From cybersquatting to cryptosquatting: protecting your brand and IP in the era of Web3

While jurisprudence catches up to the fast evolving reality surrounding Web3, what steps can brand owners take to protect their IP and prevent their brands from being taken and used by opportunists or cybercriminals?    

‘Cybersquatters’ have long been in the practice of registering well-known company or brand names as internet domains, often as a means to derive financial benefit through re-sale but also to use as an instrument of fraud. 

The emergence of Web3, a third generation of internet based on blockchain technology, is bound to see the proliferation of similar conduct – on new technology platforms but with similar aims – by what are termed ‘cryptosquatters’. 

In order to protect their brands and IP in the era of Web3, particularly if this space remains unregulated, companies should consider minimising harm by registering valuable Web3 domains, even if they currently have no intention of using these names.  

What is Web3?

The 1990s saw the emergence of the World Wide Web, known as Web 1.0, which was a ‘read only’ version of the internet. It allowed users to search for information shared by businesses. In approximately 2004, Web 1.0 was superseded by Web 2.0, the second generation of the internet and the one most of us know today. Web 2.0 transformed the internet into an interactive community in which users were able to upload and alter content. 

While this was a significant development, there were many barriers that made it difficult for users to ‘surf the web’, as websites used IP addresses, a unique string of numbers connected to a computer network which were difficult to recall and reiterate. The introduction of the domain name system (DNS) – a simpler string of characters, often a word – offered a more user-friendly way to access a website in place of remembering an IP address. For example, it is easier to access the Corrs website via the domain name www.corrs.com.au than its IP address 101.0.93.30.

Web3 is a term that describes the vision for the next generation of the internet. Unlike Web 2.0 domains, which are a memorable set of characters providing a stand-in for an IP address, Web3 domains have a memorable set of characters providing a stand-in for a crypto wallet number. There are a number of Web3 domain extensions such as .crypto, .eth, .nft and .solana. It is much easier to transfer cryptocurrency using a Web3 domain rather than a 42 character crypto wallet number. 

What are Web3 domains?

Web 2.0 domains are registered within a set of domains, being the letters immediately to the right of the last ‘dot’ (and the respective subdomains), such as .com, .org and .au. These are commonly referred to as top level domains (or TLDs). The traditional domain name system in Web 2.0 is governed by rules developed by or in conjunction with the Internet Corporation for Assigned Names and Numbers (ICANN), which provide a mechanism that enables the cancellation or transfer of domain names if a certain set of criteria are met. 

Web3 domain names do not fall within the scope of those rules. This is partly because there is a significant architectural difference between Web 2.0 and Web3 domain name systems –  while Web 2.0 domains are centralised and regulated, Web3 domains (top level examples of which include eth, .sol, .nft and .crypto) are decentralised without an overarching regulating body. 

Blockchains – decentralised public ledgers on which transactions are recorded that rely on a network of computers – are a core element of Web3. Domain names that operate on blockchains are issued by providers that enable access to a particular blockchain. A number of such providers exist today, such as Ethereum (.eth) and Solana (.sol). Each provider can set its own rules. For example, to register a .eth Web3 domain, a user will set up an Ethereum wallet and buy cryptocurrency called ETH. Thereafter, the user may search for and register the desired .eth domain name via the Ethereum Name Service referred to as the ENS App. 

What are the benefits of Web3 domain names?

Web3 domains are relatively affordable and, similarly to the convenience offered by Web 2.0 domains, allow a user to transfer cryptocurrency via a simple Web3 domain name instead of a 42 character wallet number.

Web3 domains also remove Web 2.0’s issues around data ownership by returning ownership to users. A core purpose of Web3 domains is to combat the centralised and regulated power of Web 2.0. Users can also register a Web3 domain using anonymous details if they are concerned about their personal details becoming searchable on the internet (as is the case with Web 2.0 domain names via WHOIS searches).

Cryptosquatting and other potential challenges

The emergence of Web3 domains also poses some potential challenges, including legal issues, for users, which are exacerbated by the unregulated nature of Web3. In particular, the anonymity of users, which is a feature of Web3 domains, makes it difficult to identify and pursue users for conduct that may infringe third party rights or that may otherwise be illegal. 

Cybersquatting is a practice which has been around for decades and typically involves the registration (and sometimes use) of a Web 2.0 domain name in violation of trade mark rights with a view of obtaining financial gain, for example through pay-per-click advertising, fraud or offering the domain name to the trade mark owner for consideration in excess of reasonable expenses. Trade mark owners have the ability to take action to recover domain names which have been secured by a cybersquatter via dispute resolution mechanisms that differ depending on the TLD. For example, the .au Dispute Resolution Policy (auDRP) applies to Australian TLD and the Uniform Domain-Name Dispute-Resolution Policy (UDRP) applies to a large number of common TLDs, such as .com and .net. In order to have the relevant domain name cancelled or transferred, trade mark owners need to prove a number of elements, including that the domain name was registered and/or used in bad faith.

Cryptosquatting is a similar concept but in a different Web3 context. Web3 domains can contain registered or unregistered third party rights and are able to be registered and used as instruments of fraud. The concerning difference is that recourse available to those wronged by such conduct is limited. A possible scenario may involve the registration of a name associated with a legitimate entity for the purposes of misleading consumers as to the identity of the owner associated with the corresponding crypto wallet. This may result in funds intended for that entity being funnelled to the wrong crypto wallet. While this conduct is no doubt fraudulent and may involve available courses of action such as passing off and breaches of the Australian Consumer Law, the unregulated nature of Web3 domains and the anonymity afforded by the system may enable the individual behind such conduct to remain hidden and unaccountable. 

What role can the Courts play?

Many countries around the world (including Australia) do not yet have targeted laws to regulate Web3 domains and cryptocurrency. This leaves aggrieved parties with no choice but to take action through the Courts. 

Australian Courts have not yet had to grapple with issues arising from Web3 conduct and while foreign jurisdictions do not yet seem to have dealt with bad faith registration and use of Web3 domains, there have been some Web3 decisions relating to non-fungible tokens (NFTs), unique digital identifiers recorded in a blockchain used to certify ownership, which may provide some guidance:

• In D’Aloia v (1) Persons Unknown (2) Binance Holdings Limited & Others (24 June 2022), the High Court of England and Wales made an order allowing initiating court documents to be served to the unidentified defendant via NFT drops to two digital wallets of concern, in addition to service by email.
  
  
• In Lavinia Deborah Osbourne v (1) Persons Unknown (2) Ozone Networks Inc trading as Opensea [2022] EWHC 1021 (10 March 2022), which is the first reported case of a court granting a proprietary injunction to freeze an NFT as an asset, the High Court of England and Wales was prepared to grant such an injunction despite the claimant having no knowledge who had stolen her NFTs and the relevant NFT marketplace (Opensea) being outside the jurisdiction.
  
  
• In Rajkumar v Unknown Person [2022] SGHC 264 (21 October 2022), the Singapore High Court granted the plaintiff’s urgent application to restrain the unknown defendant from dealing with the Bored Ape NFT until after the trial and allowed substituted service of the order and associated pleadings via the defendant’s Twitter and Discord accounts and the messaging function of the defendant’s cryptocurrency wallet.

It is possible that Australian Courts would allow remedies along the lines of those outlined in the above case studies and they could even go further to allow relief to be sought from Web3 providers directly. 

***

While we wait for jurisprudence to catch up to the fast evolving reality surrounding Web3, it seems prudent for brand owners to take an active approach to minimising harm by registering valuable Web3 domains even if there is not currently an intention to use these names.