In my case it was a law firm in France who also had a presence in the US.
It was a minor claim (they demanded $500). We took the image down immediately, but they continued to demand their cash "settlement" with multiple letters over a year (1 letter every 1-2 months, each one with increasingly aggressive wording).
I eventually got on the phone with the person sending the letters, and turns out they weren't licensed to practice law (in any jurisdiction). I pointed out that it's illegal to misrepresent yourself as an attorney. They hung up and I never received another letter after that.
Good on EasyDNS for refusing to turn over customer data. If they did, I assume their customer would be harassed in a similar manner.
I had a situation where some competing company didn't like that my employer had one page where we compared competitor's products and used their logo (and others) on a simple comparison page. The usage was well within US law.
LinkedIn was a strange route as the company has been at the same mailing address forever, there are obvious email contact addresses available to find and so forth.
The message was vague enough to sound like it was from a lawyer, and even in a round about way seemed to try to create the misunderstanding that I personally would be in trouble of some sort if I didn't take down the image and any mention of their company... but without actually saying that.
I suspect by directly contacting a webdev they hoped I'd take it down without thinking and just move on.
I didn't respond, just forwarded it to the folks in charge who engaged a lawyer who responded with a letter telling them to go away. Never heard back from them.
I looked up the person who contacted me later, they were some PR drone, no legal background... just vague statements that sounded like legal threats.
It rarely comes to the point of making a claim, just when people blatently copy images and pretend to have authored them, or when companies are printing them and selling them on media, t-shirts, etc.
But generally the process is pretty smooth from a "complaining" side. Certainly by the point a first letter has been issued without any reaction the next step is to give up, or start complaining "upstream", or via other media/mediums.
0) Purchase office in East Texas.
1) Hire a few young lawyers (having difficulty finding work),
2) scan for companies that have 1 round of series A funding,
3) scan their website for any off domain image,
4) scan their website for any SMS sending,
5) if anything is found - send scary overnight letters demanding 4-5k
The worst thing that you can do to THIS business idea is to take the letter and throw it into the trash. Make them show up in court in East Texas.
Though probably not to the level of detail that you've suggested
>We are NOT a DDoS Mitigation Service. [...] If you come on this system knowingly bringing a DDoS on your heels we shut down service (we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned).
>Guilt-by-Association: not only do we terminate any domains or websites which violate our policies, we ferret out every other domain you have on the system under different names, accounts, etc and we terminate those too (don’t worry, we can tell). There is no appeal.
I'm not looking for a DNS provider, because I'm perfectly happy with my current one, but sheesh.
Regarding that second part; if you do any kind of online service provision like EasyDNS, you'll quickly realize that the scammers are legion. EasyDNS is giving fair warning to anyone who thinks that they can just burn domain after domain on spamming or other disreputable ventures. EasyDNS won't allow its infrastructure to participate in scams.
These guys are extraordinarily ethical and professional.
No, this is simply indefensible. There's simply no way you could ever excuse this.
Suspending a customer domain is OK, this is not.
>Has anyone ever seen them do anything like this?
No, I've never seen them do this. But at the same time, I'm not going to give them the opportunity.
Bear in mind, the context here is not domains doing something awful or spamming people or mounting your own attacks. It's "somebody's attacking you, and we think that you suspected they would".
As others said every service reserves the right to do things like this, they just typically phrase differently. To quote GoDaddy:
> You acknowledge and agree that GoDaddy and registry reserve the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on lock, hold or similar status, as either deems necessary, in the unlimited and sole discretion of either GoDaddy or the registry: .. snip .. (ii) to protect the integrity and stability of, and correct mistakes made by, any domain name registry or registrar,
Emphasis mine and a bit snipped out since this is already long. This says if it affects their stability they can transfer your registration as they see fit. It doesn't include any protections on when you can change the domain or what they can change it to meaning blackholing you into localhost for a year is fine.
