I'm the one running itch.io, so here's some more context for you:
From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.
Hope you have money to fight them. I stuck to my guns on a wrongful one like this and while Digitalocean and Cloudflare both had my backs (surprisingly before I even asked, both of them got a lot of good will on that - they informed me they already checked and it was spurious!). Google didn't have my back though and immediately caved when they upgraded their sham copyright infringement claim to money laundering and fraud based on nothing - a fully static website with no backend calls. Good luck! I still have the sites exactly as they were just to spite them and will keep running them at a loss until I'm dead. Copyright infringement my ass. This abuse has got to stop sometime.
Many of the spite houses were entertaining (the Alameda and Tyler spite houses were probably some of the best).
However, nothing compares to the George Lucas saga down in Marin County. Was worth it just for the read about Lucas' fight with the county. Nigh incomprehensible.
> submitted a so-called precise development plan in 2009 [for a] 269,701-square-foot digital studio [2]
> Lucas’ company says it spent “tens of millions” on engineering and environmental reviews and fees since its master plan was approved in 1996. [1]
> The association and others sent a letter to Mr. Lucas requesting that he find a “far more appropriate location for the development.” The project, the letter said, would “pose a serious and alarming threat to the nature of our valley and our community,” “dwarf the average Costco warehouse” and generate light pollution so that “our dark starry skies would be destroyed.” [2] In 2012, Lucasfilm announced that it had scrapped the 263,701-square-foot project. [3]
> "The level of bitterness and anger expressed by the homeowners in Lucas Valley has convinced us that, even if we were to spend more time and acquire the necessary approvals, we would not be able to maintain a constructive relationship with our neighbours" [3] “We were offering to shut down at 11 p.m. and spend $70 million to restore creeks ravaged by erosion and farm debris. Nothing we offered to these people was ever going to be enough. And so we were facing death by delay.” [1]
> In 2012 Mr. Lucas said he would sell the land to a developer to bring “low income housing” here. [2] there was a predictable backlash from residents, who believed that affordable housing would bring crime into the area and lower property values [3] “It’s inciting class warfare,” said Carolyn Lenert, head of the North San Rafael Coalition of Residents. [2]
> That has created an atmosphere that one opponent, who asked not to be identified, saying she feared for her safety, described as “sheer terror” and likened to “Syria.” [2]
> Carl Fricke [...] said: “We got letters saying, ‘You guys are going to get what you deserve. You’re going to bring drug dealers, all this crime and lowlife in here.’ ” [2]
> After three years in stasis, working with the regulations that govern affordable housing grants, George Lucas now plan[ed] to foot the bill himself, to the tune of upward of $150 million (circa 2015). This not only allows the project to proceed without jumping through those hoops, it also means that the housing can be allocated to specific groups, such as seniors, nurses and teachers. [3]
> The plan called for 224 apartments, along with generous residential amenities and a new bus stop [4], situated over 52 acres just north of San Rafael. This consists of 120 two- and three-bedroom workforce residences, and 104 one- and two-bedroom residences for seniors. [3]
> neighboring property owners quickly threatened Lucas with a $70 million environmental lawsuit if the filmmaker didn’t pull back his housing plans. True to California planning tradition, the project remain[ed] in limbo five years later. [4]
> Lucas and the residents continued to battle over the property for several years until Disney eventually bought the property as part of purchasing LucasFilm. [5]
And the final piece of the story, perhaps the worst:
> A line of RVs, trucks, and trailers stretches for nearly 2 miles along Highway 101 in north Marin County
> More than half had lived in Marin County for over a decade, and a further 13% for at least five years.
> 'I've been here four and a half years. I was one of the first here. When I came in mid 2018 there were three motor homes. Now there's over 80.' Sherry and Lyness said they can't afford a normal home any longer, and low-income housing is in short supply.
This issue aside, thanks for doing what you do. I was kind of expecting Itch to get sold to some holdings or casino company at some point, as good things tend to go, but I've been happily surprised to see it mature independently throughout the years.
And compared to that brandshield users should be branded by their business practices. Also the hoster as well.
Seems to be a difficult time for hosters and also again a demonstration that copyright law is deeply flawed, even if using stolen assets is a rising problem.
I don't disagree that copyright law is deeply flawed, but even with the current law, it seems like this situation could easily have been avoided. The issue is one malicious private company (Brandshield) taking advantage of the negligence of another private company (the registrar) by claiming that a site was being used for "fraud and phishing". If anything, the parent comment from the person running the site makes me think that the situation would have been _less_ messed up if Brandshield had correctly asked for the offending copyrighted content to be taken down rather than falsely alleging something more severe. I understand that Brandshield probably has been incentivized to act this way due to copyright law, but I'd argue that even reasonable laws will sometimes cause bad actors to try to take advantage of things, and the easiest way to fight back against this isn't to try to change laws to avoid this but for non-malicious entities like the registrar not to allow their customers to get exploited by this sort of behavior.
Unfortunately, domain registration is an industry with so many of its own problems that I'm not sure "vote with your wallet" would be an effective strategy for changing things here. I honestly wonder if domain registration might be the more fruitful target for legislation protecting customers if the goal is specifically to avoid situations like this one, but even as someone who's usually unabashedly in favor of consumer protection regulations, I can't say I have a high degree of confidence that any changes here would be done effectively.
A bad law is bad if it leads to injustice even beyond its original scope. We have seen numerous problems with DMCA abuse and copyright strikes in other forms. We have patent trolling and this abuse artificially feds a whole industry of dubious lawyers. I think this is not even a small problem and all these factors combined does make it a bad law, even if it would still protect innovation like it once was to meant to do, which is questionable as well.
Of course services like the registrar need protection here too. And certain false copyright claims probably need consequences as well. The legal industry servers no function here.
Also, it would be legally trivial to make the user accountable for the offense, not the whole of itch.io. Sure, there would be problems here as well, but there is not large barrier to not have a parasitic legal industry and have those responsible that actually commit the offense.
The problem of enforcement cannot be put on the back of the platform itself.
I'm not sure how you came away from my comment with the idea that I disagree that the DMCA is a bad law. My argument isn't that that the law is good, but that I don't think it's anywhere close to the primary cause of this incident, and that there's much lower hanging fruit that could stop stuff like this. I'm also not sure why the _registrar_ needs protection in the case we're talking about; no part of this happened because the registrar needed protection, but the main cause of pain was that the registrar completely trusted a false third-party report that alleged _fraud_, not copyright issues.
To be honest, I'm not really sure what point you're trying to make at all with your comment. None of it seems to address anything that I said, and if anything, it almost sounds like you managed to infer the opposite of what I meant in most cases.
The platform will always be preferentially targeted because the larger you are the more you have to lose, the more likely it is you actualy have assets to go after if you don't deal with the alleged noncompliance.
How have y'all not realized that's how all this works?
It's why DNS is an anti-feature. As long as registrar's exist, it'll be an active lever utilized for basic deplatforming. Until everyone can host their own stuff, and networking is de-hub-and-spoked, this type of behavior will continue.
>the easiest way to fight back against this isn't to try to change laws to avoid this but for non-malicious entities like the registrar not to allow their customers to get exploited by this sort of behavior.
Easiest? Perhaps. Nothing around law is particularly easy (except breaking it, of course!) :) So, not altering existing laws, or not making new ones, would absolutely be the easiest method to that desired outcome. Many things would be easier to do if they were simply done how they were described, in a manner in which they were excepted, under the terms which they were agreed to. However, can we expect that a lack of laws/codes/statutes could ever result in effective or consistent behavior? Sadly, no. At least, not based upon historical experience. Perhaps the disposition of man will change one day - who knows what the future holds, but God!
Negligence is a thing that is bred in indifference and grown through a lack of consequence. Law and reform is the sole remedy.
Consider this: It would be far, far safer and more profitable for owners, employees, and customers of restaurants if the restaurant kept their cooking areas clean and tidy. Yet, even with unannounced and routine health inspections, various licensing requirements, annual training & education certifications, and massive fines...in spite of all of that, absurdly high numbers owners can't meet the bare minimum. People still somehow die from unsanitary food every year!
The best we can do then to combat the disposition of disconnected employees, and the blasé, checked-out business owners is to crush their skull. It is a judicial vengeance, a constant protector for all the people who had been abused unfairly; the ones who were discounted as "unimportant nobodies". Law is what gives the common man a temporary illusion of equal treatment. And when that illusion is chipped and broken from time-to-time, well, at least we can put another head up on the spike outside our walls.
It's certainly not quick, or easy, or even preventative(!), but it is the kind of response that is owed to the victims of incompetence and indolence.
My main point probably got muddled a bit, but the main argument I was trying to make was that copyright law, however bad it might be, wasn't why the registrar acted the way it did (because it was acting on a false report of fraud and phishing, not copyright infringement), and ultimately even with a troll trying to get the site taken offline, the registrar could have acted responsibly, and there wouldn't have been any significant downtime.
From the timeline of the incident given at the top of this thread by the maintainer of the site, it sounds a lot more like the registrar was lazy about investigating whether the report of fraud/phishing was valid than that the registrar was fully aware that the actual intent was to take an entire site offline due to an allegation of a singular user infringing copyright. It sounds like the issue with the registrar could happen just as easily even if we magically waved a wand away and eliminated copyright law; if someone made an allegation of fraud and phishing, it sounds like the registrar might act the exact same way it did in this incident and take the site offline. That's why I'm arguing that copyright law isn't the primary cause of what happened here, and why reforming it seems pretty orthogonal to stopping this specific thing from occurring regardless of its merits as a goal in general.
