Itch.io Taken Down by Funko | Better HN

Itch.io Taken Down by Funko | Better HN

463 comments

leafo1y ago

I'm the one running itch.io, so here's some more context for you:

From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/

About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.

I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.

vasco1y ago

Hope you have money to fight them. I stuck to my guns on a wrongful one like this and while Digitalocean and Cloudflare both had my backs (surprisingly before I even asked, both of them got a lot of good will on that - they informed me they already checked and it was spurious!). Google didn't have my back though and immediately caved when they upgraded their sham copyright infringement claim to money laundering and fraud based on nothing - a fully static website with no backend calls. Good luck! I still have the sites exactly as they were just to spite them and will keep running them at a loss until I'm dead. Copyright infringement my ass. This abuse has got to stop sometime.

latexr1y ago

> I still have the sites exactly as they were just to spite them and will keep running them at a loss until I'm dead.

https://en.wikipedia.org/wiki/Spite_house

https://en.wikipedia.org/wiki/List_of_Curb_Your_Enthusiasm_e...

joseda-hg1y ago

If they are fully static couldn't they probably be run at close to 0 cost from you?

pabs31y ago

What are the sites called? Would like to get them saved to archive.org :)

RestartKernel1y ago

This issue aside, thanks for doing what you do. I was kind of expecting Itch to get sold to some holdings or casino company at some point, as good things tend to go, but I've been happily surprised to see it mature independently throughout the years.

Tepix1y ago

I agree itch.io is awesome!

Edit: And i'm happy to see that it's working again as of 2024-12-09 12:27 UTC+1

TheEnbyperor1y ago

I run a domain registrar. "serverHold" is not a status that iwantmyname could've set. If they had suspended the domain it'd have "clientHold" set. Server Hold means the registry (i.e. .io directly) has suspended the domain. Your best bet would be to contact the Internet Computer Bureau Ltd who run .io at admin@icb.co.uk, or the registry technical support provider Identity Digital at techsupport@identity.digital.

leafo1y ago

Interesting, this morning I got a response from a staff member of the parent company that owns iwantmyname saying they didn't get my response with regards to the abuse notification they sent and that's why they took the domain down.

kj4ips1y ago

I've heard a ton of stories about .io, IMO, they play fast and loose in a space where that isn't okay, and they get away with it mostly because they are a ccTLD.

The last time someone I knew had an issue, they had to get a senator to make waves to get anything resolved.

What registrar do you run?

duggan1y ago

iwantmyname was bought out by a conglomerate, “Team Internet[1]”, a few years ago.

Prices went up, service went down. I’d recommend moving your domains when you can (Porkbun have been good, though I haven’t had any incidents like this).

Best of luck!

1: https://en.m.wikipedia.org/wiki/Team_Internet

betteryet1y ago

Same thing with Gandi, which is a shame. Domain renewal price silently went up 3x or so last year after getting acquired.

Oh damn, I didn't know this!

I've used their services for ages and even got to briefly meet the founders once in Wellington who gave a talk on Erlang.

Ah well, while it sucks that the good times may be over, I'm glad the founders got their exit :)

thomasfromcdnjs1y ago

aw I've always loved iwantmyname, I haven't noticed any issues other than the price increases.

Though it was the indie/personal feel they had as a registrar, I might look for alternatives.

+1 for Porkbun

raverbashing1y ago

Pro-tip: raise your prices before you need to sell your service to cover expenses

FunnyLookinHat1y ago

Came here to recommend Porkbun - I've had great experience with them and so have all of the friends and family I've recommended.

esskay1y ago

Another vote for porkbun here. By far one of the best registrars out there right now.

CaptainFever1y ago

I really wish BrandShield didn't use AI as a marketing term. It just looks like it's doing a generic ctrl-F on webpages?

Then things like this happen, and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place, and the real issue was that they sent a "fraud/phishing report" rather than a "trademark infringement" report.

Then I also wish that people who knew better, that this really has nothing to do with AI (like, this is obviously not autonomously making decisions any more than a regular program is), to stop blindly parroting and blaming it as a way to get more clicks, support and rage.

pdpi1y ago

I find that businesses that bill themselves as ${TOOL}-users instead of ${PROBLEM}-solvers are, as a general rule, problematic. I couldn't possibly care any less whether a product is built on AI or a clever switch statement or a bazillion little gnomes doing the work by hand. I care that it solves a problem.

AI does need to die. Not so much because LLMs are bad, but rather because, like "big data" and "blockchain" and many other buzzwordy tools before it, it is a solution looking for a problem.

johnnyanmac1y ago

> and people think "ooh AI is bad, the bubble must burst" when this has nothing to do with that in the first place

That haphazard branding and parroting is exactly why the bubble needs to burst. Bubbles bursting take out the gritters and rarely actually kills off all the innovation in the scene (it kills a lot, though. I'm not trying to dismiss that).

CaptainFever1y ago

It's possible they were using LLMs (or even just traditional ML algorithms) to choose if a certain webpage was fraud/phishing instead of mere trademark infringement, though. In this case it makes sense that one would be angry that a sapient being didn't first check if the report was accurate before sending it off.

When AI is being used as a cover for the bad/questionable behavior the company was already doing then there is no bubble to burst. The performance of the "AI" doesn't matter, only that it throws up a smoke shield in front of the company when people call to complain about the abuse.

oneeyedpigeon1y ago

I fear that ship has already sailed. I think the grifters and scammers have already abused the term enough that even decent uses of it are now tainted. I know that the two aren't strictly the same, but I would suggest using "Machine Learning" instead, which I think has more respectable connotations.

