Freenom settles $500 million Meta lawsuit and will exit domain business

Facebook has claimed another domain industry scalp. Freenom said this week it has settled the cybersquatting lawsuit filed against it by Meta last year, and that it is getting out of the domain name business.

The registry/registrar said in a brief February 12 statement (pdf) that it will pay Meta an undisclosed sum and has “independently decided to exit the domain name business”.

Just how “independent” that decision was is debatable. The company lost its ICANN registrar accreditation last year and is believed to have lost its government contracts to run the ccTLDs for Equatorial Guinea, Central African Republic, Mali, Gabon, and possibly also Tokelau, its flagship .tk domain.

Meta had claimed in its complaint that Freenom had typosquatted its trademarks thousands of times, including domains such as faceb00k.ga. It sued for 5,000 counts under US anti-cybersquatting law, seeking $100,000 for each infringement, for a cool half-billion bucks in total.

Freenom and its network of co-defendant affiliates said in their defense that Meta had access to an abuse API that allowed it to turn off such domains, but had never used it. It also claimed many of the cited typosquats had already been shut down by the time the suit was filed.

It seems the names in question were likely those registered by abusive third-parties that were reclaimed and monetized by Freenom under its widely criticized free-domains business model, which made its TLDs some of the world’s most-abused.

But the claims on both sides evidently will not be tested at trial. The last court filing, dated late December, showed the two parties were to enter mediation, and Freenom put out the following statement this week:

Freenom today announced it has resolved the lawsuit brought by Meta Platforms, Inc. on confidential monetary and business Terms. Freenom recognizes Meta’s legitimate interest in enforcing its intellectual property rights and protecting its users from fraud and abuse.

Freenom and its related companies have also independently decided to exit the domain name business, including the operation of registries. While Freenom winds down its domain name business, Freenom will treat the Meta family of companies as a trusted notifier and will also implement a block list to address future phishing, DNS abuse, and cybersquatting.

Meta said in its Q4 Adversarial Threat Report this week that the settlement showed its approach to tackling DNS abuse is working.

Freenom’s gTLD domains have been transferred to Gandi. It’s less clear what’s happening to its ccTLD names, though social media chatter this week suggests the company has been giving registrants in affected ccTLDs nine-year renewals at no cost.

Meta given 30 days to stop using Threads trademark

A small UK software firm has given Facebook owner Meta, well known in the domain industry for pursuing cybersquatters, 30 days to stop using the brand name “Threads” or face legal action.

Meta launched a Twitter clone called Threads back in July and quickly gathered over 100 million users (since declining to eight million daily active users), but Threads Software of London says its UK trademark dates back to 2012.

“Threads Software Limited and its lawyers have today (30 October) written to Meta’s Instagram giving it 30 days to stop using the name Threads for their service in the UK. If it does not, Threads Software Limited will seek an injunction from the English Courts,” the company said in a press release (pdf).

The company further claimed that Meta’s lawyers have tried to buy the domain threads.app from it four times this year but were turned down each time. Meta is using threads.net, Threads Software uses threads.cloud.

Threads Software says it operates a service that “captures, transcribes, and organises all of a company’s digital messages (emails and phone calls) into one easily searchable database”.

Managing director John Yardley said in the press release: “We recognise that this is a classic ‘David and Goliath’ battle with Meta. And whilst they may think they can use whatever name they want, that does not give them the right to use the Threads brand name.”

“We want them to stop using the Threads name with immediate effect. If they do not, we will seek an injunction from the UK courts,” he added.

The irony here is of course that Meta owns some of the most-cybersquatted brands out there and is one of the most litigious enforcers of its intellectual property.

Is this why WhatsApp hates some TLDs but not others?

Developers of major pieces of internet software, including the world’s most-popular messaging app, may be relying on seriously outdated lists of top-level domains.

That’s the picture that seems to be emerging from one new gTLD operator’s quest to discover why WhatsApp doesn’t recognize its TLD, and many others including major dot-brands, as valid.

And ICANN isn’t interested in helping, despite its declared focus on Universal Acceptance, the CEO of this registry claims.

When most social media apps detect the user has inputted a URL or domain name, they automatically “linkify” it so it can be easily clicked or tapped without the need for copy/paste.

But when Rami Schwartz of new gTLD .tube discovered that .tube URLs sent via WhatsApp, said to have two billion users, were not being linkified, despite the TLD being delegated by ICANN almost eight years ago, he set out to find out why.