I run a domain registrar. "serverHold" is not a status that iwantmyname could've set. If they had suspended the domain it'd have "clientHold" set. Server Hold means the registry (i.e. .io directly) has suspended the domain. Your best bet would be to contact the Internet Computer Bureau Ltd who run .io at admin@icb.co.uk, or the registry technical support provider Identity Digital at techsupport@identity.digital.
Interesting, this morning I got a response from a staff member of the parent company that owns iwantmyname saying they didn't get my response with regards to the abuse notification they sent and that's why they took the domain down.
I've heard a ton of stories about .io, IMO, they play fast and loose in a space where that isn't okay, and they get away with it mostly because they are a ccTLD.
The last time someone I knew had an issue, they had to get a senator to make waves to get anything resolved.
I regret going with .io for my personal domain name. At the time I thought it was cool, but they've since raised prices and hearing things like this doesn't instill confidence...
That, and the Indian Ocean territory will cease to exist in the (very) near future, so the .io domains might be going the way of the dodo.
I won't be registering any new ones at least, and recommending everyone to stay away from them.
Nobody really knows. There are only a few precedents, i.e. the old Soviet Union .su tld being kept around, or the 2 letter country code that I can't recall which was reassigned to a new country after the old one went out of existence.
There isn't really a precedent for a tld with as many domains under it as .io, it's a very strong possibility it will be kept around and given to a private entity or even to GB.
iwantmyname was bought out by a conglomerate, “Team Internet[1]”, a few years ago.
Prices went up, service went down. I’d recommend moving your domains when you can (Porkbun have been good, though I haven’t had any incidents like this).
Namecheap I find is less easier to use and sometimes higher cost over time. I also haven’t had reliable domain renewal service from them when I used them.
Granted this is all a few years back. I was at Cloudflare until this year when I switched to Porkbun and I’ve been very happy
I tried porkbun after comments like yours when one of my domains needed renewal, but had to transfer out after one year when their payment gateway refused to work and was very poorly handling the situation while my domain risked expiration.
Nameserver lock in. While I use Cloudflare right now for most things, I value the decoupling. Cheap way to make sure that my services aren't in total control of my domain.
I also like supporting a Ukrainian company. Only downtime I had was when their offices were being bombed, and they were quick to both restore services and make their infrastructure resilient to future such… interference.
Yup, I've been migrating out of Gandi because of this, I was okay with up to ~50% over the base price but I'm seeing 100%~200% overcharge. I did have to let go of one domain though since Cloudflare doesn't support .jp yet
You're stuck with cloudflare nameservers¹, so if you want to change nameservers you need to transfer them to other registrar, how much of a deal breaker this is is up to you, to me is project dependent.
> 6.1 Nameservers. Registrant agrees to use Cloudflare’s nameservers. REGISTRANT ACKNOWLEDGES AND AGREES THAT IT MAY NOT CHANGE THE NAMESERVERS ON THE REGISTRAR SERVICES, AND THAT IT MUST TRANSFER TO A THIRD PARTY REGISTRAR IF IT WISHES TO CHANGE NAMESERVERS.
there are very few parts of that contract in all caps, but that's one of them :/
That's annoying. For some use cases, not a big deal. But I have used the AWS Route 53 'alias' functionality on a number of occasions and that requires the use of Route 53 nameservers.
I've helped move a few domains from Gandi to Cloudflare. The move was relatively straightforward (couldn't get the Gandi records export to import into Cloudflare so had to do it manually...), and the new domain and renewal prices are lower.
To replace Gandi email (that Gandi went from free to ramping up the pricing for when they were taken over), Cloudflare offer email forwarding so you can receive incoming mail from a custom domain to e.g. a gmail account, and for sending mail you can pair this with a custom SMTP service like https://www.smtp2go.com (1000 emails/month on the free tier).
Apart from that, DNS is something I barely touch for years sometimes so I don't find much difference between registrars beside their pricing and how much you can trust them.
Being able to point your Cloudflare nameserver records would be nice though, so worst case you'd need to move everything if another registrar had some services you were interested in? Would be curious to know more about how common this scenario comes up and why.
You should check out something like DNSControl. Makes switching or having multiple easy. I have mine going to a bind zone file and cloudflare, and use the bind file for Unbound
I’ve got about twenty domains listed with them. No problems after 2-3 years, but I do wonder whether it’s a good idea to use the same vendor for DNS and domain registration.
Normally a registrar isn't going to have top tier DNS infra so you may as well separate, yes. Exceptions might be CF/Google/AWS/DO, but personally I don't like to use the big guns as registrars in any case. I use Namesilo and never had any issues but on the other hand have never run into any of these sorts of issues either..
I am happily using them for all of my domains they support. The problem with Cloudflare registrar is that they flat out don't support many domains/tlds.
I mean, I am happy for them but this concept of growing a business to an exit is not going well for society as a whole (at least the exits that are in my areas of interest, so I assume it extrapolates to all exits).
Every single business that gets bought out gets instantly enshittified in one way or another, always to the detriment of the customer. Depending on how entrenched it was it takes a different amount of time for people to move on as the new shareholders extract its economical value, but it almost always destroys societal value in the process as the company becomes a shadow of its former self (and hopefully dies, leaving way for the cycle to start again).
I wish there was a way for founders to get rich without the need for an exit, so the business could keep running... but I guess ruthless enshittification is the only way to get rich?
Apologies for the tangent, this is something that's been bouncing in my mind for a while...
I know that I'm basically being trollbait (around here), by saying this, but I personally believe that the very existence of an "exit plan" is a problem.
A business is supposed to be an ongoing, perpetual enterprise. Maybe it grows, maybe it stays the same, but it isn't something that should (in my opinion) be designed as a product, in itself, with a "sell by" date. If it gets brought up, then that's [maybe] good, but it shouldn't actually be in the business plan. It's just a random lifecycle event. We can plan to be ready for it, but it shouldn't be a corporate goal.
It's quite possible to do that. I worked for nearly 27 years, for a company that is over 100 years old. I think the world's oldest company is over 1,400 years old, and just got brought out, for the first time, about 10 years ago.
Agreed. Promising stuff like "Hey we built this because everything else is bad" and then years later selling it to a company that turns it bad is somehow even worse than classic bait and switch.
Sell it to the employees? It won't be lucrative to selling it to someone with more cash than sense, but it may be more likely to preserve the value. There's no guarantee of course, and there's so little experience societal wide in running an employee co-op.
There are a few employee co-ops, but I don't know how good they are. Over here in the UK we have the Co-op[0], which is a national chain of small local shops. It's a consumer co-operative rather than a workers' cooperative, though. I don't know how well it works, or what its challenges are, but it definitely exists.
The Co-op (referred to in [0]) is also a bank, funeral directors, insurer, and solicitor! They're really quite successful to be honest.
Nationwide is another example of a successful cooperative as well (large UK bank, particularly in the mortgage space). They're customer and employee owned I believe, my wife and I got £200 last year as a profit share for being customers.
I'm a huge fan of the model, but it's difficult to get going. I think they're also more expensive to run as their operations tend to be a little more complex.
It's absolutely tiresome having to keep up with that rat race for everything. And if that principle actually worked then enshittification wouldn't be profitable to engage in to begin with.
> I mean, I am happy for them but this concept of growing a business to an exit is not going well for society as a whole
Oh yeah, I fully agree with the enshittification sentiment.
Admittedly, a DNS registrar for me personally is something I'd just swap without much thought but I can think of a few services I use where I wouldn't be so loosely coupled from the product if those founders were to exit.
It's a bit paradoxical on my part I think and I do wish we had more lifestyle businesses that don't have to become massive.
Mind you, I would have put iwantmyname in that basket now that I think about it.
Yeah I was a fan, had every domain with them that I could! But once they were acquired their .org renewal prices just did not make sense any more, and they were missing some functionality that I thought was crucial and didn't seem inclined to add it (can't remember what it was now, maybe MFA).
Domains are like car insurance – there's no reward for loyalty, so makes sense to shop around come renewal time.
HN is just a news aggregator. Being a participant does not mean one agrees with YCombinator's business practices, nor does it imply any other requisite opinions.
I really wish BrandShield didn't use AI as a marketing term. It just looks like it's doing a generic ctrl-F on webpages?
Then things like this happen, and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place, and the real issue was that they sent a "fraud/phishing report" rather than a "trademark infringement" report.
Then I also wish that people who knew better, that this really has nothing to do with AI (like, this is obviously not autonomously making decisions any more than a regular program is), to stop blindly parroting and blaming it as a way to get more clicks, support and rage.
I find that businesses that bill themselves as ${TOOL}-users instead of ${PROBLEM}-solvers are, as a general rule, problematic. I couldn't possibly care any less whether a product is built on AI or a clever switch statement or a bazillion little gnomes doing the work by hand. I care that it solves a problem.
AI does need to die. Not so much because LLMs are bad, but rather because, like "big data" and "blockchain" and many other buzzwordy tools before it, it is a solution looking for a problem.
