Facebook is suing the popular registrar Namecheap alleging it is “Protecting People from Domain Name Fraud“.
This week we filed a lawsuit in Arizona against Namecheap, a domain name registrar, as well as its proxy service, Whoisguard, for registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps. These domain names can trick people into believing they are legitimate and are often used for phishing, fraud and scams.
We regularly scan for domain names and apps that infringe our trademarks to protect people from abuse. We found that Namecheap’s proxy service, Whoisguard, registered or used 45 domain names that impersonated Facebook and our services, such as instagrambusinesshelp.com, facebo0k-login.com and whatsappdownload.site. We sent notices to Whoisguard between October 2018 and February 2020, and despite their obligation to provide information about these infringing domain names, they declined to cooperate.
We don’t want people to be deceived by these web addresses, so we’ve taken legal action. We filed a similar lawsuit in October 2019 against OnlineNIC, another domain registrar, and its proxy service. Our goal is to create consequences for those who seek to do harm and we will continue to take legal action to protect people from domain name fraud and abuse.
While the domains were registered AT Namecheap, the domains were not actually registered BY Whoisguard. One of more people over one and a half years registered 45 domains and used whois proxy services just like they do at any other ICANN accredited registrar.
Facebook believes that Namecheap has the “obligation” to provide the registrants information but that is only true after a UDRP or a court order.
Meanwhile large companies such as Facebook are trying to take advantage of GDPR and achieve (with the help of ICANN) the opposite of what GDPR was created for: have access to all registrants details without a court order.
A blog post today said that “Namecheap Stands Firm Against Efforts to Undermine Customer Privacy”.
Here is the Namecheap post:
As one of the world’s largest domain registrars, Namecheap takes customer privacy and Internet rights and due process seriously. Over the years we have taken a stand against many previous attempts to undermine our customers’ rights.
Today we find ourselves in another battle as Facebook is attempting to bypass legal protections and our own stringent customer protections.
Facebook claims that certain websites have violated Facebook’s trademarks and may be perpetuating fraud due to misleading domains.
Because Namecheap does not voluntarily divulge domain registrants’ private details (as protected by our WHOIS proxy Whoisguard) without a court-ordered subpoena, Facebook has filed a lawsuit against us.
Our CEO Richard Kirkendall has this to say about the lawsuit:
Namecheap takes every fraud and abuse allegation seriously, and diligently investigates each reported case of abuse. We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.
Facebook may be willing to tread all over their customers’ privacy on their own platform, and in this case, it appears they want other companies to do it for them, with their own customers. This is just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard, intended to protect millions of Internet users’ personal private data.
Namecheap believes our customers have rights just like large corporations, and we stand firm against any company or entity that insists on invading privacy without due process.
“While the domains were registered AT Namecheap, the domains were not actually registered BY Whoisguard.”
PRECISELY. Yet FaceBook sues Namecheap / Whoisguard “for registering domain names that aim to deceive people”?
That shows INCREDIBLE ignorance regarding how domain registrars and whos proxy / privacy services work. For an company the size of Facebook – which has something like 50,000 employees and is focused on IT and the web – such ignorance is inexcusable.
Literally, I find that ignorance incredible in the sense that I don’t believe Facebook is as clueless about how domains work as they accidentally or deliberately appear. Even their lawyers – who, as a species, generally don’t know a domain from a donut – probably have a fair amount of experience with domain-related abuse. After all, Facebook is no stranger to phishing, cybersquatting, and the UDRP process, in which their lawyers would have encountered whois proxy services in the past and learned to differentiate registrars from registrants.
It’s more likely that Facebook is looking for a lazy shortcut to the legitimate UDRP process, which can be costly or slow or simply not produce the results wanted by the complainant.
Beyond ignorant, Facebook’s complaint here is astonishingly hypocritical. Ever since Facebook turned a blind eye to – or even abetted – fake news from state-sponsored russian propagandists, meddling int he 2016 election, Facebook has been widely criticized for not policing their customers. Mark Zuckerberg even had to appear before the U.S. congress to face questioning. Granted, the interrogation / interview was dismally uninformed. But public pressure demanded it.
And Facebook’s defense has been (in part) that they cannot be expected to, or should not, or lack the wherewithal to police content. Whatever the merits or weaknesses of Facebook’s argument that they are a neutral platform and not a media company PUSHING information on consumers, such an argument is FAR more applicable to a domain registrar.
A registrar like NameCheap doesn’t have 2.4 billion customers or 50k employees, as Facebook does. So if Facebook can claim that they lack the capacity to police abuse on their platform, then how can they sue a small registrar for not doing so?
