registrars DMCA, GD, Deepfakes & Responsibilities - Grab a coffee, let's talk

[zotix]

Dear Community,

Yesterday, I experienced a situation where I was surprised. Well, I'm surprised quite often, but in this case, it was something ridiculous, more or less not understandable to me.

A good (female) friend, whom I have known personally since we went to high school together in Germany, wrote to me that someone had created a "Bio" about her, which was obviously completely weird.
The only correct thing was the model name, the city where she had lived previously, that's it. The picture was generated with AI, so she was not even aware of this picture; it was more or less a mixture created, most likely with Stable Defusion Engine. Every detail about her was wrong, starting from DOB to "net worth", which was rediciouls.
Every Model on this page looked like an AI-generated picture; I guess that's the approach this Domain holder is following.
SEO stats of this Domain are pretty good since he is using real Model Names; luckily, in "our" case, it's not her real name but her Artist Name.

She is not doing OF or something like that.

So, I checked WHOIS and discovered that GoDaddy hosts the domain; as some of you know, I have had good experiences with them. I called the Abuse Nr.
The Guy on the line was unaware that this number was redirected to him. He was a salesperson (I know that because of his email signature, he sent the Form to me to get this whole story checked). Well, he couldn't skip the last question, which was quite obvious: "Hey, are you aware of our Domain Discount Club? You have 140 Domains—You can save thousands of Dollars!"
I just said: Please, stop it - not needed, in an amicable way. He was helpful as well, at least in what he could do.

So, long story short: I wrote [email protected] and [email protected]. The answer was Short: They can't put the page Down since it's not hosted on GD. WTF?! SURE!
All the Adult sites, are hosted on DMCA-ignoring Servers, what a surprise!
Even a friend of mine with her real (Artist) Name in the Copy of this Email.
The answer: Go through your Legal Authorities in Germany; we are familiar with the processes.

Sorry, but is this the way someone has to talk to GD? Only via official police Case?
This is the most ridiculous answer I've heard so far from GD.

Instead of asking for help, in terms of Verification of the "real" person and taking action based on that - they want the full procedure with Law Enforcement.

I don't know how to answer something like that because it's just a Joke.
Most of the models on this page are fake. Even people unfamiliar with AI can see that the faces and Bodies are fake.
And the most obvious thing: hands. You can not fake Hands that perfectly with AI, as of now—with SDXL, it's not that easy.


Question(s):

1. Do you have similar situations?
2. How do we proceed with this Puppet theatre?
3. According to EU regulations, GD is responsible for that. How do you see that from a legal POV? Lets put GD to the side, and call it: Registrar XYZ. Can they just put their responsibilities aside?

Best
zotix

 

[DomainNature]

Ok, I grabbed my tea.
Based on my experience fighting with grabbers that copied my work, DMCA is working not against domain names but Hosting providers, you must verify the NS where they point, if the NS belong to Godaddy then they should take action, I used DMCA website to create free DIY DMCA takedowns, most of them worked but not all, some countries do not respect DMCA laws, such ones like Vietnam, China, India and other countries where live most of the lazy grabbers in the world.
In short my cases were for copyright infringement, but here can be other situation.
So the steps are file DMCA PDF on the dmca.com website, free or paid, free is DIY, paid they will do the job for you.
Contact Hosting company with that PDF file and wait them to take action.
P.s. not forget that the real NS can be behind Cloudflare proxy and I m not sure if this can be found where the content is really stored.

 

[forge]

Oolong / Didn't read / Maybe after I've had my coffee

(Who am I kidding?)

 

[E. Silvera]

Dear Community,

Yesterday, I experienced a situation where I was surprised. Well, I'm surprised quite often, but in this case, it was something ridiculous, more or less not understandable to me.

