The pattern seems to reveal that CS truly has no concept of risk management whatsoever.
In finance this level of recklessness would get you banned from the industry.
Are companies still using their service?
I mean that’s kind, but the whole point of DMCA safe harbor provisions is that they aren’t in the middle of this. They send along the notice, you file a counter notice, and that’s it for their involvement, yeah? If CrowdStrike wants to press the issue, they go after you, not CloudFlare.
Worse still, the letter is obviously incorrect for a trademark dispute, possibly illegal as a result, and should have never made it to the customer before being reviewed or followed up on by internal staff.
My read was "sorry you guys don't want to do your job so I'll just take my business elsewhere. goodbye."
The brand/rep of crowdstrike is already tarnished. Why let the pain continue via the Barbara Streisand effect?
Not only are they technically incompetent, but now they are also petty. Poor decision making to be honest.
(note: “csc” also owns crowdstrike.sucks and clownstrike.sucks)
They did! They issued $10 Uber Eats Gift Certificates that were revoked minutes later[1]. What, you didn't get to use yours in time?
It was how most people at M$ were referring to them last week.
edit: OMG, I thought it would be obvious I'm kidding. I guess garbage HN comments win garbage HN prizes.
Maybe there will be a supreme court ruling that George Kurtz has to wear a clown nose due to the Krusty precedent?
You mean "genuine trademark infringement".
They literally can block domain names that have their company name or brand in them from being registered (up to 500 variations of their domain).
It's literally like $99/year to place a block. Saves a lot of the hassle of having to deal with parody and phishing sites and trying to take them down.
Just block the domain(s) from being registered in the first place.
My experience with the NameBlock API is that for those $99/year, they'll allow you to automate purchasing all similar domains. But then you have to pay registration fees on all of those domains, too. It's only $10/month per typo domain that you buy, but it sums up really quickly.
There literally is a block on the variations, it works at the Registry level not the registrar level.
https://globalblock.co/included-extensions/
I'm also seeing much higher pricing:
NameBlock is a separate company than GlobalBlock, and covers a different set of TLDs/extensions.
Those domains that are blocked won't be 'parked', someone trying to register the domain that's blocked, it will just say it's not available for registration.
It's very likely that the company you work for uses CSC as it's registered agent in the State of Delaware for administrative purposes (CSC doesn't really do anything other than exist on paper and file annual forms to satisfy legal and compliance requirements necessary for companies to exist in the US).
I wasn't aware they file DMCA requests on behalf of companies... that seems off brand for them.
(After writing the above) turns out CSC has a Online Brand Protection service. https://www.cscdbs.com/en/brand-protection/ I wouldn't be surprised if:
1) Crowdstrike incident takes down internet
2) Crowdstrike files a claim on their cyber insurance policy which includes coverage for brand protection
3) Crowdstrike (or their insurance company) buys some brand protection service, like the one offered by CSC
4) This guy receives a takedown
When I started writing this comment I was intending to defend CSC. But after googling I think CSC's brand protection services are to blame. Seems to be having the opposite effect for Crowdstrike considering they paid to have their brand "protected" and now this guy's site is getting lots of traffic!
Maybe this will give them some empathy for their users who bought their services to protect their infrastructure.
If you spend enough time around VC's it becomes difficult to imagine how this doesn't happen more often. Many times companies grow too quickly for a clearly seasoned veteran of the market to get a chance to take the wheel. Combine this with "nobody ever got fired for purchasing IBM" and you get a perfect storm for taking out the IT infrastructure for an entire culture—all you need is a majoritarian marketshare and you can take out an entire people.
Someone at CrowdStike had to say "Yes, send the takedown for this".
I base this on prior experience working at places which used CSC brand protection (among other services)
Streissand Effect.
That was fun.
https://www.huffpost.com/entry/michael-bloomberg-nyc-domain-...
and what is shown on the page is Cloudflare boilerplate about DMCA, not Crowdstrike.
if Crowdstrike did use the DMCA form as a way of getting attention, that still serves as "notice" of the trademark infringement which Clownstrike has graciously acknowledged receipt of
CSC is a well know high value domain registrar. Similar to MarkMonitor. I'm not surprised CSC does brand protection, also similar to MarkMonitor.
When I was at an employer that became a MarkMonitor customer, we didn't have enough domain business to meet the minimum spend, so we started using the Brand Protection "for free". Sometimes they have a hair trigger, we had our own accessory apps taken down occasionally. ¯\_(ツ)_/¯
Previous registrar was NetworkSolutions, lol; they had a customer service agent get phished, and the phishermen set new NS records for several domains, including ours. Major PITA.
https://udrp.adr.eu/decisions/detail?id=65fab3e46fc02956a010...
