Meta Inc. (formerly Facebook) filed a lawsuit against Freenom

On March 3rd, 2023: Meta Inc. (formerly Facebook) filed a lawsuit against Freenom for trademark infringement, facilitating cybercrimes, false designation of origin. This is due to the tsunami of phishing websites using the .TK, .ML, .GQ, .GA, in .CF ccTLDs.

The lawsuit reveals a pattern to abuse Fortune 500’s trademarks by concealing WHOIS details (despite ICANN Section 5.5.2.4 of the RAA):

5.5.2.4 is found by ICANN, based on its review of the findings of arbitral tribunals, to have been engaged, either directly or through its Affiliate, in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest, which trademarks have been registered and are being used in bad faith.

Due to this legal action, Freenom has decided to stop any free domain registration (probably forever).

Damages between two hundred thousand dollars ($200,000) and five hundred thousand dollars ($500,000) per each phishing website are requested. And Meta Inc. claims that 5,000 rogue domains have been identified

According to krebonsecurity.com:

Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. That request was denied [thus refiled publicly].

The 51-pages lawsuit lodged by four Attorneys of Tucker Ellis LLP can be found here:

https://krebsonsecurity.com/wp-content/uploads/2023/03/Freenom-First-Amended-Complaint-3March2023.pdf

What are the risks for Freenom?

According to DomainNameWire: OnlineNic was ordered to pay Verizon $33 million in 2008 for cybersquatting, in $5 million to Meta Inc. in 2023 for cybersquatting just 35 domains. Using the same scale and if the 5,000 rogue domains are verified: this could leave Freenom with a fine of $428 million dollars. It could be the financial end for Freenom, or even trigger a termination from ICANN. ICANN already issued redress to Freenom in 2015 in 2020 for similar claims. Moreover, the lawsuit is geared towards the piercing of the corporate veil (due to dissolved companies involved) with alter-ego allusions regarding the two Dutch nationals controlling Freenom’s operations: Johannes Wilhelmus Antonius Zuurbier (akaJoost Zuurbier“), in Marcel Trik. If they have acted with US dissolved companies, they could be liable on their personal assets for any fines due… in the Netherlands allow the extradition of Dutch nationals to the USA since they have a bilateral extradition treaty.

What does it mean for holders of Freenom domains?

The paid domains will not disappear, they will simply be re-assigned to another Registrar if Freenom collapses. Reversely it could be that the countries involved decide to designate another reseller for their domains (sooner than later). In all cases: paid domains should be honored, so there is no need to panic (yet). In the most chaotic scenario: Freenom could decide to pull the plug completely by turning off their DNS servers, turning all domains darkaccusing Meta Inc. to have initiated all of this. It might be a good idea to increase the TTLs of your DNS records if you hold Freenom domains.

Is Freenom a rogue actor?

Freenom is known to suspend free domains in an instant and without warning. They have done this to thousands of users. On this point alone Freenom did probably more harm to people than good.

Freenom does have a report abuse system and the cases are reviewed manually: it would be interesting to know why Meta Inc. did not report their rogue domains using this existing channel (and it is free to report). Could it be that Mark Zuckerberg was personally involved in the lawsuit decision?… Certainly.

According to Techspot and in terms of absolute numbers: criminals are two times more likely to use a .COM domain than a Freenom domain.

Any lesson to take away?

Once you give away something for free you just increase its demand to infinity: this was probably the initial intent of Freenom since inception, but it is certainly not needed anymore (as they got enough press and marketing since then, be it good or very bad). As the saying goes: be careful with what you wish for. And some marketing might be more costly than expected

In a similar move: Google offered unlimited Google Team Drive to schools and universities for years, and it triggered years and years of abuse (people were setting up fake universities to get the free service, only to resell it on the market). Google has now closed such free offer (nothing is unlimited, especially when it is linked to physical hardware).

Stranska vrstica