So any fraudster just needs a registered trademark and they would, according to Facebook's request, be granted full access to the database.
And no oversight, as "all other routes are unduly burdensome." That means they DON'T want subpeonas or any kind of restriction in between like a judge who could evaluate the request based on some kind of merit. No limits. Just a giant straw they can use to get all that juicy data.
Facebook's request doesn't sound very good to me. Sounds great for criminals though.
They’re also arguing a restriction to advertisers would be an undue burden.
If someone has a business (offering goods and services in exchange for money) using an infringing trademark, then it should be possible to contact them through the same means that customers do to buy their product or service. No need for the "whois" data.
You have to serve them pursuant to the law, which generally for businesses means serving their registered agent. In order to find the registered agent you will need the legal name of the business running the infringing website (you will need the state of incorporation as well).
And while the Registered Agent is the correct legal way to serve a notice, if a business accepts and acknowledges it via another route, that's fine, too.
No, but if the domain itself is serving content then the domain owner is, and should be, party to any complaints related to the domain. Even if the domain owner isn't the "registered agent" of the business, they assuredly must know how to contact the registered agent and should have "skin in the game", so to speak, for being a proxy. Not knowing or being able to contact the business owner is, I would argue, grounds for fraud and misrepresentation.
I agree .
That is why there is a major effort to repeal those laws.
That’s not what I said, or the point.
Example: If I launch fortran77.com and am infringing on your registered trademark, step 1 is for you to find the registered owner of the domain. Once you have that then you can find the business owners RA.
You can’t skip the step of identifying the owner of the infringing website to get to the RA. Assuming you are right and the infringing business would waive service of process (they won’t of course) but if they did you still need to identify the owner of the site to get request waiver of process.
I’m guessing maybe you register mymark.com, I get the Whois record and it’s not your legit business info but some made up business name and fake contact info.
Well if that’s the case, either icann will have some rule prohibiting registrations with fake info and maybe I could get the domain transferred once they confirm your info is fake or I could still file suit against the made up business and get my default/court order and then get icann to turn it over on that basis. But it’s all about that step 1, uncovering the domain owner (real or fake). Possibly I could subpoena the registrar and get your real info and/or payment info. Then I’d have to amend my complaint to add you (the legit business) and still have to serve your RA.
I have a great business: pay me $100 to guarantee the gender of your not-yet conceived child. If you didn't get what you asked for, I'll refund your $100. How does that sound?
Facebook (and other big social media) has a lot of power over those who define and enforce the laws, both within the bounds of the existing laws, and within a grey area where they'd be technically breaking the law, but nobody would want to enforce said law on them due to potential repercussions (Facebook could instantly shut down a lot of politicians' careers by just airing their dirty laundry, on which Facebook has a lot of visibility due to its omnipresence).
Those who make the laws rely on Facebook to succeed in their own personal interests (getting elected, which means money & power).
The problem here isn't just Facebook, it's the people that are supposed to be drafting & enforcing laws in the best interests of society are instead doing so to pursue their own personal interests instead. Facebook is just coming along for a free ride - can't really blame them.
nothing more. It was not worded in good taste.
Ouch. This is going to make it very hard for people to host content on the web anonymously, forcing them to link their entire identity to their website. This sucks.
The next logical step will be to link whois records with your national digital ID. It will probably happen eventually, as most govts and corporations seem determined to destroy privacy while providing a thin illusion of it.
> The Whois Accuracy Program Specification of the 2013 Registrar Accreditation Agreement (RAA) requires registrars to validate and verify certain Whois data fields, which may include contacting you by phone, email or postal mail. Registrars must suspend or delete domain names that are not timely verified.
With the exception of the .nyc TLD I've been able to use a PO Box and a forwarding phone number for registrations across registrars for years. .nyc provided no way to demonstration the required NYC nexus except for the postal address to be a physical building in New York City so I let that domain lapse.
I guess some crypto options might help that.
I’m still sure I could be identified somehow.
Funny enough I was planning to do something along the lines of an ICO through this anonymous website/page and provide the ICO funds and transfer the domain itself to whoever identified me as the domain owner.
Well boo hoo hoo. You know what’s not going to work for me?
You having unrestricted access to whois details!
The gall of these companies is amazing.
We should be working to decentralize/anonymize these pieces of the infrastructure to rob them of the opportunity.
Personally, I don't see the value in putting my personal name and address on a domain. The owner of the domain should be whomever has the private key - period.
- I register facebooksucks.com, and explain why.
- Facebook sues me for trademark infringement, arguing there is a real risk my (non-existent) customers will think I am Facebook, and buy my services instead.
- The judge rules that this is a frivolous lawsuit whose only purpose is to silence free speech (not to avoid brand confusion).
- The judge invalidates the “Facebook” trademark.