I mean, whether this has anything to do with AI or not (I’d buy that they’re using LLMs to write abuse letters or similar) it fits very nicely into the general pattern of AI breaking the internet through an endless deluge of worthless misleading spam. So, perhaps call it honorary AI?

oneeyedpigeon1y ago

I noticed that iwantmyname has very little presence on social media: no bluesky account and a twitter account that posts once or twice a year. That wouldn't necessarily be a problem if they responded to emergencies like this promptly, but they clearly don't so it is.

I also wonder if their "automatically disable" policy takes size/importance of site into account. Is this how they would treat all their domain owners, regardless of significance?

clarionbell1y ago

The significant ones have lawyer writing them letters.

Brandshield is bad for overreacting, and iwantmyname is very bad for hosting such a crucial infrastructure, and having not responded to a paying customer with a good track record. I honestly don't think time of day matters, as long as the nature of the service is that it's provided and used 24/7, support staff should also be there 24/7.

paxys1y ago

> Because of this, I honestly think they're the malicious actor in all of this.

While I agree, the people who hired them are equally culpable. You don't get to wash your hands of the mess just because someone else is doing your dirty work.

breakingcups1y ago

Filing false reports like this should count as fraud.

terminalbraid1y ago

I'm in the outraged crowd and there should be pretty serious consequences, but it is important in the interest of justice to differentiate between fraud, negligence, and gross incompetence.

concerndc1tizen1y ago

I.e. as a crime rather than just a civic tort? I agree.

kevingadd1y ago

It does but there's no actual way to get legal recourse for false DMCA notices or anything similar. The legal system is stacked for the abusers to have their way and the victims to have no recourse, regardless of how egregious the abuse is.

>Filing false reports like this should count as fraud.

It does, but they never mess with anyone with big enough pockets to get sued for it.

RobotToaster1y ago

Isn't it already classed as perjury?

I've had the same thing happening; I run a simple forum, and some years ago people were discussing a manga, posting images of fan translated pages.

My hosting party (Hetzner) forwarded the emails and / or put it in their own system, I removed the offending images / page, replied to the email, and done, right? Wrong, the email said I had to fill in a statement through some online form somewhere; I did that too late and got more and more threatening emails like "pack your shit we're evicting you in 24 hours". Nobody seemed to actually read my replies / explanation, probably because this is so routine for them.

And I get it, nobody can be arsed to read longwinded explanations and the like for routine operations. I hope AI assisted tooling will help the overworked support employees with making decisions in favor of giving people the benefit of the doubt and the help they need; for them it's routine, but for me it was the first time I got anything like that.

hresvelgr1y ago

It's surprising that this happened at all. Isn't it in most business's best interests to be aware of their most high-profile customers? If this was an automatic process, it's pretty disappointing that it even occurred. If I was running a SaaS, I'd probably want to mark my important accounts so an actual human has to investigate any raised alerts instead of being dealt with by a cron.

cipheredStones1y ago

Something being in a business's best interests is very far from a guarantee that it'll happen.

I've worked on a team in a household-name big tech company where our mission was almost exactly "make sure we're not blowing up our most important customers for no reason". It's not nearly as easy as it sounds: defining who's important is hard, and defining what should and shouldn't be allowed is hard, and then implementing that all correctly and avoiding drift over time is tricky too.

paxys1y ago

Domain names themselves are a loss leader for registrars. They make money by upselling customers on hosting, email, certificates, analytics etc. So if you are just paying a couple dollars a year for a domain name and nothing else, your profile doesn't really matter. You are in the lowest tier of customers.

Lemme use this opportunity for having your attention to suggest some form of collaboration or even a merger with the Godot game engine:

• itch.io users could launch the Godot Web Editor to quickly make prototypes or simple games right on itch

• Publish from the native Godot editor directly to itch.io

• Godot adopts itch.io as the official asset store for art packs etc.

• Introduce social features for devs and artists to collaborate with each other:

• A publisher could choose to add a “Fork” or similar button on their itch.io game page that downloads and opens the project source in Godot. • All "forks" published that way would include a link to the original game's page, and so on.

I think Godot+itch could/should become the Github of Games :)

> I had removed the page and disabled the account

Did this account violate your ToS or the actual law? While I totally understand where are you coming from and I would probably be forced to do the same, I still tend to believe that closing a fan account is exactly the same thing that your registrar did to you.

0x0731y ago

It's not optimal, but he must choose between every published game there and one fanpage.

Besides that, there are so many websites with copyright content that never changes the domains, is just the domain registration bad or why they just disabled the domain?

Smells like tortious interference to me... and likely some form of perjury. I'd probably stop talking to them now that service is restored and get in touch with legal representation.

rpastuszak1y ago

Is it possible/worth to hold them financially accountable for this? (them being IWMN or BrandShield)

andrewmcwatters1y ago

You really need to get off both .io and this no-name registrar.

I wanted to take the time to thank you for the service you provide. itch.io is unvaluable to the indie community, and I'm perplexed when I see some devs complain about issues like this. Thabks for all your work.

I smell a class action lawsuit. That's a whole lot of lost revenue and time for you and itch.io's creators.

Godspeed!

nstart1y ago

For what it's worth, I know Namecheap gets a meh rep, but we've been on the receiving end of several phishing/copyright reports and have responded across the spectrum in terms of time span. We've responded immediately. We've responded with an hour or so to go. In all cases, Namecheap has somehow responded quickly and resolved the issue.

