WIPO UDRP Domain Dispute Domain Seizure Experience

When providing hosting and domain registration services, there are known and various risks including fraud, DOS attacks etc…

Unfortunately in this case, it was customer based fraud and this is something almost impossible to predict or stop.  A customer from Brazil purchased a domain and hosting from us and then reported the transaction as unauthorized.  As many businesses will know, even rock solid proof that the purchase was authorized is often a futile attempt in fighting fraudulent credit card chargebacks.

After the chargeback we naturally canceled their hosting and moved the domain back into our name and it was parked as any standard domain to prevent them from making use of it.

How I learned about UDRP (Uniform Domain-Name Dispute-Resolution Policy) & WIPO First Hand

UDRP is a sort of internet domain lawsuit challenging the rights of the current owner under the pretext that it contains trademarked words and/or is misleading and confusing over whatever brand or rights they claim to hold.  It can cost as little as $1000 USD to file a UDRP complaint and if successful the domain will be transferred to the complainant (assuming you do not file a lawsuit to fight it).  UDRP is something any TLD (Top Level Domain) under ICANN that you agree to accepting when registering any ICANN administered TLD (so virtually almost all TLDs).

According to Bradesco Bank and counsel from Brazil, the domain registered by our customer “ativacoestabelabradesco.com” allegedly contained one of their trademarked names in Portugese.  To us the domain was gibberish and a random string of characters that we didn’t recognize, and we had never heard of the name, likeness or bank in Brazil since none of us even speak Portugese or have ever visited Brazil.  They e-mailed our administrative contact with a notice of the UDRP filed with WIPO.

What is WIPO (World Intellectual Property Organization)?

It is a third party organization established through ICANN for UDRP disputes.  They act as a quasi-judicial court for domain name disputes and are supposed to be impartial, however a Google search reveals many outrageous complaints about “rogue” adjudicators or judges.  In essence and practice the adjudicators do not have to follow precedent cases or even apply all the rules as I believe my experience shows, there is a wide range of discretion for the adjudicator.

What does it take to win a UDRP Dispute?

Here is what WIPO says as of 2016-02-13 (note our dispute was back in 2013): https://www.icann.org/resources/pages/policy-2012-02-25-en#4

By definition the following tests must be met:

4. Mandatory Administrative Proceeding.

This Paragraph sets forth the type of disputes for which you are required to submit to a mandatory administrative proceeding. These proceedings will be conducted before one of the administrative-dispute-resolution service providers listed at www.icann.org/en/dndr/udrp/approved-providers.htm (each, a “Provider”).

a. Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a “complainant”) asserts to the applicable Provider, in compliance with the Rules of Procedure, that

(i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and

(ii) you have no rights or legitimate interests in respect of the domain name; and

(iii) your domain name has been registered and is being used in bad faith.

In the administrative proceeding, the complainant must prove that each of these three elements are present.

b. Evidence of Registration and Use in Bad Faith. For the purposes of Paragraph 4(a)(iii), the following circumstances, in particular but without limitation, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith:

(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or

(ii) you have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such conduct; or

(iii) you have registered the domain name primarily for the purpose of disrupting the business of a competitor; or

(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your web site or location or of a product or service on your web site or location.

c. How to Demonstrate Your Rights to and Legitimate Interests in the Domain Name in Responding to a Complaint. When you receive a complaint, you should refer to Paragraph 5 of the Rules of Procedure in determining how your response should be prepared. Any of the following circumstances, in particular but without limitation, if found by the Panel to be proved based on its evaluation of all evidence presented, shall demonstrate your rights or legitimate interests to the domain name for purposes of Paragraph 4(a)(ii):

(i) before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or

(ii) you (as an individual, business, or other organization) have been commonly known by the domain name, even if you have acquired no trademark or service mark rights; or

(iii) you are making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.

Continue reading “WIPO UDRP Domain Dispute Domain Seizure Experience”

Apple CEO Tim Cook’s Business Decision to Fight the FBI/Court Order

Mr. Cook has clearly made a strategic decision to be one of the first and few tech companies to challenge a court order of this magnitude, and if anyone can do it, it would be Apple.

Now to be clear there is a very serious matter in this case, and it is a tricky rope for investigators and business to get it right.  A crime has been committed and the authorities have presumably presented credible evidence and there is a court order, however the order is essentially unlimited access to all Apple devices.  The business (Apple) has two choices, co-operate or deal with the consequences of not doing so, in Apple’s case there is little financial consequence to not co-operate.  The opposite case could be made that Apple recognizes that if the public finds out that they complied that their encryption is as good as useless, their analysts probably put a price tag on the customer backlash and likely predicted a huge drop in AAPL shares.  Aside from the business case, it looks like now that the issue of privacy has come knocking on his doorstep, he has no choice but to take a bold and very public stand.

This is not a typical court order but is in effect a blanket and mass surveillance project.  Apple is basically being asked to make an app and backdoor to bypass their encryption, or at least disable the 10-try mechanism so they can try traditional bruteforce password methods.  Tim Cook stated very clearly that the ramifications would go far beyond this one case and validated his concerns by mentioning there would be little control over oversight over such a mechanism if Apple complied, which could mean the backdoor could be abused without due cause, as has been the case in the past with other surveillance.

One wonders if Apple has pondered its next move because it is unlikely that Apple can indefinitely delay or win the fight in the end.  They are legally under US jurisdiction and must win their challenge or comply.  Failing that Apple’s only option would be to move overseas/off-shore and this would be a huge blow for the US economy, tech sector and other companies may follow suit, such as McAfee’s weighing in on the issue and offer to crack the iPhone.

My philosophy has always been the US is a great place to do business with huge potential, but I always advise people to understand that any traffic transiting the US and especially data stored there is subject to US laws and regulations.

It will be interesting to watch where this goes, I have a feeling that most are cheering for Apple and Tim Cook at the moment and it is really no wonder with what is at stake.

KVM getting virtio to work in custom Linux Kernel

This page outlines what must be done but doing it does not actually make the Virtio disk visible to the kernel for some reason:


I have tried force loading the kernel module and also tried compiling it directly into the kernel with the same result.