Schwartz compiled a spreadsheet (.xlsx) listing which gTLDs are recognized by WhatsApp and which are not and discovered a rough cut-off point in November 2015. TLDs delegated before then are linkified, those delegated after were not.

According to my database, 468 TLDs have been delegated since December 2015, though not all are still in the root. That’s about a third of all TLDs.

This means that, for example, .microsoft domains linkify but .amazon and .apple domains do not; .asia domains linkify but .africa and .arab domains do not; .london works but .abudhabi doesn’t. Even .verisign missed the cut-off.

If WhatsApp users include a “www.” or “http://” then the app will linkify the domain, even if the specified TLD does not exist.

During the course of a discussion on the web site of the Public Suffix List — which maintains an open-source list of all TLDs and the levels at which names may be registered — it was discovered that the problem may be deeper rooted than the WhatsApp app.

It turns out a library in the Android operating system contains a hard-coded list of valid TLDs which hasn’t been updated since November 24, 2015.

Any app relying on Android to validate TLDs may therefore be susceptible to the same problem — any TLD younger than seven years won’t validate. Schwartz tells us he’s experienced the same issues with the Facebook app on Android devices.

The problem is of particular concern to Schwartz because he’s been planning to market .tube as a form of link-shortening service, and without full support among the most popular messaging apps such a service would be much less attractive.

“I can’t launch this now if it’s not going to work in WhatsApp, if it’s not going to work in Facebook,” he said.

While engineers from Facebook/WhatsApp parent Meta now seem to be looking into the problem, Schwartz says his complaints fell on deaf ears for a long time.

He additionally claims that “ICANN doesn’t really care about universal acceptance” and his attempts to get the Org to pay attention to the problem have been brushed off, despite ICANN making Universal Acceptance one of its key priorities.

Schwartz says ICANN is much more interested in UA when it comes to internationalized domain names (those in non-Latin scripts, such as Arabic or Chinese) and not the technical issues that underpin the functionality of all TLDs.

“I’ve no idea why ICANN makes the decisions it makes, but I think it has to do with inclusion, I think it has to do with diversity, I think it has to do with a lot of things — not technical,” he said. “But this is a technical issue.”

ICANN maintains a set of UA technical resources on its web site and supports the work of the independent Universal Acceptance Steering Group.

Facebook sues free domains registry for cybersquatting

Facebook parent Meta has sued Freenom, the registry behind multiple free-to-register ccTLDs including .tk, claiming the company engages in cybersquatting.

Meta alleges that Freenom infringes its Facebook, Instagram and WhatsApp trademarks over 5,000 domain names in the TLDs it operates.

While best-known for Tokelau’s .tk, which had almost 25 million registrations when Verisign stopped counting them a year ago, Freenom also operates .gq for Equatorial Guinea, .cf for the Central African Republic, .ml for Mali, and .ga for Gabon.

Apart from some reserved “premiums”, the company gives domains away for free then monetizes, with parking, residual traffic when the domains expire or, one suspects more commonly, are suspended for engaging in abuse.

Naturally enough, it therefore has registered, to itself, a great many domains previously used for phishing.

Meta lists these names as examples of infringers: faceb00k.ga, fb-lnstagram.cf, facebook-applogin.ga, instagrams-help.cf, instaqram.ml, chat-whatsaap.gq, chat-whatsaap-com.tk, and supportservice-lnstagram.cf, though these do not appear to be monetized right now.

It accuses the registry of cybersquatting, phishing and trademark infringement and seeks over half a billion dollars in damages (at $100,000 domain).

Today, Freenom is not accepting new registrations, but it’s blaming “technical issues” and says it hopes to resume operations “shortly”.

Facebook is one of the most prolific and aggressive enforcers of its trademarks in the domain space, having previously sued OnlineNIC, Namecheap and Web.com. OnlineNIC had to shut up shop due to its lawsuit.

(Via Krebs on Security)

Verisign saw MASSIVE query spike during Facebook outage

Verisign’s .com and .net name servers saw a huge spike in queries when Facebook went offline for hours last October, Verisign said this week.

Queries for facebook.com, instagram.com, and whatsapp.net peaked at over 900,000 per second during the outage, up from a normal rate of 7,000 per second, a more than 100x increase, the company said in a blog post.

The widely publicized Facebook outage was caused by its IP addresses, including the IP addresses of its DNS servers, being accidentally withdrawn from routing tables. At first it looked to outside observers like a DNS failure.

When computers worldwide failed to find Facebook on their recursive name servers, they went up the hierarchy to Verisign’s .com and .net servers to find out where they’d gone, which led to the spike in traffic to those zones.