The AI hype is annoying in my field as well. AI can have its uses, but we already figured out where to use it in my field ages ago. That doesn't stop people from hyping nothing though.
Yes. If your business solves a real customer problem and uses "blockchain" to do it, that's great, but you should describe yourself as a tool to solve the problem. If you mention blockchain on the homepage of your product at all, it should be treated with suspicious. It's a sign that you're speaking to investors and fools and not to savvy customers.
One exception: personal projects. "This is an NES emulator that is built in Rust, and it uses Rust because I wanted to learn Rust" is a perfectly good description of a project (but not a business).
> This is an NES emulator that is built in Rust, and it uses Rust because I wanted to learn Rust
Arguably, in this scenario, learning rust is the "business need" and the NES emulator is the tool :)
But yeah, exactly. A blockchain is, technically, just a content-addressable linked list. A Merkle tree is the same, as a tree. Git's core data structure is a DAG version of this. These things are useful. Yet nobody calls Git "blockchain technology", because what we all care about is Git's value as a version control tool.
> and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place
That haphazard branding and parroting is exactly why the bubble needs to burst. Bubbles bursting take out the gritters and rarely actually kills off all the innovation in the scene (it kills a lot, though. I'm not trying to dismiss that).
Exactly this, if you give a hoot about actual useful applications for AI, there is a great need to clear out all the grifters and scammers attracted by the initial hype cycle.
It's possible they were using LLMs (or even just traditional ML algorithms) to choose if a certain webpage was fraud/phishing instead of mere trademark infringement, though. In this case it makes sense that one would be angry that a sapient being didn't first check if the report was accurate before sending it off.
More than the hypothetical risk of Earth being consumed by a paperclip-making machine, I believe the real and present danger in the use of ML and AI technology lies in humans making irresponsible decisions about where and how to apply these technologies.
For example, in my country, we are still dealing with the fallout from a decision made over a decade ago by the Tax Department. They used a poorly designed ML algorithm to screen applicants claiming social benefits for fraudulent activity. This led to several public inquiries and even contributed to the collapse of a government coalition. Tens of thousands of people are still suffering from being wrongly labeled as fraudulent, facing hefty fines and being forced to repay so-called fraudulent benefits.
Perhaps in certain cases requiring someone to sign off, and take the blame if anything happens, would help alleviate this problem. Much like how engineers need to sign off on construction plans.
If the legal system is not itself either fundamentally corrupted or completely razzle-dazzled by the AI hype... and I mean those as serious clauses that are at least somewhat in question... then there are going to be some very disappointed people losing a lot of money or even going to jail when they find out that as far as the legal system is concerned, there already is legally speaking some person or entity composed of persons (a corporation) responsible for these actions, and it is already not actually legally possible to act like a bull in a china shop and then cover it over by just pointing to your internal AI and disclaiming all responsibility.
The legal system already acts that way when the issue is in its own wheelhouse: https://www.reuters.com/legal/new-york-lawyers-sanctioned-us... The lawyers did not escape by just chuckling in amusement, throwing up their hands, and saying "AIs! Amimrite?"
The system is slow and the legal tests haven't happened yet but personally I see no reason to believe that the legal system isn't going to decide that "the AI" never does anything and that "the AI did it!" will provide absolutely zero cover for any action or liability. If anything it'll be negative as hooking an AI directly up to some action and then providing no human oversight will come to be ipso facto negligence.
I actually consider this one of the more subtle reasons this AI bubble is substantially overblown. The idea of this bubble is that AI will just replace humans wholesale, huzzah, cost savings galore! But if companies program things like, say, customer support with AIs, and can then just deploy their wildest fantasies straight into AIs with no concern about humans being in the loop and turning whistleblower or anything, like, making it literally impossible to contact humans, making it literally impossible to get solutions, and so forth, and if customers push these AIs to give false or dangerous solutions, or agree to certain bargains or whathaveyou, and the end result is you trade lots of expensive support calls for a company-ending class-action lawsuit, the utility of buying the AI services to replace your support staff sharply goes down. Not necessarily to zero. Doesn't have to go to zero. It just makes the idea that you're going to replace your support staff with a couple dozen graphics cards a much more incremental advantage rather than a multiplicative advantage, but the bubble is priced like it's hugely multiplicative.
The comment you are replying to is using commas correctly: it's partitioning off a clause of the sentence as a side phrase that can be removed, and the resulting sentence is a fully grammatically-correct sentence. If you really hate commas, you can replace the commas here with parentheses, but honestly, I prefer the commas here.
I agree with the parent that in formal written English, the comma would be incorrect—cf. the "In compound predicates" section in [0]. But I disagree that the sentence is hard to parse as a result, and I doubt many would think twice about it given that we're on an informal internet message board.
The comma is a soft pause. We do this all the time in spoken language in order to break up an otherwise potentially ambiguous or hard to understand utterance, but it is basically dialectal. In writing that purposeful pause because a comma.
You can then analyze when such pauses are used in formal language, and infer rules for their use. But those rules aren’t going to be 100% consistent, and a violation of those rules is not a grammatical error in the sense that subject-verb disagreement would be.
TL;DR you said “majority” not “every.” That distinction is key.
Please say something like "here in [insert country name]", or "back home in [insert country name]" intead of "in my country", otherwise we have no idea what you are talking about.
Unfortunately I can no longer edit my original comment. It is about the so-called "Toeslagenaffaire" (childcare benefits scandal)[1] in the Netherlands.
Also, here is a blog post[2] warning about the improper use of algorithmic enforcement tools like the one that was used in this scandal.
When AI is being used as a cover for the bad/questionable behavior the company was already doing then there is no bubble to burst. The performance of the "AI" doesn't matter, only that it throws up a smoke shield in front of the company when people call to complain about the abuse.
I fear that ship has already sailed. I think the grifters and scammers have already abused the term enough that even decent uses of it are now tainted. I know that the two aren't strictly the same, but I would suggest using "Machine Learning" instead, which I think has more respectable connotations.
I mean, whether this has anything to do with AI or not (I’d buy that they’re using LLMs to write abuse letters or similar) it fits very nicely into the general pattern of AI breaking the internet through an endless deluge of worthless misleading spam. So, perhaps call it honorary AI?
I noticed that iwantmyname has very little presence on social media: no bluesky account and a twitter account that posts once or twice a year. That wouldn't necessarily be a problem if they responded to emergencies like this promptly, but they clearly don't so it is.
I also wonder if their "automatically disable" policy takes size/importance of site into account. Is this how they would treat all their domain owners, regardless of significance?
Brandshield is bad for overreacting, and iwantmyname is very bad for hosting such a crucial infrastructure, and having not responded to a paying customer with a good track record. I honestly don't think time of day matters, as long as the nature of the service is that it's provided and used 24/7, support staff should also be there 24/7.
> Because of this, I honestly think they're the malicious actor in all of this.
While I agree, the people who hired them are equally culpable. You don't get to wash your hands of the mess just because someone else is doing your dirty work.
I'm in the outraged crowd and there should be pretty serious consequences, but it is important in the interest of justice to differentiate between fraud, negligence, and gross incompetence.
Whilst I agree in principle that deliberate disruption of other people's websites/serivces should be more harshly punished, I don't think it's particularly practical. There's so many ways that modern companies can obfuscate the reasoning behind what they do, so I've come to the conclusion that if they're causing harm to someone else, then they should be punished/made to pay no matter their excuse.
If companies hide behind negligence/incompetence, then we need to make it costly for them to be negligent/incompetent.
Looks like AI is becoming a perfect excuse to do whatever you like.
It's like having a dangerous dog that usually doesn't bite, but you really cannot know if it will change its mind one day. Do you just let such dog walk the streets without owner supervision?
As general rule, I find that sort of thing to be an over-reaction, but submitting a complaint for phishing instead of a plain old DMCA takedown does warrant it.
It does but there's no actual way to get legal recourse for false DMCA notices or anything similar. The legal system is stacked for the abusers to have their way and the victims to have no recourse, regardless of how egregious the abuse is.
No, the perjury aspect of a DMCA takedown (which isn't even applicable here as that's not what they did) is if you don't actually represent the person that you claim to be filing a takedown on behalf of.
I've had the same thing happening; I run a simple forum, and some years ago people were discussing a manga, posting images of fan translated pages.
My hosting party (Hetzner) forwarded the emails and / or put it in their own system, I removed the offending images / page, replied to the email, and done, right? Wrong, the email said I had to fill in a statement through some online form somewhere; I did that too late and got more and more threatening emails like "pack your shit we're evicting you in 24 hours". Nobody seemed to actually read my replies / explanation, probably because this is so routine for them.
And I get it, nobody can be arsed to read longwinded explanations and the like for routine operations. I hope AI assisted tooling will help the overworked support employees with making decisions in favor of giving people the benefit of the doubt and the help they need; for them it's routine, but for me it was the first time I got anything like that.
It's surprising that this happened at all. Isn't it in most business's best interests to be aware of their most high-profile customers? If this was an automatic process, it's pretty disappointing that it even occurred. If I was running a SaaS, I'd probably want to mark my important accounts so an actual human has to investigate any raised alerts instead of being dealt with by a cron.
Something being in a business's best interests is very far from a guarantee that it'll happen.
