zlacker

Funko's statement:

>At Funko, we hold a deep respect and appreciation for indie games, indie gamers, and indie developers. We’re fans of fans, and we love the creativity and passion that define the indie gaming community.

>Recently, one of our brand protection partners identified a page on http://itch.io imitating the Funko Fusion development website. A takedown request was issued to address this specific page. Funko did not request a takedown of the @itchio platform, and we’re happy the site was back up by this morning.

>We have reached out to @itchio to engage with them on this issue and we deeply appreciate the understanding of the gaming community as the details are determined. Thank you for sharing in our passion for creativity.

https://twitter.com/originalfunko/status/1866255848366039468

>>haunte+(OP)
That sounds like a clear lie, no? If your wish is for someone to take down a specific page, you don't report them to their domain registrar for fraud.

>>haunte+(OP)
If to that page, the request should gave gone to the owner of the site (through eg whois) and not to the owner of .io. Time for Funko to reconsider their use of BrandShield

>>mort96+l
They are saying "a partner did this, not us"

>>haunte+(OP)
Brandshield has been deleting and rewriting their non-statement deflecting responsibility repeatedly while hiding all the comments calling out their cascade of BS. Here is their current statement blaming iwantmyname and link to the hidden replies:

> We want to address recent reports surrounding a website takedown.

> BrandShield serves as a trusted partner to many brands. Our AI-driven platform detects potential threats and provides analysis, and in this case, an abuse was identified from an @itchio subdomain.

> We identified and reported the infringement, and requested a takedown of the URL in question – not of the entire http://itch.io domain. The temporary takedown of the website was a decision made by the service providers, not BrandShield.

> BrandShield remains committed to supporting our clients by identifying potential digital threats and infringements. We encourage platforms to implement stronger self-regulation systems that prevent such issues from escalating.

https://twitter.com/BrandShieldltd/status/186616148952818098...

Note: they are non specific about how the "abuse" was submitted to iwantmyname as "fraud and phishing", not "copyright infringement", so they are covering up their fuckup.

>>mort96+l
Or call their mom...

>>haunte+(OP)
So... why are they harassing the dude's mother?

>>bill87+q1
Yes, but they're also saying "A takedown request was issued to address this specific page". A fraud report to a domain registrar is categorically not something one does to address a "specific page", whether it's done by a partner or by them.

>>loudan+52
Probably an old whois record.

>>notthe+A1
Love that last part.

> We encourage platforms to implement stronger self-regulation systems that prevent such issues from escalating.

Clear blame.

>>bill87+q1
A few years ago, my bank mailed me a letter basically saying "A partner got hacked and lost your personal information. It was totally the partner's fault, not ours! We care about keeping your identity safe!"

And guess which company I was mad at? The company I bank with, or the generically-named sub-contracted company that the bank only partnered with so they didn't have to be held liable for potential breach of PCI and various laws? (Spoiler: It was the bank.)

Point being, Funko can try to cover their vinyl butts as much as they want. The bad PR is going where it belongs. I only wish the finical repercussions would too for things like this.

>>caliba+Z1
Seems appropriate. Call a few exec moms.

>>bill87+q1
I just asked Tattoo Mike and his buddies at the Hell's Angels to look after our trademark and make sure nothing happened to it.

I am shocked - shocked! - to discover their actions weren't entirely by-the-book.

>>haunte+(OP)
brandshield is the problem here.

>>loudan+52
It's unlikely they are. It's probably brandshield AI-generated harassment calls saying they represent Funko.

>>hipade+D5
Or someone who knows how to Google names and called this lady just to be a prick.

Never underestimate the idiocy of anonymous assbags.

>>bill87+q1
You can't delegate responsibility.

>>Loughl+H6
Occam’s razor suggests it’s the rich company that decided to take his website offline yesterday You know the only People who don’t seem to like or know what itch even was

But hey I could be wrong right?

>>hipade+t5
Lmao I just realised the company responsible for wrecking funkos brand are called brand shield

>>notthe+A1
BrandShield serves as a trusted partner

Obviously, that trust is wildly misplaced.

>>loudan+52
I would be hoping that they were trying to profusely apologise from any angle they could.

>>hipade+t5
Funko will become (even more) the problem if they continute their relationship with Brandshield.

>>vintag+s4
"You as the innocent party should have prevented us from shitting on you. This is really on you.". Like, "if you didn't want to get hit by a car you shouldn't have been walking on the sidewalk".

Utter scum.

>>bill87+q1
A partner that they hired, yes?

If I hire an agent, and authorize them to go around acting on my behalf doing all sorts of shitty things in my name, I don't get to say: "sorry it wasn't me, it was the guy I hired to do things in my name".

They willfully and intentionally gave authority to this agent to go around doing dumb shit with that authority.