Traffic from DNS resolver networks run by Google and Cloudflare grew by 7,000x and 2,000x respectively during the outage, Verisign said.

The company also revealed that the failure of .club and .hsbc TLDs a few days later had a similar effect on the DNS root servers that Verisign operates.

Queries for the two TLDs at the root went up 45x, from 80 to 3,700 queries per second, Verisign said.

While the company said its systems were not overloaded, it subtly criticized DNS resolver networks such as Google and Cloudflare for “unnecessarily aggressive” query-spamming, writing:

We believe it is important for the security, stability and resiliency of the internet’s DNS infrastructure that the implementers of recursive resolvers and public DNS services carefully consider how their systems behave in circumstances where none of a domain name’s authoritative name servers are providing responses, yet the parent zones are providing proper referrals. We feel it is difficult to rationalize the patterns that we are currently observing, such as hundreds of queries per second from individual recursive resolver sources. The global DNS would be better served by more appropriate rate limiting, and algorithms such as exponential backoff, to address these types of cases

Verisign said it is proposing updates to internet standards to address this problem.

If you guessed Facebook’s “Meta” rebrand, you’re probably still a cybersquatter

Guessing that Facebook was about to rebrand its corporate parent “Meta” and registering some domain names before the name was officially announced does not mean you’re not a cybersquatter.

Donuts this week reported that its top-trending keyword across its portfolio of hundreds of TLDs was “meta” in October. The word was a new entry on its monthly league table.

We’re almost certainly going to see the same thing when Verisign next reports its monthly .com keyword trends.

The sudden interest in the term comes due to Facebook’s October 28 announcement that it was calling its company Meta as part of a new focus on “metaverse” initiatives.

The announcement was heavily trailed following an October 19 scoop in The Verge, with lots of speculation about what the name change could be.

Many guessed correctly, no doubt leading to the surge in related domain name registrations.

Unfortunately for these registrants, Facebook is one of the most aggressive enforcers of its trademark out there, and it’s pretty much guaranteed that Meta-related UDRP cases will start to appear before long.

While Facebook’s “Meta” trademark was only applied for in the US on October 28, the same date as the branding announcement, the company is still on pretty safe ground, according to UDRP precedent, regardless of whether the domain was registered before Facebook officially announced the switch.

WIPO guidelines dating back to 2005 make it clear that panelist can find that a domain was registered in bad faith. The latest version of the guidelines, from 2017, read:

in certain limited circumstances where the facts of the case establish that the respondent’s intent in registering the domain name was to unfairly capitalize on the complainant’s nascent (typically as yet unregistered) trademark rights, panels have been prepared to find that the respondent has acted in bad faith.

Such scenarios include registration of a domain name: (i) shortly before or after announcement of a corporate merger, (ii) further to the respondent’s insider knowledge (e.g., a former employee), (iii) further to significant media attention (e.g., in connection with a product launch or prominent event), or (iv) following the complainant’s filing of a trademark application.

Precedent for this cited by WIPO dates back to 2002.

So, if you’re somebody who registered a “meta” name after October 19, the lawyers have had your number for the better part of two decades, and Facebook has a pretty good case against you. If your name contains strings such as “login” or similar, Facebook’s case for bad faith is even stronger.

Of course, “meta” is a dictionary word, and “metaverse” is a term Facebook stole from science fiction author Neal Stephenson, so there are likely thousands of non-infringing domains, dating back decades, containing the string.

That doesn’t mean Facebook won’t sic the lawyers on them anyway, but at least they’ll have a defense.

Facebook rebrand: did one new gTLD or domainer just hit the jackpot?

Facebook is reportedly just days away from unveiling a major corporate rebranding, which will raise only one question in the minds of DI readers: what domain is it going to use?

Citing an unnamed source, The Verge is scooping that a name change is coming in the next week or so “to reflect its focus on building the metaverse”.

The article suggests that we’re looking at a new parent company, with a new umbrella brand, for services including Facebook, Instagram, WhatsApp and Oculus, along the same lines as Google’s reorganization under the Alphabet monicker a few years back.

You’ll recall that Alphabet famously chose abc.xyz as its domain, giving a huge early boost to marketing efforts at XYZ.com’s .xyz registry.

Could a different TLD registry get a similar leg-up from a new Facebook identity?

If the company has chosen a dictionary word for its brand, we’re looking at either something in a new gTLD, or a .com that would likely have to have been purchased from a domain investor.