I've worked on a team in a household-name big tech company where our mission was almost exactly "make sure we're not blowing up our most important customers for no reason". It's not nearly as easy as it sounds: defining who's important is hard, and defining what should and shouldn't be allowed is hard, and then implementing that all correctly and avoiding drift over time is tricky too.
Domain names themselves are a loss leader for registrars. They make money by upselling customers on hosting, email, certificates, analytics etc. So if you are just paying a couple dollars a year for a domain name and nothing else, your profile doesn't really matter. You are in the lowest tier of customers.
Lemme use this opportunity for having your attention to suggest some form of collaboration or even a merger with the Godot game engine:
• itch.io users could launch the Godot Web Editor to quickly make prototypes or simple games right on itch
• Publish from the native Godot editor directly to itch.io
• Godot adopts itch.io as the official asset store for art packs etc.
• Introduce social features for devs and artists to collaborate with each other:
• A publisher could choose to add a “Fork” or similar button on their itch.io game page that downloads and opens the project source in Godot. • All "forks" published that way would include a link to the original game's page, and so on.
I think Godot+itch could/should become the Github of Games :)
Did this account violate your ToS or the actual law? While I totally understand where are you coming from and I would probably be forced to do the same, I still tend to believe that closing a fan account is exactly the same thing that your registrar did to you.
It's not optimal, but he must choose between every published game there and one fanpage.
Besides that, there are so many websites with copyright content that never changes the domains, is just the domain registration bad or why they just disabled the domain?
> Take a look who is they registrar and then look their prices up.
So, in case anyone is interested, their registrar is MarkMonitor Inc., with a pricing of "contact us". The only pricing info I could find [0] said that it's 20$/yr for a .com, but with a minimum spend of 10k$ (probably reached by using their other services, such as the stated purpose of monitoring of trademarks).
Smells like tortious interference to me... and likely some form of perjury. I'd probably stop talking to them now that service is restored and get in touch with legal representation.
I wanted to take the time to thank you for the service you provide. itch.io is unvaluable to the indie community, and I'm perplexed when I see some devs complain about issues like this. Thabks for all your work.
For what it's worth, I know Namecheap gets a meh rep, but we've been on the receiving end of several phishing/copyright reports and have responded across the spectrum in terms of time span. We've responded immediately. We've responded with an hour or so to go. In all cases, Namecheap has somehow responded quickly and resolved the issue.
I coincidentally just this past week ran into a major issue with Namecheap on a fraudulent domain marketplace sale that they did not resolve properly or in a timely manner. They deserve their meh reputation. They were decent about a decade ago. Come renewal my domains up for sale are moving to Dynadot. Was considering porkbun but I sense they are heading the namecheap way.
Some of the comments and feedback I'm seeing in the reddit: https://old.reddit.com/r/PorkBun/. But then again I don't have any firsthand experience with these issues, so who knows. Are you having good experiences with Porkbun?
Hey, perhaps you can mediate the impact by providing an alternate way to access the site (IP, alternative domain) and posting it somewhere people will see it (bsky, here, ...)? Realistically , this may take days to resolve.
So it sounds like this was DMCA abuse by Funko, aided and abetted by BrandShield, and it resulted in damages to you. Also sounds like iwantmyname just went along with it, they are probably conditioned to do so by the rules.
I would write up a complaint and send it to the incoming FTC Commissioner. Yes, I'm serious. From the signals Trump is sending if there is ever a time when Republicans may support some form of DMCA reform, it's now. He's on record talking about punishing Big Tech and supporting "Little Tech." You're Little Tech. Send copies of your letter to Funko and BrandShield. Also reach out or at least send a copy to Matt Stoller, the guy who publishes a very popular newsletter about monopoly, anti-trust and corporate abuse in America, he will be interested. Go for the throat.
But the DMCA is the only legal mechanism for demanding swift action from a registrar/hosting party without the involvement of a judge, at least FAFAIK. So if this wasn't a DMCA takedown, then the registrar was acting completely of their own volition and should be liable for all fallout.
No, sadly it's not. These are private companies.. if you write to them and tell them to take a site down for "reasons" and they think the "reasons" are good enough, they'll do it.
Unfortunately "serverHold" goes above registrars. I learned this the hard way. There's a variety of watchdogs that false flag things all the time, and a handful of tld's that will blindly obey these orders. I'm guessing io is one of these. You'll have to escalate it with them, though I was never successful. Good luck.
Unfortunately the domain has a hold placed on it by the registrar, so I believe transferring is disabled. I also wouldn't want to risk doing a transfer at an hour when their staff aren't available to help with the current issue.
> The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this.
I feel like there's also some missing layer of infrastructure here.
itch.io, like a lot of sites (HN being another), is meant to act as a host of user-generated content, over which the site takes a curatorial but not editorial stance. (I.e. the site has a Terms of Use; and has moderators that take things down / prevent things from being posted according to the Terms of Use; but otherwise is not favoring content according to the platform's own beliefs in the way that e.g. a newspaper would. None of the UGC posted "represents the views" of the platform, and there's no UGC that the platform would be particularly sad to see taken down.)
I feel like, for such arms-length-hosted UGC platforms, there should be a mechanism to indicate to these "brand protection" services (and phishing/fraud-detection services, etc) that takedown reports should be directed first-and-foremost at the platform itself. A mechanism to assert "this site doesn't have a vested interest in the content it hosts, and so is perfectly willing to comply with takedown requests pointed at specific content; so please don't try to take down the site itself."
There are UGC-hosting websites that brand-protection services already treat this way (e.g. YouTube, Facebook, etc) — but that's just institutional "human common sense" knowledge held about a few specific sites. I feel like this could be generalized, with a rule these takedown systems can follow, where if there's some indication (in a /.well-known/ entry, for example) that the site is a UGC-host and accepts its own platform-level abuse/takedown reports, then that should be attempted first, before trying to get the site itself taken down.
(Of course, such a rule necessarily cannot be a full short-circuit for the regular host-level takedown logic such systems follow; otherwise pirates, fraudsters, etc would just pretend their one-off phishing domains are UGC platforms. But you could have e.g. a default heuristic that if the takedown system discovers a platform-automated-takedown-request channel, then it'll try that channel and give it an hour to take effect before moving onto the host-level strategy; and if it can be detected from e.g. certificate transparency logs that the current ownership of the host is sufficiently long-lived, then additional leeway could be given, upgrading to a 24-72hr wait before host-takedown triggers.)
So Linode hosts your server, and iwantmyname provides your domain? If they want they can take down your server and your domain? Is there any server provider / domain provider who doesn't hold that kind of power?
Some companies have always been terrible about this. Fan projects involving companies like Nintendo or Take Two Interactive (GTA) are like lawyer bait. Disney has hired lawyers to sue a daycare center that had (clearly unofficial) character art painted on the walls. It's dystopic, but it's the world we live in.
I didn't really expect Funko or 10:10 Games to be like that, but then again I didn't expect anyone would like Funko enough to make a fan page about their dolls.
Other companies allow fans to do pretty much whatever you want with their IP as long as you don't turn it into (too much of) a business. Sega has even hired a fan for their remasters rather than DMCA his project into oblivion.
When companies do this, I interpret this as the company giving a clear message: "don't be a fan of our work or we may apply legal pressure".
It's just so surprisingly tone deaf when things like this are done by companies that exist purely within the goodwill of their customers. Nothing that funko brings to the table has inherent value. If they have any world outlook other than to love their customers as much as they can, then they will fail in a time measured in quarters.
I'm pretty sure Funko used their service in good faith and didn't know it's based on over-aggressive AI bullshit. They're still on the hook for picking a bad company to partner with, but I don't think they intended to take down the entire domain.
I don't see a large message on the Funko site with a profuse apology for taking down Itchio. This indicates to me they fully endorse their action and are not willing to make amends.
Former employer worked a little with Funko and Disney, and it was pretty comparable. I don't see what Funko has to offer other than Licensing IP and strictly enforcing their own. Based on my (limited) experience, I doubt they chose this service by accident.
Just gonna point out that the Nintendo going after fanworks bit is a tad blown out of proportion, especially online. They're definitely known for being way too heavy handed (especially compared to the likes of Sega), but they're not exactly going after every fan project they see on the internet. Large sites whose entire purpose is to host fan games and mods for the Mario, Zelda, Pokemon, etc series have been up for decades without any issues, and most mods and homebrew projects for consoles older than the Wii U or Switch are going fine.
Unless a project is going viral in the media, raking up in a significant amount of money via a paywall or is directly competing with a current game, the chances of it getting shut down are incredibly low.
Nintendo also is responsible for keeping Dolphin off of Steam. Dolphin wanted to get on steam for improved steam deck integration and Valve reached out to Nintendo who said, essentially : Lol fuck no we will ruin your life
The courts have told Nintendo numerous times that they are in the wrong in this behavior and outlook. They have no legal means to keep Dolphin off Steam and it is a matter of judicial record that emulators are not an infringement of your IP on their own. Nintendo doesn't care and openly discusses their intent to make you suffer through lawfare. A just system would smack them down with a vexatious litigant label, but our system gives businesses infinite benefit of the doubt.
You'd think, or hope, but GoDaddy and other actors proved over the years that this is not the case. I think that the kind of site most impacted by an event like this are social sites, where if people leave, they might take their networks with them. But a normal b2c service provider just needs to update their PR and prices and business will be back to usual.