>As others said every service reserves the right to do things like this, they just typically phrase differently. To quote GoDaddy:
Suspending a domain is standard practice, sabotaging one by setting long EOLs is not. It is dishonest to suggest that these are similar.
I think part of OP's complaint is they are not coming across as professional. It is entirely reasonable to take those stances but their tact is way off and definitely portrays their company in an unprofessional manner.
They might be good at what they do, I wouldn't know personally, but they come off as edgy/abrasive/unprofessional and those two quotes alone would have me second guessing if I wanted to work with people who communicate in that manner.
To quote RFC 2181:
"Implementations are always free to place an upper bound on any TTL received, and treat any larger values as if they were that upper bound. The TTL specifies a maximum time to live, not a mandatory time to live."
The short explanation is that if shit goes wrong I don't want to deal with people who figure communication among clients should be handled that way.
This reads like the TOS for making an account on someone's phpBB forum, not a real service that should be handling anything important.
>we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned
Maliciously tampering with customer DNS configs to DoS them for extended periods? Fucking incredible.
>We are NOT a DDoS Mitigation Service. Yes, we have a lot of DDoS mitigation in place. No, this isn’t here so that you can get cheap DDoS mitigation. You cannot use any services here if you are, have been or think you may be the direct target of a DDoS attack. Contact us instead for a referral to a real DDoS mitigation company. If you come on this system knowingly bringing a DDoS on your heels we shut down service (we may also wildcard your DNS to localhost and set the TTL on your zone out to a year. You’ve been warned).
All things notorious for attracting DDoS attacks.
Sometimes ransom but CloudFlare has kind of killed that line of business.
Also, there's a long tail of totally garbage behavior in the DNS space. At my last job, as part of moving our domains off of Dyn/Oracle, we delegated the domains to our self hosting via the domain registry, and changed the NS records at Dyn to point only at our self hosting, but we were still seeing a steady trickle of traffic to Dyn after 30 days.
However, I don't see why changing your nameservers would help if your resolver was always hitting a cache entry with a 1yr TTL.
but, devils advocate, maybe it's just there to scare off potential spammers/scammers?
Having worked at an ISP in security/spam/abuse, these people are a huge drain on resources.
That's not a professional relationship to me. And I would hazard a guess that if I tried to contract with EasyDNS and added clauses that gave myself similar amounts of power over them, they wouldn't be as trusting of me.
The point of a legal document is to set explicit boundaries, not to set a "tone" to the relationship or scare off scammers. Setting tone is what your FAQ is for.
Why are you engaging in these bizarre mental gymnastics to defend this? The threat is made in a context strictly unrelated to spammers/scammers.
> "We will terminate your account for any reason at all. We'll terminate it if its associated with another account that's been terminated. Often, there won't be a reason; our systems just autonomously decided that your account had to go. None of that matters to us. We don't care, because this is just a side-project to us. We have no customer support. There are no humans you can call. There is no appeal process." - Google Play
Maybe Professionalism is a series of lies and obfuscations we tell one-another to hide our true intentions and actions. But, maybe, we should strive to be more open and honest; even if its harder to hear.
Some of them specialize in dealing with large DDoS attacks, unpopular/illegal/shady content, but most don't and want to spend their time on their product instead.
Scammers typically open tons of similar accounts, register expensive phishing domains and host phishing pages on your network, and guilt-by-association is how you clean it up.
Most of the things in their ToS are very common with any professional hosting company who is fed up with scammers, they just don't tell you about it like that.
Their ToS, while I would never use them for my own company, made me laugh because I felt the pain.
Yeah, maybe if you primarily deal with lowendtalk hosts operated by 12yo kids. Actual professional hosting companies would never even consider this stuff.
Of course, if it's a purely B2B hosting company of the "Talk to our sales department and sign a contract" variety, it's less of issue, but even they have to deal with spammers and fake company registrations who really want those clean IP blocks and will have clauses in their ToS that allows them to terminate the contract immediately.