A good (female) friend, whom I have known personally since we went to high school together in Germany, wrote to me that someone had created a "Bio" about her, which was obviously completely weird.
The only correct thing was the model name, the city where she had lived previously, that's it. The picture was generated with AI, so she was not even aware of this picture; it was more or less a mixture created, most likely with Stable Defusion Engine. Every detail about her was wrong, starting from DOB to "net worth", which was rediciouls.
Every Model on this page looked like an AI-generated picture; I guess that's the approach this Domain holder is following.
SEO stats of this Domain are pretty good since he is using real Model Names; luckily, in "our" case, it's not her real name but her Artist Name.

She is not doing OF or something like that.

So, I checked WHOIS and discovered that GoDaddy hosts the domain; as some of you know, I have had good experiences with them. I called the Abuse Nr.
The Guy on the line was unaware that this number was redirected to him. He was a salesperson (I know that because of his email signature, he sent the Form to me to get this whole story checked). Well, he couldn't skip the last question, which was quite obvious: "Hey, are you aware of our Domain Discount Club? You have 140 Domains—You can save thousands of Dollars!"
I just said: Please, stop it - not needed, in an amicable way. He was helpful as well, at least in what he could do.

So, long story short: I wrote [email protected] and [email protected]. The answer was Short: They can't put the page Down since it's not hosted on GD. WTF?! SURE!
All the Adult sites, are hosted on DMCA-ignoring Servers, what a surprise!
Even a friend of mine with her real (Artist) Name in the Copy of this Email.
The answer: Go through your Legal Authorities in Germany; we are familiar with the processes.

Sorry, but is this the way someone has to talk to GD? Only via official police Case?
This is the most ridiculous answer I've heard so far from GD.

Instead of asking for help, in terms of Verification of the "real" person and taking action based on that - they want the full procedure with Law Enforcement.

I don't know how to answer something like that because it's just a Joke.
Most of the models on this page are fake. Even people unfamiliar with AI can see that the faces and Bodies are fake.
And the most obvious thing: hands. You can not fake Hands that perfectly with AI, as of now—with SDXL, it's not that easy.


Question(s):

1. Do you have similar situations?
2. How do we proceed with this Puppet theatre?
3. According to EU regulations, GD is responsible for that. How do you see that from a legal POV? Lets put GD to the side, and call it: Registrar XYZ. Can they just put their responsibilities aside?

Best
zotix

I'm not an expert, but I think there's a technical question to be looked into here: Are you absolutely sure site is hosted by GD? Perhaps site owners are using private nameservers with names (assigned by them) that resemble GD's hosting servers. Maybe you already did, but it's crucial to find out real IP addresses.

 

[cooljub]

I wrote [email protected] and [email protected]. The answer was Short: They can't put the page Down since it's not hosted on GD. WTF?! SURE!

I reported some GD registered domains that are promoting illegal activity, but got the same reply - as the sites aren't hosted on GD then there's nothing they can do.

 

[E. Silvera]

Moreover, @zotix , and most importantly, I believe going to the Police ASAP is vital for your friend. Deepfake has already proven it can literally destroy someone's life. And bad agents/actors behind it are really skilled and powerful. They are difficult to be tackled even by specialists, let alone the rest of us (I can see you do have much technical knowledge, but I would make sure to use all resources available, and German police have an excellent reputation regarding seriousness and efficiency).

 

[E. Silvera]

This is not just copyright, it is Identity theft. A fake bio harms her whole social and professional chances.

 

[jberryhill]

What is it that this website does, exactly? They have pages of fake model bios and.... what?

All the Adult sites, are hosted on DMCA-ignoring Servers

I don't see the relevant of the DMCA here. The "C" stands for copyright. You said:

The only correct thing was the model name, the city where she had lived previously, that's it. The picture was generated with AI, so she was not even aware of this picture; it was more or less a mixture created, most likely with Stable Defusion Engine. Every detail about her was wrong, starting from DOB to "net worth", which was rediciouls.

How does any of that involve a violation of copyright?