If the domain has been bought on the secondary market, it almost certainly would have been acquired via a pseudonymous proxy, to avoid price gouging and to keep the name a secret.

Other options are that Facebook has come up with some fanciful neologism and bought the domain at reg price, or has selected a brand from a domain already in its portfolio.

The Verge expects a revelation by the company’s Connect conference October 28, but says it could come sooner.

As judge freezes assets, is this OnlineNic domain portfolio really worth $70,000?

A California court has frozen the assets of beleaguered Chinese/American registrar OnlineNic, at the behest of Facebook, which is suing the company for alleged cybersquatting.

The judge in the case Friday mostly granted Facebook’s request for a temporary restraining order, banning OnlineNic from transferring money or domains out of the country.

It had discovered that the registrar had started transferring domains it has registered in its own name — about 600 of them — out of the country, to China-based Ename.

OnlineNic had told the court it could no longer afford to defend the case, and that it would shut up shop July 26.

Following Facebook’s request for a TRO, the registrar said it was merely moving the names to Ename so it could use its secondary market platform to raise $70,000 of the $75,000 needed to pay the so-called “Special Master”.

This is a court-appointed agent who had conducted a review of OnlineNic’s ticketing system records and found the company had deleted or obfuscated huge chunks of potential evidence.

OnlineNic has now told the court that it’s found a potential buyer, willing to pay $70,000 for the names in question.

This is the portfolio (pdf).

I’m no domain broker — I’m not even a domain investor — but even I have to wonder who would pay $70,000, or about $120 per name, for this junk. By sight alone, hardly any of them seem to be worth the base reg fee.

I’m guessing they’re dropped domains with traffic and/or the opportunity of selling them back to a forgetful original registrant.

Facebook’s war on privacy claims first registrar scalp

China’s oldest accredited registrar says it will shut up shop permanently next week after being sued into the ground by Facebook, apparently the first victim of the social media giant’s war against Whois privacy.

Facebook sued OnlineNIC in 2019 alleging widespread cybersquatting of its brands. The complaint cited 20 domains containing the Facebook or Instagram trademarks and asserted that the registrar, and not a customer, was the true registrant.

The complaint named ID Shield, apparently OnlineNIC’s Hong Kong-based Whois privacy service, as a defendant and was amended in March this year to add as a defendant 35.cn, another registrar that Facebook says is an alter ego of OnlineNic.

The amended complaint listed an addition 15 squatted domains, for 35 in total.

This week, OnlineNIC director Carrie Yu (aka Carrie Arden aka Yu Hongxia), told the court:

Defendants do not have the financial resources to continue to defend the instant litigation, and accordingly no longer intend to mount a defense. Defendants do not intend to file any oppositions to any pending filing… Subject to any requirements of ICANN, Defendants intend to cease business operations on July 26, 2021.

But Facebook reckons the registrar is about to do a runner to avoid paying almost $75,000 in court fees already incurred and avoid the jurisdiction of the California court where the case is being heard.

Facebook had asked for $3.5 million in penalties in a proposed judgment and OnlineNIC had not opposed.

While it presents itself as American, it appears that OnlineNIC is little more than a shell in the US.

Its official headquarters are little more than a lock-up garage surrounded by builders’ merchants in a grim, windowless facility just off the interstate near Oakland, California.

Its true base appears to be a business park in Xiamen, China, where 35.cn/35.com operates. The company has boasted in the past of being China’s first and oldest ICANN-accredited registrar, getting its foot in the door when the floodgates opened in 1999.

Facebook is now asking the court for a temporary restraining order freezing the defendants’ financial and domain assets, and for a domain broker to be appointed to liquidate its domain portfolio.

If you’re a legit OnlineNIC customer, you might be about to find yourself in a world of hurt.

OnlineNIC had just over 624,000 gTLD domains under management at the last count. 35.cn had another 200,000.

The lawsuit is one of three Facebook is currently fighting against registrars, one prong of its strategy to pressure the ICANN community to open up Whois records rendered private by EU law and consequent ICANN policy.

OnlineNIC is the low-hanging fruit of the trio and the first to be sued. It already faced cybersquatting cases filed by Verizon, Yahoo and Microsoft in 2009. The Verizon case came with a $33 million judgment.

Facebook has also sued the rather less shady registrars Namecheap and Web.com (now Newfold Digital) on similar grounds.

Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit

Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.

The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.

While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.

Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.

But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.

While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.

Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.

It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.

Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.

One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.

The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.

Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.

Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.

Here’s the complaint (pdf).