[gnso-rpm-wg] Article on Combo-squatting study conducted by Georgia Instutute of Technology and Stony Brook University affecting our discussion of Trademark + Industry Terms in the TMCH, Sunrise and Claims (among other RPMs that it may also implicate)
icannlists
icannlists at winston.com
Fri Nov 17 16:21:29 UTC 2017
Hi Paul,
I’m not sure that it is of little significance other than to confirm there is a problem, but the important point is that it does confirm there is a problem and I am happy to see you confirming too. The report might be helpful in assisting us in fashioning fixes, but it is up to this group to come up with something that is appropriate for the ICANN ecosystem, so we can lean on the report, but not to the exclusion of all the other good ideas we come up with. Thanks for taking the time to respond to my initial post!
As far as the basis for jurisprudence, I guess mine is multi-faceted with some of the components being the protection of the rights of those presumed innocent and also protection of the innocent from known harms. In other words, we can presume the innocence at the start of the trial for the person who got the ticket for allegedly running the stop sign, but that doesn’t prohibit us from putting up the stop signs in the first place.
Thanks for taking the time to respond to my initial post! I’m looking forward to working with you and others toward a constructive way to address the problem identified in the Georgia Tech study.
Best,
Paul
From: Paul Keating [mailto:paul at law.es]
Sent: Friday, November 17, 2017 7:56 AM
To: icannlists <icannlists at winston.com>
Cc: George Kirikos <icann at leap.com>; gnso-rpm-wg <gnso-rpm-wg at icann.org>
Subject: Re: [gnso-rpm-wg] Article on Combo-squatting study conducted by Georgia Instutute of Technology and Stony Brook University affecting our discussion of Trademark + Industry Terms in the TMCH, Sunrise and Claims (among other RPMs that it may also implicate)
Paul
I am not sure what your basis of jurisprudence is but where i come from the law is intended to protect the rights of those presumed innocent. I have never seen any credible system of jurisprudence that elevates efficiency over such rights. Nor have i seen one that is built around a presumption of badness.
I for one will not support a system with known problems simply because the majority of cases brought concern abuse or clearly offensive conduct.
Thus, the report is of little significance other than to confirm that there is a problem. The issue of what system is used to address the problem or what rules are used remains to be seen.
Paul
Sent from my iPad
On 17 Nov 2017, at 14:30, icannlists <icannlists at winston.com<mailto:icannlists at winston.com>> wrote:
Hi George,
You raise a fair point. With just 268 US based marks examined, the abuse is beyond rampant. If we are to extrapolate to other well-known marks, for example the excellent examples you mention - pharma, childrens toys, the abuse moves from beyond rampant to just plain old staggering, even without assuming (as you did in your note) of a 1 to 1 ration of abuse between the 268 noted examples and the remaining marks in the world.
Unfortunately for the abusers in the domain name industry, it will not be possible to un-shine the light that the Georgia Tech study has shown on them. It is up to all of us to deal with the head on. Glad to see you joining in that effort!!
Best,
Paul
-----Original Message-----
From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces at icann.org] On Behalf Of George Kirikos
Sent: Thursday, November 16, 2017 5:49 PM
To: gnso-rpm-wg <gnso-rpm-wg at icann.org<mailto:gnso-rpm-wg at icann.org>>
Subject: Re: [gnso-rpm-wg] Article on Combo-squatting study conducted by Georgia Instutute of Technology and Stony Brook University affecting our discussion of Trademark + Industry Terms in the TMCH, Sunrise and Claims (among other RPMs that it may also implicate)
P.S. Where the math really starts to break down is if one attempts to extrapolate this to the larger population of all markholders and marks worldwide. Remember, this was just 268 *US* ones. Even "Lego"
wouldn't have been on the list (famous for their voluminous UDRP filings), since their Alexa rank is around 2647 worldwide, 1,785 in the USA (see https://www.alexa.com/siteinfo/lego.com ), and thus not in the top 500. Many of those pharma brands that are famous and see a lot of cybersquatting aren't in the Alexa top 500 either (I won't name them, lest they trigger spam warnings).