In fact, the only providers who do not do this are the cheap low-end hosts who don't care about their IP and ASN reputation.
Go ahead, name some "professional" hosting companies with similar practices.
Is it really surprising that a hosting industry company is similar to the other companies doing exactly the same thing? I feel like this is always going to be the case.
It's specifically the weird stuff in this document that makes them stand out from the crowd.
I get suspending someone, I don't get "we may also wildcard your DNS to localhost and set the TTL on your zone out to a year"
> we may also wildcard your DNS to localhost and set the TTL on your zone out to a year
This is going way beyond suspending a customer, this is an active attack by EasyDNS.
I'm no DNS expert, but AFAIK, you can transfer the zone to another provider (one that you don't violate the T&Cs with) and from there you could conceivably regain control over the domain.
The TTL tells DNS resolvers to cache the "localhost" result for 1 year, it's specifically an attempt to prevent you from regaining control over the domain at another provider.
Speak softly, and carry a big stick.
Again, I don't agree with this approach personally if it affected me, but I do understand it from a business POV. Letting the customer know in advance that they do have this power will weed out the ones who are most likely to fall into it.
No, they specifically state this in a context which does not leave room for such an interpretation.
>it's a pretty good incentive not to do anything nasty with them if they can lock you globally out of your zone for a year.
Sure, like violence is a good incentive too. Both of these are likely to be illegal.
>In fairness, so could any other provider if they so chose.
So fucking what, the whole point is that nobody else would do this.
Sounds like the parent was complaining about a lack of professionalism, not about a lack of legalese. Punishing clients with unusual things like changing the zone and adding a 365day TTL is just plain unprofessional. Wrapping it in lawyer talk wouldn't change that.
Ah, "unprofessional". An adjective that can be tackled on to anything in a business setting, meaning "something I don't like but can't quite articulate why, only that's different to what I'm used to".
(This info wasn't redacted so I assume it's safe to mention it here)
I don't think that this is the same Niemela. The material covered in this issue is just a plain vanilla image, not of a person.
By redacted, I assume you're referring to the EU right to be forgotten? Surely that's not so broad as to forbid the mention of information suppressed by it? The BBC even publishes lists of articles removed from Google via that right: https://www.bbc.com/news/technology-29658085
Don't get me wrong, but easyDNS may be jumping hastily to conclusions. In many countries, soliciting business there makes you subject to its jurisdiction and laws, regardless of where your business is based.
I don't know German law, but I hope that easyDNS consulted their own attorneys on the subject before publishing this post, or they could potentially end up quite embarrassed.
Without any presence in foreign countries, the most the foreign country can do is block the offending website or infrastructure provider. I guess they could also request extradition, but most countries only extradite citizens if what they did was also illegal in the home country.
Enforcement is, of course, a separate matter. The country may not be able to reach you without some sort of agreement with your home country; but if you ever visit a country with which it does have an agreement, you could find yourself taken away to answer to the law.
Well, yes, kinda. But the Saudis will not be successful in extraditing you, most likely. However they can still block your services, and Allah help you if you decide to travel there after you've been found guilty of violating their laws.
Then again, not as bad as the US is on and about... Just ask Mr Dotcom...
Assange and Wikileaks is similar - Assange is an Australian citizen in the UK, but is being extradited to the US for breaking US law via a website. He is not being charged with any offences (to do with this) in either the UK or Australia.
If your website blasphemes and can be reached from Saudi, then the relevant authorities there could push for you to be extradited to face charges in Saudi (if your country and Saudi have an extradition treaty). It doesn't happen, but that doesn't mean it couldn't happen.
1) We do not advertise in Germany.
2) Our client is not German.
It appears that you do act as a registrar for .DE domains. At least, entering "ascascdasdcascascascasdcasdc.de" on the search on the front page at https://easydns.com/ offers to register it for me. It's purely a guess on my part, but I'd expect that most people who purchase .DE domains are in Germany, so if you've actually sold a few .DE domains you probably have some German customers.
