DNSimple was another higher service one I really liked that went crazy on pricing. Agreed the registrar scene nowadays seems like a quite small "do use" list vs a couple of "don't use" :(.
I have one on dynadot because Hover doesn't support the TLD, and the website sure is a lot more awkward.
I currently have some domains there (moved a few years ago from Godaddy), so is there something I need to worry about?
Porkbun is great.
The only issue I experience with Namecheap are included redirects which have something like 90% uptime.
Route53 domains is seriously not needed for anything - just add zone in AWS and point your registrar to new NS.
Deleted Comment
If you are in Germany donaindiscount24.com is good option too.
- automated notice of trademark infringement from some posted user content, accusing us of "fraud and phishing" (filed by a third party on behalf of Meta)
- that user content was immediately deleted upon receiving the notice
- exactly a week later, our host (Heroku) banned our account with a generic no-reason "Your account has been banned."
Total downtime of about 24 hours until it was resolved; luckily, Heroku's support simply unbanned the account whenever I reached out to ask why we were banned. Migrating to another host wouldn't have taken much longer, but would have been a pain.
Goes to show layering a couple automated processes together can have pretty devastating false-positives. I'm glad there was a human in the loop at Heroku I could reach to get things sorted out relatively quickly; also glad to see Itch.io is back up and got it sorted out relatively quickly as well.
Might be useful to send letters to Disney's and Mattel's legal departments. Mattel paid a lot of money for that Disney license. Disney is very protective of those licenses. Mattel lost the Disney license to Hasbro for a few years due to overproduction of low quality dolls. I'm surprised to see Funko selling low-quality Disney dolls. They degrade a Disney brand.
[1] https://funko.com/pop-tyrannosaurus-rex-fossil/80225.html
[2] https://licensinginternational.org/news/mattel-and-universal...
[3] https://funko.com/fandoms/animation-cartoons/disney-princess...
[4] https://corporate.mattel.com/news/mattel-and-disney-announce...
Besides, Disney is perfectly capable of degrading their own brand.
But I agree this is most probably futile :)
Disney chases down little daycare centers: https://www.snopes.com/fact-check/daycare-center-murals/
They would not miss Funko.
Deleted Comment
--------