I never understood that urge of people to do "fan pages" (or fan anything, without the permission of the original creator) while at the same time blatantly ripping content.
This kind of impersonation/defamation is one of the edge cases where its good to have a DMCA process. You want to quickly take down something like this and then deal with the slow legal stuff over time.
They have a DMCA process. As far as I know it only helps in a case like this if they sue Funko or the brand management service. Itch is a small indie operation funded by actual commerce, so might not be able to afford it.
That's extremely disappointing from iwantmyname. While I haven't used it, it was always on my mind as a potential registrar when buying a domain. I think I'll have to reconsider.
There's obviously somebody to blame. Somebody getting a legitimate domain taken down for hours should have consequences, if only to make mistakes more expensive for trigger-happy automated "IP protection" services (the only signal they'll probably understand).
The question is just if itch.io has the funding and energy to actually pursue the matter legally, now that it's technically resolved. I couldn't blame them for just changing registrars instead.
As noted above, what used to be a cool little Wellington-based company got bought by some offshore conglomerate. Lenz himself left about five years ago.
It's crazy how downhill Gandi went in 2 years. Went from decently priced French registar to basically asking for 70€ a year for a mailbox and lately asked me for over 40€ to renew a dot dev domain. I ended up transferring all my domains due to this.
Gandi went sour when the original French company was forced to open a separate company for the US several years before being sold. IIRC it was related EU privacy but they publicly stated it was about credit card processing.
A similar thing has happened to me before. There is a company with the same name as my surname with a trademark for it.
When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good. The problem was that the registrar and its support then ghosted me and also never refunded me for the money already paid to lease the domain for a year. Overall it was a bad experienced with bad communication that made me switch registrar (note: this was a different registrar than mentioned here).
I think one of the problems is that as more and more individual consumers buy domains, certain legal processes and automation are not ready for that. A good registrar should anticipate that an individual private consumer may not have the legal experience or knowledge to deal with just being hit with something they were never explicitly warned of.
> When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good.
I don't think this is good.
Trademarks are country-specific, not global like domains. Further, within a country trademarks are only valid within the scope of certain classes, which means:
* There will often be more than one trademark holder of even non-surname trademarks.
* You can't trademark a surname to prevent its use generally, you can only restrict its use in a narrow sphere.
I understand why domain registrars automatically overenforce their country's trademark laws (they can't deal with the legal complications that will result from them not doing so), but it's very much not good that someone like you can get to a domain for your surname first and be told you can't have it in case the trademark holder (for which class???) might want it.
> Trademarks are country-specific, not global like domains.
Domains are also subject to local law! For ccTLDs, it's usually that of the country in question; for gTLD, to my knowledge the US has effective jurisdiction (through ICANN) over at least some of the popular gTLDs such as .com and .net.
"Local law" in this case doesn't just include actual laws on the books, but also the risk and cost of getting sued by either a trademark holder or a non-trademark-infringing domain owner.
This is exactly the type of issue that people usually don't consider when picking a TLD, vanity or otherwise.
> I think one of the problems is that as more and more individual consumers buy domains
Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking. As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
> Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking.
Yes, but a segment of the domain market still buys their name domains and defends them on the Internet.
I bought my fname+lname domain a few years ago, but I'm not planning to surrender it to a random conglomerate.
> As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.
A deep part of me hopes this part of the market never dies, for the good health of the Internet's sovereignity.
The percentage share of personal domains doesn’t tell you everything. More and more consumers probably are buying personal domains just by the nature of it getting cheaper and easier to host and there being more people on the internet year over year. Could be proven wrong though because I don’t know how to get the numbers.
Trademarks are country specific while domain names are not. Would be interesting to know what happens if they took this to trial (in which country though).
Of course I'm not talking about the DNS implementation!
But you're right, I could be more concise with my words, in the interest of making this a more inclusive forum.
First things first:
>I don't get what DNS has to do with any of this
DNS means Domain Name System. Domain names are resolved to IP numbers (think of that like the unique phone number of a particular computer in the internet) using DNS. Registrars manage what entries go in/out of this DNS. Registrars are a player in this whole technical/social system we agreed to follow called DNS.
With regards to intellectual property and domain names, consider all of these scenarios:
A. Someone owns trademark.com, somebody else owns "The Trademark" in the US. Is there copyright infringement?
B. Someone owns trademark.com, somebody else owns "The Trademark" in Vanuatu. Is there copyright infringement?
C. Someone owns trademark.de, somebody else owns "The Trademark" in the US. The site is overwhelmingly accessed by people who reside in the US. The site provides a service identical to the one provided by "The Trademark" in the US. Is there copyright infringement?
D. Someone owns trademark.de, somebody else owns "The Trademark" in the US. The site is overwhelmingly accessed by people who reside in Germany. The site provides a service identical to the one provided by "The Trademark" in the US. Is there copyright infringement?
E. Someone owns trademark.de, somebody else owns "The Trademark" in Germany. The site provides a service identical to the one provided by "The Trademark" in the Germany. Is there copyright infringement?
F. Someone owns trademark.de, somebody else owns "The Trademark" in Germany. The site provides a service completely different to the one provided by "The Trademark" in the Germany. Is there copyright infringement?
Can you see now, how domain names and trademarks are naturally decoupled?
Edit: Sorry! On a 2nd read I caught myself making the same mistake again. By "naturally decoupled" I mean that effects (set of rules, jurisdiction, law, etc...) that apply to the first entity (domain names) do not necessarily apply to the other one (trademarks).
Now that it’s morning, I realize that the comment I was replying to wasn’t asking about itch.io’s registrar, but was actually a reply to a post by sureglymop.
Basically I didn’t notice the very slight indentation on my phone. Whoops.
I don’t know who sureglymop‘s registrar is. I’d encourage them to name and shame, refusing to refund is unacceptable.
How would you know whether Modified3019’s comment is factual and correct? sureglymop wrote “note: this was a different registrar than mentioned here”, and they haven’t written any other comments in the thread that might identify the registrar.
Update: Turns out GP simply replied to the wrong thread, so it was just a typical case of "downvoting takes less effort than pointing out a mistake", I suppose.
The chain of culpability, in my view as an outsider, goes iwantmyname > BrandShield > Funko Pop.
Funko Pop hired BrandShield, but from what I understand they did so exactly because the latter does all the work without you having to intervene. Kind of like you hiring a lawyer and them using ChatGPT to present the case, full of errors and non-existent sources. The lawyer might have been acting on your behalf, but they didn’t really do so according to your intentions and their fuck up isn’t your fault. On first view I’d say BrandShield is a culprit here, but can’t be so sure about Funko Pop yet.
On the other hand, iwantmyname is absolutely at fault. They took down a client’s website without asking or recourse, then sat on their asses. That’s who you sue, because they’re the ones who ultimately had the power and made the decision that affected itch.io. If iwantmyname wants to sue BrandShield and/or Funk Pop or whatever else in turn, none of your concern. The one’s who hurt the business were iwantmyname by not doing due diligence or contacting the client but just automatically bending over.
Now if they should be sued in Britain or New Zealand, that’s for the lawyers to know.
In fact, all of this is for the lawyers to figure out. I’m not one. I’m merely expressing what makes logical sense to me, which could be incredibly wrong.
If you hire the bad lawyer and loose the case, the lawyer won't serve your penalty. If Funko authorizes anyone to represent them, they are responsible.
You don't necessarily have to sue them in their place of registration if they're doing business elsewhere. "Defending trademark rights" probably counts as that.
Of course the problem is that legally speaking, they don't cause any damage - service providers they target cause the damage. BS have no true authority over these service providers, just the threat of some legal claim. The service providers comply voluntarily as they don't want to spend time checking if the claim is valid.
IANAL either, but my guess is that itch.io has precisely 0 plausible legal recourse here.
The strongest case would be something along the lines of breach of contract via the domain registrar, but your standard internet contract has a term in it that amounts to "we get the right to fuck you", so I assume that applies here, so no breach of contract actually exists. This also kills every claim that's dependent on breach of contract, so tortious interference is also dead.
Fraud will fail because itch.io itself isn't being defrauded at the very least. Business disparagement, and anything else along the lines of defamation, is going to fail because you need something like actual malice--specific knowledge of falsity--there, and that's essentially impossible to prove, not without somebody admitting that they knew all along everything was false.
Tortious interference is dead for several reasons. First, you need an underlying tort, which, as detailed above, probably doesn't exist. Next, you need specific knowledge of the contract being broken. Finally, you need intentionality here: it's not "I did something that caused the contract to be broken", it's "I did something to cause the contract to be broken." Outside of somebody jumping up and down shouting "I'm tortiously interfering with your contracts," it's basically impossible to prove tortious interference.
> you need something like actual malice--specific knowledge of falsity
IANAL, but as I understand it the definition of malice also includes "reckless disregard for the truth". I'm sure a good lawyer can argue that not having human lawyers review, investigate, and confirm computer-generated abuse reports before sending them to outsiders constitutes a reckless disregard for the truth.
