I'm the one running itch.io, so here's some more context for you:
From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.
Hope you have money to fight them. I stuck to my guns on a wrongful one like this and while Digitalocean and Cloudflare both had my backs (surprisingly before I even asked, both of them got a lot of good will on that - they informed me they already checked and it was spurious!). Google didn't have my back though and immediately caved when they upgraded their sham copyright infringement claim to money laundering and fraud based on nothing - a fully static website with no backend calls. Good luck! I still have the sites exactly as they were just to spite them and will keep running them at a loss until I'm dead. Copyright infringement my ass. This abuse has got to stop sometime.
Many of the spite houses were entertaining (the Alameda and Tyler spite houses were probably some of the best).
However, nothing compares to the George Lucas saga down in Marin County. Was worth it just for the read about Lucas' fight with the county. Nigh incomprehensible.
> submitted a so-called precise development plan in 2009 [for a] 269,701-square-foot digital studio [2]
> Lucas’ company says it spent “tens of millions” on engineering and environmental reviews and fees since its master plan was approved in 1996. [1]
> The association and others sent a letter to Mr. Lucas requesting that he find a “far more appropriate location for the development.” The project, the letter said, would “pose a serious and alarming threat to the nature of our valley and our community,” “dwarf the average Costco warehouse” and generate light pollution so that “our dark starry skies would be destroyed.” [2] In 2012, Lucasfilm announced that it had scrapped the 263,701-square-foot project. [3]
> "The level of bitterness and anger expressed by the homeowners in Lucas Valley has convinced us that, even if we were to spend more time and acquire the necessary approvals, we would not be able to maintain a constructive relationship with our neighbours" [3] “We were offering to shut down at 11 p.m. and spend $70 million to restore creeks ravaged by erosion and farm debris. Nothing we offered to these people was ever going to be enough. And so we were facing death by delay.” [1]
> In 2012 Mr. Lucas said he would sell the land to a developer to bring “low income housing” here. [2] there was a predictable backlash from residents, who believed that affordable housing would bring crime into the area and lower property values [3] “It’s inciting class warfare,” said Carolyn Lenert, head of the North San Rafael Coalition of Residents. [2]
> That has created an atmosphere that one opponent, who asked not to be identified, saying she feared for her safety, described as “sheer terror” and likened to “Syria.” [2]
> Carl Fricke [...] said: “We got letters saying, ‘You guys are going to get what you deserve. You’re going to bring drug dealers, all this crime and lowlife in here.’ ” [2]
> After three years in stasis, working with the regulations that govern affordable housing grants, George Lucas now plan[ed] to foot the bill himself, to the tune of upward of $150 million (circa 2015). This not only allows the project to proceed without jumping through those hoops, it also means that the housing can be allocated to specific groups, such as seniors, nurses and teachers. [3]
> The plan called for 224 apartments, along with generous residential amenities and a new bus stop [4], situated over 52 acres just north of San Rafael. This consists of 120 two- and three-bedroom workforce residences, and 104 one- and two-bedroom residences for seniors. [3]
> neighboring property owners quickly threatened Lucas with a $70 million environmental lawsuit if the filmmaker didn’t pull back his housing plans. True to California planning tradition, the project remain[ed] in limbo five years later. [4]
> Lucas and the residents continued to battle over the property for several years until Disney eventually bought the property as part of purchasing LucasFilm. [5]
And the final piece of the story, perhaps the worst:
> A line of RVs, trucks, and trailers stretches for nearly 2 miles along Highway 101 in north Marin County
> More than half had lived in Marin County for over a decade, and a further 13% for at least five years.
> 'I've been here four and a half years. I was one of the first here. When I came in mid 2018 there were three motor homes. Now there's over 80.' Sherry and Lyness said they can't afford a normal home any longer, and low-income housing is in short supply.
This issue aside, thanks for doing what you do. I was kind of expecting Itch to get sold to some holdings or casino company at some point, as good things tend to go, but I've been happily surprised to see it mature independently throughout the years.
And compared to that brandshield users should be branded by their business practices. Also the hoster as well.
Seems to be a difficult time for hosters and also again a demonstration that copyright law is deeply flawed, even if using stolen assets is a rising problem.
I don't disagree that copyright law is deeply flawed, but even with the current law, it seems like this situation could easily have been avoided. The issue is one malicious private company (Brandshield) taking advantage of the negligence of another private company (the registrar) by claiming that a site was being used for "fraud and phishing". If anything, the parent comment from the person running the site makes me think that the situation would have been _less_ messed up if Brandshield had correctly asked for the offending copyrighted content to be taken down rather than falsely alleging something more severe. I understand that Brandshield probably has been incentivized to act this way due to copyright law, but I'd argue that even reasonable laws will sometimes cause bad actors to try to take advantage of things, and the easiest way to fight back against this isn't to try to change laws to avoid this but for non-malicious entities like the registrar not to allow their customers to get exploited by this sort of behavior.