That might not be enough to open you up to having to worry about German law...but it is enough that I would not dismiss that possibility out of hand.
PS: your site seems partly broken. I first tried to check for .DE on this page: https://easydns.com/domains/register/
Entering "ascascdasdcascascascasdcasdc.de" on the search there does nothing for me in Firefox. I had uBlock Origin on, so turned it off. Still nothing. Then I switched to Chrome, using a profile with no relevant extensions, and still nothing.
So instead I just went to the list below that lists all the TLDs you handle, and went through to find DE. That has a "Special Requirements" link, which doesn't do anything for me in either Firefox or Chrome.
PPS: in Firefox's console, it shows these messages for that page that isn't working right:
'Loading failed for the <script> with source “https://matomo.int.easydns.net/piwik.js”." at register:1:1
'unreachable code after return statement' at signup.js:15:1
We comply with the laws of the country in which we are domiciled, which is Canada.
To me this looks like German law definitely applies to them.
Most companies offering .de domains do so as resellers, they don't need to be members of DENIC. Also, .de domains can be owned by people and entities outside of Germany, but require either the domain owner or the adminc to be in Germany. Most international registrars offer a service to provide a local adminc.
According to DENIC's TOS, the domain owner doesn't have to be German (as long as they appoint a Germany-based representative for receiving correspondence official and court correspondence, but that's not easyDNS' concern).
¹ some just want some domain hack that ends in "de". I have a .es domain, despite having no intention of targeting the Spanish market, just because the name of the site ended in "es".
It’s quite hard to argue they’re not catering for the German market if they sell a product with 93% German customers, specific for the German market.
I came here with the same thought, assuming that your client was German. But it seems you are just a third party, and good luck to them.
Many countries have signed treaties that provide for enforcement process for judgments rendered in another signatory. It's in the spirit of reciprocity. If Canada wants to be able to reach a German national, Germany will insist on a reciprocal arrangement to reach a Canadian national. (I don't know whether they have such an agreement, but such agreements are common.)
Contrary to what a lot of HNers may believe, judicial and procedural boundaries aren't necessarily coextensive with national borders.
There are criminal copyright infringement laws in both countries...
But the lawyers here cannot actually force the German state prosecute anyway, and it seems they did not file a criminal complaint anyway, and even if they did the prosecutors' office would most likely deny prosecution against EasyDNS since they are only a service provider and not a direct party to the alleged infringement. The prosecutors' office would probably even deny a prosecution against the actual perpetrator because it's just about a single image and thus a minor infraction.
So right now it's just a civil matter.
My understanding is making the website available to a country can be soliciting business.
> And how, in practice, could they enforce that if this canadian entity has not broken any canadian law and canada as such has no impetus to enforce german law?
Don't they have deals for such thing? I remember reading that a British court judgement for damages could be enforced in the US.
Oh dear, that would make publishing any website extremely dangerous..
But in fact companies like Amazon have customised sites, T&Cs, and procedures for every country they operate in because they have to comply with many different legal systems.
But that does not mean that operating a business on the web in a single country makes you liable throughout the world. That being said, accepting a foreign customer might make you liable to the law of that customer's country.
As a practical matter seems unlikely that this particular law firm is going to go to the mat in terms of any possible enforcement action (and that assumes it can even be done or attempted by teaming up with a firm in Canada (where easydns is from what I am reading).
Very generally also I don't think it's a good idea for a company (and in particular a small company) to air publicly something like this. It leaks details on how they act and what they will do that could be used against them by another company in the future. In otherwise the publicity could end up being counterproductive.
That line of reasoning always sounded tautological to me. "Law X from country A says that by doing Y you are under jurisdiction of country A", but for "law X from country A" to apply to you, don't you have to already be under jurisdiction of country A in the first place?
(Random terminological observation deleted.)
Why are we picking nits over this?
Perhaps random terminological observations annoy people? I'll delete that part.
I think in most places that is public info.