I coincidentally just this past week ran into a major issue with Namecheap on a fraudulent domain marketplace sale that they did not resolve properly or in a timely manner. They deserve their meh reputation. They were decent about a decade ago. Come renewal my domains up for sale are moving to Dynadot. Was considering porkbun but I sense they are heading the namecheap way.

You should change registrars. Sort the situation and move to a better one.

oneeyedpigeon1y ago

(FYI, if you didn't already notice this, you're probably far too busy anyway, but still: https://bsky.app/profile/botherer.bsky.social/post/3lcuitcck...)

Hey, perhaps you can mediate the impact by providing an alternate way to access the site (IP, alternative domain) and posting it somewhere people will see it (bsky, here, ...)? Realistically , this may take days to resolve.

safety1st1y ago

So it sounds like this was DMCA abuse by Funko, aided and abetted by BrandShield, and it resulted in damages to you. Also sounds like iwantmyname just went along with it, they are probably conditioned to do so by the rules.

I would write up a complaint and send it to the incoming FTC Commissioner. Yes, I'm serious. From the signals Trump is sending if there is ever a time when Republicans may support some form of DMCA reform, it's now. He's on record talking about punishing Big Tech and supporting "Little Tech." You're Little Tech. Send copies of your letter to Funko and BrandShield. Also reach out or at least send a copy to Matt Stoller, the guy who publishes a very popular newsletter about monopoly, anti-trust and corporate abuse in America, he will be interested. Go for the throat.

Given the OP and admin in the comments explicitly say that this wasn't a DMCA claim it would rather hurt any campaign to lie and say it was.

tonygiorgio1y ago

Unfortunately "serverHold" goes above registrars. I learned this the hard way. There's a variety of watchdogs that false flag things all the time, and a handful of tld's that will blindly obey these orders. I'm guessing io is one of these. You'll have to escalate it with them, though I was never successful. Good luck.

Can you transfer the domain out?

leafo1y ago

Unfortunately the domain has a hold placed on it by the registrar, so I believe transferring is disabled. I also wouldn't want to risk doing a transfer at an hour when their staff aren't available to help with the current issue.

I hope you come out of this in good shape. I try to get all my (digital) TTRPGs and indie games through your platform.

meaydinli1y ago

Behavior from "iwantmyname" doesn't sound like they deserve your business anymore.

derefr1y ago

> The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this.

I feel like there's also some missing layer of infrastructure here.

itch.io, like a lot of sites (HN being another), is meant to act as a host of user-generated content, over which the site takes a curatorial but not editorial stance. (I.e. the site has a Terms of Use; and has moderators that take things down / prevent things from being posted according to the Terms of Use; but otherwise is not favoring content according to the platform's own beliefs in the way that e.g. a newspaper would. None of the UGC posted "represents the views" of the platform, and there's no UGC that the platform would be particularly sad to see taken down.)

I feel like, for such arms-length-hosted UGC platforms, there should be a mechanism to indicate to these "brand protection" services (and phishing/fraud-detection services, etc) that takedown reports should be directed first-and-foremost at the platform itself. A mechanism to assert "this site doesn't have a vested interest in the content it hosts, and so is perfectly willing to comply with takedown requests pointed at specific content; so please don't try to take down the site itself."

There are UGC-hosting websites that brand-protection services already treat this way (e.g. YouTube, Facebook, etc) — but that's just institutional "human common sense" knowledge held about a few specific sites. I feel like this could be generalized, with a rule these takedown systems can follow, where if there's some indication (in a /.well-known/ entry, for example) that the site is a UGC-host and accepts its own platform-level abuse/takedown reports, then that should be attempted first, before trying to get the site itself taken down.

(Of course, such a rule necessarily cannot be a full short-circuit for the regular host-level takedown logic such systems follow; otherwise pirates, fraudsters, etc would just pretend their one-off phishing domains are UGC platforms. But you could have e.g. a default heuristic that if the takedown system discovers a platform-automated-takedown-request channel, then it'll try that channel and give it an hour to take effect before moving onto the host-level strategy; and if it can be detected from e.g. certificate transparency logs that the current ownership of the host is sufficiently long-lived, then additional leeway could be given, upgrading to a 24-72hr wait before host-takedown triggers.)

robertduncan1y ago

There is a parallel to the public suffix list, which domains like github.io are listed on: https://publicsuffix.org/list/public_suffix_list.dat

nguyenquocthao1y ago

So Linode hosts your server, and iwantmyname provides your domain? If they want they can take down your server and your domain? Is there any server provider / domain provider who doesn't hold that kind of power?

JosefAlbers1y ago

It's working again now.

seanthemon1y ago

man, this shit is ridiculous.. now we can't even make fan pages?

Will you be moving away from this registrar? It seems like it could very easily be abused again.

Some companies have always been terrible about this. Fan projects involving companies like Nintendo or Take Two Interactive (GTA) are like lawyer bait. Disney has hired lawyers to sue a daycare center that had (clearly unofficial) character art painted on the walls. It's dystopic, but it's the world we live in.

I didn't really expect Funko or 10:10 Games to be like that, but then again I didn't expect anyone would like Funko enough to make a fan page about their dolls.

Other companies allow fans to do pretty much whatever you want with their IP as long as you don't turn it into (too much of) a business. Sega has even hired a fan for their remasters rather than DMCA his project into oblivion.