Unfortunately, domain registration is an industry with so many of its own problems that I'm not sure "vote with your wallet" would be an effective strategy for changing things here. I honestly wonder if domain registration might be the more fruitful target for legislation protecting customers if the goal is specifically to avoid situations like this one, but even as someone who's usually unabashedly in favor of consumer protection regulations, I can't say I have a high degree of confidence that any changes here would be done effectively.
A bad law is bad if it leads to injustice even beyond its original scope. We have seen numerous problems with DMCA abuse and copyright strikes in other forms. We have patent trolling and this abuse artificially feds a whole industry of dubious lawyers. I think this is not even a small problem and all these factors combined does make it a bad law, even if it would still protect innovation like it once was to meant to do, which is questionable as well.
Of course services like the registrar need protection here too. And certain false copyright claims probably need consequences as well. The legal industry servers no function here.
Also, it would be legally trivial to make the user accountable for the offense, not the whole of itch.io. Sure, there would be problems here as well, but there is not large barrier to not have a parasitic legal industry and have those responsible that actually commit the offense.
The problem of enforcement cannot be put on the back of the platform itself.
I'm not sure how you came away from my comment with the idea that I disagree that the DMCA is a bad law. My argument isn't that that the law is good, but that I don't think it's anywhere close to the primary cause of this incident, and that there's much lower hanging fruit that could stop stuff like this. I'm also not sure why the _registrar_ needs protection in the case we're talking about; no part of this happened because the registrar needed protection, but the main cause of pain was that the registrar completely trusted a false third-party report that alleged _fraud_, not copyright issues.
To be honest, I'm not really sure what point you're trying to make at all with your comment. None of it seems to address anything that I said, and if anything, it almost sounds like you managed to infer the opposite of what I meant in most cases.
The platform will always be preferentially targeted because the larger you are the more you have to lose, the more likely it is you actualy have assets to go after if you don't deal with the alleged noncompliance.
How have y'all not realized that's how all this works?
It's why DNS is an anti-feature. As long as registrar's exist, it'll be an active lever utilized for basic deplatforming. Until everyone can host their own stuff, and networking is de-hub-and-spoked, this type of behavior will continue.
>the easiest way to fight back against this isn't to try to change laws to avoid this but for non-malicious entities like the registrar not to allow their customers to get exploited by this sort of behavior.
Easiest? Perhaps. Nothing around law is particularly easy (except breaking it, of course!) :) So, not altering existing laws, or not making new ones, would absolutely be the easiest method to that desired outcome. Many things would be easier to do if they were simply done how they were described, in a manner in which they were excepted, under the terms which they were agreed to. However, can we expect that a lack of laws/codes/statutes could ever result in effective or consistent behavior? Sadly, no. At least, not based upon historical experience. Perhaps the disposition of man will change one day - who knows what the future holds, but God!
Negligence is a thing that is bred in indifference and grown through a lack of consequence. Law and reform is the sole remedy.
Consider this: It would be far, far safer and more profitable for owners, employees, and customers of restaurants if the restaurant kept their cooking areas clean and tidy. Yet, even with unannounced and routine health inspections, various licensing requirements, annual training & education certifications, and massive fines...in spite of all of that, absurdly high numbers owners can't meet the bare minimum. People still somehow die from unsanitary food every year!
The best we can do then to combat the disposition of disconnected employees, and the blasé, checked-out business owners is to crush their skull. It is a judicial vengeance, a constant protector for all the people who had been abused unfairly; the ones who were discounted as "unimportant nobodies". Law is what gives the common man a temporary illusion of equal treatment. And when that illusion is chipped and broken from time-to-time, well, at least we can put another head up on the spike outside our walls.
It's certainly not quick, or easy, or even preventative(!), but it is the kind of response that is owed to the victims of incompetence and indolence.
My main point probably got muddled a bit, but the main argument I was trying to make was that copyright law, however bad it might be, wasn't why the registrar acted the way it did (because it was acting on a false report of fraud and phishing, not copyright infringement), and ultimately even with a troll trying to get the site taken offline, the registrar could have acted responsibly, and there wouldn't have been any significant downtime.
From the timeline of the incident given at the top of this thread by the maintainer of the site, it sounds a lot more like the registrar was lazy about investigating whether the report of fraud/phishing was valid than that the registrar was fully aware that the actual intent was to take an entire site offline due to an allegation of a singular user infringing copyright. It sounds like the issue with the registrar could happen just as easily even if we magically waved a wand away and eliminated copyright law; if someone made an allegation of fraud and phishing, it sounds like the registrar might act the exact same way it did in this incident and take the site offline. That's why I'm arguing that copyright law isn't the primary cause of what happened here, and why reforming it seems pretty orthogonal to stopping this specific thing from occurring regardless of its merits as a goal in general.