Will probably be the first thing I remember when I hear their name.
Your unethical behavior and abuse of the DMCA will be used to punish you. If you succeed in getting ClownStrike taken down, you will be hated even more.
Have fun annihilating your brand, reputation, and customer/industry trust and goodwill.
I’d suggest that choosing a commercial CMS makes you an easy target. Apparently so does choosing Cloudflare.
Basically their strategy is to flood the internet with fake DMCA, targeting everything that isn't seen as positive for the brand.
I 100% ignore their requests, and so far nothing has happened, keep in mind they send millions of it.
The DMCA's copyright provisions apply only to copyrighted content not trademarks.
Cloudflare could have told these clowns to go kick rocks without incurring any liability and could have threatened them with filing fake DMCA claims.
For example: https://www.microsoft.sucks/en-au/microsoft-365
https://www.techspot.com/news/103899-crowdstrike-also-broke-...
"We are the clowns behind clowns, we file baseless DMCAs so you don't have to"
"Just sit back and watch Barbra the clown do all the heavy lifting to destroy what's left of your already tainted brand".
// ==UserScript==
// @name Clownin'
// @namespace Clown Division
// @include *
// @version 0.0.1
// @author AHOHNMYC
// ==/UserScript==
/* This is also parody, like one in https://clownstrike.lol/crowdmad */
[
{'original': 'crowdstrike', 'parody': 'ClownStrike'},
].forEach(clown => {
tw = document.createTreeWalker(document, NodeFilter.SHOW_TEXT, el => el.textContent.toLowerCase().includes(clown['original']));
while(tw.nextNode()) tw.currentNode.textContent = tw.currentNode.textContent.replaceAll(new RegExp(clown['original'], 'ig'), clown['parody'])
});https://en.wikipedia.org/wiki/Google_bombing#Other_search_en...
Trademarks have always applied anything that could reasonably be confused with it. So yes, it is illegal to rhyme trademarks. But trademarks has also long since allowed for parody and other usage that doesn't harm the trademark owner. That's why it's a nonsense request, not because of the rhyming.
Trademarks only apply to _related_ goods and services.
> it is illegal to rhyme trademarks
Not necessarily. The standard is "confusingly similar" or "likelihood of confusion." There are many words and phrases which rhyme incidentally where trademark protection would not apply or where damages would not be granted.
The confusion also has to apply specifically to the brand or the product. If your trademark fails to be associated with either of those things it can be invalidated.
Do you have any real life examples of that?
Actually, the company’s trademarks are from 2017 and he got his name via marriage in 2020.
Still a stupid suit
That is enough proof to conclude that this UDRP thing is deeply unfair and should not exist.
"First come, first served" is much more fair than this "burden of proof falls on the defendant" nonsense.
We'll have to replace ICANN with something better at some point.
I believe it serves that purpose reasonably well.
There are three criteria that ALL have to be met (1. identical or confusingly similar to your trademark, 2. registrant doesn't have a legitimate reason, 3. registered/used in bad faith). In cases where these are met, it's pretty clear that the owner should be losing the domain.
I think it would make sense to add a rule that someone who issues a spurious UDRP request should be required to pay the domain holder some default amount of compensation for the hassle, but overall, I think this is a process that makes the Internet better, not worse.
This does bring up a question though; I've had arp242.net for a long time, and obviously that's not my actual name. Can some company register "arp242" as a trademark and hijack my domain?
In your example, you had that domain well in advance, it's your self-identified pseudonym that predates said mark, and it's actively being used to host your personal website. That seems like a pretty strong defense.
My birth cert, bank accounts, passports etc. are issued in various jurisdictions with various names. I'm not an international man of mystery or tax cheat, but I'm known by various equally legitimate names. It is a bit of a bother when someone around they must all be identical, but there's no crime or deception.
so he didn't much care about it as his email address as he generally used his other domain christian-scipio.de? https://www.christian-scipio.de/contact
Shame on SCIPIO.
> While the Complainant may have 'sailed very close to the wind' in this case [...] the Complainant's conduct in this case does not appear to fall squarely into the realm of any of the above mentioned [Reverse Domain Name Highjacking] circumstances. Therefore, the Panel has decided not to make a finding of RDNH on this occasion. The Panel however cautions the Complainant to only invoke the [Uniform Domain-Name Dispute-Resolution Policy] Policy in the future in circumstances under which the Complainant is able to identify the bases and adduce evidence in respect of all three UDRP Policy grounds.