When companies do this, I interpret this as the company giving a clear message: "don't be a fan of our work or we may apply legal pressure".

oneeyedpigeon1y ago

After this, everyone will be moving away from this registrar...

Hamuko1y ago

Fan anything has always been at the mercy of the trademark owner.

I wish brandshield would pull this shit with someone that was large enough to sue them for fraud or tortious interference.

mort961y ago

That's extremely disappointing from iwantmyname. While I haven't used it, it was always on my mind as a potential registrar when buying a domain. I think I'll have to reconsider.

KingOfCoders1y ago

"Phishing report to our registrar, iwantmyname, who ignored our response and just disabled the domain"

One registrar off the list of registrars you wanna use.

jamil71y ago

They used to be really good, independent registrar from New Zealand but I think got acquired sometime a few years ago and went down hill.

BrandiATMuhkuh1y ago

Yes that's true. Just yesterday I bought a new domain through them.

I'm surprised about their slowness. Again, 2 days ago I sent a request via their web-form and less than 24h later it was resolved.

Disclosure: I know the founder (Lenz).

The same thing happened to Gandi.

sureglymop1y ago

A similar thing has happened to me before. There is a company with the same name as my surname with a trademark for it.

When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good. The problem was that the registrar and its support then ghosted me and also never refunded me for the money already paid to lease the domain for a year. Overall it was a bad experienced with bad communication that made me switch registrar (note: this was a different registrar than mentioned here).

I think one of the problems is that as more and more individual consumers buy domains, certain legal processes and automation are not ready for that. A good registrar should anticipate that an individual private consumer may not have the legal experience or knowledge to deal with just being hit with something they were never explicitly warned of.

> When I registered a domain with my surname in it, the registrar had an automatic process in place that checked for this trademark and took away access of the domain. So far so good.

I don't think this is good.

Trademarks are country-specific, not global like domains. Further, within a country trademarks are only valid within the scope of certain classes, which means:

* There will often be more than one trademark holder of even non-surname trademarks.

* You can't trademark a surname to prevent its use generally, you can only restrict its use in a narrow sphere.

I understand why domain registrars automatically overenforce their country's trademark laws (they can't deal with the legal complications that will result from them not doing so), but it's very much not good that someone like you can get to a domain for your surname first and be told you can't have it in case the trademark holder (for which class???) might want it.

lxgr1y ago

> Trademarks are country-specific, not global like domains.

Domains are also subject to local law! For ccTLDs, it's usually that of the country in question; for gTLD, to my knowledge the US has effective jurisdiction (through ICANN) over at least some of the popular gTLDs such as .com and .net.

"Local law" in this case doesn't just include actual laws on the books, but also the risk and cost of getting sued by either a trademark holder or a non-trademark-infringing domain owner.

This is exactly the type of issue that people usually don't consider when picking a TLD, vanity or otherwise.

> I think one of the problems is that as more and more individual consumers buy domains

Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking. As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.

ivanmontillam1y ago

> Huh, I was always under the assumption that the percentage of domains bought by individual consumers is shrinking.

Yes, but a segment of the domain market still buys their name domains and defends them on the Internet.

I bought my fname+lname domain a few years ago, but I'm not planning to surrender it to a random conglomerate.

> As in, in the early days of the internet until ~2010 where commercialization was only slowly picking up (or only concentrated to a few domains), the majority of domains were personal websites and blogs.

A deep part of me hopes this part of the market never dies, for the good health of the Internet's sovereignity.

The percentage share of personal domains doesn’t tell you everything. More and more consumers probably are buying personal domains just by the nature of it getting cheaper and easier to host and there being more people on the internet year over year. Could be proven wrong though because I don’t know how to get the numbers.

moralestapia1y ago

Trademarks are country specific while domain names are not. Would be interesting to know what happens if they took this to trial (in which country though).

lxgr1y ago

Of course domain registrations are also subject to national law. .io in particular is (currently) under UK jurisdiction.

Which registrar was this? I’d like to avoid them.

Modified30191y ago

“iwantmyname”, from leafo’s post here: https://news.ycombinator.com/item?id=42364033

lxgr1y ago

I find it curious that this (purely factual and correct) comment got downvoted/flagged into oblivion.

rf151y ago

Brand Shield and other AI slopware needs to be sued to death for all the damage they cause, including their customer's reputation and bottom line

paxys1y ago

Even if the suit is 100% justified (which it is in this case), and you can show damages, the problem will usually be of jurisdiction.

Funko Pop is an American Company.

BrandShield, the "Brand Protection Software" they used, is based out of Israel.

iwantmyname, the registrar, is from New Zealand.

They got bought out by Team Internet, which is British.

And who knows where all of them are actually registered.

They are all going to point the finger at each other for the problem. Who do you sue, and where?

latexr1y ago

The chain of culpability, in my view as an outsider, goes iwantmyname > BrandShield > Funko Pop.

Funko Pop hired BrandShield, but from what I understand they did so exactly because the latter does all the work without you having to intervene. Kind of like you hiring a lawyer and them using ChatGPT to present the case, full of errors and non-existent sources. The lawyer might have been acting on your behalf, but they didn’t really do so according to your intentions and their fuck up isn’t your fault. On first view I’d say BrandShield is a culprit here, but can’t be so sure about Funko Pop yet.