I run a domain registrar. "serverHold" is not a status that iwantmyname could've set. If they had suspended the domain it'd have "clientHold" set. Server Hold means the registry (i.e. .io directly) has suspended the domain. Your best bet would be to contact the Internet Computer Bureau Ltd who run .io at admin@icb.co.uk, or the registry technical support provider Identity Digital at techsupport@identity.digital.
Interesting, this morning I got a response from a staff member of the parent company that owns iwantmyname saying they didn't get my response with regards to the abuse notification they sent and that's why they took the domain down.
I've heard a ton of stories about .io, IMO, they play fast and loose in a space where that isn't okay, and they get away with it mostly because they are a ccTLD.
The last time someone I knew had an issue, they had to get a senator to make waves to get anything resolved.
I regret going with .io for my personal domain name. At the time I thought it was cool, but they've since raised prices and hearing things like this doesn't instill confidence...
That, and the Indian Ocean territory will cease to exist in the (very) near future, so the .io domains might be going the way of the dodo.
I won't be registering any new ones at least, and recommending everyone to stay away from them.
Nobody really knows. There are only a few precedents, i.e. the old Soviet Union .su tld being kept around, or the 2 letter country code that I can't recall which was reassigned to a new country after the old one went out of existence.
There isn't really a precedent for a tld with as many domains under it as .io, it's a very strong possibility it will be kept around and given to a private entity or even to GB.
iwantmyname was bought out by a conglomerate, “Team Internet[1]”, a few years ago.
Prices went up, service went down. I’d recommend moving your domains when you can (Porkbun have been good, though I haven’t had any incidents like this).
Namecheap I find is less easier to use and sometimes higher cost over time. I also haven’t had reliable domain renewal service from them when I used them.
Granted this is all a few years back. I was at Cloudflare until this year when I switched to Porkbun and I’ve been very happy
I tried porkbun after comments like yours when one of my domains needed renewal, but had to transfer out after one year when their payment gateway refused to work and was very poorly handling the situation while my domain risked expiration.
Nameserver lock in. While I use Cloudflare right now for most things, I value the decoupling. Cheap way to make sure that my services aren't in total control of my domain.
I also like supporting a Ukrainian company. Only downtime I had was when their offices were being bombed, and they were quick to both restore services and make their infrastructure resilient to future such… interference.
Yup, I've been migrating out of Gandi because of this, I was okay with up to ~50% over the base price but I'm seeing 100%~200% overcharge. I did have to let go of one domain though since Cloudflare doesn't support .jp yet
You're stuck with cloudflare nameservers¹, so if you want to change nameservers you need to transfer them to other registrar, how much of a deal breaker this is is up to you, to me is project dependent.
> 6.1 Nameservers. Registrant agrees to use Cloudflare’s nameservers. REGISTRANT ACKNOWLEDGES AND AGREES THAT IT MAY NOT CHANGE THE NAMESERVERS ON THE REGISTRAR SERVICES, AND THAT IT MUST TRANSFER TO A THIRD PARTY REGISTRAR IF IT WISHES TO CHANGE NAMESERVERS.
there are very few parts of that contract in all caps, but that's one of them :/
That's annoying. For some use cases, not a big deal. But I have used the AWS Route 53 'alias' functionality on a number of occasions and that requires the use of Route 53 nameservers.
I've helped move a few domains from Gandi to Cloudflare. The move was relatively straightforward (couldn't get the Gandi records export to import into Cloudflare so had to do it manually...), and the new domain and renewal prices are lower.
To replace Gandi email (that Gandi went from free to ramping up the pricing for when they were taken over), Cloudflare offer email forwarding so you can receive incoming mail from a custom domain to e.g. a gmail account, and for sending mail you can pair this with a custom SMTP service like https://www.smtp2go.com (1000 emails/month on the free tier).
Apart from that, DNS is something I barely touch for years sometimes so I don't find much difference between registrars beside their pricing and how much you can trust them.
Being able to point your Cloudflare nameserver records would be nice though, so worst case you'd need to move everything if another registrar had some services you were interested in? Would be curious to know more about how common this scenario comes up and why.
You should check out something like DNSControl. Makes switching or having multiple easy. I have mine going to a bind zone file and cloudflare, and use the bind file for Unbound
I’ve got about twenty domains listed with them. No problems after 2-3 years, but I do wonder whether it’s a good idea to use the same vendor for DNS and domain registration.
Normally a registrar isn't going to have top tier DNS infra so you may as well separate, yes. Exceptions might be CF/Google/AWS/DO, but personally I don't like to use the big guns as registrars in any case. I use Namesilo and never had any issues but on the other hand have never run into any of these sorts of issues either..
I am happily using them for all of my domains they support. The problem with Cloudflare registrar is that they flat out don't support many domains/tlds.