So yeah, name-n-shame on their leadership such as *checks* CEO Pierre Chaumat and friends. [0]
[0] https://scipio.bio/news/scipio-bioscience-appoints-new-ceo-t...
I have twice found myself defending my IP rights when a business in one case, a government ministry in another, attempted to dispute my right to use the work that they had themselves stolen, wholesale.
Not all ISPs use provisions in the DMCA that let them put the burden back on the claimant. A few do.
In general, if ISPs or CDNs have a free plan, they can't, as bad actors leverage these free plans in bulk.
But ISPs or CDNs that charge actual money to known customers will generally not take down until all legal avenues to keep their client online are exhausted or someone upstream from them blinks which threatens the rest of their customers.
It's not a question of getting what you pay for so much as being sure that everyone using the same provider is paying, and having a discussion with the provider before it happens instead of during. You also need all links to play it this way, or you have to host in a different jurisdiction, which may not be possible for some data/content.
There are ISPs, CDNs, DNS registrars, data center facilities, backbone providers, who don't take down before asking questions, so if you need to be in the USA, find those.
// I have been both a provider refusing to take a client down for nonsense, and a client of those upstream who refused to take us down when our clients were under threat. And yes, when this would happen we spent money rather than cave if the mega corp insisted to go to court, yes the mega corps lost (typically instantly), and yes we donated to EFF.
"It is true that there are a relatively small number of companies that have outsized influence over what is available online," McSherry said. "And that can be really difficult or create a real problem because sometimes they don't have any choice but to sort of overcensor."
"In this case, "there was just big companies using big processes and not being careful," McSherry said. "And that is not acceptable."
https://arstechnica.com/tech-policy/2024/08/parody-site-clow...
If Cloudflair didn't remove the content and the content was infringing they could lose their safe harbor protections [1].
In this case the website is obviously parody. This highlights the problems with DMCA. Fraudulent DMCA requests incur cost but are almost never penalized.
(By valid I mean it correctly follows the requirements in the DMCA, one of them being that it must be for copyright. It does not apply to other kinds of IP, nor does it apply to other violations of the DMCA such as the anti-circumvention provision cough youtube-dl cough)
I wonder what other parody names and altered versions they own…
Sure, they're all equal shades of shitty, but that's a different issue.
You can choose which digital shotgun is strapped to your organizational forehead.
Starts with "Z". Ends in "ero".
http://microsoft.sucks redirect to Microsoft.com and they pay for it.
i didn't know that prince was the same as prince rogers nelson (only vaguely remembered the name prince as a musician from dances at high school), so googled his name:
This is SOP for plenty of purchasers already.
Some orgs just don't have the ability to build processes like that.
However, the total window of time here is small. They registered the domain in late November 2023 and this UDRP was filed in late February 2024. It also sounds like initial contact to try to acquire the domain occurred in early December 2023... so only a couple days after it was registered.
If I was in his position, I would definitely feel the implicit threat of "if you're not willing to provide all the info we're requesting, you lose your domain".
> 2. registrant doesn't have a legitimate reason, 3. registered/used in bad faith
I've read arbitration cases where "The Expert" says (simplifying): "the site is being used for illegal activities, so there's no legitimate use", when no actual court or official institution has declared that the site's content is illegal*. So, you're at the whims of some "Expert's" opinion of what's legitimate, even if it may eventually contradict the actual justice system of your country.
I have very little trust on the competence and fairness of UDRP arbitration.
* And it's not a case where the things are evidently illegal, it's very debatable if they are.
As I understand it, either side can escalate to the justice system in the end.
But please, try starting up Goodle Search or Matflix Streaming and let us know how that went for you.
That being said, I did a quick search on both “goodle” and “matflix” and I didn’t find any trademark wars or articles about them. However, I did find fully functional sites with these names.
Katy Perry v Katie Perry: Singer loses trademark battle
As I mentioned, this will cause some difficulty with people and organisations who assume names are unique and immutable(c.f. [0]), but that's not a legal issue and is no different to someone not coping with any other unusual but allowable circumstance.
[0] https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-...
Try opening a bank account like that. I can guarantee you it's not going to work; they will want to see a passport and proof of address with exactly the same name. I've been rejected by banks just because the utility bill shortened my second middle name to just "P".
This seems true for pretty anything of substance: government, tax, banks, insurance, health care, things like that. I'm not a lawyer and don't know how it works according to the letter of the law, but de-facto, you will have a "legal name".