I choose my name as "first name + initial of my last name" (iirc that was my name in my previous/deleted a/c as well) and email and my date of birth and a real photo of mine (very clear -- basically a mug shot). Sent friend requests to 10-12 friends of mine and most of them accepted immediately.
Next day when I logged in I got a prompt that my account was disabled (flagged?) and I can request a review (or it said I can reactivate) only after adding a mobile number and I did that.
Few days later I try to login again:
"Your account has been disabled"
"You can't use Facebook because your account, or activity on it, didn't follow our Community Standards. We have already reviewed this decision and it can't be reversed. To learn more about the reasons why we disable accounts visit the Community Standards."
Maybe I will try to open with another email but they may again force me to use my mobile number and I can't keep getting new mobile numbers. While I do need to look at those "on rent" posts.
This company really has too much power!
On Amazon you can get a starter kit for $0.99 that has 2 SIM cards that gives you 100 texts, 100 minutes of talk and 100MB of data and you won't need the data part.
It's registered via one of those "privacy" services. There's no website on it, but I use the dns for some internet connected devices.
I keep getting requests, which I ignore, for information relayed by the privacy service. Lately, they've morphed into offers to "buy" the domain. I wonder if it's simply Facebook's attorneys who want to find some way to contact me to send a "notice of trademark infringement" to me?
If you can't find an answer that is going to work for you, many would take that as a hint to stop it and not ask that question.
Why does anyone think this won't happen to normal site owners?
Take a look at my domain's whois info: https://www.whois.com/whois/dotbun.com
You will see that the name and org. aren't just redacted; they are in care of a company called "Contact Privacy Inc."
There's nothing for ICANN to unmask for FB in this case. They'd have to go to the company, and given that said company's entire business model is privacy, I would expect it to be a much more difficult argument.
Now, let me be clear that I don't like Facebook's actions here one bit. I just suspect it may be less of an issue that some people think.
no... facebook is not requesting that.... facebook sued namecheap last month in an attempt to unmask domains used by both fraudsters and nso group, yet namecheap is protecting those details cause it knows once it folds, all its (not-so-legal) customers will move shop, so it's now inveted this bs about facebook trying to break gdpr
you're aiding and abetting at that point
I am certainly surprised when FB does something evil because their CEO continually preaches the importance of privacy, so shame on me I guess for taking him at his word
Is there something about ithinkthereforeiam.net that's keeping them off ad blocker lists, and is there some reason The Register felt the need to ask me before showing what they clearly could have shown without the prompt?
Please state your full legal name, date of birth, current address of residence, bank account numbers, credit card numbers, email addresses, passwords, your favorite type of pornography, and your mother's maiden name.
Thanks in advance!
For example the requirement that every Joe hosting a small blog needs to provide his actual home address and phone number as per ICANN regulations is an insane and archaic holdover from the infancy of the WWW and needs to be seriously revised. An email ought to be sufficient for public access (though of course your Registrar will have the rest of the info in case you do illegal stuff on the domain)...
Stuff like this is important to discuss and revise. The loss of privacy is the case of the proverbial slow boiling of the frog. Taking an absolute view means one of two options: Opt out of modern society altogether or don't even care for the barest semblance of privacy. Most people won't find either acceptable or even sensible.
The concept of protecting privacy is that targetting people is difficult and expensive. With custom radio equipment you can't spy on millions of people willy nilly because youll soon be bancrupt.
A defining trait of an awful lot of people is that they accuse what they're guilty of.
In this case, Facebook accusing other websites of trademark violations is the very definition of hypocrisy. Facebook in particular, but Twitter as well, are absolutely littered with t-shirt vendors selling other people's logos and brand names, logarithmically generated with ad data.
If you fill out your movies, music, and books "likes" as they tell you to do, within 2 days tops you'll be able to buy a Pink Floyd t-shirt from virtually anyone on the planet... except Roger Waters or David Gilmour.
The fact that Facebook refuses all search indexes makes policing Facebook's infringement on the copyrights of others impossible. At least with Napster any musician could log in and see how many users were giving their content away for free. Not so on Facebook, you can't ever know how many pirated logos of yours that Facebook sold.
I hate this meme. That's not what the decision said.
First "corporate personhood" means that corporations are allowed to sue and be sued like they were individuals. Along with being taxed and regulated.
Citizens United, the decision you are referencing did not involve this concept.
Rather it said that the rights of individuals to free speech is not diminished if they act collectively as opposed to individually.
If I'm allowed to say, "RNCTX doesn't understand the issue" and so is my friend, then us saying it together doesn't make it illegal because we acted in coordination.
Likewise if I'm allowed to purchase a billboard that says it and so is my friend then there should be no issue with us pooling our money to purchase one together.
