return to table of content

CrowdStrike representatives issue trademark infringement notice to ClownStrike

new299
35 replies
19h50m

I wonder to what extent companies consider the reputational damage these kinds of enforcement actions cause. I recently came across this when googling for information on a small Biotech startup:

https://udrp.adr.eu/decisions/detail?id=65fab3e46fc02956a010...

Will probably be the first thing I remember when I hear their name.

arp242
8 replies
17h59m

He was even willing to sell it for €5,000. If they had just paid that relatively small sum instead of getting all triggered that someone might ask money they would have had the domain. Hilarious. Good on this Christian fella for winning. What a bunch of idiots.

This does bring up a question though; I've had arp242.net for a long time, and obviously that's not my actual name. Can some company register "arp242" as a trademark and hijack my domain?

Y_Y
3 replies
9h15m

For the record, common law generally doesn't have a solid concept of actual/legal/"real" name, if you're known by a name then it's your name.

My birth cert, bank accounts, passports etc. are issued in various jurisdictions with various names. I'm not an international man of mystery or tax cheat, but I'm known by various equally legitimate names. It is a bit of a bother when someone around they must all be identical, but there's no crime or deception.

arp242
2 replies
5h42m

That is perhaps true in some Common Law jurisdictions (US?), but not for much of the world, including some Common Law jurisdiction such as the UK and Ireland. The first name I use daily is different from what's on my passport and I've gotten into trouble with this in both the UK and Ireland.

Y_Y
1 replies
4h43m

I'm not sure on what we disagree. It is my understanding that what I said applies to the UK and Ireland, there are formal ways to register a name change, but it is not necessary and it is possible to "change" your name simply by having people refer to you using the new name.

As I mentioned, this will cause some difficulty with people and organisations who assume names are unique and immutable(c.f. [0]), but that's not a legal issue and is no different to someone not coping with any other unusual but allowable circumstance.

[0] https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-...

arp242
0 replies
2h7m

there are formal ways to register a name change, but it is not necessary and it is possible to "change" your name simply by having people refer to you using the new name.

Try opening a bank account like that. I can guarantee you it's not going to work; they will want to see a passport and proof of address with exactly the same name. I've been rejected by banks just because the utility bill shortened my second middle name to just "P".

This seems true for pretty anything of substance: government, tax, banks, insurance, health care, things like that. I'm not a lawyer and don't know how it works according to the letter of the law, but de-facto, you will have a "legal name".

fsckboy
1 replies
17h12m

He was even willing to sell it for €5,000.

so he didn't much care about it as his email address as he generally used his other domain christian-scipio.de? https://www.christian-scipio.de/contact

devrand
0 replies
15h11m

It sounds like they intended to use it as the primary e-mail domain for himself and family. They claimed that they had already switched to using it.

However, the total window of time here is small. They registered the domain in late November 2023 and this UDRP was filed in late February 2024. It also sounds like initial contact to try to acquire the domain occurred in early December 2023... so only a couple days after it was registered.

devrand
0 replies
17h23m

I think they generally give a lot of weight to someone who registered the domain well ahead of the said company registering their mark. Though you might run into trouble if you started using the domain in bad-faith against that company (ex. impersonating them).

In your example, you had that domain well in advance, it's your self-identified pseudonym that predates said mark, and it's actively being used to host your personal website. That seems like a pretty strong defense.

InvaderFizz
0 replies
17h28m

They can try through the UDRP, but your easy defense is to point that the date registered exceeds their TM by years. The UDRP would be highly likely to end in your favor should you dispute.

fxtentacle
7 replies
19h38m

Oh wow, they sued someone who used his last name as a domain name because they feel like their trademark should allow them to prohibit him from using his family name ... And obviously they registered their trademark after he started using his name.

cowsandmilk
1 replies
19h26m

And obviously they registered their trademark after he started using his name.

Actually, the company’s trademarks are from 2017 and he got his name via marriage in 2020.

Still a stupid suit

freehorse
0 replies
19h20m

Yes, but they registered it in 2022, which makes the case even more hopeless.

bitwize
1 replies
18h56m

Prince Rogers Nelson's given name was a registered trademark of Warner Music. It took that whole stunt with him changing his name to Love Symbol #2 to get them to relent.

fuzztester
0 replies
18h5m

wow.

i didn't know that prince was the same as prince rogers nelson (only vaguely remembered the name prince as a musician from dances at high school), so googled his name:

https://en.m.wikipedia.org/wiki/Prince_(musician)

diego_sandoval
5 replies
18h42m

Mr. Scipio had to provide evidence, lose his privacy and justify his use of the domain name to avoid losing it.

That is enough proof to conclude that this UDRP thing is deeply unfair and should not exist.

"First come, first served" is much more fair than this "burden of proof falls on the defendant" nonsense.

We'll have to replace ICANN with something better at some point.

tgsovlerkhgsel
2 replies
16h27m

UDRP is meant to address obvious, intentional, malicious domain squatting, where someone registers a domain with your trademark and then extorts you for it.

I believe it serves that purpose reasonably well.

There are three criteria that ALL have to be met (1. identical or confusingly similar to your trademark, 2. registrant doesn't have a legitimate reason, 3. registered/used in bad faith). In cases where these are met, it's pretty clear that the owner should be losing the domain.

