Itch.io is an indie game storefront. Developers sell games, host game jams, and allow players to try new games. What happened? Itch.io got a bogus report of “fraud and phishing” from co…
itch.io said this on the hackernews thread (bolding mine):
The BrandShield software is probably instructed to eradicate all “unauthorized” use of their trademark, so they sent reports independently to our host and registrar claiming there was “fraud and phishing” going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist.
And BrandShield’s response / nonpology (bolding mine):
BrandShield serves as a trusted partner to many global brands. Our AI-driven platform detects potential threats and provides analysis; then our team of Cybersecurity Threat hunters and IP lawyers decide on what actions should be taken. In this case, an abuse was identified from the itch.io subdomain. BrandShield remains committed to supporting our clients by identifying potential digital threats and infringements and we encourage platforms to implement stronger self-regulation systems that prevent such issues from occurring.
Which translated into English is possibly* something like “We would be very happy if the general public thought this was a normal DMCA takedown. Our chatbot said the website was a phishing page. Our overworked cybersecurity expert hunter agreed after looking at it for zero milliseconds. We encourage itch.io to get wrecked.”
This difference matters because site hosts and domain registrars can be extremely proactive about any possibility of fraud / abuse / hacks, and there’s less of a standard legal process for them.
a domain registrar removing your name registration means that name doesn’t go to where your site is anymore. It would be like a phone company disconnecting your number. People will call the number but not get to you. You will still have your phone (and maybe you are still reachable on a mobile because it uses wifi instead of the telco or something)
will a domain registrar actually take down one page at a time instead of an entire domain? genuine question idk how Internet works
Domain registrars can’t, as they don’t manage pages - just domains.
Only domain admins (and possibly hosting companies, depending on architecture) can manage at a page level.
I see. so “we only sent the registrar a report about one page” is total bullshit
Also this wasn’t necessarily a DMCA request.
itch.io said this on the hackernews thread (bolding mine):
And BrandShield’s response / nonpology (bolding mine):
Which translated into English is possibly* something like “We would be very happy if the general public thought this was a normal DMCA takedown. Our chatbot said the website was a phishing page. Our
overworkedcybersecurityexperthunter agreedafter looking at it for zero milliseconds. We encourage itch.io to get wrecked.”This difference matters because site hosts and domain registrars can be extremely proactive about any possibility of fraud / abuse / hacks, and there’s less of a standard legal process for them.
* Dear Funko please do not call my mom.
Yes and no.
Usually, you send the DMCA/Takedown request to the site.
If they don’t have a DMCA contact, or you’re lazy, you send it to the domain registrar.
they can, by withdrawing/unpublishing the domain presence from the registry for that zone. this is how expiries work
nope, it’d be at whole domain level, this was BrandShield being huge assholes
a domain registrar removing your name registration means that name doesn’t go to where your site is anymore. It would be like a phone company disconnecting your number. People will call the number but not get to you. You will still have your phone (and maybe you are still reachable on a mobile because it uses wifi instead of the telco or something)