I mean, I am happy for them but this concept of growing a business to an exit is not going well for society as a whole (at least the exits that are in my areas of interest, so I assume it extrapolates to all exits).
Every single business that gets bought out gets instantly enshittified in one way or another, always to the detriment of the customer. Depending on how entrenched it was it takes a different amount of time for people to move on as the new shareholders extract its economical value, but it almost always destroys societal value in the process as the company becomes a shadow of its former self (and hopefully dies, leaving way for the cycle to start again).
I wish there was a way for founders to get rich without the need for an exit, so the business could keep running... but I guess ruthless enshittification is the only way to get rich?
Apologies for the tangent, this is something that's been bouncing in my mind for a while...
I know that I'm basically being trollbait (around here), by saying this, but I personally believe that the very existence of an "exit plan" is a problem.
A business is supposed to be an ongoing, perpetual enterprise. Maybe it grows, maybe it stays the same, but it isn't something that should (in my opinion) be designed as a product, in itself, with a "sell by" date. If it gets brought up, then that's [maybe] good, but it shouldn't actually be in the business plan. It's just a random lifecycle event. We can plan to be ready for it, but it shouldn't be a corporate goal.
It's quite possible to do that. I worked for nearly 27 years, for a company that is over 100 years old. I think the world's oldest company is over 1,400 years old, and just got brought out, for the first time, about 10 years ago.
Agreed. Promising stuff like "Hey we built this because everything else is bad" and then years later selling it to a company that turns it bad is somehow even worse than classic bait and switch.
Sell it to the employees? It won't be lucrative to selling it to someone with more cash than sense, but it may be more likely to preserve the value. There's no guarantee of course, and there's so little experience societal wide in running an employee co-op.
There are a few employee co-ops, but I don't know how good they are. Over here in the UK we have the Co-op[0], which is a national chain of small local shops. It's a consumer co-operative rather than a workers' cooperative, though. I don't know how well it works, or what its challenges are, but it definitely exists.
The Co-op (referred to in [0]) is also a bank, funeral directors, insurer, and solicitor! They're really quite successful to be honest.
Nationwide is another example of a successful cooperative as well (large UK bank, particularly in the mortgage space). They're customer and employee owned I believe, my wife and I got £200 last year as a profit share for being customers.
I'm a huge fan of the model, but it's difficult to get going. I think they're also more expensive to run as their operations tend to be a little more complex.
It's absolutely tiresome having to keep up with that rat race for everything. And if that principle actually worked then enshittification wouldn't be profitable to engage in to begin with.
> I mean, I am happy for them but this concept of growing a business to an exit is not going well for society as a whole
Oh yeah, I fully agree with the enshittification sentiment.
Admittedly, a DNS registrar for me personally is something I'd just swap without much thought but I can think of a few services I use where I wouldn't be so loosely coupled from the product if those founders were to exit.
It's a bit paradoxical on my part I think and I do wish we had more lifestyle businesses that don't have to become massive.
Mind you, I would have put iwantmyname in that basket now that I think about it.
Yeah I was a fan, had every domain with them that I could! But once they were acquired their .org renewal prices just did not make sense any more, and they were missing some functionality that I thought was crucial and didn't seem inclined to add it (can't remember what it was now, maybe MFA).
Domains are like car insurance – there's no reward for loyalty, so makes sense to shop around come renewal time.
HN is just a news aggregator. Being a participant does not mean one agrees with YCombinator's business practices, nor does it imply any other requisite opinions.
I really wish BrandShield didn't use AI as a marketing term. It just looks like it's doing a generic ctrl-F on webpages?
Then things like this happen, and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place, and the real issue was that they sent a "fraud/phishing report" rather than a "trademark infringement" report.
Then I also wish that people who knew better, that this really has nothing to do with AI (like, this is obviously not autonomously making decisions any more than a regular program is), to stop blindly parroting and blaming it as a way to get more clicks, support and rage.
I find that businesses that bill themselves as ${TOOL}-users instead of ${PROBLEM}-solvers are, as a general rule, problematic. I couldn't possibly care any less whether a product is built on AI or a clever switch statement or a bazillion little gnomes doing the work by hand. I care that it solves a problem.
AI does need to die. Not so much because LLMs are bad, but rather because, like "big data" and "blockchain" and many other buzzwordy tools before it, it is a solution looking for a problem.
The AI hype is annoying in my field as well. AI can have its uses, but we already figured out where to use it in my field ages ago. That doesn't stop people from hyping nothing though.
Yes. If your business solves a real customer problem and uses "blockchain" to do it, that's great, but you should describe yourself as a tool to solve the problem. If you mention blockchain on the homepage of your product at all, it should be treated with suspicious. It's a sign that you're speaking to investors and fools and not to savvy customers.
One exception: personal projects. "This is an NES emulator that is built in Rust, and it uses Rust because I wanted to learn Rust" is a perfectly good description of a project (but not a business).
