In a blog post on November 11th, Jay Westerdal asks his blog readers for their opinions on whether DomainTools’ controversial Registrant Search tool should be taken down. Although I think it is a cool tool, I believe I have a strong case for why it should be taken down, and my case is supported by evidence provided by Jay in this morning’s blog post, “Chameleon typo squatters.”
In Jay’s newest post, he discusses how some people attempt to mask their identity by registering domain names using other companies’ registration information, with the only difference being the admin contact email address. Jay cites the example of the domain name GoogleWishes.com, which appears to be owned by Google, but uses a different contact email address.
With the Registrant Search tool, this domain name would presumably be listed in Google’s list of domain names, when someone performs a Registrant Search using “Google” as a query. Because the email address differs from the actual email address used by Google in their domain registrations, this domain name does not appear to be owned by Google. However, GoogleWishes.com would appear in the list along with other Google properties such as Google.com, GoogleMaps.com, GoogleVideo.com, and many more.
I know you can whittle down your results by entering more information (such as the usual admin contact email), but if a person ordered the results based on what appears in the Whois.sc/Google.com listing – (Registrant Search: “Google Inc.” owns about 8,211 other domains), this name would probably appear.
Although the domain name GoogleWishes.com would probably not hurt the image of Google, a devious person could severely impact a competitor’s or opponent’s image by registering pornographic or trademark infringing domain names in someone else’s name. Unless a careful examination is made of each name in the list, the Registrant Search tool could be damaging to the victim of a “chameleon typo squatter.”
Great observation Elliot. Nice.
On the other hand, the victim could make a claim that since the domain is registered in the TM holder’s name, then that domain should be transferred to the victim’s account.
A WIPO claim could be filed and sent to the perp’s account, and when he/she doesn’t respond, the victim would win, no?
Google would have a great case here.
If anything, Jay’s tool ought to be enhanced to include email addresses as an important distinguishing field. Instead of saying, “Mr. Pibbs owns at least 120 other domains,” the message could say, “XXXXX@XXXX.com owns at least 120 other domains.” Thus, in a search by the victim (Google, in this case), they would know immediately that this isn’t their email address and could pursue the transfer of the domain to their account.
Whether Jay or someone else develops this tool, dissenters are not likely to stop its further development and implementation.
That genie left the bottle long ago, I’m afraid.
It’s just a matter of who develops the tool and how it is used. And Jay seems like a straight arrow fellow who shares many of your concerns about how the tool could hurt domainers. But instead of beating up the messenger, maybe it’s time to look inward on how one does business and then come up with ideas on how the tool could be developed into a positive way to enhance the reputation of this business, which, quite frankly, is viewed by outsiders in the same light as phishing and pharming.
***UPDATED BY ELLIOT***
Jay’s tool does that because you can look up by email address, city, state, company name….etc… you can search for just about anything.
All I am saying is that I would hate to have questionable names appear to be registered by my company, since someone could compile a list using a company name. Although you could flesh it out, that would take far too much time. It would be a shame to see a list of a company’s domain names include a name that isn’t theirs, but was registered in their name by an unauthorized party.
This discussion brings up an interesting technical problem, and one which Jay’s tool or any other tool like it has to address. The problem is, given a set of data points about an individual or company, in what ways and to what extent do two sets have to be similar in order to establish identity? There would presumably need to be some weighting of certain data points over others. But the idea of “identity” is a somewhat fuzzy one when it comes to whois records, and it is not obvious how “sensitive” a tool like Jay’s needs to be to variations on personal data. On the one had, you don’t want the tool to miss too many domains for minor reasons (like misspellings or a changed phone number), but on the other hand, you really don’t want it identifying too many domains as owned by the same person. Perhaps there should be a confidence score associated with each domain grouped together — how confident the tool is that the domain is owned by the same entity.
In my own case, registrant search claims that I own about 34 domains, whereas I really own about 12 (I’m not a domainer.) I have used some of my information to register domains on behalf of clients etc, so that is presumably where some of this data comes from. I also have a relatively common name. I’m sure Jay has people working on calibrating this tool.
***UPDATED BY ELLIOT***
Also, as I understand it, the tool also counts some prior registrations that were in the database. Maybe you don’t own some of those names anymore?
Time to revisit this Elliot with a new article. Domaintools hacking is causing huge privacy concerns for domain owners, would be nice to know if we request our names removed from the site are they under any legal obligation to do so or not.
Also does anyone know who we should contact at Google to complain about the hacked customer domain owner information being indexed.
I am in the process also of raising the issue with Godaddy Legal counsel. They need to protect domain owners better.
Search your “full name” in Google to see how domaintools is exposing domainers to fraud and other possible scams and making false accusations about how many domains we own. Domaintools sucks big time and is breaking the law with these false accusations about domain owners.