On the other hand, iwantmyname is absolutely at fault. They took down a client’s website without asking or recourse, then sat on their asses. That’s who you sue, because they’re the ones who ultimately had the power and made the decision that affected itch.io. If iwantmyname wants to sue BrandShield and/or Funk Pop or whatever else in turn, none of your concern. The one’s who hurt the business were iwantmyname by not doing due diligence or contacting the client but just automatically bending over.

Now if they should be sued in Britain or New Zealand, that’s for the lawyers to know.

In fact, all of this is for the lawyers to figure out. I’m not one. I’m merely expressing what makes logical sense to me, which could be incredibly wrong.

Etherlord871y ago

You sue the registrar, because you have the contract with the registrar.

lxgr1y ago

You don't necessarily have to sue them in their place of registration if they're doing business elsewhere. "Defending trademark rights" probably counts as that.

Of course the problem is that legally speaking, they don't cause any damage - service providers they target cause the damage. BS have no true authority over these service providers, just the threat of some legal claim. The service providers comply voluntarily as they don't want to spend time checking if the claim is valid.

I don't think this is the kind of advice a good lawyer would give.

BrandShield, Funko, and iwantmyname all caused serious financial harm through, at a minimum, tortious negligence.

I'm not a lawyer, but even a yokel like me knows there's more to this legally than a shrug and "the software did it".

Eh, dunno about that. They made what would appear to be a false complaint; hard to really consider what was going on here ‘fraud and phishing’!

That the magic robot perhaps did it for them matters not at all, in terms of whose fault it is, though a proliferation of magic robots does make junk services like this more of a problem, in that they can flood the internet with nonsense more effectively.

lxgr1y ago

Then there needs to be some cost associated with sending a completely false claim.

Doesn’t need to be huge – just enough to cover their cost and thereby make it uneconomical to outsource the work these companies are charging their customers for to their targets.

raxxorraxor1y ago

Yes, but also you need to bring your legislators to heel. It is entirely their fault.

That you have grifters like brandshield is a symptom. Although you should never employ their lawyers for anything either of course. Make the taint stick to them.

bpye1y ago

The registrar in question is iwantmyname, so I guess you can add them to your "do not use" list.

paxys1y ago

I feel like it's better to have a "do use" list for something as important as a domain name registrar.

- Namecheap

- Cloudflare

- Route 53 (if on AWS)

Any others?

Personally use Porkbun since Namecheap's API is poorly-documented and they attempted a KYC audit for purchasing a $100 domain.

I am fine with the identity verification, but their ticketing system seems to have sent all of my e-mail to their spam box, because they would never respond. I attempted opening tickets explaining the e-mail situation, but they wouldn't listen. In the end, I gave up and let them deactivate the account.

Moved to Porkbun, purchased the exact same domain (no KYC required!), and have been a happy user of their API for about two years now. They also have much more lax requirements for API usage compared to Namecheap. Porkbun also supports WebAuthn and logging in with a security key. It's overall a much nicer service than Namecheap.

kallistisoft1y ago

I've been using IONOS (formerly 1und1) for the last 20 years for all of my DNS and hosting needs and couldn't be happier. Their uptime, non-obtrusive policies, and customer support have all been top notch. Can't recommend enough.

As an example; I had a dedicated server that I was leasing that I wanted to upgrade, the sales tech noticed that the plan I was currently on had been retired/replaced and credited my account with difference of what I had payed vs the new payment tier which amounted to six months of billing on the upgraded server. You can't really put a price on that kind of honesty!

soulofmischief1y ago

Namecheap is terrible and cannot be trusted, you can google tons of horror stories.

Without a doubt, Porkbun is one of the best. Their staff is knowledgeable, helpful and efficient. Highly recommend them.

JimDabell1y ago

Namecheap is definitely on my “never use under any circumstances” list for reasons I outlined in this comment: https://news.ycombinator.com/item?id=18091287

The full thread is worth reading for more feedback on a range of registrars, particularly Namecheap: https://news.ycombinator.com/item?id=18086522

I strongly encourage people to only recommend domain registrars if they have verified that customer support won’t completely fuck you over when something goes wrong. Recommending registrars when you’ve only experienced the happy path is doing a disservice to the people you are trying to help out.

xoa1y ago

easyDNS still seems good for those who want a more old style "full fat" registrar like gandi was? I know some folks I respect who have long used it alongside Route 53. Though they don't appear to support hardware tokens which is a major black mark in my book in 2024.

As well as Gandi, DNSimple was another higher service one I really liked that went crazy on pricing. Agreed the registrar scene nowadays seems like a quite small "do use" list vs a couple of "don't use" :(.

teitoklien1y ago

Route 53 is outrageously expensive for domains, one should only use it, if they need AWS’s DNS product.

bpye1y ago

Porkbun seem popular, I do use them for a couple domains. I haven't heard of anything egregious.

kuon1y ago

I use infomaniak from switzerland. Mainly because I can physically go to their office and discuss in person if there is a problem.

Any recommendations for people looking for a strictly European registrar?

Hover is fine. Never had a domain shut down though.

I have one on dynadot because Hover doesn't support the TLD, and the website sure is a lot more awkward.

latexr1y ago

I’ve been using Hover since they advertised on 5by5 a decade and a half ago, and never had a single issue. They never bother me nor do I need to remember they exist. I only hear from them when they need ICANN contact confirmation or to remind me a domain is expiring.

