[gnso-rpm-wg] Article on Combo-squatting study conducted by Georgia Instutute of Technology and Stony Brook University affecting our discussion of Trademark + Industry Terms in the TMCH, Sunrise and Claims (among other RPMs that it may also implicate)

George Kirikos icann at leap.com
Thu Nov 16 23:48:42 UTC 2017


P.S. Where the math really starts to break down is if one attempts to
extrapolate this to the larger population of all markholders and marks
worldwide. Remember, this was just 268 *US* ones.  Even "Lego"
wouldn't have been on the list (famous for their voluminous UDRP
filings), since their Alexa rank is around 2647 worldwide, 1,785 in
the USA (see https://www.alexa.com/siteinfo/lego.com ), and thus not
in the top 500. Many of those pharma brands that are famous and see a
lot of cybersquatting aren't in the Alexa top 500 either (I won't name
them, lest they trigger spam warnings).

What % of worldwide marks is 268? Far below 1%. But, let's suppose
that they represent 1% of cybersquatting. Would it be argued that 2.7
million "bad" domains for that subset of 268 marks means that the
number of "bad" domains classified as "combosquatting" must be 100
times 2.7 million, or 270 million? Depending on how one extrapolates,
one might even generate a claimed total abuse (just from
combosquatting, not even counting all the other types of
typosquatting, etc.) that exceeds the actual total number of domain
name registrations quite easily (which is absurd).

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/

On Thu, Nov 16, 2017 at 5:23 PM, George Kirikos <icann at leap.com> wrote:
> The numbers appear overstated. After a first pass, I don't see the
> complete list of all 268 of the marks they studied (maybe I missed
> it), but several (Amazon, Adobe, Delta, Yahoo) still appear to be
> dictionary words where it would be false to claim that Mark+Dictionary
> word is automatically "bad." Indeed, when you look at table 7 at the
> top right of page 11, they classify 86.6% of the so-called
> "combosquatting pages" as "Unknown", and only 13.39% as "Malicious".
> And of those alleged "malicious" ones, 69.9% were an ambiguous
> "trademark abuse" (not phishing, social engineering, or "affiliate
> abuse"), which seems likely to yield even more false positives.
>
> Their attempt at detecting "false positives" leaves much to be
> desired, i.e. whitelisting only the top 10,000 Alexa domains (see page
> 4, Alexa list). My company's math.com domain name wouldn't get
> white-listed by that standard (and it gets millions of visitors/year).
> Neither would school.com. Alexa Top 10,000 sites get enormous traffic
> --- many legitimate but lower traffic sites  wouldn't be whitelisted
> by their methodology.
>
> Importantly, they didn't seem to use WHOIS or Zone Files in their data
> sets (see page 4, section 3.2). i.e. they trumpet the "468 billion DNS
> records" (many DNS requests and website visits are generated by bots,
> not human beings, these days), but there are perhaps roughly 150
> million gTLD domain names for which ICANN makes policy.
>
> And it would seem, by their methodology, that they might even count
> defensive registrations by brand owners themselves as "combo
> squatting". e.g. if Microsoft owns MicrosoftOffice.com, does that get
> accounted for properly? 2.7 million domains divided by 268 marks
> equals 10,074 domains/mark, which sounds like a lot, but Microsoft
> already owns tens of thousands of domains, according to DomainTools:
>
> https://whois.domaintools.com/microsoft.com
>
> as do many of the other markholders like Google, Yahoo, etc. I hope
> those weren't counted improperly.
>
> I think seeing the results by TLD would also be useful (e.g. .TK
> domains are free, and openly abused), as well as what effect the
> "promos" from new gTLDs has had (e.g. domains under $1/yr), and
> whether historic domain tasting might have also accounted for some of
> the measurements.
>
> Not saying the problem doesn't exist, as there are lots of bad actors.
> But, if it was a "growing threat" as claimed, the evidence would be
> directly observable via increased lawsuits, increased UDRP filings,
> etc. More important would be to discern whether there is an increase
> in the number of bad actors, rather than just measuring things by
> domains. e.g. 2.7 million bad actors registering one domain name each
> is a lot different than 10 bad actors registering 270,000 bad domains
> each. I think the latter situation is to be preferred, from a policy
> perspective (i.e. better to have tools to handle the
> industrial-cybersquatter, where the incidence of false positives and
> collateral damage from policymaking will be lower). Others might
> correct me, but it's my sense from media reports that more of the bad
> actors have shifted their focus to social media and apps abuse, rather
> than domain abuse, to generate traffic (e.g. Facebook, Android apps,
> etc.). Due to tools like Chrome "Safebrowing" blacklists, rarely do I
> ever actually encounter abusive domains these days.
>
> Sincerely,
>
> George Kirikos
> 416-588-0269
> http://www.leap.com/


More information about the gnso-rpm-wg mailing list