Facebook brags that they “regularly scan for domain names and apps that infringe our trademarks”. Good! With 50k employees and only a small number of brands to protect, that’s an efficient approach. In contrast, a domain registrar would need to scan for a nearly INFINITE number of brands – since all the trademarks in existence could theoretically be infringed by some domain registration or other. That task would take an army.
Really it’s not a domain registrar’s responsibility to actively police the domains being registered on their platform. They may do so. But if they were REQUIRED to do so, then that would make it practically impossible to allow customers to register domains instantly and automatically. Instead, the registrar would need 24-72 hours to review each tentative domain registration for possible TM infringement, ties to illegal activity (based on apparent subject matter), etc. And the first registrar to implement a 72-hour wait period for registrations will lose ALL of its business to competitors who don’t. Such a registrar business model, which has never been required, would go extinct immediately due to consumer choice.
Registrars are neutral. And they need to be. When a registrant customer breaks the law through some domain they have registered, then law enforcement agencies or trademark owners have legitimate recourse. And that should always focus on the registrant who broke the law, not the registrar that simply provides a mechanism for registering domain names. Registrars comply with law enforcement agencies and UDRP panels. They’re usually happy to get rid of customers who cause problems – including by registering trademark-infringing domains – since the registrar typically loses FAR MORE money by dealing with the problems those customers cause than they would make by a few cents per year per domain.
Facebook should not be circumventing the normal legal processes, of which they’re well aware. It’s unseemly for a large company to sue a small company, which appears to be doing absolutely nothing wrong. And it’s utterly hypocritical for Facebook to do so little to police their own content while demanding – via lawsuit – that a domain registrar cease to be neutral and begin actively interfering in / censoring domain registrations for Facebook’s benefit.
Gross.
“Facebook turned a blind eye to – or even abetted – fake news from state-sponsored russian propagandists, meddling int he 2016 election, Facebook has been widely criticized for not policing their customers.”
Russiagate is a partisan national embarrassment and disgrace and some of the most debunked McCarthy 2.0 BS of the 21st century. Clinton lost because she was practically the only vile person on the planet who could *not* have beaten Trump, as the crooked and corrupt neolib Democratic establishment and DNC rigged and stole the 2016 primary from Sanders in front of the entire world in order to force more of the bankrupt status quo on an American public just as desperate for real “hope and change” after 8 years of Obama’s not real “hope and change” as they were when they had elected Obama to begin with. And I for one certainly did not need any help from Russia to know that Clinton was nothing but a rotten lying murdering psychopath sociopath and warmongering fraud whose threatened version of the depraved status quo would have even been far worse than the current disaster if one can even imagine that. Just as I don’t need any help from Russia now to know that, while no candidate is perfect, Tulsi Gabbard and Sanders, who it’s virtually certain would already be President now to begin with were it not for the crooked DNC and (anti) Democratic elite, are the only candidates in the race seeking to (finally) bring about real change for the better and real representation of the American people instead of more of the same corporatist plutocracy and fear mongering fraud.
And let’s dispense with this ridiculous business of being “shocked, shocked” to find that countries ever attempt to influence the affairs and elections of other nations for their own interests, which is what that amounts to, shall we please. Or maybe you need to take a closer look at the biggest global perpetrator of that of them all, and all the murder, mayhem, assassination and coups it commits. Or better yet, how much of supporting that was even part of your job personally when you were in the military, ay? Even now in some “side gig” perhaps for all anyone knows?
Joseph, both the corporatist fake left (which I’m sad to say you have long apparently been allied with) and the supposedly “conservative” right are full of it, thank you. It’s much better and much more truly American to be independent, and still able to vote in a primary when the time comes.
PS – and that’s some pretty “chilling” stuff I must say, but a common desire among those who are “neoliberal”:
“policing their customers”
Now I remember why I stopped commenting online. And left the USA. Too many @Johns.
Fakebook are complete and utter hypocrites.
Facebook is committing blatant grotesque abuse with this and should be counter-sued as possible.
It is a bit daft of Facebook, I had ebay threaten to sue me for many years but they never did.
The thing is, I have a free WHOIS privacy but forgot to select it on a few renewals and so went to see what it showed.
Well because of EU GDPR all it showed was my country.
So what next, will Facebook sue the EU for allowing people to hide behind GDPR?
Also, Namecheap nor any other company is responsible for Policing Facebook, protecting Facebook or wiping the Ass of Facebook when Facebook themselves are far more capable.
There is a facility at ICANN and other organisations to dispute domains for which you have a genuine trademark etc, if you can show you used the name first.
I remember well that Facebook sell millions of data of people registered in the EU countries, and from this is when the EU implement the GDPR that was so discussed among us for the changes in the Whois.
Facebook is a voting database for political parties in any country in the world.
I think that Facebook has lost the papers and the bad thing from before now takes its toll so you do not want to face yourself.