> This is an NES emulator that is built in Rust, and it uses Rust because I wanted to learn Rust
Arguably, in this scenario, learning rust is the "business need" and the NES emulator is the tool :)
But yeah, exactly. A blockchain is, technically, just a content-addressable linked list. A Merkle tree is the same, as a tree. Git's core data structure is a DAG version of this. These things are useful. Yet nobody calls Git "blockchain technology", because what we all care about is Git's value as a version control tool.
> and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place
That haphazard branding and parroting is exactly why the bubble needs to burst. Bubbles bursting take out the gritters and rarely actually kills off all the innovation in the scene (it kills a lot, though. I'm not trying to dismiss that).
Exactly this, if you give a hoot about actual useful applications for AI, there is a great need to clear out all the grifters and scammers attracted by the initial hype cycle.
It's possible they were using LLMs (or even just traditional ML algorithms) to choose if a certain webpage was fraud/phishing instead of mere trademark infringement, though. In this case it makes sense that one would be angry that a sapient being didn't first check if the report was accurate before sending it off.
More than the hypothetical risk of Earth being consumed by a paperclip-making machine, I believe the real and present danger in the use of ML and AI technology lies in humans making irresponsible decisions about where and how to apply these technologies.
For example, in my country, we are still dealing with the fallout from a decision made over a decade ago by the Tax Department. They used a poorly designed ML algorithm to screen applicants claiming social benefits for fraudulent activity. This led to several public inquiries and even contributed to the collapse of a government coalition. Tens of thousands of people are still suffering from being wrongly labeled as fraudulent, facing hefty fines and being forced to repay so-called fraudulent benefits.
Perhaps in certain cases requiring someone to sign off, and take the blame if anything happens, would help alleviate this problem. Much like how engineers need to sign off on construction plans.
If the legal system is not itself either fundamentally corrupted or completely razzle-dazzled by the AI hype... and I mean those as serious clauses that are at least somewhat in question... then there are going to be some very disappointed people losing a lot of money or even going to jail when they find out that as far as the legal system is concerned, there already is legally speaking some person or entity composed of persons (a corporation) responsible for these actions, and it is already not actually legally possible to act like a bull in a china shop and then cover it over by just pointing to your internal AI and disclaiming all responsibility.
The legal system already acts that way when the issue is in its own wheelhouse: https://www.reuters.com/legal/new-york-lawyers-sanctioned-us... The lawyers did not escape by just chuckling in amusement, throwing up their hands, and saying "AIs! Amimrite?"
The system is slow and the legal tests haven't happened yet but personally I see no reason to believe that the legal system isn't going to decide that "the AI" never does anything and that "the AI did it!" will provide absolutely zero cover for any action or liability. If anything it'll be negative as hooking an AI directly up to some action and then providing no human oversight will come to be ipso facto negligence.
I actually consider this one of the more subtle reasons this AI bubble is substantially overblown. The idea of this bubble is that AI will just replace humans wholesale, huzzah, cost savings galore! But if companies program things like, say, customer support with AIs, and can then just deploy their wildest fantasies straight into AIs with no concern about humans being in the loop and turning whistleblower or anything, like, making it literally impossible to contact humans, making it literally impossible to get solutions, and so forth, and if customers push these AIs to give false or dangerous solutions, or agree to certain bargains or whathaveyou, and the end result is you trade lots of expensive support calls for a company-ending class-action lawsuit, the utility of buying the AI services to replace your support staff sharply goes down. Not necessarily to zero. Doesn't have to go to zero. It just makes the idea that you're going to replace your support staff with a couple dozen graphics cards a much more incremental advantage rather than a multiplicative advantage, but the bubble is priced like it's hugely multiplicative.
The comment you are replying to is using commas correctly: it's partitioning off a clause of the sentence as a side phrase that can be removed, and the resulting sentence is a fully grammatically-correct sentence. If you really hate commas, you can replace the commas here with parentheses, but honestly, I prefer the commas here.
I agree with the parent that in formal written English, the comma would be incorrect—cf. the "In compound predicates" section in [0]. But I disagree that the sentence is hard to parse as a result, and I doubt many would think twice about it given that we're on an informal internet message board.
The comma is a soft pause. We do this all the time in spoken language in order to break up an otherwise potentially ambiguous or hard to understand utterance, but it is basically dialectal. In writing that purposeful pause because a comma.
You can then analyze when such pauses are used in formal language, and infer rules for their use. But those rules aren’t going to be 100% consistent, and a violation of those rules is not a grammatical error in the sense that subject-verb disagreement would be.
TL;DR you said “majority” not “every.” That distinction is key.
Please say something like "here in [insert country name]", or "back home in [insert country name]" intead of "in my country", otherwise we have no idea what you are talking about.
