Have you hugged your WHOIS privacy provider today?

[Rob Monster]

Many registrars provide WHOIS privacy services. I won't name ours because that would be promotional, strictly forbidden by Namepros moderators and severely punished! However, I do simply want to acknowledge that running a compliant WHOIS privacy proxy services in 2019 is a bunch of work, especially if a UDRP action is involved. This case reveals a changing tone on privacy.

I am attaching a procedural document from a WIPO panelist who is giving me a hard time in a case where the respondent asked me to dump their domain. It now happens routinely that a complainant's counsel won't simply accept the domain name, but rather will turn the matter into a drawn-out case with multiple interrogatories, wasting everyone's time for a domain that the complainant would prefer to hand over.

In this particular case, the registrant had previously advised us that he was not interested in defending a UDRP on his domains, which in this case was one domain in a large portfolio of .CO domains. So, in the interest of pragmatism, we sought to settle the matter. In the process, we would save the complainant some fees. Win-win and less work in the end. So, did that work out? Nope!

WHOIS privacy compliance is getting harder and harder. The active discussions at ICANN, including this week in Montreal, further reinforce the direction that Law Enforcement and Regulatory authorities want, which is to be able to pierce the privacy veil whenever they darned well please. I have an issue with that and have stated my position without equivocation in the ICANN Registrar Stakeholder Group.

Nevertheless, the policy changes with RDAP march forward, and it is rapidly approaching a foregone conclusion that a pillar of online privacy is being toppled right now in the closing months of 2019.

Our WHOIS privacy service which shall not be named is in fact an ICANN compliant WHOIS privacy proxy. It is a separate legal entity set up for the express purpose of serving as an ownership proxy for the registrant. From a legal perspective, the WHOIS privacy proxy is the registrant's agent.

All this said, I have been unequivocal that at Epik we do not protect people who are engaged in criminality. If there is a court order, we comply. Beyond that, we have openly stated that known criminality is not operating in a protected class at Epik. The job of discernment is not an easy one but it is comes with the territory. So, make sure to hug your WHOIS privacy provider. They have your back more than you know!

 

[NamesMax]

use your cell number
and block unwanted calls
in blocking the caller
on the phone itself

I did this with the main reason I moved to privacy...Indian website companies.

 

[trelgor]

ICA memberships are not priced effectively.

 

[Rob Monster]

After having just transferred some names out from registrars that required privacy be disabled before transfer, I have a newfound appreciation for Anonymize. I dropcatched a name once and then (thought I) had to spring for an extra ~$9 for privacy. I know I'm not the only one. And I'm sure there are plenty of folks paying yearly for privacy at registrars with their renewals. So much money wasted. I'm glad Rob has 1) created the service, and 2) made it known.

Folks are free to air their frustrations regarding the promotional tilt to Rob's posts, but it's plain to see that he and his team are doing a lot for our community, and for the Internet as a whole ...and in this case, Anonymize is free. Worth a thread imo.

And even the paid-for services Rob mentions in his posts/threads are very worthwhile. It seems like a large number of new threads created by NP members these days lack value to the community. Folks try to inflate their new niche idea or some other shtick. Many threads appear to be dopamine-driven from the rush of fresh regs and a few visits on their landers; nothing of substance. Rob's solutions are real, and like him or not, his threads are among the most interesting and worthwhile on these boards.

Thanks for making privacy free, Rob.

Well, let's just make one thing clear:

- Setting up WHOIS privacy is not hard.

- Making WHOIS privacy is not hard.

- Protecting privacy in the face of extrajudicial inquiry from bullies and thugs is what is hard.

We do all 3 -- and that is what is hard and worth demanding of your WHOIS privacy provider.

We also have to apply ongoing intelligence because the apparatus and practices being used to pierce the privacy veil are constantly evolving as we have seen recently with RDAP and WIPO.

I am thankful for anyone who can provide ongoing reconnaissance in these matters since we prefer to not by blindsided by these ongoing changes in tactics by those who believe the right to privacy is illusory.

 

[Name Trader]

One very important feature would be to somehow verify the identity of the complainant as the legitimate TM holder (I don't see how this could be done without manual/analogue involvement by the Ombudsman or someone else). Because after a while, the process could and likely would be a serious target of phishers trying to steal domains!

EDIT .. It should be to identify who they say they are .. as obviously the legitimacy is what's in question here.

Also, as part of (B), a checklist the complainant would need to tick indicating they are taking this action because they feel each of the 3 equivalent of the UDRP requirements have been breached. Basically they're being required to check all 3 would be a filtration process eliminating a lot of random uninformed complaints.

