[gnso-rpm-wg] Article on Combo-squatting study conducted by Georgia Instutute of Technology and Stony Brook University affecting our discussion of Trademark + Industry Terms in the TMCH, Sunrise and Claims (among other RPMs that it may also implicate)

Thu Nov 16 22:23:00 UTC 2017

The numbers appear overstated. After a first pass, I don't see the
complete list of all 268 of the marks they studied (maybe I missed
it), but several (Amazon, Adobe, Delta, Yahoo) still appear to be
dictionary words where it would be false to claim that Mark+Dictionary
word is automatically "bad." Indeed, when you look at table 7 at the
top right of page 11, they classify 86.6% of the so-called
"combosquatting pages" as "Unknown", and only 13.39% as "Malicious".
And of those alleged "malicious" ones, 69.9% were an ambiguous
"trademark abuse" (not phishing, social engineering, or "affiliate
abuse"), which seems likely to yield even more false positives.

Their attempt at detecting "false positives" leaves much to be
desired, i.e. whitelisting only the top 10,000 Alexa domains (see page
4, Alexa list). My company's math.com domain name wouldn't get
white-listed by that standard (and it gets millions of visitors/year).
Neither would school.com. Alexa Top 10,000 sites get enormous traffic
--- many legitimate but lower traffic sites  wouldn't be whitelisted
by their methodology.

Importantly, they didn't seem to use WHOIS or Zone Files in their data
sets (see page 4, section 3.2). i.e. they trumpet the "468 billion DNS
records" (many DNS requests and website visits are generated by bots,
not human beings, these days), but there are perhaps roughly 150
million gTLD domain names for which ICANN makes policy.

And it would seem, by their methodology, that they might even count
defensive registrations by brand owners themselves as "combo
squatting". e.g. if Microsoft owns MicrosoftOffice.com, does that get
accounted for properly? 2.7 million domains divided by 268 marks
equals 10,074 domains/mark, which sounds like a lot, but Microsoft
already owns tens of thousands of domains, according to DomainTools:

https://whois.domaintools.com/microsoft.com

as do many of the other markholders like Google, Yahoo, etc. I hope
those weren't counted improperly.

I think seeing the results by TLD would also be useful (e.g. .TK
domains are free, and openly abused), as well as what effect the
"promos" from new gTLDs has had (e.g. domains under $1/yr), and
whether historic domain tasting might have also accounted for some of
the measurements.

Not saying the problem doesn't exist, as there are lots of bad actors.
But, if it was a "growing threat" as claimed, the evidence would be
directly observable via increased lawsuits, increased UDRP filings,
etc. More important would be to discern whether there is an increase
in the number of bad actors, rather than just measuring things by
domains. e.g. 2.7 million bad actors registering one domain name each
is a lot different than 10 bad actors registering 270,000 bad domains
each. I think the latter situation is to be preferred, from a policy
perspective (i.e. better to have tools to handle the
industrial-cybersquatter, where the incidence of false positives and
collateral damage from policymaking will be lower). Others might
correct me, but it's my sense from media reports that more of the bad
actors have shifted their focus to social media and apps abuse, rather
than domain abuse, to generate traffic (e.g. Facebook, Android apps,
etc.). Due to tools like Chrome "Safebrowing" blacklists, rarely do I
ever actually encounter abusive domains these days.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/