>>TheCra+E4
Right? There is no such thing as a ‘company’ doing something, anyway… it is always a decision by an individual or individuals at a company who makes the poor decision… why do I care if you paid that person on your own payroll, or if you paid them indirectly by paying a company that employees that individual… in either case, they are acting on behalf of the company when they act.

>>bill87+q1
Unless they're explicitly cutting ties with the partner, it's hard to take what they say seriously. Even if they _did_ unequivocally say that they were cutting ties, it would be hard to be sure they weren't just unhappy they got noticed rather than not wanting to them to act like this.

>>yxhuvu+87
We use "you can outsource operations, but you can't outsource risk". The new DORA regulations out of the EU, regardless of its issues, at least is trying to put a legal framework around "you can't blame a third party and ditch your responsibilities".

>>hipade+D5
They, in fact, do represent Funko. If you give someone legal authorization to act as your agent, you can't pretend that they aren't your agent when they act like your agent.

Funko might have beef with their agent, but that is between them and the agent. They still have to deal with the fact that they gave someone permission to do legal things on their behalf, and the someone acting on behalf of Funko caused damage to itch.io.

If a McDonalds employee serves me coffee that scalds me, I go after McDonald's, not the guy who McDonald's hired.

>>loudan+52
To put pressure on the mark to fold/shut up. Standard strongarm tactic. See: collections industry.

>>mort96+l
Obvious, lit up in neon, lie. It's "we show our customers our value by giving them a report every month on all the 'takedowns' we've delivered", and it's a tiny little step to "we get more reliable takedowns by calling it 'fraud' than a simple 'copyright violation', even though that's a lie and we know it. If we could call it 'child molestation' or 'terrorist funding' and get away with it we'd do that too.".

Follow the money.

>>bill87+q1
Sort of like when you walk out of a store with a security tagged item that is now your legal property and the alarm system goes off, literally accusing you of being a thief. "Wasn't us. It was those darn computers."

>>dghlsa+2a
Funko says in the statement that they're dealing with it. They've reached out to itch.io to understand who's doing what, which isn't clear at this point. For example, the company itch.io previously identified as responsible for the domain being taken down has publicly stated - perhaps honestly, perhaps falsely - that they requested a takedown of only the one infringing URL. (https://x.com/BrandShieldltd/status/1866200019335794763)

>>bill87+q1
They chose the partner, so it's still their problem.

>>mort96+l
You report to everyone who could possibly take the page offline, as that's the metric that matters.

>>TheCra+E4
https://www.youtube.com/watch?v=CS9ptA3Ya9E

>>loudan+52
"It wasn't us, it was our partner"

>>mort96+82
It’s very typical to report to a site’s host or provider on a specific page under the DMCA. The way this works is that the host will ask you to take down the page, and if you don’t, the host needs to take action or they become liable. This is conceptually covered as “DMCA safe harbor”, and the rules around it protect service providers from liability of their clients actions.

AWS has a well-oiled machine for these kinds of complaints, but some registrars are located in corners of the earth and getting a line of communication to them is challenging. Notion’s worst outage to date happened because of a breakdown of forwarding complaints between a complainant, our DNS NIC in Somalia (.so), and the middlemen between us and Somalia - NameCheap, then some company in Germany who dropped the ball.

Source:

- I worked on UB Berkeley’s systems for handling takedown notices for infringing clients (students running BitTorrent in their dorms), we got lots of lectures on our legal duties as employees of CA state institutions

- I worked how we protect Notion from liability & damage from misbehaving clients to ensure we never had another outage that threatened our main app domain

>>TheCra+E4
I don't know the proper terminology, but I think there's a similar legal concept of: "I'm suing you for the damages, if it was someone you contracted with who is really at-fault, you can sue them in turn. The indirect cause is not-my-problem, and I might not even be able to go around you even if I wanted to."

Sometimes this manifests in odd ways, like lawsuits between loving family members in order to activate some sort of insurance-claim.

>>bill87+q1
The "I hired them to do it" defence. Not very effective upon closer look.

>>SpicyL+sb
> For example, the company itch.io previously identified as responsible for the domain being taken down has publicly stated - perhaps honestly, perhaps falsely - that they requested a takedown of only the one infringing URL. (https://x.com/BrandShieldltd/status/1866200019335794763)

They submitted a takedown to the domain registrar. That means they requested a takedown of the whole domain, because the registrar has absolutely zero ability to operate on a URL level of granularity. They can only take down the entire domain.

There are three possibilities here:

1. BrandShield submitted a takedown to the domain registrar knowing exactly what that meant, and is now lying about it, demonstrating that they should not be put in a position of power.

2. BrandShield submitted a takedown to the domain registrar not understanding what that meant, demonstrating a total lack of knowledge and/or level of incompetence that means they should not be put in a position of power.