I think it would make sense to add a rule that someone who issues a spurious UDRP request should be required to pay the domain holder some default amount of compensation for the hassle, but overall, I think this is a process that makes the Internet better, not worse.

diego_sandoval
1 replies
12h45m

What would have happened if Scipio refused to provide his marriage papers? Would he have lost the domain? How could he know beforehand?

If I was in his position, I would definitely feel the implicit threat of "if you're not willing to provide all the info we're requesting, you lose your domain".

2. registrant doesn't have a legitimate reason, 3. registered/used in bad faith

I've read arbitration cases where "The Expert" says (simplifying): "the site is being used for illegal activities, so there's no legitimate use", when no actual court or official institution has declared that the site's content is illegal*. So, you're at the whims of some "Expert's" opinion of what's legitimate, even if it may eventually contradict the actual justice system of your country.

I have very little trust on the competence and fairness of UDRP arbitration.

* And it's not a case where the things are evidently illegal, it's very debatable if they are.

tgsovlerkhgsel
0 replies
3h18m

even if it may eventually contradict the actual justice system of your country.

As I understand it, either side can escalate to the justice system in the end.

diego_sandoval
0 replies
12h18m

What matters is the general case. We shouldn't be required to expose our personal lives to be able to retain our domain names.

erredois
1 replies
18h51m

Remindes me of someone I met a long time ago that had the Zeppelin last name, and could not use on Facebook because and agreement between Facebook and the band Led Zeppelin blocked it.

djbusby
0 replies
17h56m

Yet, someone squatting my trademarked name (profile URL) on FB and I can't get it.

sva_
0 replies
17h22m

Perhaps survivorship bias, in that most go under without a fight and we never hear of them.

subpub47
0 replies
17h57m

They don't. What are we going to do? Nothing.

richbell
0 replies
19h15m

When I opened that link, I didn't except to be captivated by what is otherwise a boring procedural document.

Shame on SCIPIO.

madaxe_again
0 replies
18h33m

In my experience, businesses which are the most vigorous about pursuing frivolous IP claims and lawsuits are usually dishonest entities which themselves trample and steal the IP of others.

I have twice found myself defending my IP rights when a business in one case, a government ministry in another, attempted to dispute my right to use the work that they had themselves stolen, wholesale.

jojobas
0 replies
19h25m

Remember how KPMG claimed nobody is allowed to link to their site? I 'member.

herman_toothrot
0 replies
18h48m

RIP Uzi Nissan of Nissan Computer Company.

hcfman
0 replies
5h40m

Very interesting this. Disappointing that they did not add any extra punishment for being bastards to the complainant

Terr_
0 replies
18h27m

Kinda wish the company got more than a slap on the wrist for such nonsense.

While the Complainant may have 'sailed very close to the wind' in this case [...] the Complainant's conduct in this case does not appear to fall squarely into the realm of any of the above mentioned [Reverse Domain Name Highjacking] circumstances. Therefore, the Panel has decided not to make a finding of RDNH on this occasion. The Panel however cautions the Complainant to only invoke the [Uniform Domain-Name Dispute-Resolution Policy] Policy in the future in circumstances under which the Complainant is able to identify the bases and adduce evidence in respect of all three UDRP Policy grounds.

So yeah, name-n-shame on their leadership such as *checks* CEO Pierre Chaumat and friends. [0]

[0] https://scipio.bio/news/scipio-bioscience-appoints-new-ceo-t...

cj
33 replies
19h35m

FWIW: CSC is a company that other companies hire to act on its behalf.

It's very likely that the company you work for uses CSC as it's registered agent in the State of Delaware for administrative purposes (CSC doesn't really do anything other than exist on paper and file annual forms to satisfy legal and compliance requirements necessary for companies to exist in the US).

I wasn't aware they file DMCA requests on behalf of companies... that seems off brand for them.

(After writing the above) turns out CSC has a Online Brand Protection service. https://www.cscdbs.com/en/brand-protection/ I wouldn't be surprised if:

1) Crowdstrike incident takes down internet

2) Crowdstrike files a claim on their cyber insurance policy which includes coverage for brand protection

3) Crowdstrike (or their insurance company) buys some brand protection service, like the one offered by CSC

4) This guy receives a takedown

When I started writing this comment I was intending to defend CSC. But after googling I think CSC's brand protection services are to blame. Seems to be having the opposite effect for Crowdstrike considering they paid to have their brand "protected" and now this guy's site is getting lots of traffic!

chatmasta
11 replies
18h23m

It’s ironic that Crowdstrike could be suffering reputational damage due to a failure mode they didn’t realize existed in the services provided by a vendor they hired to protect them from reputational damage.

Maybe this will give them some empathy for their users who bought their services to protect their infrastructure.

subpub47
4 replies
17h59m

You don't need empathy when you have a captive market. I'm afraid we're about to enter the "lol fuck you, what're you gonna do, leave?" stage of this organization.

evilduck
3 replies
17h42m

Crowdstrike has several competitors, CarbonBlack, McAfee, Sophos, PaloAlto, etc.

Sure, they're all equal shades of shitty, but that's a different issue.

EvanAnderson
1 replies
15h34m

Sure, they're all equal shades of shitty, but that's a different issue.