Unfortunately I can no longer edit my original comment. It is about the so-called "Toeslagenaffaire" (childcare benefits scandal)[1] in the Netherlands.
Also, here is a blog post[2] warning about the improper use of algorithmic enforcement tools like the one that was used in this scandal.
When AI is being used as a cover for the bad/questionable behavior the company was already doing then there is no bubble to burst. The performance of the "AI" doesn't matter, only that it throws up a smoke shield in front of the company when people call to complain about the abuse.
I fear that ship has already sailed. I think the grifters and scammers have already abused the term enough that even decent uses of it are now tainted. I know that the two aren't strictly the same, but I would suggest using "Machine Learning" instead, which I think has more respectable connotations.
I mean, whether this has anything to do with AI or not (I’d buy that they’re using LLMs to write abuse letters or similar) it fits very nicely into the general pattern of AI breaking the internet through an endless deluge of worthless misleading spam. So, perhaps call it honorary AI?
I noticed that iwantmyname has very little presence on social media: no bluesky account and a twitter account that posts once or twice a year. That wouldn't necessarily be a problem if they responded to emergencies like this promptly, but they clearly don't so it is.
I also wonder if their "automatically disable" policy takes size/importance of site into account. Is this how they would treat all their domain owners, regardless of significance?
Brandshield is bad for overreacting, and iwantmyname is very bad for hosting such a crucial infrastructure, and having not responded to a paying customer with a good track record. I honestly don't think time of day matters, as long as the nature of the service is that it's provided and used 24/7, support staff should also be there 24/7.
> Because of this, I honestly think they're the malicious actor in all of this.
While I agree, the people who hired them are equally culpable. You don't get to wash your hands of the mess just because someone else is doing your dirty work.
I'm in the outraged crowd and there should be pretty serious consequences, but it is important in the interest of justice to differentiate between fraud, negligence, and gross incompetence.
Whilst I agree in principle that deliberate disruption of other people's websites/serivces should be more harshly punished, I don't think it's particularly practical. There's so many ways that modern companies can obfuscate the reasoning behind what they do, so I've come to the conclusion that if they're causing harm to someone else, then they should be punished/made to pay no matter their excuse.
If companies hide behind negligence/incompetence, then we need to make it costly for them to be negligent/incompetent.
Looks like AI is becoming a perfect excuse to do whatever you like.
It's like having a dangerous dog that usually doesn't bite, but you really cannot know if it will change its mind one day. Do you just let such dog walk the streets without owner supervision?
As general rule, I find that sort of thing to be an over-reaction, but submitting a complaint for phishing instead of a plain old DMCA takedown does warrant it.
It does but there's no actual way to get legal recourse for false DMCA notices or anything similar. The legal system is stacked for the abusers to have their way and the victims to have no recourse, regardless of how egregious the abuse is.
No, the perjury aspect of a DMCA takedown (which isn't even applicable here as that's not what they did) is if you don't actually represent the person that you claim to be filing a takedown on behalf of.
I've had the same thing happening; I run a simple forum, and some years ago people were discussing a manga, posting images of fan translated pages.
My hosting party (Hetzner) forwarded the emails and / or put it in their own system, I removed the offending images / page, replied to the email, and done, right? Wrong, the email said I had to fill in a statement through some online form somewhere; I did that too late and got more and more threatening emails like "pack your shit we're evicting you in 24 hours". Nobody seemed to actually read my replies / explanation, probably because this is so routine for them.
And I get it, nobody can be arsed to read longwinded explanations and the like for routine operations. I hope AI assisted tooling will help the overworked support employees with making decisions in favor of giving people the benefit of the doubt and the help they need; for them it's routine, but for me it was the first time I got anything like that.
It's surprising that this happened at all. Isn't it in most business's best interests to be aware of their most high-profile customers? If this was an automatic process, it's pretty disappointing that it even occurred. If I was running a SaaS, I'd probably want to mark my important accounts so an actual human has to investigate any raised alerts instead of being dealt with by a cron.
Something being in a business's best interests is very far from a guarantee that it'll happen.
I've worked on a team in a household-name big tech company where our mission was almost exactly "make sure we're not blowing up our most important customers for no reason". It's not nearly as easy as it sounds: defining who's important is hard, and defining what should and shouldn't be allowed is hard, and then implementing that all correctly and avoiding drift over time is tricky too.
Domain names themselves are a loss leader for registrars. They make money by upselling customers on hosting, email, certificates, analytics etc. So if you are just paying a couple dollars a year for a domain name and nothing else, your profile doesn't really matter. You are in the lowest tier of customers.
Lemme use this opportunity for having your attention to suggest some form of collaboration or even a merger with the Godot game engine:
• itch.io users could launch the Godot Web Editor to quickly make prototypes or simple games right on itch
• Publish from the native Godot editor directly to itch.io
• Godot adopts itch.io as the official asset store for art packs etc.