TurtleStacker1y ago

INWX

I've used Register4Less for over a decade and I've been thrilled with them. They're slightly more expensive than the cheapest options (by a buck or two), but this is more than made up for by the fact that they're the only registrar I've ever used who have proactively reached out about minor issues. Every time I've needed to email them, I've gotten a response from somebody who can fix the problem within minutes.

norman7841y ago

Can you elaborate on Cloudflare?

I currently have some domains there (moved a few years ago from Godaddy), so is there something I need to worry about?

orphea1y ago

Namecheap is on my personal "never use; fuck them" list. I moved my domains to Cloudflare, and I am happy since then.

Porkbun is great.

pfoof1y ago

I use Namecheap and sadly still Gandi for old domains.

The only issue I experience with Namecheap are included redirects which have something like 90% uptime.

Route53 domains is seriously not needed for anything - just add zone in AWS and point your registrar to new NS.

KingOfCoders1y ago

Namecheap has horrendous billing UI with their products, also not PDF so makes it hard for freelancers when you have many domains and your accounts want an PDF. Easiest is a registrar that mails you invoices in PDF.

Ylpertnodi1y ago

I'd prefer a 'do not' list, because 'experience quoted'. Any one of the names you mention could be bought/ new CEO etc tomorrow and start the turdification (tm) slide.

midasz1y ago

I'm with Namecheap and they're decent but one big minus is how inaccessible their API is, would put them on the bottom of the "do use" list.

I have used dreamhost forever and have had a lot of domains through them for over 20 years. Never had a hitch and excellent customer service.

Namecheap's been out a while, I'd drop them from your list too. Porkbun's in for now.

I use pananames.com, they for sure won't do things like OP described

poincaredisk1y ago

OVH is pretty good

bb010g1y ago

I've had great experiences with NameSilo.

The upper two have had several known issues with them. I haven't heard anything about the latter one, but that doesn't mean they're free of issues.

gcr1y ago

Namesilo?

tucnak1y ago

Gandi?

weinzierl1y ago

easyDNS (not to be confused with DNSEasy or DNS Made Easy). Very happy customer for many years and there are not many companies I can say that about.

If you are in Germany donaindiscount24.com is good option too.

What's wrong with aws lmao

seanthemon1y ago

I've been using namecheap for over a decade and have had zero issues with them.

We actually had almost the exact same thing happen to Notebook.ai last month:

- automated notice of trademark infringement from some posted user content, accusing us of "fraud and phishing" (filed by a third party on behalf of Meta)

- that user content was immediately deleted upon receiving the notice

- exactly a week later, our host (Heroku) banned our account with a generic no-reason "Your account has been banned."

Total downtime of about 24 hours until it was resolved; luckily, Heroku's support simply unbanned the account whenever I reached out to ask why we were banned. Migrating to another host wouldn't have taken much longer, but would have been a pain.

Goes to show layering a couple automated processes together can have pretty devastating false-positives. I'm glad there was a human in the loop at Heroku I could reach to get things sorted out relatively quickly; also glad to see Itch.io is back up and got it sorted out relatively quickly as well.

Hm. So Funko sells merchandise related to the Jurassic World franchise.[1] But, according to Licensing International, Mattel licenses the toy rights to that franchise from Universal Products and Experiences, the merchandise arm of Universal Pictures. [2] Also, Funko sells Disney Princess dolls.[3] Mattel announced a multi-year licensing deal with Disney to license the doll rights for Disney Princess dolls. “The courage and compassion found throughout our Disney Princess and Frozen stories and characters continue to inspire fans around the globe,” said Stephanie Young, President of Disney Consumer Products, Games and Publishing. “By furthering our longstanding relationship with Mattel, we look forward to expanding the worlds of Disney Princess and Frozen, introducing an innovative new era of these beloved franchises through captivating products and play opportunities.”

Might be useful to send letters to Disney's and Mattel's legal departments. Mattel paid a lot of money for that Disney license. Disney is very protective of those licenses. Mattel lost the Disney license to Hasbro for a few years due to overproduction of low quality dolls. I'm surprised to see Funko selling low-quality Disney dolls. They degrade a Disney brand.

[1] https://funko.com/pop-tyrannosaurus-rex-fossil/80225.html

[2] https://licensinginternational.org/news/mattel-and-universal...

[3] https://funko.com/fandoms/animation-cartoons/disney-princess...

[4] https://corporate.mattel.com/news/mattel-and-disney-announce...

Why on earth would you send letters? These are all huge corporations with sizeable legal departments. They either know or they should, and most importantly, are paid to handle this. Moreover, you're not likely to be heard or understood by the first line of customer care there, even if this was something they weren't aware of (quite unlikely) but wished they were. It's a waste of time, and something even the biggest altruist would find hard to defend as a sensible effort.

Besides, Disney is perfectly capable of degrading their own brand.

OrangeMusic1y ago

I think OP's plan wasn't to help Disney, but to hurt Funko?

But I agree this is most probably futile :)

therealcamino1y ago

I think Funko's products are classified as collectibles, not dolls. I am sure they have licenses from Disney.

jerf1y ago

Funko still exists, ergo, they have licenses from Disney.

Disney chases down little daycare centers: https://www.snopes.com/fact-check/daycare-center-murals/

They would not miss Funko.

Disney and Universal license and even sell Funko in their parks. But what you did discover is why some are bobble heads.

Jdfmiller1y ago

I sent a request to the registrar, and they emailed with this response. They're claiming it wasn't their fault.

--------

  Your request has been updated. To add additional comments, reply to this email.