And that's what Citizens United said. Corporations are one such mechanism through which we could pool our money to purchase that advertisement but others such as unions, non-profits, and all other forms of collective groups are covered.
It's actually a very common sense extension of the first amendment.
Corporations are allowed free speech because their owners are allowed free speech as a group; the corporation is the tool for organizing it. Corporations are not allowed to vote, because people are not allowed to vote as a group.
This is not new. This is not Kennedy's fault. This has been the case since the beginning of the United States, and it has been Supreme Court precedent since 1819, when the New Hampshire Legislature said they could take over a private university because it was a corporation, and therefore had no rights, and they could take its property and change its rules at will, ant the court said No. (Dartmouth College v. Woodward)
If corporations were not treated as people and not afforded civil rights, it would be legal for the government to censor newspapers at will because they have no First Amendment rights (News Corp, NY Times, etc are corporations). It would be legal for the President to order a warrantless search of the DNC headquarters, for the DNC is a corporation, and the Fourth Amendment would not apply. It would be legal to impose a trillion dollar fine on Planned Parenthood, a corporation, for any minor paperwork infraction, for the Eighth Amendment prohibition on excessive fines would not apply. It would be legal for the government to sue them for this infraction without a jury, for the Seventh Amendment would not apply.
I see you've never been an observer for a New York City or Chicago election.
A person doing business face to face in a store cannot hide the nature of their business from their own 'customers' for lack of a better word. How long would it take the police to show up at a business that wouldn't let anyone including the people buying things from it see inside the doors or windows? Everyone could only buy things from them in the parking lot, with payment made to anonymous intermediaries, and the product delivered later by a third party. Every customer walks out holding a fake Rolex, talking about how great a store Facebook is.
See how ridiculous Facebook is when compared to the scam 'businesses' of the 80s and 90s that it emulates?
> Citizens United, the decision you are referencing did not involve this concept.
I've read the case, thanks. It equated speech with money. Individuals (only) had that right prior to it, now money has speech. Corporations are money; they hoard it and do all of the bad things that it can do with it.
> It's actually a very common sense extension of the first amendment.
Sure, if corporations can also go to prison and/or be executed. When Facebook lies to their own customers about their ad performance for the 13th month in a row, no more fines and civil suits, the board will go to prison. When a random nutjob goes and shoots up a nightclub or a school based on his political radicalization on Facebook, we'll just send the police over to arrest those same board members and management as accomplices to murder. After all, a getaway driver can be charged with a murder in a lot of US jurisdictions if the bank robber shoots the teller, and in the relationship between terrorists and victims compared to robbers and banks, Facebook is serving basically the same role as the getaway driver in the terrorist's case.
Alternatively, if Facebook refuses to hand over a board member or senior management member for prosecution in these cases we will simply 'execute' the company. Its assets will be seized and spent by the state, just like we do to the property of individual street drug dealers, for example. There's no need to convict them, just as there's no need to convict the street drug dealer. Take the money first, and if Facebook chooses to ask for it back they can hire their own legal representation and ask the courts for the money back, with their own money not the corporation's money... because they don't have that anymore.
Oh wait... corporations don't want that. They just want the rights, not the responsibilities, of personhood. They want to keep the individual indemnity.
Which is my point, in a roundabout way the decision justifies itself by becoming a self-fulfilling prophecy. If money is speech then money is a person, and if money is a person then money has rights, and if the whole society is based on money, then money is not only a person but the best person.
Something should be done about these sorts of things. I'm not saying that law needs to be removed, but something should be done. There's plenty of precedent around the world that democracy can work pretty fine without Coca Cola buying superpacs.
I think you got something mixed up here.
That said, it shouldn't necessarily include their email, phone and address. Just the legal owner name (company or person) would be sufficient.
Just because Facebook is highly unsympathetic, doesn't mean that all their initiatives are evil.
And shady websides hiding behind third party privacy providers to avoid legal responsibility for their illegal content is sadly something that I've had to deal with myself in the past.
We've already seen with the DMCA what happens when you give free-reign to companies in this area.
In particular, in the linked to lawsuit there's example sites that Facebook requested details for from Namecheap, and Namecheap chose not to give out the information. Many of them were 100% obvious phishing sites . Clearly no option where the registrar gets to decide when to reveal information about the owner would work.
 E.g. facebo0k-login.com, facebokloginpage.site, faceboookmail.online
So if I ask the phone company to give me a log of all of your phone calls, you'd be fine with that? How else could i get that log of calls?
Hopefully, we can agree that it is private information we wouldn't want a company sharing or selling to other companies. The same principal is in play here. There is no reason a registrar should be compelled to release private customer information because someone demands it without following the legal process.
That someone would use the information purely in order to sue someone is a desirable feature, not a bug.