• Introduce social features for devs and artists to collaborate with each other:
• A publisher could choose to add a “Fork” or similar button on their itch.io game page that downloads and opens the project source in Godot. • All "forks" published that way would include a link to the original game's page, and so on.
I think Godot+itch could/should become the Github of Games :)
Did this account violate your ToS or the actual law? While I totally understand where are you coming from and I would probably be forced to do the same, I still tend to believe that closing a fan account is exactly the same thing that your registrar did to you.
It's not optimal, but he must choose between every published game there and one fanpage.
Besides that, there are so many websites with copyright content that never changes the domains, is just the domain registration bad or why they just disabled the domain?
> Take a look who is they registrar and then look their prices up.
So, in case anyone is interested, their registrar is MarkMonitor Inc., with a pricing of "contact us". The only pricing info I could find [0] said that it's 20$/yr for a .com, but with a minimum spend of 10k$ (probably reached by using their other services, such as the stated purpose of monitoring of trademarks).
Smells like tortious interference to me... and likely some form of perjury. I'd probably stop talking to them now that service is restored and get in touch with legal representation.
I wanted to take the time to thank you for the service you provide. itch.io is unvaluable to the indie community, and I'm perplexed when I see some devs complain about issues like this. Thabks for all your work.
For what it's worth, I know Namecheap gets a meh rep, but we've been on the receiving end of several phishing/copyright reports and have responded across the spectrum in terms of time span. We've responded immediately. We've responded with an hour or so to go. In all cases, Namecheap has somehow responded quickly and resolved the issue.
I coincidentally just this past week ran into a major issue with Namecheap on a fraudulent domain marketplace sale that they did not resolve properly or in a timely manner. They deserve their meh reputation. They were decent about a decade ago. Come renewal my domains up for sale are moving to Dynadot. Was considering porkbun but I sense they are heading the namecheap way.
Some of the comments and feedback I'm seeing in the reddit: https://old.reddit.com/r/PorkBun/. But then again I don't have any firsthand experience with these issues, so who knows. Are you having good experiences with Porkbun?
Hey, perhaps you can mediate the impact by providing an alternate way to access the site (IP, alternative domain) and posting it somewhere people will see it (bsky, here, ...)? Realistically , this may take days to resolve.
So it sounds like this was DMCA abuse by Funko, aided and abetted by BrandShield, and it resulted in damages to you. Also sounds like iwantmyname just went along with it, they are probably conditioned to do so by the rules.
I would write up a complaint and send it to the incoming FTC Commissioner. Yes, I'm serious. From the signals Trump is sending if there is ever a time when Republicans may support some form of DMCA reform, it's now. He's on record talking about punishing Big Tech and supporting "Little Tech." You're Little Tech. Send copies of your letter to Funko and BrandShield. Also reach out or at least send a copy to Matt Stoller, the guy who publishes a very popular newsletter about monopoly, anti-trust and corporate abuse in America, he will be interested. Go for the throat.
But the DMCA is the only legal mechanism for demanding swift action from a registrar/hosting party without the involvement of a judge, at least FAFAIK. So if this wasn't a DMCA takedown, then the registrar was acting completely of their own volition and should be liable for all fallout.
No, sadly it's not. These are private companies.. if you write to them and tell them to take a site down for "reasons" and they think the "reasons" are good enough, they'll do it.
Unfortunately "serverHold" goes above registrars. I learned this the hard way. There's a variety of watchdogs that false flag things all the time, and a handful of tld's that will blindly obey these orders. I'm guessing io is one of these. You'll have to escalate it with them, though I was never successful. Good luck.
Unfortunately the domain has a hold placed on it by the registrar, so I believe transferring is disabled. I also wouldn't want to risk doing a transfer at an hour when their staff aren't available to help with the current issue.
> The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this.
I feel like there's also some missing layer of infrastructure here.
itch.io, like a lot of sites (HN being another), is meant to act as a host of user-generated content, over which the site takes a curatorial but not editorial stance. (I.e. the site has a Terms of Use; and has moderators that take things down / prevent things from being posted according to the Terms of Use; but otherwise is not favoring content according to the platform's own beliefs in the way that e.g. a newspaper would. None of the UGC posted "represents the views" of the platform, and there's no UGC that the platform would be particularly sad to see taken down.)
I feel like, for such arms-length-hosted UGC platforms, there should be a mechanism to indicate to these "brand protection" services (and phishing/fraud-detection services, etc) that takedown reports should be directed first-and-foremost at the platform itself. A mechanism to assert "this site doesn't have a vested interest in the content it hosts, and so is perfectly willing to comply with takedown requests pointed at specific content; so please don't try to take down the site itself."