You can choose which digital shotgun is strapped to your organizational forehead.

jamwil
0 replies
13h51m

I’ll take several different shotguns each strapped to a different limb please.

sowerssix
0 replies
17h12m

For what it's worth, McAfee is now called Trellix, and they now have what used to be called FireEye in their product line too.

darby_nine
4 replies
17h45m

It’s ironic that Crowdstrike could be suffering reputational damage due to a failure mode they didn’t realize existed in the services provided by a vendor they hired to protect them from reputational damage.

If you spend enough time around VC's it becomes difficult to imagine how this doesn't happen more often. Many times companies grow too quickly for a clearly seasoned veteran of the market to get a chance to take the wheel. Combine this with "nobody ever got fired for purchasing IBM" and you get a perfect storm for taking out the IT infrastructure for an entire culture—all you need is a majoritarian marketshare and you can take out an entire people.

not2b
2 replies
17h8m

I think it's going to shift. Airlines in particular are probably going to decide that they can't afford to take another hit like this, and come up with a way to limit the damage if a software update (even from Microsoft) is broken, and come up with a way to test updates before pushing them to all devices.

alephnerd
0 replies
16h40m

come up with a way to test updates before pushing them to all devices

This is SOP for plenty of purchasers already.

Some orgs just don't have the ability to build processes like that.

VistaNumba1
0 replies
12h23m

Ah, got it. So instead they'll just keep doing what they were already doing for half their systems: Keeping them without updates for decades. Those terminals survived, afterall.

quantified
0 replies
17h6m

I think the leaders of Crowdstrike should be considered clearly seasoned veterans. George Kurtz was high up at McAfee. But maybe Cathleen Anderson is a little new to the chief of legal role.

Nition
0 replies
16h57m

Okay, well done, it's hilarious how perfectly this works for both the parent comment and the CrowdStrike bug.

batch12
6 replies
18h40m

Where they may have messed up is with the use of crowdstrike's branding. I've worked for a company that had a near 100% success rate with taking over domains that used their branding. Not just taking down the site, but taking ownership of the whole domain.

_heimdall
3 replies
17h26m

Were any of those success for violation of copyright or trademark when used in parody? I don't know if it would hold up, or how long it would even be between a domain registrar handing it over and having a day in court, but there does seem to be a good case for this being a protected use of CrowdStrike's protected branding.

account42
0 replies
9h38m

That ruling is only relevant if the operator of clownstrike.lol is in Canada. The US in particular has much better protections for parody than most countries.

batch12
0 replies
16h6m

Yeah, there were a few. I believe they had to demonstrate that there was a risk that a customer could be misled or something.

account42
1 replies
9h44m

Trademark is about protecting customers not for companies to protect their image.

Daviey
0 replies
6h42m

Sorry, do you mean morally, by intent/design or legally?

aragonite
3 replies
19h20m

Reminds me of that time when Mike Bloomberg's lawyers preemptively registered 400 .nyc domains for him, apparently without his knowledge, many of which are hilariously negative (MikeIsTooShort.nyc, MikeBloombergIsADweeb.nyc, GetALifeMike.nyc etc.):

https://www.huffpost.com/entry/michael-bloomberg-nyc-domain-...

defrost
1 replies
18h35m

So, Mike, tell us, your lawyers, what slur cuts the deepest so that we may register it in public to protect you . . .

bag_boy
0 replies
17h12m

“Okay, 1 down and 399 to go”

batch12
0 replies
18h46m

I bet that brainstorming session was a blast

toast0
1 replies
19h1m

I wasn't aware they file DMCA requests on behalf of companies... that seems off brand for them.

CSC is a well know high value domain registrar. Similar to MarkMonitor. I'm not surprised CSC does brand protection, also similar to MarkMonitor.

When I was at an employer that became a MarkMonitor customer, we didn't have enough domain business to meet the minimum spend, so we started using the Brand Protection "for free". Sometimes they have a hair trigger, we had our own accessory apps taken down occasionally. ¯\_(ツ)_/¯

Previous registrar was NetworkSolutions, lol; they had a customer service agent get phished, and the phishermen set new NS records for several domains, including ours. Major PITA.

znkynz
0 replies
18h49m

Have used CSC for domain / brand protection. They offer a reputable service in this space, but i must admit, i developed the view that CSC much be a surreal place to work - i just couldn't figure out what/how/why motivates people to their mission. [obv, employee compensation]

Dalewyn
1 replies
19h15m

Seems to be having the opposite effect for Crowdstrike considering they paid to have their brand "protected" and now this guy's site is getting lots of traffic!

Streissand Effect.

BenjiWiebe
0 replies
17h15m

s/ss/s/

That was fun.

paranoidrobot
0 replies
12h36m

I am quite certain that CSC won't proactively send Cease and Desist/takedown notices without first confirming with the customer that they want it done.

Someone at CrowdStike had to say "Yes, send the takedown for this".

I base this on prior experience working at places which used CSC brand protection (among other services)

jjguy
0 replies
19h19m

Based on how well CrowdStrike has managed their response to date, this is a plausible scenario.

fsckboy
0 replies
17h3m

a trademark claim is not DMCA, copyright only.

and what is shown on the page is Cloudflare boilerplate about DMCA, not Crowdstrike.

if Crowdstrike did use the DMCA form as a way of getting attention, that still serves as "notice" of the trademark infringement which Clownstrike has graciously acknowledged receipt of

freehorse
0 replies
3h29m

They also apparently own the clownstrike.com domain [0] and this is since 2012, crowdstrike itself exists since 2011, so they must have hired them since close to the beginning. But could be that now they are probed to do damage control after the incident (though as always this tactic tends to disperse more damage than control it).