Not sure how that works in Germany.
The most trivial lawsuit will require an international lawyer creating a threshold most significant.
Most people hosting websites can't afford international lawyers.
They are not cheap. Pick your countries right and arguably you would be hard to sue.
IANL but you should consult one when implementing this strategy.
Unless you don't mind serving indefinite jail time for contempt of court.
> Unless you don't mind serving indefinite jail time for contempt of court.
Not how it works internationally, this looks more like a US-centric view of the world. I believe in most countries courts would not do that at all. If you want an example, look how nobody can sue Snowden in Russia.
So yes, it is how it works.
I have a cousin, musician, when he finds his music on various pirating websites he emails politely asking them to please help him make a living by removing the link. No empty threats, no bullying. 99% they remove the links within 24h.
I was under the impression that businesses not infrequently receive threatening letters from legal firms, and that a non-trivial portion of these can’t be acted upon as they don’t follow establish legal norms.
I was also under the impression that only the public prosecutor can charge someone with a criminal offence?
Iirc: the way it works in Germany is that they'd file a criminal complaint, the public prosecutor tries to get the data from the companies / will get a court order to get the data, and the original lawyer will be able to view the information as a joint plaintiff. This was very popular when file sharing was a thing in Germany: the prosecutors would investigate for copyright infringement to get the customer data for a certain IP from the ISP. The lawyers would then initiate civil proceedings and claim large damages.
First and foremost, as far as I know, a registrar disclosing customer data without a warrant would violate the law in Germany as well. For `.de`-Domains the holder information used to be publicly available, at the dismay of privacy activists; in the same way the ICANN wanted the same. Then GDPR came and pretty much put a legally binding end to this.
And it comes down to this: Under GDPR such customer information enjoys strong protection. A lawyer has no more rights to that information than any other party who's not tasked with enforcing the law.
The intention of this letter is to gain information about the EasyDNS customer, so that this customer can be sent a cease and desist, which due to some lack in German C&D law can carry a hefty fee.
Inside Germany a whole range of law firms specialized on actively searching for unlawful behavior and sending out C&D en masse. A common practice among these firms is to scrape BitTorrent trackers for peer IPs + timestamps (or to actually manufacture them), bundling them all up in a criminal complaint so that ISPs must deliver to the state attorney the names of the customers these IP addresses were assigned to at the given time. However instead of pressing charges they will then drop the case, and instead send C&D letters to those people.
The lawyers who operate that way have become known as "Abmahnanwalt"
The lawyer who send this letter is Robert Fechner. And lo and behold: Robert Fechner is known to be such an Abmahnanwalt:
(In short an 'Abmahnanwalt' is a lawyer who admonishes you for breaking certain rules and who can charge you for the service... quite close to 'Abschaum' in German dictionaries, as the basic idea may not really that bad, but it is heavily misused by some)
It seems quite funny that they started that in 2016 and using a judgment from 2017 in 2019...
Or that Herr Fechner knows that a nastygram like this will please his customer who can be billed for writing, translating and sending it.
RE: Herr Fechner of Fechner Law in Germany
Essentially the only ways he could lose his license is if he knowingly lied, especially to the court, behaved grossly negligent towards his client or violated client privilege.
Looks like copyright harassment cases is one of their specialities.
the letter/mail is just plain threatening. copyright law in germany is in a bad state so be aware.
> to transfer €1,481
Treading dangerous water there. I wonder what the transfer fees are.
Person who wrote this is a dick. They're assuming motives and they also didn't do any due diligence to realize the registrar isn't under the GDPR or located in the EU.
This irks me. It feels like if someone discloses a security problem in a city's bus/train ticketing system and the first response is to go to the sheriff's department and see if that person can be criminally prosecuted rather than work with the guy or gal who wants to help you fix your broken system.
Eu law is not and will not be applicable to most of the planet.
Also, why do you mention GDPR? There's no GDPR issue here and the German lawyer didn't mention it.