If you think she has a "copyright" in her name, then you might consider referring your friend to another lawyer to represent her than yourself, and probably one familiar with any relevant German law. But DMCA complaints are for the misappropriation of copyrighted content - i.e. expressive works of textual, audio or visual authorship, and not for the misuse of distinctive and commercially-valuable names.

What you have described may be a trademark violation, but not involving the domain name. Asking a domain registrar to take down a domain name because there is trademark-infringing content on a page of a site is never going to work. There are, without a doubt, items on eBay, for example, that infringe trademarks. But no registrar is going to tank a domain name over a single website content copyright issue (of which there does not seem to be one here anyway). The domain name is not, at least you described it thus far, infringing anything. The narrow exception to that principle is where the registrar is also providing webhosting, and can act with their webhosting provider hat on, and not their registrar hat.

If you believe the registrar is violating an EU regulation of some kind, then your client might consider taking that violation up with the relevant authority responsible for enforcement of that regulation. Because putting in terms like this:

According to EU regulations, GD is responsible for that. How do you see that from a legal POV? Lets put GD to the side, and call it: Registrar XYZ. Can they just put their responsibilities aside?

...leads me to wonder which regulation you are talking about, and what is the enforcement mechanism for that regulation. I'm a US lawyer, and not directly familiar with any and all relevant EU regulations, and I'd bet that whomever reads emails from randos sent to legal@ or abuse@ isn't either. Did you put them on notice of some responsibility under an identified regulation of some kind? If so, can you provide a link to that regulation or tell us what it says?

But then the next question is "responsible" to whom? Responsible to you? There's a sign on the street outside of a store that says "no parking". If I park there, I might get a notice of violation from someone whose job it is to enforce that rule. I might even get my car booted.

But if I park there anyway to run into the store to get something and someone on the sidewalk says, "You can't park there", I don't owe that person the time of day, and they are in no position to do anything directly about it, other than to alert the actually responsible authorities to the situation. And that seems to be what has been suggested to you.

 

[zotix]

Hello, dear NP-Community,

So, first of all, thank you to all of you for your comments & thoughts.

Ok, I grabbed my tea.
Based on my experience fighting with grabbers that copied my work, DMCA is working not against domain names but Hosting providers, you must verify the NS where they point, if the NS belong to Godaddy then they should take action, I used DMCA website to create free DIY DMCA takedowns, most of them worked but not all, some countries do not respect DMCA laws, such ones like Vietnam, China, India and other countries where live most of the lazy grabbers in the world.
In short my cases were for copyright infringement, but here can be other situation.
So the steps are file DMCA PDF on the dmca.com website, free or paid, free is DIY, paid they will do the job for you.
Contact Hosting company with that PDF file and wait them to take action.
P.s. not forget that the real NS can be behind Cloudflare proxy and I m not sure if this can be found where the content is really stored.

Thanks for introducing this topic. Yes, you are right; NS is hidden behind Cloudflare proxy, to be precise, and I guess this is not against any NP-Rules:

Name Server: ALICE.NS.CLOUDFLARE.COM
Name Server: AMIT.NS.CLOUDFLARE.COM

@cooljub: As I read the comments, especially from Dr. John Berryhil, I understand this strict separation between the Registrar and Hosting Provider.

@E. Silvera: You are also totally right. First, this is not a Copyright Topic but more of an Identity Theft. I hope she will go to the police, but it's still a barrier for her to do that. I mean, this is nothing Germany-specific, but how often do we hear about anything disgusting that happened to women, and they did not go to the police because of shame?
Deepfakes are not Memes anymore, and Pope is wearing a Balenciaga jacket.
It's not only about faking some Documents, etc. - As you said, this can destroy lives.

---

The next chapter of my message is for Dr. John Berryhil @jberryhill

First, thank you for responding to this thread from a lawyer's and former ICANN employee's point of view. I understand your point, and honestly, I expected such an answer in common sense here because Registrars as big as the one I've mentioned would not act like this in a formal Mail pointing out WHY they should act. But well.
So let me (try) appropriately respond to your message since I'm terrible at Legal-related topics (Of., I'm just an Economics Guy).