[0] https://www.whois.com/whois/clownstrike.com

dheera
0 replies
18h24m

I actually thought CSC was a parody website ... it just seems a bunch of buzzword fluff and no products. Just "solutions" which at other companies is usually code for "we don't actually have anything to sell".

jsheard
14 replies
19h59m

CrowdStrike/CSC has owned at least clownstrike.com and clownstrike.net since 2012, but they weren't on the ball with those new TLDs it seems.

xanderlewis
3 replies
19h50m

It’s quite surprising to me that they thought to do that, although maybe I’m just naive.

I wonder what other parody names and altered versions they own…

jsheard
2 replies
19h48m

CSCs whole deal is securing domain names for huge brands, they probably have people whose job involves thinking of derogatory domains like that so they can grab them pre-emptively. The people behind the .sucks TLD turned that into an incredible grift, they charge an exorbitant amount (about $300 a year) because they know every big brand will buy brand.sucks no matter what.

duskwuff
0 replies
19h34m

I worked for a company where MarkMonitor proactively registered domains for us which were likely typos of our brand (e.g. example.com -> examlpe.com, exmaple.com, etc), and would hunt down registrations of new domains which appeared likely to be phishing sites. They didn't catch everything, but they were pretty good.

SXX
0 replies
19h22m

.sucks TLD sounds like genious idea made real.

http://microsoft.sucks redirect to Microsoft.com and they pay for it.

freehorse
2 replies
19h7m

This is true [0]! But even more surprisingly clownstrike.com redirects to crowdstrike.com. I am surprised why they may have thought this is a good idea, but it means that we can actually use clownstrike.com instead to reference it in the web.

[0] https://www.whois.com/whois/clownstrike.com

freehorse
0 replies
11h13m

I assume they intend to redirect misspells, and they unintentionally include domains making fun of them, but it is still funny and stupid they do it.

volkl48
1 replies
19h40m

I mean, there's now what, 2,000 TLDs and growing? I'm not sure it's going to be practical to own every likely parody domain at every TLD.

djbusby
0 replies
17h52m

A big company can afford it. Drop in the bucket.

bitslayer
1 replies
19h21m

I worked at company_name when the .xxx top level domain became available, and my boss was sure that we should buy company_name.xxx. I talked them out of it. Luckily no one has maliciously registered company_name.xxx all these years later. I guess it could happen any day now.

account42
0 replies
9h11m

Does rule 34 apply to corporations?

Avicebron
1 replies
19h51m

I get it, staying on the ball in fast-changing dynamic environments can be tough, good thing they don't run an EDR

scintill76
0 replies
19h41m

Their TLD scraper created a file of nothing but zeroes, so the registration script crashed and went into a bootloop trying to read it.

tamimio
0 replies
17h42m

Ah, what?! So, there was already a running joke about CrowdStrike being a clown one? Otherwise, why buy it and redirect to it? What about DoubtStrike?

bhartzer
14 replies
19h32m

What I don't understand is why companies and brands like this just don't use NameBlock or a similar domain blocking service like GlobalBlock.

They literally can block domain names that have their company name or brand in them from being registered (up to 500 variations of their domain).

It's literally like $99/year to place a block. Saves a lot of the hassle of having to deal with parody and phishing sites and trying to take them down.

Just block the domain(s) from being registered in the first place.

josephcsible
2 replies
18h2m

How can such services exist? Why would the registrars listen to them?

bhartzer
1 replies
16h13m

The domains are blocked at the registry level, not the registrar level.

josephcsible
0 replies
13h41m

Okay, why would the registry listen to them?

cortesoft
2 replies
19h26m

I don't think you could block "clown" or "strike".

bhartzer
1 replies
19h18m

Yes, they could place a domain block on "crowdstrike", and variations of that would be blocked, such as cr0wdstrike, crowdstr1ke, etc.

giltron
0 replies
16h40m

I doubt it. They are protecting against variations of "crowdstrike"...Not every variation of domains with the word "strike" in it. That would go beyond reasonable.

bhartzer
1 replies
16h14m

GlobalBlock is owned by GoDaddy, and pretty much covers the TLDs/extensions that are owned by GoDaddy Registry.

NameBlock is a separate company than GlobalBlock, and covers a different set of TLDs/extensions.

8organicbits
0 replies
2h48m

I didn't grab the pricing info for NameBlock because it requires you to sign an NDA to even see the pricing. I also don't see a list of TLDs they support.

voltaireodactyl
1 replies
19h29m

How does that work in practice? Are you just paying them to lease it so you don’t have to?

bhartzer
0 replies
19h23m

If you place a block on a brand/companyname (a string of characters), then no one can register a domain name that contains those strings of characters. They also block up to 500 variations (placing a block on 'paypal' would get 'paypa1' blocked as well.

Those domains that are blocked won't be 'parked', someone trying to register the domain that's blocked, it will just say it's not available for registration.

fxtentacle
1 replies
19h24m

This reads kind of like an advertisement. Plus it's subtly wrong.

My experience with the NameBlock API is that for those $99/year, they'll allow you to automate purchasing all similar domains. But then you have to pay registration fees on all of those domains, too. It's only $10/month per typo domain that you buy, but it sums up really quickly.

bhartzer
0 replies
19h20m

You're thinking of some other service, not NameBlock or GlobalBlock. There's no automated purchasing of all similar domain names. You don't pay registration fees, as the domains that end up being blocked will never be registered by anyone (not even you).