  9 Dec 2024, 10:57 UTC

  Hello and thank you for your message.
  The domain name was already reinstated earlier today after the registrant finally responded to our notice and took appropriate action to resolve the issue

The registrant is itch.io. Sounds like victim blaming.

nicoloren1y ago

I've experienced the same thing: a YouTube channel deleted without any explanation (the email from Google mentioned spam, even though I filmed all the videos myself), Facebook preventing me from sharing posts from a website (without any explanation), and of course, domain names that get deindexed from Google without any reason (no message in Google Search Console).

I believe we've reached a point where any activity on the web can vanish overnight due to an AI or an algorithm making decisions based on obscure criteria.

subarctic1y ago

I mean at least those are walled garden platforms where this sort of thing we've come to expect. An independent website as big as itch.io going down because of a bogus complaint is a big surprise

Aachen1y ago

That's what I thought. Last week, two of my domains were frozen by the TLD owner without notice, and they'd take them offline altogether in 7 days if I didn't supply some paperwork to my registrar

I've had these domains for ten years, now all of a sudden this is super urgent and if I'm on holiday that'd be a real shame I guess

So I contact the registrar and a link to the relevant legislation was sufficient to send them a perfectly agreeably censored version of my identity document (removing just irrelevant information they can't use or verify anyway), but apparently all they do is forward it to support@afnic.fr and not actually mark the domain holder as verified. So AFNIC, predictably, rejects it because GDPR doesn't exist in France

I saw no other choice but to send everything into AFNIC's email inbox / support system, which famously never get leaked and they assured me was "highly" secured when I asked to at least remove it after verification

With just 7 days' notice and half of that going to the distraction of a registrar, there's also no way to figure out what's even going on or have any sort of conversation. They hold all the cards and you jump when they say hop

I'm considering my options for any TLDs owned by AFNIC... evidently .io isn't better, but how to know who is

CM301y ago

It should be illegal for any company to rely on AI or automation to handle legal risks, especially without any human driven support to fall back on. The fact we're handling over things this serious to unreliable and poorly configured systems feels like absolute insanity to me.

Also, why is the domain registrar even being contacted here? I thought the general idea was that you'd first contact the site owner and wait for a response, and if there's no response in a certain amount of time, then you might contact the registrar or something. No one should be going over the heads of website owners and creators for matters like this, especially not as their first resort.

In a logical world, they'd contact Itch.io and Itch.io would take down the page (which they did), and that would be it. No need to involve the registrar at all in a case like this one.

lxgr1y ago

I don't think it needs to be illegal – it should be enough to just hold companies responsible for the consequences, just like they are for using any other kind of technical system without appropriate supervision.

CobrastanJorji1y ago

Question to lawyers: is there a colorable lawsuit against Funko and/or Brand Shield if itch.io can demonstrate quantifiable lost revenue for those N days of being offline?

lmm1y ago

Given that this was apparently a false (and recklessly so, though that's going to be the hard part) report of fraud/phishing and not a DMCA takedown, yeah that sounds like tortious interference.

Slight off topic but interesting that the post has similar interaction stats (replies and reposts/quotes) between Twitter and Bluesky except the likes which are 3x higher on the former https://files.catbox.moe/82x7ue.jpeg

huhtenberg1y ago

BlueSky seems to be far less like-oriented. They aren't just a good metric of engagement there. People read and move on. If it might be helpful to others, they will repost, and that's it.

Besides, with 26K followers on BlueSky vs 173K on Twitter, I'd say the engagement on the former is significantly higher any way.

robin_reala1y ago

Luckily with Bluesky you can link to a post and everyone can see the replies.

For now! The bluesky URL contains "itch.io" (their handle), and under atproto, DNS name resolution is actually an integral part of handle resolution. It will start 404ing if/when relevant caches expire.

This one uses the "DID", not the handle, and will not 404: https://bsky.app/profile/did:plc:oy37ivqnriw6nx3lrbcht2u3/po... (cc dang)

Open issue regarding making bsky URLs less fragile while also not looking ugly: https://github.com/bluesky-social/social-app/issues/1221

oneeyedpigeon1y ago

Interesting - most Bluesky accounts, especially those related to gaming, are reporting higher engagement stats on Bluesky, at least relatively if not absolutely.

I don’t think it’s that surprising; Bluesky is quite big amongst the audience who cares about this sort of thing, and the author isn’t a bluetick so will have visibility relatively suppressed on Twitter.

gcr1y ago

I heard about this incident from a link shared from Bluesky first, which is significant because most of my social circle tends to use twitter

leonard-somero1y ago

I am Leonard Somero, I run verysoftwares.itch.io. I have over 300 followers and a game with 20k+ plays that has been repeatedly featured on the front page.

This certainly changed my morning routine! I am glad to hear that the reason wasn't me deleting my Twitter from my page. My first panic reaction was thinking it was me who's caused it, due to some kind of ad revenue conflict.

Ever seen the movie Summer Wars? I felt like the protagonist for a moment there, but glad it turns out it was just some 2020s AI nonsense.

Either way, there's surely an engineer somewhere who's very busy right now.

Shank1y ago

> Ever seen the movie Summer Wars? I felt like the protagonist for a moment there, but glad it turns out it was just some 2020s AI nonsense.

Love Machine was a rouge AI in Summer Wars, though.

gessha1y ago

Rouge or rogue :D

juped1y ago

Everyone involved in this is terrible except itch.io; it's a shame litigation, the available method for redressing this, is often avoided due to the high expense.

zo11y ago

As a naive and new adult entering the world, I would have assumed that all you need to do is report this to your police/government, and they'll start a case, preliminarily determine that "Yeah, some sort of fraud happened" and then proceed to start a court case against the accused party so that a jury/judge can determine it's validity.