3. BrandShield did not submit the takedown to the domain registrar at all, some other vendor did, and somehow no one has pointed that out yet.

Obviously #3 is unlikely given their public statements, so let's just say at this point there is absolutely no reason to give BrandShield any benefit of the doubt and their clients should be encouraged to find a vendor that isn't either lying or incompetent.

>>haunte+(OP)
If that were true, they wouldn't make such a partnership. Such companies exist merely to launder the bad reputation that accumulates from this kind of behaviour. It is right and proper that any company that engages firms like that should face reputational damage, if not for moral reasons, then to correct the incentive structures.

>>wolrah+7f
There's little reason to give BrandShield the benefit of the doubt, but there's plenty of reason for Funko to pause and collect all the right information before making specific statements about what happened.

Remember that there's some specific set of nontechnical people running comms at Funko, and they've probably never heard of a domain registrar before today. At a minimum they have to gather the stories they're hearing from both BrandShield and itch.io, identify who at Funko has the technical background to judge between the two, and convince that person to take time away from her normal responsibilities to evaluate some weird drama she doesn't care about.

>>bill87+q1
Your honor, my partner is the one to blame for the bank robbery. All I did was hire them.

>>SpicyL+Th
That's why I wasn't talking about Funko at all.

Don't get me wrong, I find Funko's products to be overpriced trash that I don't understand why it fills up stores anywhere vaguely related to any kind of fandom, and I wish they would disappear, but that's neither here nor there.

BrandShield on the other hand I believe at this point we can reasonably have the pitchforks out for them and any other companies of their kind. Companies that exist to issue takedown requests, ironically, need to be taken down. Destroy them all. The world is a worse place for their existence.

>>SpicyL+Th
When the system is riddled with holes, inefficiencies and micro-bureaucracies, and dealing with them it handled by outsourcing, it's incredibly easy to pass the buck around for all involved parties, in an effective game of Keep Away until any moderately frustrated invdividual simply gives up.

>>jitl+Fc
The big issue here is that they didn't issue a DMCA request, they reported them for fraud.

>>Terr_+zd
A mechanic’s lien sounds like one instance of what you’re describing.

>>numeri+Ak
It usually all goes through the same kinds of process pipeline. Complain about URL to provider, provider sends complaint to you, you remedy complaint, then notify provider. In this case it seems provider totally dropped the ball. It’s a bad look for the agency etc but also I would terminate relationship with the provider who can’t be trusted to be a functioning part of the system, and when you migrate to a new provider make sure you know every link in the chain and have a relationship or trust the link to escalate for you.

>>finnth+fc
As much as I enjoy and share that link, I don't think it's quite the same: It would actually be more honest if banks had said: "Our deliberately insecure processes were exploited by scammers, but it's some contractor's fault."

In contrast, "identity theft" is trying to re-characterize the type of failure in order to blame the consumer.

> It was garbage, but it had been cooked by an expert. [...] The Grand Trunk’s problems were clearly the result of some mysterious spasm in the universe and had nothing to do with greed, arrogance, and willful stupidity. Oh, the Grand Trunk management had made mistakes—oops, "well-intentioned judgments which, with the benefit of hindsight, might regrettably have been, in some respects, in error"—but these had mostly occurred, it appeared, while correcting "fundamental systemic errors" committed by the previous management. No one was sorry for anything, because no living creature had done anything wrong; bad things had happened by spontaneous generation in some weird, chilly, geometric otherworld, and "were to be regretted."

-- Going Postal by Terry Pratchett

>>jitl+yo
Why do you keep ignoring the fact that the report was for fraud and phishing? Sending a DMCA complaint or a copyright or trademark complaint to the registrar might've made sense for the reasons you outline here, but that's not what the complaint was.

Why are you so insistent on running defense for them?

>>haunte+(OP)
This is a non-answer without content. They fucked up because their legal department used third parties they didn't have under control and who harass people that aren't involved in this in their stead.

Until they clean up their shit, the Funko copyright mafia should pay with PR goodwill until they apologized and reimbursed the damaged parties. Everyone profits if companies like AI brand protectors suffer for it as a side effect.

>>mort96+hN
I’m sharing my perspective and experience from working on both the provider side and the website side in the hopes it helps any HN readers building something.

Some things you cannot control - people sending takedowns, provider fuckups. Some things you can control - who your providers are, how you structure your site.

>>jitl+ux1
I agree that your biggest fuck-up here is iwantmyname who immediately took down the domain of a long-time, well-renouned customer without even contacting said customer. However, that has no relevance to what I've said or what this discussion is about, which is that Funko's actions (or that of their "brand protection partner") doesn't align with the stated goal of taking down the specific page.