There literally is a block on the variations, it works at the Registry level not the registrar level.

0x1ch
0 replies
19h30m

You'd be surprised. I recently parked some big name domains ending in various common TLDs in the world of government contracting. They did utilize some sort of parking or service to do it for them, but certainly not enough.

mmaunder
12 replies
19h49m

This is why you want to remove as many intermediaries between your content and your audience as possible. Ideal scenario is your own ASN and a pipe with a commit and your own physical box. The only takedown target is your upstream bandwidth provider. From there you’re adding takedown targets: hosting provider, edge cache/firewall provider, commercial CMS, etc. So pick your middle ground carefully.

I’d suggest that choosing a commercial CMS makes you an easy target. Apparently so does choosing Cloudflare.

inopinatus
4 replies
19h24m

In this case Cloudflare, in a spasm of comprehension failure, soiled themselves further by proving unable to distinguish between a trademark complaint and a copyright complaint, and erroneously labelled the former as the latter. Irrespective of the fair use merits on display, the DMCA simply does not apply to trademark disputes.

akira2501
2 replies
19h16m

Since this is "their core business" it's hard to believe that this material misrepresentation wasn't knowing or willful. I believe they've partially opened themselves to a counter suit on this point.

jbombadil
0 replies
19h6m

Yeah, my guess is that CloudFlare uses CrowdStrike as their EDR and thus have a cozy business relationship with them...

FireBeyond
0 replies
17h44m

Except... in the 26 years the DMCA has been around and all the millions (billions?) of claims that have been made via it, want to guess how many people or organizations have been faced perjury repercussions?

Starts with "Z". Ends in "ero".

aeyes
0 replies
17h10m

From my experience receiving a few of these I came to the conclusion that Cloudflare only forwards these DMCA requests, they don't review them at all.

actionfromafar
3 replies
19h47m

Next up - Cloudstrike.com?

SXX
1 replies
19h18m

AirStrike.com - considering downtime of so many airlines.

airstrike
0 replies
19h15m

Sadly I know from personal experience that that's been registered for a long time...

nvy
1 replies
19h29m

Cloudflare only stands up to bullies when the CEO feels personally attacked.

fortran77
0 replies
17h4m

More like ״caves in to bullies.”

ronsor
9 replies
19h38m

Judging by the amount of upvotes this post has received, I believe CrowdStrike has made a major PR mistake.

nerdponx
4 replies
19h34m

Who cares if it doesn't hurt revenue?

rainsford
3 replies
18h51m

I certainly don't want to claim everyone on Hacker News is a high powered CISO making EDR purchasing decisions for their Fortune 500 company or whatever, but I feel like there are enough people with actual influence who read this site that if I was a security company (or any tech company) I wouldn't want front page stories that make me look petty about getting rightly clowned on after a fuck-up of galactic proportions.

WheatMillington
2 replies
18h16m

I mean... is THIS going to be the thing to tip you over the edge? Not last month's shenanigans, but THIS?

subpub47
0 replies
17h56m

Seriously. If the last 20 years of fuckery haven't been enough, nothing short of a nuclear holocaust will make people stop and reconsider.

hot_gril
0 replies
17h4m

Also, the name "Crowdstrike" was already worse than the name "Clownstrike"

sophacles
1 replies
18h17m

I believe the brand reputation company made a mistake on behalf of crowdstrike. I doubt anyone at crowdstrike was involved directly.

account42
0 replies
9h16m

Does it matter? If they authorized a brand reputation company to harass random third parties without runnit it by them firs then it's still their fault.

boomboomsubban
0 replies
17h21m

If years from now CrowdStrike is known as "that company that sends bogus DMCA claims over parodys" then this is a huge success. Even a negative distraction might be good for them right now

NBJack
0 replies
18h44m

Streisand Effect in full force here. This is more than just a PR mistake now. I look forward to it being picked up by major news outlets.

tamimio
8 replies
17h58m

Where’s the infringement when the name doesn’t even match?! “Crowdstrike” vs “Clownstrike”? Or is it illegal now to rhyme words? After what happened, that company should be dismantled for good.

arp242
7 replies
17h43m

is it illegal now to rhyme words

Trademarks have always applied anything that could reasonably be confused with it. So yes, it is illegal to rhyme trademarks. But trademarks has also long since allowed for parody and other usage that doesn't harm the trademark owner. That's why it's a nonsense request, not because of the rhyming.

tamimio
3 replies
17h35m

So yes, it is illegal to rhyme trademarks.

Do you have any real life examples of that?

arp242
2 replies
16h55m

Do you also want me to prove the sky is blue and that sex causes babies? It's trademark basics that it applies to anything that can reasonably be confused with it.

But please, try starting up Goodle Search or Matflix Streaming and let us know how that went for you.

tamimio
0 replies
16h39m

I don’t know why you are getting defensive. I asked a clear question on something that I have little knowledge about, and it seemed you do, so it’s a good chance for you to provide more information or details about the topic. Not everyone here is a trademark lawyer.

