04.05.2023 | by Lili, Felix & Marvin
One of the most exciting aspects of our job as online brand protection experts is the need to keep our fingers on the pulse of technological development. Fraudsters always find ways to exploit innovative tools, which is why we have to be there as well, catching them to prevent further damage to our clients’ IP rights.
Once we see a pattern of fraudulent use emerge, we’re happy to spread the word in the industry to contribute to the general fight against IP infringements. Conferences like the IOS series organised by Europol and APM seminars give the perfect opportunity for such knowledge-share amongst industry professionals.
We were there at the latest instalment of these conference series, presenting our discoveries in a hot new topic: Web 3.0 domains.
Web 3.0 (or sometimes called web3) is the third generation of the world wide web, “characterised by decentralisation, ubiquity and artificial intelligence.” It’s still new and under development, so later on it may include phenomena and use cases we’re currently not familiar with.
Currently, Web 3.0 is the space created by cryptocurrencies, NFTs and their decentralised “storage” database, blockchain.
Web 2.0, or rather, the internet as we know it today, uses centralised servers to store information. These servers are often owned by large companies like Google or Meta, who are technically in possession of the information. However, on Web 3.0, all that information is scattered across the internet, giving more power to users (and unfortunately, misusers.)
Web 2.0 and 3.0 share several features, including a slight difficulty when it comes to domain names. Let’s illustrate this with an example.
Ten bucks says you’ve already used the website with the IP address 184.108.40.206. In fact, twenty bucks says you’ve just copy-pasted this number sequence into the search bar of 220.127.116.11 and are using it again.
Image of a laptop with an open browser where an IP address was entered in the search bar
Yes, this particular series of numbers points to a well-known search engine, Google. But that’s only because scientists have realised that web users are unlikely to remember long number sequences and thus created the Domain Name System (DNS) that helpfully translates those pesky numbers into comprehensible, memorable words and vice versa.
Well, if you think that Web 2.0 has it hard with IP addresses, take a look at Web 3.0. Here’s a typical address for an Ethereum wallet: 0xfB6916095ca1df60b79Ce92cE3Ra75c58c4d359. And this one is for a Bitcoin wallet: 1BvBMSEYstWetqTFn5Au6m4FGg7yNeJAV3. (Please note that these examples are illustrations and lead to no real wallets.)
If you’re a math genius, probably. But the rest of us will need something easier to work with. And thus, Web 3.0 domains were invented.
Just like in the case of their Web 2.0 siblings, Web 3.0 domains are organised into registries that maintain the list of domains, their owners, etc. Web 3.0 TLDs are a couple of letters following a dot in the URL of a website. For instance, Ethereum wallets use the extension .eth, bitcoin uses .bitcoin, then there’s .crypto, .nft and so on.
Screenshot of ens.domains, the homepage of the ENS Registry
Each registry is in charge of issuing domain names to its users, usually for a fee. For example, “the Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain.”
Web 3.0 domain owners enjoy the freedom of complete ownership over the data stored on their domain. Furthermore, they have complete control over the creation of any and all subdomains.
ENS domains are currently in high demand. They’re sold as NFTs and can be linked to your Ethereum wallet, as well as your existing DNS domain names, thus simplifying your portfolio.
At the time of writing, there are 2.77 million ENS names in use, owned by 679,000 users. The daily trading volume of .eth domains is currently $35.02 million and in the last week of April 2023, 1,330 of these NFTs were sold.
The cost of using an ENS domain varies depending on the number of characters you use in your domain before the dot. You can get a site with over 5 characters for as little as $5 per year. For four characters, the price is around $160 while for three, you’ll have to pay an annual fee of $640.
Registering an Ethereum domain is easy. First, you’ll have to own a cryptocurrency wallet. If you don’t have one, you can create one here. Fill your wallet with ether, Ethereum’s native cryptocurrency to pay for any arising costs, including gas.
Then you can choose your domain name. If you already have one in mind, check the registry if it’s still available. If there’s a DNS domain name that corresponds to your chosen ENS one, you have to own that too for the name to work.
If your chosen domain name is available, your registration can go ahead and in a couple of minutes, you’ll be the proud owner of your very own .eth domain.
The ENS registry is one of the most popular Web 3.0 registries at the moment. Other notable providers are Freename.io and Unstoppable Domains that work with slightly different conditions. For example, as opposed to the annual fees of ENS, the latter two require a one time payment for any domain.
Web 3.0 domains can be used for a variety of purposes. For example, you can receive or send cryptocurrency payments via your Web 3.0 domain if you connect your crypto wallet to your domain.
You can also store and organise your digital assets on your Web 3.0 domain, including cryptocurrencies, NFTs and anything else. Furthermore, Web 3.0 domains can function like a username on the metaverse, allowing you to identify yourself easily and set up websites under your domain name.
Twitter user Crypto-Gucci.eth, for example, decided to use their Web 3.0 domain as their username, and, as they seem to be a Twitter Blue subscriber, they have the option to choose an NFT as their profile picture.
Screenshot of https://twitter.com/CryptoGucci
These are the basics you need to know about Web 3.0 domains. But what kind of threats do they pose for your IP rights, and how can you protect your brand from them?