A lawyer might argue that, but it's not going to be a compelling argument. Recklessness is generally a conscious disregard of the consequences; as applied to defamation-like claims, it's generally seen as "you specifically voiced doubts about the truth". Failing to vet automated abuse reports is going to be at best negligence (and I'm dubious of even that, because given the nonbinding nature of abuse reports, it's not clear there is even a duty to candor in abuse reports that one can be negligent of), absent internal complaints about "the accuracy of these things is total shit".
Knowing that you'll absolutely generate false positives and not providing a method of automatically fixing those would be a deliberate action, not recklessness or negligence. I wouldn't be surprised to find code that pings staff based on account size.
It seems like providers could remove themselves from the situation by just giving their clients a "fair use!" response button?
Clearly I'm not a lawyer either, but isn't accusing someone of doing something that is not true and that can have legal ramification a suable behavior in the US?
Eh, dunno about that. They made what would appear to be a false complaint; hard to really consider what was going on here ‘fraud and phishing’!
That the magic robot perhaps did it for them matters not at all, in terms of whose fault it is, though a proliferation of magic robots does make junk services like this more of a problem, in that they can flood the internet with nonsense more effectively.
Then there needs to be some cost associated with sending a completely false claim.
Doesn’t need to be huge – just enough to cover their cost and thereby make it uneconomical to outsource the work these companies are charging their customers for to their targets.
Yes, but also you need to bring your legislators to heel. It is entirely their fault.
That you have grifters like brandshield is a symptom. Although you should never employ their lawyers for anything either of course. Make the taint stick to them.
Personally use Porkbun since Namecheap's API is poorly-documented and they attempted a KYC audit for purchasing a $100 domain.
I am fine with the identity verification, but their ticketing system seems to have sent all of my e-mail to their spam box, because they would never respond. I attempted opening tickets explaining the e-mail situation, but they wouldn't listen. In the end, I gave up and let them deactivate the account.
Moved to Porkbun, purchased the exact same domain (no KYC required!), and have been a happy user of their API for about two years now. They also have much more lax requirements for API usage compared to Namecheap. Porkbun also supports WebAuthn and logging in with a security key. It's overall a much nicer service than Namecheap.
That kyc thingy is icann requirement, its how domain registration works. Icann require every accredited registrar to verify registrant details so registrar would randomly ask for id, passport etc. That include porkbun, they're bound to their contract with icann as an accredited registrar too. They probably won't ask today but maybe tomorrow, or next week, or next month, or next year, or never.
They already got your details from your card details and decide its enough. Something like vpn, using niche browser, details on card not tally with registration details etc etc would throw off their threat mitigation system. Also different business operated differently, their payment gateway behave differently etc etc. Too many random factor to avoid xxx specific registrar because they ask for kyc when the kyc itself is a requirement.
The requirement in the contract is nowhere near that specific. Contact info validation is sufficient for almost all registrars. It's possible a given registry has higher standards, or maybe one registrar got some order to be more thorough, but great reason to avoid given this is a commodity and there are actually good alternatives. (I broadly like Tucows and Cloudflare)
Namecheap is on my NO NO NO list, along with GoDaddy (and a bunch of others). Google Domains was also on this OH GOD NO list, but thankfully Google did the Google thing and killed the product.
Most of my domains are on Namecheap since the times when wikipedia's domains were there. Hopefully, my low-key personal domains are of no interest to anyone...
I've been using IONOS (formerly 1und1) for the last 20 years for all of my DNS and hosting needs and couldn't be happier. Their uptime, non-obtrusive policies, and customer support have all been top notch. Can't recommend enough.
As an example; I had a dedicated server that I was leasing that I wanted to upgrade, the sales tech noticed that the plan I was currently on had been retired/replaced and credited my account with difference of what I had payed vs the new payment tier which amounted to six months of billing on the upgraded server. You can't really put a price on that kind of honesty!
Back when I was using them, their ToS disallowed a whole lot of perfectly benign content, like pictures of celebrities. If you had a blog about movies and posted a picture of an actor, your account would get deactivated and your data simply deleted. I wouldn't ever trust them for anything I care about.
I read this as you having to contact them in order for them to credit you for overcharging you for a retired product when the replacement equivalent was priced lower.
Why didn't they proactively inform you that your service was retired and there was an alternative available?
It sounds like this must have been going on for a while to be worth 6 months of service in difference alone.
I left 1and1 close on 2 decades ago. If you consider this a story of good service, then I would suggest you try some other provider.
I strongly encourage people to only recommend domain registrars if they have verified that customer support won’t completely fuck you over when something goes wrong. Recommending registrars when you’ve only experienced the happy path is doing a disservice to the people you are trying to help out.
Namecheap gave me a quick response and help when requested support regarding a DNSSEC issue. So not everyone has bad customer experience when they needing it.
easyDNS still seems good for those who want a more old style "full fat" registrar like gandi was? I know some folks I respect who have long used it alongside Route 53. Though they don't appear to support hardware tokens which is a major black mark in my book in 2024.
As well as Gandi, DNSimple was another higher service one I really liked that went crazy on pricing. Agreed the registrar scene nowadays seems like a quite small "do use" list vs a couple of "don't use" :(.
I've been using easyDNS for 5(10?) years... Never had a problem with them and highly recommend them. I do 'hobby stuff' - nothing fancy, but it always just works. One time I called to ask if they support wildcard sub-domains (www..example.com or whatever..example.com) and actually had a real engineer pick up the phone :-) (btw - it did work, very well actually :-) )
The backup mail spool is nice too...
all in all - not the cheapest - but worth the piece of mind in my book :-D
All diffs given against the $31.38/3yr wholesale price from Verisign+ICAAN.
Not sure how that qualifies as "outrageously expensive".
You can make your own trade-offs, but for something that's literally the foundation of my online identity, business, etc I'm willing to pay $3.50/yr over wholesale for a company with a reputation, support, and generally aligned incentives.
You may choose to instead tie your online identity and business to someone charging less than cost to save half the price of a big mac a year. But I will find it hard to dig up much sympathy when we all find out _how_ they're planning to make money doing that.
You can use any registrar with R53, so it's more like:
if you really need to have domain registration written in Terraform and the other registrar doesn't provide it
I'm also looking to move my domains out of gandi but stay with a european registrar. Did someone try netim customers' service?
They say on their "about us" webpage that the company is still owned by the founders, so I would think the enshittification hasn't started yet. But if some have experiences to share it would be nice.
Another happy Hover user. Been using them many years. Not the cheapest, but a reasonable markup and works well, and hasn't shown signs of enshittification. Knock on wood.
Well you're not going to get reliable service if you want to know which one is cheapest. You want the professional registrar large corporations use if anything.
I’ve been using Hover since they advertised on 5by5 a decade and a half ago, and never had a single issue. They never bother me nor do I need to remember they exist. I only hear from them when they need ICANN contact confirmation or to remind me a domain is expiring.
I've used Register4Less for over a decade and I've been thrilled with them. They're slightly more expensive than the cheapest options (by a buck or two), but this is more than made up for by the fact that they're the only registrar I've ever used who have proactively reached out about minor issues. Every time I've needed to email them, I've gotten a response from somebody who can fix the problem within minutes.
Though keep in mind that domains registered through CF must use CFs nameservers, you can't point them elsewhere if you need to. They sell domains at cost so of course they want to keep you in their ecosystem so you might pay for something else.
Namecheap has horrendous billing UI with their products, also not PDF so makes it hard for freelancers when you have many domains and your accounts want an PDF. Easiest is a registrar that mails you invoices in PDF.
their billing works just fine, i pay with it all the time.
They support credit/debit cards, bitcoin, and Paypal.
I went with Namecheap especially because of their seamless payment method,
Used to struggle at times paying for my domains with Gandi, etc.
You: "their billing works just fine" [then talking about payments, when I wasn't talking about payments but billing, "The process of sending an invoice (a bill) to customers for goods or services" -Wikipedia]
They have their billing for domains and products spread over several pages, there is not one place in the UI where they have all payments/billing combined, they don't have PDFs as I've stated and they don't sent invoices by email. Their billing UI is horrendous.
I'd prefer a 'do not' list, because 'experience quoted'. Any one of the names you mention could be bought/ new CEO etc tomorrow and start the turdification (tm) slide.
Another happy customer of NameSilo here. A handful of .com, .net, and a .org domain registered with them, and I've never been personally irritated by anything they've done.
They hiked prices massively so I wanted to transfer away, it was a massive shitshow.
Auth-codes given on the website were expired and they took 2 weeks to give me the correct ones near the end of the registry period.
Support was extremely unresponsive. As this this was a side project I couldn't spent time on every day my domain went into quarantine for a short time. They answered 2 days before the end of the rental period, when requesting the auth codes ~2.5 weeks before.
Will never use them again after this experience.
Porkbun is my new home for most stuff and domains.lt for .lt which porkbun doesn't offer yet sadly.
Thanks for Porkbun suggestion, I'll keep that in mind; it doesn't support .at but I'm now tempted to move my other domains there. Gandi used to be good, it's a shame what it's become.
i just moved all my domains off gandi because they doubled or tripled the renewal prices.
i am guessing they are milking their existing customers who don't notice or don't have the knowhow or resources to move their domains, and once those wise up to that they will lose a lot of them
apart from prices their operation didn't seem to change after the sale. although i only have a few domains so i probably didn't interact with them enough to notice anything else
Damn, that's good info. I have all my domains on Gandi and noticed the pricing changes, but I just stupidly assumed that it was something the registry operators were causing. Sucks to have to leave Gandi, their UX is great, no stupid upselling, very clear website.