(D) I like the concept of a potential pre-UDRP compromise, but I'm hesitant to bring money into play here. It kinda takes away from getting to the fundamental truth of the matter.

Maybe have a section for "additional comments", where as part of the form, the instructions for that section could include "Suggested comments include: 1) Proposed compensation 2) etc ...". Even then .. the process should be about if the complainant legitimately has the right to the domain or not .. if they do, then they should ultimately get the domain .. if not, then they need to buy the domain outside of the process if they want it.

Maybe have a money field only if less than all 3 requirements have been checked .. although in that case it's effectively a domain sale if you ask me. lol

I think the complainant should also state the authority where the trademark is registered. So that it can be looked up by the registrant. I hope this suggestion could be considered.

 

[MasterOfMyDomains]

Thanks Rob

 

[capybara]

As for this being risky, I don't see it that way.

I am not familiar with the procedure enough to comment any of it. But I can see that it has statements like "...registrar failed with the obligations...". If these are true, it can be used further to give Epik more trouble, including PR trouble and legal trouble.

 

[capybara]

The point is that if the registrant's instructions are to not to defend UDRP names, it is faster and cheaper for everyone to just solve it.

I don't think "getting the name" is a solution the complainants seek in such cases. They rather want to get the person. And the lawyers are the ones who would never be interested in "just solving it", they have some hours of their work that is going to be paid, why would they give up on that? So the registrar getting in the way of lawyers trying to get the person is not solving the issue. They may start attacking you instead.

 

[frank-germany]

Many registrars provide WHOIS privacy services. Epik provides such a service. I won't name ours because that would be promotional, strictly forbidden by Namepros moderators and severely punished! ...Our WHOIS privacy service which shall not be named is in fact an ICANN compliant WHOIS privacy proxy.

good you didn't mention epiks whois service multiple times
which by the way was enoying to me
as I had to switch it manually off for every domain

 

[frank-germany]

Be thankful you have the choice to "switch it." By the tone of the OP that right, or choice, may not be around forever.

I want my customers to find me
how about you?

 

[frank-germany]

I hope this sorts out without too much pain for you, Epik or the client. As I said your heart is in right place, mind too, but do what is best for Epik.
Bob

I don't doubt that he will do so, Bob

 

[frank-germany]

I 'm absolutely sick of this epik promotion

 

[Rob Monster]

I 'm absolutely sick of this epik promotion

Thanks Frank. Sorry about that.

Some more lemonade for you:



Seriously you don't think it is useful to know that WHOIS privacy is being beaten into non-existence?

 

[Lox]

There's no warranty! WHOIS protection services protects your right to privacy to the greatest extent possible. And! You agree to remain entirely responsible for maintaining the confidentiality of your Whois and you will not hold service provider or any of its related entities liable for ... possible leaks.

 

[Ategy]

Actually .. a triple purpose requirement, could be for a $10 fee.

1) It could help in part in assuring who the complainant is.
2) It could filter out a significant portion of the riffraff (volume phishers).
3) It would cover the cost of registration until the next renewal, which ultimately I think is the only compensation that should really be offered if the domain holder is indeed in violation. (And they should be lucky to even get that if they truly are violators)

The fee could be refunded if the parties don't come to an agreement. Although I guess the two-way processing would bite into that amount significantly if not completely.


Sigh .. I seem to be making it more complicated when the point was for it to be easy ... but I'm just really scared for potential abuse, both by the complainants .. and by potential phishers.

 

[Ategy]

If the registrant doesn't want to defend the case, why didn't you just hand over the domain instead of demanding $500 as stated in the document?

No .. @Rob Monster (for the Domain Owner) was the one offering $500 to cover their costs.
(Or at least I'm pretty sure .. looking at the email, I'll agree it absolutely could have been interpreted either way .. and might be the reason they said no? lol .. although I doubt it).

Depending on the TM holder, they often do not want to settle if they lots of people infringing on their trademarks because they want to send a message.

In the case where it's one domainer with only one domain among many that is infracting, then it's a bit overkill .. but there most definitely are domainers who target Trademarks and who have hundreds of domains that infringe on trademarks. I suppose with the privacy up, since they can't tell either way, they decided to go ahead with the legal action.

It's important to note that while $2000-$5000 is a large some of money for most of us, big corporations place huge value on their brands, and have significant budgets to defend their intellectual property. If they always settled, then it would just lead to more and more abusers. Much in the same way most governments don't pay ransoms for kidnappings .. because while paying would save one person, it would also trigger 100 more because the kidnappers know either they'll get paid, or get away with it.

 

[Embrand]

No .. @Rob Monster (for the Domain Owner) was the one offering $500 to cover their costs.
(Or at least I'm pretty sure .. looking at the email, I'll agree it absolutely could have been interpreted either way .. and might be the reason they said no? lol .. although I doubt it).