The fact that lawyers and the "lawyer system", in conjunction with prosecutorial offices and the police, has made this expensive and pretty impossible for 99% of people and companies is a huge problem. It basically nullifies the whole point of government as protector of people's rights and enforcer of laws.

oneeyedpigeon1y ago

It's very unlikely that anything criminal has happened here, so government is irrelevant. I'm not even sure we're seeing any malevolence, just rank incompetence.

pjc501y ago

This stuff would be civil jurisdiction in most countries. The Internet adds an extra layer of problems: the registrar, complainant etc may be in different countries, making it practically very hard to get anything done.

It feels like Linode did a good job, too.

TiredOfLife1y ago

itch.io removed the fanpage (that didn't break any rules) that caused the takedown.

teddyh1y ago

Like I frequently¹ advise²:

Don’t look to large, well-known registrars. I would suggest that you look for local registrars in your area. The TLD registry for your country/area usually has a list of the authorized registrars, so you can simply search that for entities with a local address.

Disclaimer: I work at such a small registrar, but you are not in our target market.

1. <https://news.ycombinator.com/item?id=32095499>

2. <https://news.ycombinator.com/item?id=32507784>

remram1y ago

How do you monitor for when they inevitably get acquired?

teddyh1y ago

That’s a very SV view on things; i.e. that small companies inevitably get acquired. Most small companies don’t actually get acquired, and are not looking to be acquired.

The simple answer is: Choose a registrar without significant external investors.

timvdalen1y ago

I got a "cease and desist" type email from one of these (Tracer AI) last week. Really annoying, but I guess spam is a prime LLM use case...

Spam is, when it comes to it, basically the only proven LLM usecase at this point. Everything else is all a bit 'jam tomorrow', "doesn't really work now, but it'll be magic soon, we promise!", but it has very much revolutionised the spam industry.

Funko as a brand exists entirely on derivative content, albeit licensed. Seems like exactly the sort of brand that would trip auto-DMCA software.

YurgenJurgensen1y ago

It also works out pretty well for them, as they’re basically /the/ symbol of soulless commercialism, sanding down everything distinctive about characters and producing a cuboid of concentrated Brand. Anyone who voluntarily looks at that and decides they want to be a part of it is already on board with the corporate hellscape, so nothing they do could possibly harm their reputation among their customers.

ivanjermakov1y ago

Since when it is registrar responsibility to take down domains based on third-party reports? I would think to do it registrar needs at least a warrant from officials, and not without a notice of domain owner.

6bb32646d83d1y ago

One of my .xyz domain was taken down because one it somehow ended up on a single spam list as Phishing (it was not hosting any phishing, and all the code is actually open source).

I never was able to get it cleared. It's crazy the power that those spam list can have and they care very little about false positives

slippy1y ago

How many other domains were knocked off by this AI reporting? Seems to me that if you make claims that have business repercussions, you need to be suable for fraud and face civil and possible criminal complaints.

Criminal seems like a stretch (at least for this sort of damaging-a-business stuff), but making false claims can absolutely have all sorts of civil consequences.

cherryteastain1y ago

How are all these "DMCA Ignored" domain registrars? Do they actually send all DMCA requests to /dev/null? Sounds like using one of those would have "fixed" the problem here.

qingcharles1y ago

I used to host my TV torrent tracker with one of these that would ignore literally everything. Was expensive, but was factored into the costs.

ugh this kind of stuff just makes me wish DNS was less centralized, even though it's already incredibly uncentralized.. of course it's just all registrars just being a weak point.. as always

It is as decentralized as you can get. Dns is the entire foundation of decentralization, any more and you get into schizo hyperprivacy protocols.

It's federated, not decentralized. For decentralized you need something like https://ens.domains/

remram1y ago

The network is decentralized, but each domain still has a single registrar, making the service you (domain owner) receive very centralized. If that one registrar misbehaves or is unresponsive, you're out of luck.

So, it's not as decentralised as you can get, you just personally don't like decentralisation?

josefritzishere1y ago

It may ultimately be lost revenue and lawsuits that protect us from the tidal wave of AI garbage.

TophWells1y ago

It's back up now!

ChrisArchitect1y ago

Some followup/developments (Dec 9th):

Itch.io: "This is not a joke, Funko just called my mom"

https://news.ycombinator.com/item?id=42371481

HelloNurse1y ago

Congratulation for the return of the site!

StuntPope1y ago

easyDNS here. Our ears were burning as multiple people have mentioned us in this thread.

If you want to get with a registrar who is actually clueful about takedowns, we can help you out.

Beijinger1y ago

There are some recommendations of registrars here in the chat. Let me recommend two:

1. internet.bs No Bullshit Domains. I am using them since 10 years, and I am very happy. Email is comparatively expensive, but you can buy this separately from infomaniak.com for 18 EURO a year.

2. If you need country TLDs, this may be a good option: inwx.com

who exactly is taking bluesky seriously? what’s their moderation policy?

przmk1y ago

What does that have to do with the official itch account posting there? How would your seemingly personal beef with Bluesky impact the credibility of that?

Is it possible for itch.io to follow the advice of putting user generated content onto a seperate domain from their main one?

gsck1y ago

The entire site is user generated content

j / k navigate · click thread line to collapse