Bogus Complaint Disables Itch.io, Google Ignored Same Sender For Years

Indie videgame portal Itch.io is effectively offine today after a brand protection company reported the platform for "fraud/phishing" for what was a problem easily solved using a DMCA notice. According to Google's transparency databases, the same company has repeatedly attempted to use the DMCA to solve alleged trademark infringement but had its complaints rejected.

 The DMCA takedown procedure may not be perfect but, for those intending to use it, there’s an unambiguous step-by-step process that’s been in place for a quarter of a century.

Needless to say, entities that deviate from the established rules can make life difficult for themselves as well as the intended recipients of takedown notices. That includes entities that attempt to use DMCA takedown notices to enforce trademark disputes, or prefer to avoid the DMCA altogether by portraying copyright complaints as something more serious.

Itch.io Taken Offline By Bogus Complaint

In a post on X.com early this morning, indie videogame storefront Itch.io said its platform had been effectively taken offline following a “bogus phishing report” that resulted in the disabling of its domain by the platform’s domain registrar.

“I kid you not, @itchiohas been taken down by @OriginalFunko because they use some trash ‘AI Powered’ Brand Protection Software called @BrandShieldltd that created some bogus Phishing report to our registrar, @iwantmyname, who ignored our response and just disabled the domain,” the company complained.

The events that led up to this disaster (at the time of writing the domain has still not been reinstated) seem to highlight an imbalance. While platforms swiftly respond to complaints, they seem far less eager to address the consequences of erroneous takedown requests.

Copyright Complaint Was ‘Upgraded’ to Fraud/Phishing

In a post on HackerNews hoping to draw attention to the situation, ‘Leafo’ from Itch.io explains the origins of the complaint. From their knowledge of the initial trigger, a DMCA complaint was the obvious mechanism to achieve the desired result. Instead, a company called BrandShield Ltd took a different approach.

“I’m the one running itch.io, so here’s some more context for you: From what I can tell, some kid made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game,” Leafo explains.

“The BrandShield software is probably instructed to eradicate all ‘unauthorized’ use of their trademark, so they sent automated reports to our host and registrar claiming there was ‘fraud and phishing’ going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist.”

Leafo confirmed that around five to six days ago, Itch.io’s host Linode and its domain registrar iwantmyname.com, forwarded reports of the complaint. In response, Itch.io took the disputed page down with Leafo sharing his concerns with both companies, presumably over the way the problem had been addressed.

“I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded,” Leafo notes.

Domain Suspension Prevents Itch.io From Doing Business

On Sunday evening, Leafo received an alert and went on to discover an ominous status for the Itch.io domain.

“(i) noticed that the domain status had been set to ‘serverHold’ on iwantmyname’s domain panel. We have no other abuse reports from iwantmyname other than this one.

“I’m assuming no one on their end ‘closed’ the ticket, so it went into an automatic system to disable the domain after some number of days. I’ve been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to ‘escalate’ myself on social media.”

So Who Takes The Blame?

Despite identifying a possible failure on the part of iwantmyname, Itch.io appears to be pointing the finger of blame at BrandShield, the originator of the initial complaint.

Leafo believes that incorrectly stating that Itch.io was engaged in “fraud and phishing” was an escalation attemp to obtain a more significant result than usually available under the DMCA takedown process.

“I honestly think they’re the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/,” Leafo wrote.

In these types of cases, intent can be difficult if not impossible to prove. However, if the BrandShield promotional document on the right remains current, the anti-phishing service offered by the company operates as SaaS and may allow its clients to initiate action too.

Whether the entire system was automated in this case is unclear. The type of nefarious identity-stealing phishing activity portrayed on the BrandShield website is clearly a big step up from the fan page content created by the user on Itchi.io. In any event, an incorrect enforcement tool prompted an incorrect takedown mechanism, and seems to have led to a disproportionate end result.

Google Transparency Reports

Numerous takedown notices sent previously by Brandshield to Google are available for browsing within the company’s Copyright Transparency Report. As seen here, successful takedowns are vastly outnumbered by those that fail, usually after being rejected by Google.

Without drawing any conclusions on whether the takedowns were warranted, in many cases it appears that Google refused to take action because BrandShield attempted to use the copyright takedown mechanism offered by Google to address alleged trademark infringement.

While that would be convenient, it’s impossible to send a valid DMCA takedown notice for alleged trademark infringement.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

2023: Over 5,800 news posts | 2024 (till end of November): 5,298 news posts

RIP Matrix | Farewell my friend