There are UGC-hosting websites that brand-protection services already treat this way (e.g. YouTube, Facebook, etc) — but that's just institutional "human common sense" knowledge held about a few specific sites. I feel like this could be generalized, with a rule these takedown systems can follow, where if there's some indication (in a /.well-known/ entry, for example) that the site is a UGC-host and accepts its own platform-level abuse/takedown reports, then that should be attempted first, before trying to get the site itself taken down.
(Of course, such a rule necessarily cannot be a full short-circuit for the regular host-level takedown logic such systems follow; otherwise pirates, fraudsters, etc would just pretend their one-off phishing domains are UGC platforms. But you could have e.g. a default heuristic that if the takedown system discovers a platform-automated-takedown-request channel, then it'll try that channel and give it an hour to take effect before moving onto the host-level strategy; and if it can be detected from e.g. certificate transparency logs that the current ownership of the host is sufficiently long-lived, then additional leeway could be given, upgrading to a 24-72hr wait before host-takedown triggers.)
So Linode hosts your server, and iwantmyname provides your domain? If they want they can take down your server and your domain? Is there any server provider / domain provider who doesn't hold that kind of power?
Some companies have always been terrible about this. Fan projects involving companies like Nintendo or Take Two Interactive (GTA) are like lawyer bait. Disney has hired lawyers to sue a daycare center that had (clearly unofficial) character art painted on the walls. It's dystopic, but it's the world we live in.
I didn't really expect Funko or 10:10 Games to be like that, but then again I didn't expect anyone would like Funko enough to make a fan page about their dolls.
Other companies allow fans to do pretty much whatever you want with their IP as long as you don't turn it into (too much of) a business. Sega has even hired a fan for their remasters rather than DMCA his project into oblivion.
When companies do this, I interpret this as the company giving a clear message: "don't be a fan of our work or we may apply legal pressure".
It's just so surprisingly tone deaf when things like this are done by companies that exist purely within the goodwill of their customers. Nothing that funko brings to the table has inherent value. If they have any world outlook other than to love their customers as much as they can, then they will fail in a time measured in quarters.
I'm pretty sure Funko used their service in good faith and didn't know it's based on over-aggressive AI bullshit. They're still on the hook for picking a bad company to partner with, but I don't think they intended to take down the entire domain.
I don't see a large message on the Funko site with a profuse apology for taking down Itchio. This indicates to me they fully endorse their action and are not willing to make amends.
Former employer worked a little with Funko and Disney, and it was pretty comparable. I don't see what Funko has to offer other than Licensing IP and strictly enforcing their own. Based on my (limited) experience, I doubt they chose this service by accident.
Just gonna point out that the Nintendo going after fanworks bit is a tad blown out of proportion, especially online. They're definitely known for being way too heavy handed (especially compared to the likes of Sega), but they're not exactly going after every fan project they see on the internet. Large sites whose entire purpose is to host fan games and mods for the Mario, Zelda, Pokemon, etc series have been up for decades without any issues, and most mods and homebrew projects for consoles older than the Wii U or Switch are going fine.
Unless a project is going viral in the media, raking up in a significant amount of money via a paywall or is directly competing with a current game, the chances of it getting shut down are incredibly low.
Nintendo also is responsible for keeping Dolphin off of Steam. Dolphin wanted to get on steam for improved steam deck integration and Valve reached out to Nintendo who said, essentially : Lol fuck no we will ruin your life
The courts have told Nintendo numerous times that they are in the wrong in this behavior and outlook. They have no legal means to keep Dolphin off Steam and it is a matter of judicial record that emulators are not an infringement of your IP on their own. Nintendo doesn't care and openly discusses their intent to make you suffer through lawfare. A just system would smack them down with a vexatious litigant label, but our system gives businesses infinite benefit of the doubt.
You'd think, or hope, but GoDaddy and other actors proved over the years that this is not the case. I think that the kind of site most impacted by an event like this are social sites, where if people leave, they might take their networks with them. But a normal b2c service provider just needs to update their PR and prices and business will be back to usual.
I never understood that urge of people to do "fan pages" (or fan anything, without the permission of the original creator) while at the same time blatantly ripping content.
This kind of impersonation/defamation is one of the edge cases where its good to have a DMCA process. You want to quickly take down something like this and then deal with the slow legal stuff over time.
They have a DMCA process. As far as I know it only helps in a case like this if they sue Funko or the brand management service. Itch is a small indie operation funded by actual commerce, so might not be able to afford it.
That's extremely disappointing from iwantmyname. While I haven't used it, it was always on my mind as a potential registrar when buying a domain. I think I'll have to reconsider.
There's obviously somebody to blame. Somebody getting a legitimate domain taken down for hours should have consequences, if only to make mistakes more expensive for trigger-happy automated "IP protection" services (the only signal they'll probably understand).
The question is just if itch.io has the funding and energy to actually pursue the matter legally, now that it's technically resolved. I couldn't blame them for just changing registrars instead.
From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.