[CydeWeys]

And to be clear, all Namecheap had to do to prevent this lawsuit was identify the owners of or delete the obviously-phishing and obviously-TM-infringing domain names. They didn't, so now Facebook is taking them to court over it.

[mmanfrin]

Facebook listed 3 of the 45, including one that I'd argue does not at all violate TM or phish. In a post like this, they'd likely pick the most egregious examples, so your statement about how obvious this is is entirely baseless. Furthermore, I'm absolutely okay with Namecheap not honoring a demand for information without a subpoena. Those whoisguards protect me from spammers, scammers, and anyone who would want my information from a whois.

[notRobot]

Agreed 100%. I'm a huge fan of removing all PII from whois info. Get a subpoena if you want that data. Otherwise next thing you know they'll be demanding registrant info for "facebookisevil.com" because it "infringes on our trademarks!!!"

[jfengel]

Isn't "getting a subpoena" basically what they're doing?

[gpm]

I think normally they would sue the people who registered the domain to get a subpoena, not namecheap itself.

[jfengel]

I thought the point was that they're suing namecheap to get the names of the people who registered the domain, because namecheap was serving as an anonymity service.

[rstupek]

Actually all PII information is already removed from whois info. I think it was a consequence of gdpr

[notRobot]

Nah namecheap made whoisguard free for all long before GDPR if memory serves correctly

[rstupek]

They may have but regardless of them doing so, gdpr resulted in the making of whois data not generally available to anyone.

[tptacek]

Why do I care about the other examples if the egregious examples include obvious phishing sites?

[blackearl]

It sounds like Facebook asked, not a court. Just because you're a big company doesn't mean others need to bend to your will.

[sieabahlpark]

Well what's the point of protecting the domain owner if anyone who comes by and asks can get that info?

[ensignavenger]

According to ICANN they cannot simply delete the domains- https://www.icann.org/resources/pages/help/dndr/udrp-en

"Under the policy, most types of trademark-based domain-name disputes must be resolved by agreement, court action, or arbitration before a registrar will cancel, suspend, or transfer a domain name."

[JoshTriplett]

Or, alternatively, remove the domain names, since they're blatantly phishing domains.

I think anonymous domain registration is an important property to preserve. Many people need such services for their safety. However, if you're going to serve as an anonymity shield for another party, you're taking on some of that party's liability, and in particular you need to take down malicious domains.

[xorcist]

Namecheap is responsible for administrating domain ownership. They are not free to unilaterally change or remove ownership at will.

That doesn't mean it's impossible to deregister infringing domains. It means that there is a process to follow, which is probably what we're seeing right now.

[throwaway3157]

I know some attorneys are on HN, so question: does Namecheap/Whoisguard have a legal obligation to reveal that requested info?

[caffeinewriter]

Honestly, I'm glad they didn't. There's not much use in a whois privacy service if they'll give up the info just because a company says "this is infringing".

[disiplus]

what value is there in whoisguard if anybody can strong arm you in giving the data away.

[shpongled]

Then Namecheap is liable for determining what qualifies as phishing or TM infringement. This is not their responsibility.

[StreamBright]

This pretty much depends on the details.