That being said, I did a quick search on both “goodle” and “matflix” and I didn’t find any trademark wars or articles about them. However, I did find fully functional sites with these names.

kevincox
1 replies
17h26m

Trademarks protect against confusing consumers. I don't think any reasonable person looked at this website and thought CrowdStrike launched a rebranding or was in any way involved.

arp242
0 replies
17h16m

No of course not, because it's clearly a parody. I already said that.

akira2501
0 replies
16h34m

anything that could reasonably be confused with it.

Trademarks only apply to _related_ goods and services.

it is illegal to rhyme trademarks

Not necessarily. The standard is "confusingly similar" or "likelihood of confusion." There are many words and phrases which rhyme incidentally where trademark protection would not apply or where damages would not be granted.

The confusion also has to apply specifically to the brand or the product. If your trademark fails to be associated with either of those things it can be invalidated.

MarkusQ
7 replies
19h36m

CrowdStrike definitely has the chops when it comes to taking sites down, I'll give them that.

eftychis
6 replies
19h33m

I guess this site is using Linux or BSD and they had to venture outside their usual modus operandi to DMCA... /s

rhabarba
2 replies
19h13m

Don't forget that Clownstrike took down Linux systems in April.

indigodaddy
1 replies
18h10m

Falcon sensor has been causing kernel panics / memory stacktraces / and insanely high load for years on Linux boxes (RHEL 7/8 mostly where I was at), not just in April.

rhabarba
0 replies
18h1m

Ah, I did not hear about that before. Thank you.

zitterbewegung
0 replies
19h18m

Or a Mac. Also, I think kernel module like systems on macOS (ktext) got eliminated from current versions.

throwup238
0 replies
19h18m

Did they try to misformat the DMCA take down notice in the hope that it takes down Cloduflare's parser? That sounds like something they would do.

kurthr
5 replies
20h1m

Well, if you don't protect your trademark?

It was how most people at M$ were referring to them last week.

edit: OMG, I thought it would be obvious I'm kidding. I guess garbage HN comments win garbage HN prizes.

Maybe there will be a supreme court ruling that George Kurtz has to wear a clown nose due to the Krusty precedent?

jjulius
4 replies
19h50m

There's "protecting your trademark from genuine copyright infringement" [nods], and "trying to silence legal parody via weak trademark arguments" [shakes head].

hn_acker
3 replies
19h42m

There's "protecting your trademark from genuine copyright infringement"

You mean "genuine trademark infringement".

jjulius
2 replies
19h35m

Touché, thank you!

lcnPylGDnU4H9OF
1 replies
18h23m

To be fair, they actually sent a copyright infringement notice for this alleged trademark infringement. You were just describing their behavior!

sophacles
0 replies
18h16m

To be fair, a trademark logo is also copyright protected... It's art. If crowdstrike lost the trademark, they'd still own the copyright on that logo.

Subsentient
5 replies
19h18m

I am delighted to inform CrowdStrike that they have just done additional, extensive, damage to their brand, and will no doubt have just emboldened those who were tempted to sue them.

Your unethical behavior and abuse of the DMCA will be used to punish you. If you succeed in getting ClownStrike taken down, you will be hated even more.

Have fun annihilating your brand, reputation, and customer/industry trust and goodwill.

hcfman
4 replies
5h31m

Sometimes companies completely change their name after reputation damage. Maybe they are attacking clownstrike because they had intentions of escaping reputational damage by changing their name to clownstrike ?

hcfman
3 replies
5h31m

If clownstrike is taken, maybe they can try clownstruck?

hcfman
0 replies
5h29m

Would clownstrikken be okay ?

hcfman
0 replies
5h30m

Would I get sued if I made a company called clownstruck? There's quite a lot of difference, unless they really identify with the sentiment.

hcfman
0 replies
5h26m

Perhaps coulro-strike ?

rsingel
4 replies
18h34m

Cloudflare's lawyers should have told Crowd strike to kick rocks.

The DMCA's copyright provisions apply only to copyrighted content not trademarks.

Cloudflare could have told these clowns to go kick rocks without incurring any liability and could have threatened them with filing fake DMCA claims.

bhelkey
2 replies
17h17m

Cloudflare could have told these clowns to go kick rocks without incurring any liability

If Cloudflair didn't remove the content and the content was infringing they could lose their safe harbor protections [1].

In this case the website is obviously parody. This highlights the problems with DMCA. Fraudulent DMCA requests incur cost but are almost never penalized.

[1] https://www.dmca.com/FAQ/What-is-a-DMCA-Takedown

poizan42
1 replies
16h30m

Not if the DMCA takedown notice wasn't valid in the first place.

(By valid I mean it correctly follows the requirements in the DMCA, one of them being that it must be for copyright. It does not apply to other kinds of IP, nor does it apply to other violations of the DMCA such as the anti-circumvention provision cough youtube-dl cough)

rsingel
0 replies
15h4m

This is correct and exactly why Cloudflare should have thrown this in the green compost bin the moment it showed up, and written back to say if you send us this kind of trash again, we will sue you.

Terretta
0 replies
18h13m

Cloudflare's lawyers should have told Crowd strike to kick rocks.

Not all ISPs use provisions in the DMCA that let them put the burden back on the claimant. A few do.

In general, if ISPs or CDNs have a free plan, they can't, as bad actors leverage these free plans in bulk.

But ISPs or CDNs that charge actual money to known customers will generally not take down until all legal avenues to keep their client online are exhausted or someone upstream from them blinks which threatens the rest of their customers.