Depending on the TM holder, they often do not want to settle if they lots of people infringing on their trademarks because they want to send a message.

In the case where it's one domainer with only one domain among many that is infracting, then it's a bit overkill .. but there most definitely are domainers who target Trademarks and who have hundreds of domains that infringe on trademarks. I suppose with the privacy up, since they can't tell either way, they decided to go ahead with the legal action.

It's important to note that while $2000-$5000 is a large some of money for most of us, big corporations place huge value on their brands, and have significant budgets to defend their intellectual property. If they always settled, then it would just lead to more and more abusers. Much in the same way most governments don't pay ransoms for kidnappings .. because while paying would save one person, it would also trigger 100 more because the kidnappers know either they'll get paid, or get away with it.

So we are talking about either a bribe or extortion. Why mention money at all?

 

[Ategy]

I suppose because the trademark holder did incur some costs, legal fees (lawyers aren't free), etc. So the domain holder offered the money because they wanted the claim to end and not need to reveal his identity .. (or potentially lose other domains).

I agree, I would not have mentioned money myself as it makes it look like he's trying to hide something, you'll have to ask @Rob Monster why the domain owner made that move.

Or maybe you're right and the domain owner was asking $500, because maybe the domain owner felt there was wiggle room for interpretation in the trademark pertaining to if it indeed give rights to the particular domain, and thus felt $500 was a fair win/win compromise. Best to wait and ask Rob.

ADDED: It should be noted, that bullying complainants who try to wrongfully steal domains that domainers legally have right to, often offer "compensation" for the time and registration fees of the domainer. Usually a fraction of the real value of the domain.

 

[NicTraders]

What a mess .. the lack of informing you of a panellist being chosen is an important point.

I'm not sure how far you're going to get saying the proxy service owns the domain. I certainly do understand where you're coming from, but ultimately it is a proxy, and it should be the registrant who makes (or confirms) every significant decision, so ultimately I don't see how that person could be anyone but the person "responsible" for the responses, aka the registrant/domainer (even if it is via the proxy, aka you).

I think in this case Rob is saying the proxy service DOES own the domain because the previous registrant gave up the domain. Thus the proxy service is now the actual registrant. I know it's semantics, but it's important semantics in terms of the potential result of this case. It's a messy one for sure - basically there was a different registrant when the case started than there is now!...

 

[Rob Monster]

I think in this case Rob is saying the proxy service DOES own the domain because the previous registrant gave up the domain. Thus the proxy service is now the actual registrant. I know it's semantics, but it's important semantics in terms of the potential result of this case. It's a messy one for sure - basically there was a different registrant when the case started than there is now!...

Not quite. The legal registrant in this case was always the privacy proxy. It is not messy. Anonymize.com can and does own domains. It is legally separate from the registrar, Epik, Inc (IANA 617).

 

[NicTraders]

Not quite. The legal registrant in this case was always the privacy proxy. It is not messy. Anonymize.com can and does own domains. It is legally separate from the registrar, Epik, Inc (IANA 617).

Ah, fair enough. So, is Anonymize the legal registrant of my domains when I have privacy turned on? Or was this a special case?...

 

[dande]

Dear Rob,

What is .o doing in your registrar? Can you explain the reasons and purpose of adding it in your list?

I have just been deceived into registering it, thinking it was ICANN approved extention, only to read your disclaimer email thereafter.

I am a notice to the .O extention. Please, kindly explain.

Yours sincerely,
Dan.

 

[dande]

^^I mean *novice not notice.^^

Pls I may be wrong. Kindly explain sir.

 

[trelgor]

When privacy proxy is turned on, the privacy proxy entity is the legal registrant of the domain according to the WHOIS record. Per ICANN, the registrant must be a natural person or a valid legal entity.

Interesting to know. Thanks.

So. What is the legal use of a proxy service legal registrant? The registrant is still the registrant, and it is the registrant that is bound by the requirements of the registration, should a dispute arise, right? And the registrar is bound by regulations to relay any dispute notice to the registrant. Am I missing something?

 

[trelgor]

I didn’t know proxies could be respondents. Thanks.

 

[Rob Monster]

My point is more simply put a privacy proxy service should not ever have to disclose the registrant for UDRP but rather forward the notice to them. I see nothing to be gained by forcing the deanonimization of the domain owner. I'm happy to see a registrar and proxy service that stands up for its customers.

I fully understand your customers choice in this matter as I myself have several domains that are only worth 1-2k and I got so cheap that I could not justify the expense of defending a UDRP against them.

Yes, you nailed the issue.

And our compliance team did submit a response to WIPO today.