The only problem with this is that your legal system is fucked so the winner is always that big corp. Have fun being sued to hell and bankrupt after a corp decides to go after your website criticising them. Have you even looked at the list of domains they are going after?
> And then it has a whole section for “domains that use the full trademark [but] nevertheless evince an indication that the domain is or will be used to discuss grievances with the company in question.” Every one of them comes from Facebook: addictedtofacebook.org, banned-by-facebook.com, divestfacebook.com, facebooksucks.org, protestfacebook.org, saynotoinstagram.com.
And there are legal processes to sue someone as others have explained. Facebook wants to avoid them.
Also did people forget - https://www.theverge.com/2020/6/15/21291666/ebay-employees-a...
Just by incorporating you take on resposibility of paying taxes, accounting, submitting regylar reports, etc. Presumably you will be selling something, and people need to have an address for recourse. That 'address' could be a PO box somewhere, or be in a tax heaven.
By contrast owning a domain does not obligate you to do anything in society, and doesnt affect anyone life.
Most people register a domain to have a custom email. Why should you have the right to deanonimise that?
If you are concerned about hatemail: you can send real post anonymously, with a postage stamp, though an unattented mailbox. I can even put somone else's return address on it.
The same way you put your email address in a mildly obfuscated format instead of email@example.com. You don't want anyone or anything that comes across your bio having access to your email address without human intervention, or at least a degree of intelligence.
> but it's ok with me.
Whois shouldn't exist publicly at all in the first place.
Do you really want big corps to send some goons at your home to harass you for putting up a bigcorpsucks.com ?
There's a lot of issues when you operate across jurisdictions that probably won't be solved until some international treaty comes along.
If you happen to live in a part of the world where freedom of speech is actively persecuted then I agree it's better the way it is. However, if you live in a world where democracy and due process is well established and you are not intent on doing illegal things then it can only help law enforcement and private citizens/organizations to seek justice under those laws.
The whole idea of having personal details in domain WHOIS information is a design from a different age. It does not work in the internet of 2020.
Democracy and due process are only well established to the extent that the values that underpin them are supported and taken to heart by the people.
These values aren't self evident on a collective level. Social-economic, political, ecological, technological, cultural climates are either favourable or make upholding them rather difficult.
> you are not intent on doing illegal things
This is the exact crux of the matter. What is legal or illegal is subject to change and hinges entirely on who's in power.
> it can only help law enforcement
You could be happily giving up your personal data to authorities in a stable, peaceful context where law enforcement policies are genuinely geared towards protecting individual civilians and upholding basic human rights.
It's far harder to retract that when context shift and that same data is used to actively enforce policies that pull away from those same human rights.
A functional representative democracy consists of a separation of judicial, executive and legal branches consisting of elected mandates that can and should be held accountable at all times. Justice implies that any and all citizens are treated equally and impartial within the confines of that system.
Facebook feeling that they aren't treated equally because they can't enforce their trademark? That's entirely valid. But those feelings don't justify a demand that society should compromise on fundamental principles of judicial or legal equality or impartiality in order to enable Facebook to crack down on trademark infringement at their own discretion (not to mention the blatant violation of privacy attached to that).
All in all, the main difference between Facebook and a small time forum administrator is scale. Facebook has 70 billion dollars a year in revenue whereas the latter my earn pennies on Google ads. The size of that revenue can never be an argument to compromise on basic human rights for billions or change how legal systems favour particular private actors because they pushed for relentless economic growth on their own accord.
Of course, while it's obviously hard to enforce such principles in all cases, the trouble with adding exceptions is that they gradually erode those same principles and values until they become meaningless.
There's a reason why Lady Justice wears a blindfold, after all.
In what way is law enforcement prevented from seeking justice in this case?
Private citizens need to use the legal system to get that data, but that prevents all of those nefarious actors from getting your information without due process.
Like you said, due process is well established, so why would you want to do away with due process?
Case in point is usage of stolen identity:
Criminals probably already use identity theft to buy those domains, but given that the data is obscured by default it would be hard for police organizations to track systemic use of stolen identities.
The ability to detect newly registered domains from known stolen identities would enable
1/ automatic blocking/warning in browsers
2/ Organizations like FB can gain valuable time in sending takedown requests of phishing sites
3/ establish enough evidence of use of stolen identities to get the warrants to obtain more information from the registrars/hosts like IP's used to connect...
Just something I came up with brainstorming, I am sure there's more value to it
In that case you need to do it another way. There are a tremendous number of things we could do if law enforcement wasn't "hindered." It's along the lines of "argument from lack of imagination" to state that they HAVE to have access to that data to prevent x, y, z.
I don't doubt that it would be useful to have that data, but that doesn't override privacy concerns. You already know the IP address of the server using that domain -- follow up that chain of responsibility.