Facebook, still reluctant to ban deceptive political ads, has filed a lawsuit against domain registrar Namecheap and its identity-protecting proxy service WhoisGuard, for allowing people to register seemingly dodgy web addresses.
In a memo published Thursday, Christen Dubois, director and associate general counsel of IP litigation for the antisocial network, said the domain seller let netizens register domains that suggested a false association with Facebook applications.
"We regularly scan for domain names and apps that infringe our trademarks to protect people from abuse," said Dubois. "We found that Namecheap’s proxy service, WhoisGuard, registered or used 45 domain names that impersonated Facebook and our services, such as
According to Dubois, Facebook contacted Namecheap's WhoisGuard between October 2018 and February 2020 trying to obtain information about the individuals behind the allegedly deceptive domain names, and the biz declined to cooperate. WhoisGuard essentially allows domain owners to substitute their real contact details for WhoisGuard's addresses, mainly for privacy reasons.
"We don’t want people to be deceived by these web addresses, so we’ve taken legal action," said Dubois, indicating Facebook had sued Namecheap in the US state of Arizona.
Domain registrars generally respond to legitimate takedown requests for copyright infringement because failure to do so risks liability for failing to follow the Safe Harbor requirements of Section 230 of the Communications Decency Act.
New Facebook political ad rules: Now you must prove your ID before undermining democracyREAD MORE
And in the case of trademark infringement and abusive domain registrations such as those cited by Facebook, domain registrars are obligated to follow the Uniform Domain Name Dispute Resolution Policy outlined by ICANN. Other laws, like the Anticybersquatting Consumer Protection (ACPA) and statutes governing false advertising and unfair trade practices, may also come into play.
In October 2019, Facebook filed a similar lawsuit alleging cybersquatting and trademark infringement against registrar OnlineNIC and its proxy service ID Shield. In its complaint, Facebook also claimed OnlineNIC repeatedly failed to investigate reports of abuse as required by ICANN. But OnlineNIC denied that and other allegations; the case is still being litigated.
Facebook should be able to force Namecheap to cooperate if it can present evidence in court that the offending domain names represent bad faith attempts to profit through name confusion.
But it's also possible that one or more of the 45 disputed names represents an attempt to exercise lawful free speech – trademark law doesn't give Facebook a right to stifle legitimate criticism. There are times when US courts support the right of internet service providers to refuse to identify customers engaged in lawful speech.
In a statement emailed to The Register, Namecheap insisted it takes fraud and abuse allegations seriously and investigates every reported case.
"We want to be clear, we actively remove any evidence-based abuse of our services on a daily basis," CEO Richard Kirkendall said.
"Where there is no clear evidence of abuse, or it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry standard protocol. Outside of said protocol, a legal court order is always required to provide private user information."
"Facebook may be willing to tread all over their customers' privacy on their own platform, and in this case it appears they want other companies to do it for them, with their own customers," Kirkendall continued. "This is just another attack on privacy and due process in order to strong arm companies that have services like WhoisGuard, intended to protect millions of Internet users’ privacy." ®
Sponsored: Webcast: Ransomware has gone nuclear