One of my domains on Gandi was up for renewal. I've noticed they charged ~$140, while Namecheap charged ~$35. Easiest transfer decision I've ever made.
We actually had almost the exact same thing happen to Notebook.ai last month:
- automated notice of trademark infringement from some posted user content, accusing us of "fraud and phishing" (filed by a third party on behalf of Meta)
- that user content was immediately deleted upon receiving the notice
- exactly a week later, our host (Heroku) banned our account with a generic no-reason "Your account has been banned."
Total downtime of about 24 hours until it was resolved; luckily, Heroku's support simply unbanned the account whenever I reached out to ask why we were banned. Migrating to another host wouldn't have taken much longer, but would have been a pain.
Goes to show layering a couple automated processes together can have pretty devastating false-positives. I'm glad there was a human in the loop at Heroku I could reach to get things sorted out relatively quickly; also glad to see Itch.io is back up and got it sorted out relatively quickly as well.
Hm. So Funko sells merchandise related to the Jurassic World franchise.[1] But, according to Licensing International, Mattel licenses the toy rights to that franchise from Universal Products and Experiences, the merchandise arm of Universal Pictures. [2] Also, Funko sells Disney Princess dolls.[3] Mattel announced a multi-year licensing deal with Disney to license the doll rights for Disney Princess dolls. “The courage and compassion found throughout our Disney Princess and Frozen stories and characters continue to inspire fans around the globe,” said Stephanie Young, President of Disney Consumer Products, Games and Publishing. “By furthering our longstanding relationship with Mattel, we look forward to expanding the worlds of Disney Princess and Frozen, introducing an innovative new era of these beloved franchises through captivating products and play opportunities.”
Might be useful to send letters to Disney's and Mattel's legal departments. Mattel paid a lot of money for that Disney license. Disney is very protective of those licenses. Mattel lost the Disney license to Hasbro for a few years due to overproduction of low quality dolls. I'm surprised to see Funko selling low-quality Disney dolls. They degrade a Disney brand.
Why on earth would you send letters? These are all huge corporations with sizeable legal departments. They either know or they should, and most importantly, are paid to handle this. Moreover, you're not likely to be heard or understood by the first line of customer care there, even if this was something they weren't aware of (quite unlikely) but wished they were. It's a waste of time, and something even the biggest altruist would find hard to defend as a sensible effort.
Besides, Disney is perfectly capable of degrading their own brand.
I sent a request to the registrar, and they emailed with this response. They're claiming it wasn't their fault.
--------
Your request has been updated. To add additional comments, reply to this email.
9 Dec 2024, 10:57 UTC
Hello and thank you for your message.
The domain name was already reinstated earlier today after the registrant finally responded to our notice and took appropriate action to resolve the issue
I've experienced the same thing: a YouTube channel deleted without any explanation (the email from Google mentioned spam, even though I filmed all the videos myself), Facebook preventing me from sharing posts from a website (without any explanation), and of course, domain names that get deindexed from Google without any reason (no message in Google Search Console).
I believe we've reached a point where any activity on the web can vanish overnight due to an AI or an algorithm making decisions based on obscure criteria.
I mean at least those are walled garden platforms where this sort of thing we've come to expect. An independent website as big as itch.io going down because of a bogus complaint is a big surprise
That's what I thought. Last week, two of my domains were frozen by the TLD owner without notice, and they'd take them offline altogether in 7 days if I didn't supply some paperwork to my registrar
I've had these domains for ten years, now all of a sudden this is super urgent and if I'm on holiday that'd be a real shame I guess
So I contact the registrar and a link to the relevant legislation was sufficient to send them a perfectly agreeably censored version of my identity document (removing just irrelevant information they can't use or verify anyway), but apparently all they do is forward it to support@afnic.fr and not actually mark the domain holder as verified. So AFNIC, predictably, rejects it because GDPR doesn't exist in France
I saw no other choice but to send everything into AFNIC's email inbox / support system, which famously never get leaked and they assured me was "highly" secured when I asked to at least remove it after verification
With just 7 days' notice and half of that going to the distraction of a registrar, there's also no way to figure out what's even going on or have any sort of conversation. They hold all the cards and you jump when they say hop
I'm considering my options for any TLDs owned by AFNIC... evidently .io isn't better, but how to know who is
I am; I can't buy <firstname>.<anything> because it's a municipality or something in France and so I can't have the domain name for one of their overseas islands like Pierre et Miquelon (.pm). My registrar gave a refund for that one after the registration failed
But that's not the case for the domains AFNIC did grant. They registered successfully and I can still use them, also after this verification sham, AFNIC just insisted that I confirm immediately that I e.g. live where I said I live over ten years ago
I'm well aware that GDPR exists in France btw, but AFNIC is not — or at least has a different interpretation of what "not processing data unnecessarily" and "treating racial, biometric, and gender data as extra sensitive" means (they insisted I send all of these categories over plain email to a helpdesk system; I tried giving them an https link to a .jpg on the domain in question instead, but that was rejected with a "please attach to the email")
It should be illegal for any company to rely on AI or automation to handle legal risks, especially without any human driven support to fall back on. The fact we're handling over things this serious to unreliable and poorly configured systems feels like absolute insanity to me.
Also, why is the domain registrar even being contacted here? I thought the general idea was that you'd first contact the site owner and wait for a response, and if there's no response in a certain amount of time, then you might contact the registrar or something. No one should be going over the heads of website owners and creators for matters like this, especially not as their first resort.
In a logical world, they'd contact Itch.io and Itch.io would take down the page (which they did), and that would be it. No need to involve the registrar at all in a case like this one.
I don't think it needs to be illegal – it should be enough to just hold companies responsible for the consequences, just like they are for using any other kind of technical system without appropriate supervision.
Question to lawyers: is there a colorable lawsuit against Funko and/or Brand Shield if itch.io can demonstrate quantifiable lost revenue for those N days of being offline?
Given that this was apparently a false (and recklessly so, though that's going to be the hard part) report of fraud/phishing and not a DMCA takedown, yeah that sounds like tortious interference.
Slight off topic but interesting that the post has similar interaction stats (replies and reposts/quotes) between Twitter and Bluesky except the likes which are 3x higher on the former https://files.catbox.moe/82x7ue.jpeg
BlueSky seems to be far less like-oriented. They aren't just a good metric of engagement there. People read and move on. If it might be helpful to others, they will repost, and that's it.
Besides, with 26K followers on BlueSky vs 173K on Twitter, I'd say the engagement on the former is significantly higher any way.
For now! The bluesky URL contains "itch.io" (their handle), and under atproto, DNS name resolution is actually an integral part of handle resolution. It will start 404ing if/when relevant caches expire.
I think GP comment meant that when you link to a Twitter thread, logged-out users will only see the single post without any replies. On Bluesky, you can see the whole thread.
Interesting - most Bluesky accounts, especially those related to gaming, are reporting higher engagement stats on Bluesky, at least relatively if not absolutely.
Well of course, your bot is having a wonderful time interacting with other bots. A whole bunch of resources wasted while making everything worse for real humans.
Oh, they've made it to bluesky now as well, unfortunately.
(Though, if you use a moderation service which flags/hides accounts with AI generated imagery, that's close to 100% effective for catching crypto scam stuff. Apparently, your average crypto scammer just can't resist a bit of AI-generated banner.)
I don’t think it’s that surprising; Bluesky is quite big amongst the audience who cares about this sort of thing, and the author isn’t a bluetick so will have visibility relatively suppressed on Twitter.
I am Leonard Somero, I run verysoftwares.itch.io. I have over 300 followers and a game with 20k+ plays that has been repeatedly featured on the front page.
This certainly changed my morning routine! I am glad to hear that the reason wasn't me deleting my Twitter from my page. My first panic reaction was thinking it was me who's caused it, due to some kind of ad revenue conflict.
Ever seen the movie Summer Wars? I felt like the protagonist for a moment there, but glad it turns out it was just some 2020s AI nonsense.
Either way, there's surely an engineer somewhere who's very busy right now.
Everyone involved in this is terrible except itch.io; it's a shame litigation, the available method for redressing this, is often avoided due to the high expense.
As a naive and new adult entering the world, I would have assumed that all you need to do is report this to your police/government, and they'll start a case, preliminarily determine that "Yeah, some sort of fraud happened" and then proceed to start a court case against the accused party so that a jury/judge can determine it's validity.
The fact that lawyers and the "lawyer system", in conjunction with prosecutorial offices and the police, has made this expensive and pretty impossible for 99% of people and companies is a huge problem. It basically nullifies the whole point of government as protector of people's rights and enforcer of laws.
It's very unlikely that anything criminal has happened here, so government is irrelevant. I'm not even sure we're seeing any malevolence, just rank incompetence.
Maybe not "criminal", sure. But even us thinking "oh it's a civil matter, not criminal one" is something conjured up by the lawyers in conjunction with government. It's such a convenient excuse, basically making it so that you as the injured party need to prove something at your own expense - expense that is directly funneled to the lawyer class.