It's not a question of getting what you pay for so much as being sure that everyone using the same provider is paying, and having a discussion with the provider before it happens instead of during. You also need all links to play it this way, or you have to host in a different jurisdiction, which may not be possible for some data/content.

There are ISPs, CDNs, DNS registrars, data center facilities, backbone providers, who don't take down before asking questions, so if you need to be in the USA, find those.

// I have been both a provider refusing to take a client down for nonsense, and a client of those upstream who refused to take us down when our clients were under threat. And yes, when this would happen we spent money rather than cave if the mega corp insisted to go to court, yes the mega corps lost (typically instantly), and yes we donated to EFF.

discordance
4 replies
19h1m

How does CrowdStrike even have a business left to defend?

Are companies still using their service?

hot_gril
2 replies
18h27m

I'm surprised their stock didn't fall further. Would think user trust is everything for this kind of company. Maybe it goes to show how numb a lot of traditional companies are to computer downtime.

subpub47
1 replies
17h36m

Hedge funds weren't the ones stuck at airports for days waiting for flights.

hot_gril
0 replies
17h3m

They probably were, though

bigstrat2003
0 replies
18h39m

Yes, of course there are. They may yet lose their customer base, but it takes more than a week or two for customers to jump ship en masse.

mistercow
3 replies
19h43m

I’m most definitely not trying to put CloudFlare in the middle on this… so I told CloudFlare that I will take the site off of CloudFlare; however, it is staying on the internet…

I mean that’s kind, but the whole point of DMCA safe harbor provisions is that they aren’t in the middle of this. They send along the notice, you file a counter notice, and that’s it for their involvement, yeah? If CrowdStrike wants to press the issue, they go after you, not CloudFlare.

tgsovlerkhgsel
0 replies
18h53m

In the meantime, though, even if you submitted a counter-notice, your content gets taken down for 14 days. That's likely why he migrated away.

insane_dreamer
0 replies
19h27m

Yeah but you don't want to keep getting emails from Cloudflare or have them kick you off anyway since they don't want to keep getting emails either.

akira2501
0 replies
19h12m

I think he's attempting to point out that CloudFront's basic value proposition is meaningless if a random third party company can automatically destroy your websites with a single letter.

Worse still, the letter is obviously incorrect for a trademark dispute, possibly illegal as a result, and should have never made it to the customer before being reviewed or followed up on by internal staff.

My read was "sorry you guys don't want to do your job so I'll just take my business elsewhere. goodbye."

wanderingmind
2 replies
18h56m

Streisand effect in full play. Many people even in HN might not have known this parody site before, but will now know and actively engage with it. It's a shame people running these multi hundred billion dollar industries, never seem to learn basic unintended consequences of actions in socio-economic dynamics.

nerdponx
0 replies
4h23m

The consequences are virtually nonexistent. They know what they are doing. There is nothing to learn.

hot_gril
0 replies
17h0m

Say 1000 HN users visit this site. So what?

subpub47
2 replies
19h55m

Surely those resources could be better spent on functional Uber Eats gift cards.

tonetegeatinst
1 replies
19h46m

I heard they canceled the gift cards or they didn't work.

ganeshkrishnan
0 replies
19h29m

This is preposterous! I already ordered chicken chowmein with it

xanderlewis
0 replies
19h48m

Do not click the link above. Its viewing has been officially outlawed. I’m warning you. Do not look.

actionfromafar
0 replies
19h48m

It's hard to top the attention they already got though. From specialised vendor to house-hold name.

dh2022
2 replies
18h39m

If ClownStrike wanted to take down the site they should deploy another buggy update. They will take the site down along with the rest of the Internet…

not2b
1 replies
18h20m

Only those sites that continue to allow every CrowdStrike update to go instantly to every device without any sanity testing would be hit by the next one. Competent IT departments will recognize that they can't risk their business in this way any more. Airlines in particular will have to recognize that they can't afford the hundreds of millions of dollars in losses that could come from a repeat of this, from either CrowdStrike or Microsoft, and come up with a way to update only test systems first.

para_parolu
0 replies
15h17m

They didn’t consider first time. Why would they change mind? I believe most companies will still run security theater with crowdstrike or whatever other provider

yannk
1 replies
18h15m

I doubt clownstrike.lol is a legit website: I didn't get asked if I wanted to accept cookies.

nicce
0 replies
9h16m

You just found a website that does not collect more data than it needs to function.

stuckkeys
1 replies
15h8m

Haha this is pretty funny. Cloud strike should worry about loosing the driver certification instead of chasing after parody sites.

hcfman
0 replies
9h11m

I thought that parody was a legally protected concept ?

hatsunearu
1 replies
19h52m

that's really pathetic. they should own up to the mistake

Alupis
0 replies
19h40m

they should own up to the mistake

They did! They issued $10 Uber Eats Gift Certificates that were revoked minutes later[1]. What, you didn't get to use yours in time?

[1] https://news.ycombinator.com/item?id=41058261

asdefghyk
1 replies
19h46m

How would I find these other ClownStrike parody sites ?

tamimio
0 replies
17h37m

Someone should make an awesome list!

xyst
0 replies
19h9m

Lawyers making bank on the billables for these bullshit DMCA claims. Unless it’s their internal/inhouse submitting these claims.

The brand/rep of crowdstrike is already tarnished. Why let the pain continue via the Barbara Streisand effect?