First Point - Purpose of the Site:
You are right; this page is, at first glance, "just" collecting Bios about Models like an encyclopedia, and the main focus is on the worthiness of those models (Ofc. in net—not gross).
I probably just somehow spoiled the domain name, but probably not.

As I can see, they are also Hiring a Content Writer, Researcher, and Data Analyst (just a filler, what should they analyze? That's probably part of the Content writer, but it fits in the page - so why not),

Editor: Edit articles to guarantee that they are clear, coherent, and compliant with our editorial standards. You should also give writers helpful criticism to enhance their writing. (Note: I paraphrase this role description to ensure that no one can find the page by just copying the description into Google)

Social Media Manager, and last but not least, Graphic Designer/Illustrator. I won't post their descriptions here.

So where do I See the potential "crime," "danger," etc​

1. Starting with the most obvious point: This page spreads false information about my friend and potentially (chances are pretty high) about the other Models. Reusing their picture and faking their Online Presence / Identity.
2. This could also be a showcase for people interested in buying a set of Models for monetization purposes on platforms we all know.
3. Since there are a lot of Models on that page, and this does not look like a 120-140-hour effort to "craft" this page, I assume there are more plans than just showing how much Model XYZ earns (without any evidence, just BS). She would be happy to have this income. But from a "criminal" perspective, it's better to raise the bar for selling this Model-Set as trainable SDXL Data than just writing: She earns her money with a job at Walmart's counter.
4. I hope this will never happen, but that kind of "Business Model" might also be able to put those models (since they know at least their real Instagram Accounts) under pressure or blackmail them. This would be a disaster.

Second / Third Point - DM(C)A / EU Regulations:

Long story short: DMCA is not part of this. I got your points and understand / can distinguish this better now.

I mean, you are 100% aware of this Regulation, but what about GDPR as such for EU citizens? I'm not a lawyer, but it's probably better for the country. GDPR, as such, protects the "[...]personal data, which includes any information that relates to an identifiable person. This broad definition means that if a website is misusing personal data (including generating unauthorized or misleading personal profiles), there could be grounds for a GDPR complaint if the data can be linked to EU citizens."
Source: GD


But yes, in the end, they are not Data controllers or Data processors; that's what you mentioned.
I'm also aware that there are so many Hosting providers who give Space to Fraudulent activities, And at least seven Countries don't give a **** about this at all.

Last but not least, I know what I can't understand:

Is this truly the reality? Are Registrars just out of this chit-chat only because they do not Host anything but provide the Infrastructure to the Fraudulents?
Do women (in those cases) have to go to the police to get an appropriate answer from the Registrars?
If this is true, then I have doubts about the ethical considerations of those so-called "Registrars".
From what I understand, it's more or less a warm welcome and an invitation to commit crime. Catch me if you can.
And with Reverse Proxy and all that technical stuff, they are safe anyway. But I don't wanna go into so many details here since I'm against such practices. I'm still wondering if the barrier to getting those obvious pages down is such a process.


Last part
I believe that Registrars should also be doing their job and at least investigating such cases without just "declining" things. They should probably review their KYC process. Someone acting with this business Model of Deepfakes will also fake the KYC without any doubts.

We hope to have more regulations in the future, more responsibility from all who have touchpoints with that - and more protection for individuals.
For a safer place where we live.

Thanks,

zotix

 

[jberryhill]

former ICANN employee

I'll get back to this, but I've never been employed by ICANN. I have been an officer of one the constituency groups within the ICANN community, and have been on the Nominating Committee and several working groups, but not an employee of ICANN per se.

 

[zotix]

I'll get back to this, but I've never been employed by ICANN. I have been an officer of one the constituency groups within the ICANN community, and have been on the Nominating Committee and several working groups, but not an employee of ICANN per se.

Sorry, I misunderstood on Linkedin. Thanks for the clarification!