At the very least what happened here is lying in a commercial context. Arguably something that should be illegal, and sometimes is illegal under the banner of "fraud". Again, the definition of fraud is not obvious (despite them arguing it is super explicit in the laws) and we have to rely on the lawyer priesthood to determine what the "sacred texts" say about it. Maybe even rolling some conjured up lawyer-dice and seeing what the Oracle at the Court says about it after they convene a little "ritual" known as a court meeting or deposition.
> invalid DMCA takedowns do open you up to lawsuits
Invalid takedowns don’t open you up to anything. The only risk to takedowns is misrepresenting the purported owner but that’s not the case here and the risk would be from Funko not Itch.
Much of the reason for DMCA abuse is that beyond the notice being assumed legitimate there is basically no risk to the complaining party until they dispute a counter-notification.
Not that this is relevant in this case, as it was not a DMCA takedown. A takedown notice would have been addressed to Itch.
This stuff would be civil jurisdiction in most countries. The Internet adds an extra layer of problems: the registrar, complainant etc may be in different countries, making it practically very hard to get anything done.
Don’t look to large, well-known registrars. I would suggest that you look for local registrars in your area. The TLD registry for your country/area usually has a list of the authorized registrars, so you can simply search that for entities with a local address.
Disclaimer: I work at such a small registrar, but you are not in our target market.
That’s a very SV view on things; i.e. that small companies inevitably get acquired. Most small companies don’t actually get acquired, and are not looking to be acquired.
The simple answer is: Choose a registrar without significant external investors.
Spam is, when it comes to it, basically the only proven LLM usecase at this point. Everything else is all a bit 'jam tomorrow', "doesn't really work now, but it'll be magic soon, we promise!", but it has very much revolutionised the spam industry.
It also works out pretty well for them, as they’re basically /the/ symbol of soulless commercialism, sanding down everything distinctive about characters and producing a cuboid of concentrated Brand. Anyone who voluntarily looks at that and decides they want to be a part of it is already on board with the corporate hellscape, so nothing they do could possibly harm their reputation among their customers.
Since when it is registrar responsibility to take down domains based on third-party reports? I would think to do it registrar needs at least a warrant from officials, and not without a notice of domain owner.
One of my .xyz domain was taken down because one it somehow ended up on a single spam list as Phishing (it was not hosting any phishing, and all the code is actually open source).
I never was able to get it cleared. It's crazy the power that those spam list can have and they care very little about false positives
How many other domains were knocked off by this AI reporting? Seems to me that if you make claims that have business repercussions, you need to be suable for fraud and face civil and possible criminal complaints.
Criminal seems like a stretch (at least for this sort of damaging-a-business stuff), but making false claims can absolutely have all sorts of civil consequences.
How are all these "DMCA Ignored" domain registrars? Do they actually send all DMCA requests to /dev/null? Sounds like using one of those would have "fixed" the problem here.
ugh this kind of stuff just makes me wish DNS was less centralized, even though it's already incredibly uncentralized.. of course it's just all registrars just being a weak point.. as always
Yes? Basically half of them? Some people put federation in decentralised group, some say only distributed is decentralised.
In short: centralised = 1 owner/operator, federated = many semi-autonomous operators to choose from, decentralised/distributed = everyone's an operator on the same level.
With DNS you still have groups of operators who can tell you what to do and they have the main agencies on top of that. I subscribe to the "it's not really decentralised" view.
It's not that I am dumb and I am asking for help with info. I'm questioning the existence of this, there is no reliable source because these are not standard terms in any discipline.
It's not that you are not giving me source because your time is valuable and I'm dumb. It's because there is no source and these concepts don't have any standard rigorous definition.
Google gives me trash. These are trash concepts, nothing written by academics or professionals or standard textbooks, or proceedings of magazines or publications.
Just blogs and cryptonerds (with different definitions).
The network is decentralized, but each domain still has a single registrar, making the service you (domain owner) receive very centralized. If that one registrar misbehaves or is unresponsive, you're out of luck.
You are consistently objectively wrong on the facts. So your subjective take that dns is decentralized is again wrong.
You can choose different TLDs. Don't like VeriSign's .com? Go with a country tld or make your own tld. Also tld are regulated it isn't even an independent private entity.
Finally switching registrars does NOT require cooperation of the losing registrar, but of the upstream DNS.
The sane take is just don't chose a meme registrar from a bullshit country just because it sounds like something else.
There are some recommendations of registrars here in the chat. Let me recommend two:
1. internet.bs No Bullshit Domains. I am using them since 10 years, and I am very happy. Email is comparatively expensive, but you can buy this separately from infomaniak.com for 18 EURO a year.
2. If you need country TLDs, this may be a good option: inwx.com
What does that have to do with the official itch account posting there? How would your seemingly personal beef with Bluesky impact the credibility of that?
It is the same info, you don't need to be logged in to see it (including comments) and can directly verify that it is someone with control over the domain who controls the account.
I mean, with Bluesky you can see the replies; with Twitter if you're not logged in you either get _just_ the post, or you get an error message, depending on phase of the moon. For this sort of thing, Bluesky's clearly more user-friendly.
> Isn't insane that many of the comments are linking the CEO of Funko,
I'd say that it's normal on this site. You are misintepreting the intentions of commenters. No one is doxxing the CEO of a public company by posting a link to their profile.
People should be telling them they screwed up when their corporate behemots run over a small village and they don't notice. Any good CEO can capitalize on that.
Of course, any threats etc. are appalling and personal stuff should be totally left out of this. On the other hand, we should be able to call out the CEO of a company when they behave like this, regardless of what has happened to other CEOs.
> Am I the crazy one for seeing that in relation with the recent Health Care CEO events?
Crazy? Idk. Overreacting, perhaps. Surely the risk of someone planning an assassination over a bit of internet outage is negible. It isn't even clear who the culprit is.
I saw that too. While the jury's out, this is clearly not an obvious "call to arms" or any kind of threat. It may be read that way, so I'd prefer not to have it, but if even stating the name of a CEO is off the table, then that's far too much 'protection', IMO. But, yeah, "fix this" isn't great wording to be using.
I feel that it's been coming for a while though - the first time I noticed this sentiment was when a businessman drowned after his luxury yacht sank in in a storm[1], and there were comments on social media celebrating the event. Whatever you think of the individual or millionaires in general, I wouldn't wish that fate on my worst enemy.
I've never heard of itch.io before but from what I can tell:
- Itch.io is a platform where people unaffiliated with itch.io can create pages and sell video games
- An itch.io user created a game that used Funko's brand without authorization
- Itch.io (correctly) removed that page when they were made aware of that by their registrar and server host, then responded to both letting them know they'd taken care of it
- The server host (Linode) said that was great and closed the issue. The registrar (iwantmyname) did not respond, then a few days later yanked the domain.
This is exactly the sort of thing the DMCA exists for (assuming itch.io is located in the United States) and it's exactly why the safe harbor provisions exist.
It's like if someone posted a copyright-infringing picture to Facebook and Facebook's registrar responded by taking down the entirety of facebook.com.
So no, this is not on itch.io's shoulders, this is on iwantmyname's (for disabling itch.io's domain even after being made aware of the circumstances) and Brand Shield (for not submitting a complaint to itch.io first and waiting to see if they'd take down the infringing user's content before escalating to itch.io's ISP and server host).
Itch Corp might be in the USA - but their registrar is in New Zealand. That seems like a poor strategic choice for both customer service reasons and legal compatibility reasons.
It seems like the owner of the domain received notice from the registrar 6 days ago and immediately took action by removing the content referenced in the trademark claim and notifying the registrar.
But they got no response and instead the domain went down today.
Going directly to the registrar in response to an issue on a handful of pages is akin to getting the wrong change, saying nothing to the person on the checkout, then seeking out the store manager to get them fired.
Note the "fraud and phishing" complaint. Like, I don't see _any_ way to get to that from what's going on, and of course registrars (correctly) take such complaints far more seriously than DMCA complaints (which shouldn't really be going to the registrar in the first instance, of course).
I wouldn't particularly blame the registrar here, though now that 'AI' spamware is doing this, registrars will presumably have to take fraud complaints a lot less seriously, and the internet will get a little bit worse. But certainly this isn't itch.io's fault; the blame lies squarely with the spamware, and with Funko for using such spamware in the first place.
To be clear, there is no issue with them making a DMCA takedown. This should be made to the operator (ie itch.io). They _did not do this_. Instead they complained to the registrar of phishing/fraud. Registrars, not unreasonably, take complaints of fraud seriously, and many will nuke first and answer questions later. However, clearly, no fraud was involved.
(I'm not sure if you're being wilfully obtuse, or if you suffer from the ol' Hackernews "reading the linked material is forbidden" problem, but I just don't see how you can defend the false complaint of fraud.)
... Ah, I see, you're speculating that itch is _lying_ about it? Why would they? Like, what they describe is the sort of thing you'd expect to find on itch.
Occam's razor very much says that they are not lying, and that this is simply a false report by 'AI' spamware.
I'm not speculating about anything. They made a claim and provided nothing to evidence it.
Similarly, the other side have made a claim which - apparently - was accepted by the registrar.
Why does Occam's razor not say that the claimant isn't lying?
FWIW, I think Itch are probably right. But there is a lot of IP infringement on there. Is it unreasonable to think that one of those page might have a phishing form on it?
From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.
reply