Not only are they technically incompetent, but now they are also petty. Poor decision making to be honest.

(note: “csc” also owns crowdstrike.sucks and clownstrike.sucks)

willguest
0 replies
19h14m

'antifraud.response@cscglobal.com' doesn't seem to understand what fraud is, which is more than a little concerning

tomxor
0 replies
19h9m

Clownprotection.

"We are the clowns behind clowns, we file baseless DMCAs so you don't have to"

"Just sit back and watch Barbra the clown do all the heavy lifting to destroy what's left of your already tainted brand".

thewileyone
0 replies
16h6m

Don't call it ClownStrike ... call it ClownsTrike :)

swayvil
0 replies
19h37m

They'll change their company name inside a year. Bet on it.

nicce
0 replies
19h23m

Absolutely the most hilarious thing I have seen for a while. Thank you.

neilv
0 replies
19h25m

CrowdStrike is arguing that their customers might mistake "ClownStrike" for their brand?

lijok
0 replies
18h36m

Did they try offering clownstrike a $10 uber eats gift card for them to take it down?

latentsea
0 replies
17h54m

Easiest way to take down the site is just install crowdstrike on it.

karaterobot
0 replies
18h21m

I'd have guessed the legal team would have better ways to spend its time right now than pursuing action against an obvious parody. So, this seems like it could be an empty threat to me. But if they intend to proceed, they'd better hurry before Crowdstrike itself collapses under the weight of the lawsuits against it.

jimt1234
0 replies
17h27m

Does anyone have experience with these trademark/DMCA takedown requests? I'm curious, do receivers of these requests really do any sort of due diligence on the requests? Or, do they just rubber-stamp them, and pass them onto the targets of the requests? For example, if I hit YouTube/Google with a trademark/DMCA takedown request, claiming to own the name, "Mr. Beast", and I provide some phoney registration number, they're not gonna act it on...are they?

janmo
0 replies
17h28m

I am familiar with CSC, and have received a multitude of fake DMCA takedown requests from them.They make it look like a DMCA but logos are usually trademarks (TM) and not copyright protected (c). So you cannot send a DMCA.

Basically their strategy is to flood the internet with fake DMCA, targeting everything that isn't seen as positive for the brand.

I 100% ignore their requests, and so far nothing has happened, keep in mind they send millions of it.

insane_dreamer
0 replies
19h26m

The only way to prevent this from happening again (by CloudStrike or a future incompetent company) is for CloudStrike to be sued out of existence.

insane_dreamer
0 replies
19h29m

That video is genius.

insane_dreamer
0 replies
19h28m

If they could just get you to install Falcon on your server, they wouldn't need the DMCA to take your site down ;)

hot_gril
0 replies
19h25m

Eh, there's a point where the parody is angrier and less funny than the subject, and this is well past that. Someone has too much time on their hands.

ffhhj
0 replies
17h43m

Surprisingly clownstrike.com redirects to the parodied site. They are ready for the worst, ironically.

failrate
0 replies
18h52m

If they want it down, they just need to convince that website to use CrowdStrike.

facorreia
0 replies
17h32m

To be fair, it's easy to confuse clownstrike.lol with clownstrike.com.

delduca
0 replies
18h45m

The attempt to silence will likely backfire; the site will become famous.

damonlrr
0 replies
16h28m

How did this go from #1 down to like 20 so quickly? hmmm.... conspiracy

cynicalsecurity
0 replies
17h26m

Those clowns from CrowdStrike are digging themselves even deeper, aren't they. What a circus.

b3ing
0 replies
6h30m

Isn’t this allowed as a Parody? Or do they need to state it up front like first thing on the page

account42
0 replies
10h42m

Why is Buttflare even honoring a "DMCA takedown request" for trademark infringement?

Rothnargoth
0 replies
19h18m

Hope they implement a link shortener on that domain with the endpoint "/deploy/patch/globally/unchecked/<uuid>".

Proziam
0 replies
17h48m

After all the security events, including the most recent. And after learning they didn't even deploy basic techniques like canary builds to prevent these events. And now this.

The pattern seems to reveal that CS truly has no concept of risk management whatsoever.

In finance this level of recklessness would get you banned from the industry.

INGSOCIALITE
0 replies
18h40m

they are also sending dmca notices to etsy to take down parody stickers

EADDRINUSE
0 replies
19h43m

Ironically the site takes me back in time to the Attrition era, where sites like these were used as defacement to point out similar clownishness. Well done.

AcerbicZero
0 replies
19h49m

Must be contract renewal time, and they're rushing to pad the numbers ;)

AHOHNMYC
0 replies
3h17m

Fair parody user script response:

  // ==UserScript==
  // @name       Clownin'
  // @namespace  Clown Division
  // @include    *
  // @version    0.0.1
  // @author     AHOHNMYC
  // ==/UserScript==
  
  /* This is also parody, like one in https://clownstrike.lol/crowdmad */
  [
    {'original': 'crowdstrike', 'parody': 'ClownStrike'},
  ].forEach(clown => {
    tw = document.createTreeWalker(document, NodeFilter.SHOW_TEXT, el => el.textContent.toLowerCase().includes(clown['original']));
    while(tw.nextNode()) tw.currentNode.textContent = tw.currentNode.textContent.replaceAll(new RegExp(clown['original'], 'ig'), clown['parody'])
  });

486sx33
0 replies
19h32m

Crowdstrike is evil !