What % of worldwide marks is 268? Far below 1%. But, let's suppose that they represent 1% of cybersquatting. Would it be argued that 2.7 million "bad" domains for that subset of 268 marks means that the number of "bad" domains classified as "combosquatting" must be 100 times 2.7 million, or 270 million? Depending on how one extrapolates, one might even generate a claimed total abuse (just from combosquatting, not even counting all the other types of typosquatting, etc.) that exceeds the actual total number of domain name registrations quite easily (which is absurd).
Sincerely,
George Kirikos
416-588-0269
http://www.leap.com/
On Thu, Nov 16, 2017 at 5:23 PM, George Kirikos <icann at leap.com<mailto:icann at leap.com>> wrote:
The numbers appear overstated. After a first pass, I don't see the
complete list of all 268 of the marks they studied (maybe I missed
it), but several (Amazon, Adobe, Delta, Yahoo) still appear to be
dictionary words where it would be false to claim that Mark+Dictionary
word is automatically "bad." Indeed, when you look at table 7 at the
top right of page 11, they classify 86.6% of the so-called
"combosquatting pages" as "Unknown", and only 13.39% as "Malicious".
And of those alleged "malicious" ones, 69.9% were an ambiguous
"trademark abuse" (not phishing, social engineering, or "affiliate
abuse"), which seems likely to yield even more false positives.
Their attempt at detecting "false positives" leaves much to be
desired, i.e. whitelisting only the top 10,000 Alexa domains (see page
4, Alexa list). My company's math.com<http://math.com> domain name wouldn't get
white-listed by that standard (and it gets millions of visitors/year).
Neither would school.com<http://school.com>. Alexa Top 10,000 sites get enormous traffic
--- many legitimate but lower traffic sites wouldn't be whitelisted
by their methodology.
Importantly, they didn't seem to use WHOIS or Zone Files in their data
sets (see page 4, section 3.2). i.e. they trumpet the "468 billion DNS
records" (many DNS requests and website visits are generated by bots,
not human beings, these days), but there are perhaps roughly 150
million gTLD domain names for which ICANN makes policy.
And it would seem, by their methodology, that they might even count
defensive registrations by brand owners themselves as "combo
squatting". e.g. if Microsoft owns MicrosoftOffice.com<http://MicrosoftOffice.com>, does that get
accounted for properly? 2.7 million domains divided by 268 marks
equals 10,074 domains/mark, which sounds like a lot, but Microsoft
already owns tens of thousands of domains, according to DomainTools:
https://whois.domaintools.com/microsoft.com
as do many of the other markholders like Google, Yahoo, etc. I hope
those weren't counted improperly.
I think seeing the results by TLD would also be useful (e.g. .TK
domains are free, and openly abused), as well as what effect the
"promos" from new gTLDs has had (e.g. domains under $1/yr), and
whether historic domain tasting might have also accounted for some of
the measurements.
Not saying the problem doesn't exist, as there are lots of bad actors.
But, if it was a "growing threat" as claimed, the evidence would be
directly observable via increased lawsuits, increased UDRP filings,
etc. More important would be to discern whether there is an increase
in the number of bad actors, rather than just measuring things by
domains. e.g. 2.7 million bad actors registering one domain name each
is a lot different than 10 bad actors registering 270,000 bad domains
each. I think the latter situation is to be preferred, from a policy
perspective (i.e. better to have tools to handle the
industrial-cybersquatter, where the incidence of false positives and
collateral damage from policymaking will be lower). Others might
correct me, but it's my sense from media reports that more of the bad
actors have shifted their focus to social media and apps abuse, rather
than domain abuse, to generate traffic (e.g. Facebook, Android apps,
etc.). Due to tools like Chrome "Safebrowing" blacklists, rarely do I
ever actually encounter abusive domains these days.
Sincerely,
George Kirikos
416-588-0269
http://www.leap.com/
_______________________________________________
gnso-rpm-wg mailing list
gnso-rpm-wg at icann.org<mailto:gnso-rpm-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rpm-wg
________________________________
The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations.
_______________________________________________
gnso-rpm-wg mailing list
gnso-rpm-wg at icann.org<mailto:gnso-rpm-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rpm-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rpm-wg/attachments/20171117/13fd4c03/attachment-0001.html>
More information about the gnso-rpm-wg
mailing list