Since Web 3.0 domain names, just like their Web 2.0 counterparts, consist of regular words and a dot followed by an extension, fraudsters have ample opportunities to claim brand names as their own domains.
Luckily, as we discussed earlier, Web 3.0 rules dictate that in order to possess a Web 3.0 domain name, you have to own its Web 2.0 counterpart as well. So if you’re the owner of apple.com, you can register a Web 3.0 domain name for “apple.” Also, some TLDs associated with brands, notable persons and organisations are protected (like .apple), which means people can’t register domains with that extension.
Unfortunately, there’s a catch. Because what about other Web 2.0 domains not used by the brand, like apple.ly, apple.biz, apple.pro, or apple.co? If you own any of those (and unless Apple rushed to purchase every single Web 2.0 TLD, there’s a chance you could own one), you can easily register a Web 3.0 domain name for apple.
Like this Web 3.0 user did.
Screenshot of opensea.io displaying ENS domain names offered for sale by a user
Without deeper investigations we can’t be entirely sure here, but unless the legitimate brand DNS domains of Apple, Bosch and Prada are all owned by the same entity, it’s quite likely that this user has purchased brand name ENS domains for resale.
There’s a name for this phenomenon: cybersquatting.
Cybersquatting in Web 3.0 functions just like in Web 2.0. Users buy brand name domains with various TLDs, and offer them to the brand for a much higher price.
One ENS domain name, amazon.eth made all the news in the Summer of 2022 when it received an offer of 1 million USD coin (a cryptocurrency fixed to the US dollar). The sale didn’t go through and the domain is still available for sale, currently at a value of around $20,000.
Screenshot of the listing of amazon.eth on opensea.io
Impersonators, like cybersquatters, aim to make money off your brand’s IP rights. The scheme works similarly: they impersonate the rights holder while purchasing the domain name, then try to sell it to the rightful owner (or anybody else) for a significantly higher price.
Take starbucks.eth, for example. According to its OpenSea listing, this domain name was minted in 2019, then sold and re-sold in 2021 and 2022 for a price increasing from 3 to 50 eth (ca. $5,700 and $95,500 at current value).
This is the regular journey of a cybersquatted domain, selling for more and more money until the brand ultimately purchases it.
Branding on Web 3.0 is not at all different from branding on Web 2.0 (or in real life, for that matter.) Fraudulent and/or bad quality content like product listings and pictures can confuse shoppers and hurt a brand’s carefully constructed image and reputation.
For example, this screenshot shows a collection of items that pop up when we search for the name Calvin Klein on OpenSea.
The listings are mostly for Web 3.0 domain names (except for the green horse which seems to be a character in a digital racing game). The owner of the third listing, calvin-klein.metaverse is a user called Freename Domains who also owns chanel.metaverse and coco-chanel.metaverse.
This accumulation of various brand names suggests a cybersquatter who intends to make money off a brand’s IP rights. Such an abundant amount of examples of brand name domains in various hands indicates that cybersquatting is becoming a serious problem on Web 3.0.
Another phenomenon fraudsters love to use in Web 2.0 and in real life is misspelling a well-known brand’s name. Adiddas shoes, Guccii handbags, and their domain equivalents play an important role in making consumers believe they’re dealing with the authentic brand.
The same happens in Web 3.0 with domains like mircosoft.eth or abode.eth. Fraudsters impersonating your brand may use these to dupe consumers, or simple cybersquatters could also purchase these misspelt domains to sell them on to you.
Unfortunately, ICANN is not responsible for the oversight of Web 3.0 domains, and none of the DNS laws and regulations in place to protect brand owner’s rights are applicable in the Web 3.0 environment. Which means that, at least for now, rights owners are on their own when it comes to protecting their IP assets.
Or are they?
We at globaleyez have set our sights on Web 3.0 and recognised it as a fertile ground for IP infringements, which is why we urge brands to take it seriously and incorporate it into their brand protection strategies.
We recommend you act quickly and purchase your brand name domains on Web 3.0 as soon as possible. In case they are already taken, we’ll be happy to help you buy it from cybersquatters - in our experience, they are more likely to sell it for a reasonable price to third parties than to the actual brand whose name they have hijacked.
We already have practice in removing infringing Web 3.0 domains from selling platforms like OpenSea. Once the domain is taken down, the owner can’t sell it but remains in possession of the domain, which makes it a bad asset for them and allows you to get a better price for it, should you decide to buy it.
Tracing crypto payments (just like tracing regular ones) enables us to learn more about the seller, e.g. their business size, usual activities, and in case we have a court order, even their real name and contact information. We conduct crypto tracing via wallets, dedicated service providers and sometimes, if the owner published their wallet details online, even via social media, blogs or chat fora.
Web 3.0 remains an exciting and quickly changing area that brands need to be aware of. We’ll keep an eye on new developments of Web 3.0 and will flexibly adapt our solutions accordingly.
If you’re worried about Web 3.0 domains, or any other threat to your brand’s IP rights, contact us and let’s create a comprehensive brand protection strategy for your brand together.