From protecting your trademark to censorship, the uses of domain squatting are truly multifaceted and vastly unregulated.

Akshay ‘Ax’ Sharma
Jul 18 · 7 min read
Photo by Markus Spiske on Unsplash

Domain squatting, also known as cybersquatting is the practice of buying domain names which sound important, marketable or are valuable to an entity, without putting them to a bona-fide use.

We do it all the time. Organisations do it to protect their trademark and brand image. For example, Facebook.com likely owns Facebook.org and .net. Domain ‘brokers’ make thousands to millions by ‘reserving’ high value domains, such as the two-letter ev.com (I totally guessed that one).

Some companies even take a step forward in an attempt to protect their image by buying potentially negative-sounding domain names for example, company-name-sucks.com. And you would probably be wise to do so.
After all, domain squatting didn’t spare even the White House! Just look at the satirical Whitehouse.org — although it is being actively used for a purpose rather than sitting idle for a desperate buyer who may appear someday.

Trademark & Branding

If you own MaryAnnCosmetics in Canada and expect to expand in the British market in near future, it may be smart to secure both MaryAnnCosmetics.ca and (.co).uk for a mere £10 before somebody else does. If you expect to go big, maybe even secure MaryAnnCosmeticsScam.tld among other potentially damaging names.

Phishing & Security

If you are Bank of England or any entity dealing even remotely with money, you better squat all variants of your domain name e.g. bank-of-england, bank-ofengland, bank.ofengland and so on to prevent hackers and scammers from conducting phishing attacks.

Workarounds

If you are a victim of cybersquatting — that is your dream name is already taken, there are some ways around it.

If you know the concept of domain hacking — i.e. playing with some concatenation of different TLDs, which is basically what del.icio.us did before they could procure delicious.com, you would know that not getting a plain old “.com” domain for your dream company, or having to pay thousands to secure it can definitely be a bummer, but it certainly is not the end of the world.

Another workaround could be adding a short, agile verb to your choice of name. So if your app is called “hug”, a domain name variant of gethug or tryhug might be available even when hug.com isn’t.

SEO

Bear in mind, even though such workarounds exist, they may have a detrimental impact on your SEO ranking — especially in the initial stages, which is when you likely need the most SEO.

To elaborate with an example, say you were the founder of a startup, FastPizza. Maybe “fastpizza.com” was taken and you were smart enough to apply some domain hacking skills to get “fastpiz.za” instead. Now this is pretty cool, but would Google show this result primarily in Zambia only, given the “.za” TLD? We don’t know. Perhaps a lot of proprietary SEO algorithms would assume that a “.za” domain is best targeted towards Zambian users only, even if Google’s doesn’t.

Pro Tip: Prices are negotiable

Years ago, when I had founded Securesque Ltd., UK 🇬🇧, I was the owner of the domain which has now been squatted, as I didn’t bother renewing it, purposely so — and what I had purchased for just $10 is now apparently worth a few thousand dollars.

Given the intangible nature of a domain name; its value largely vested in its vanity, these price figures are largely arbitrarily made up of course, and therefore negotiable. I would advise anyone going domain-shopping not to hesitate negotiating the price down over the phone. Chances are you’ll get it for 25–30% less than the listed price easily. Yes, I have done this in the past and successfully so.

Censorship

But what happens when this practice is abused for censoring?

For example, let’s say I own MensHealthClub.com, a men’s fitness club franchise, and decide to squat WomensHealthClub.com, GayMensHealthClub.com, and TransHealthClub.com. By law and by ICANN’s guidelines, as long as I’m not violating anyone’s trademarks or ‘squatting’ the domain with intentions ICANN considers bad, I’m perfectly within my rights. I can even buy this domain with the intention of ‘selling’ it to someone someday for a profit, or for ‘supposedly’ starting my own venture WomensHealthClub one day without having a solid, upfront plan.

You see? There are legitimate use cases making this practice hard to regulate.

But things get interesting in some cases. What if I wanted to squat WomensHealthClub.com to stifle competition; the very possibility of a competing chain arising which gears the same services towards women?

Her Campus is an online magazine for American collegiate women featuring articles on college experience from a female perspective for its readers who would at large undoubtedly be female. Her Campus currently owns (squats) HisCampus.com. Ironically, HisCampus.com, as opposed to going nowhere or showing an idle page redirects to HerCampus.com.

The Forbes article reads:

Though Her Campus does own hiscampus.com, they have no plans to move into the male-dominated space.

I did notice their attitude towards having a ‘His Campus’ is dismissive and a mockery at best (archived here). One of their authors basically presumes that people wouldn’t need a ‘His Campus’. But either way, you are controlling a vast market by simply squatting a domain.

A snapshot of the “What if there was a His Campus?” page

I can’t tell if this was done purposely or by accident but it is censorship.
In practice, the people behind Her Campus have ensured a competing product tailored towards a different demographic can’t come to existence. It seems they are either prematurely threatened about something that HisCampus.com may be used for or just forgot about the domain altogether.

Yes, somebody could acquire his-campus.com (notice the dash) and looks like somebody already has in the past, the SEO ranking of this domain name and the name choice in itself would not look as elegant as the non-hyphenated counterpart. Imagine having to tell your prospects and friends,
“Guys, check out my new website, his dash campus!”

There is a reason we have both MensHealth and WomensHealth magazines — those markets very much exist and the magazines clearly target audiences from different demographics. I personally don’t see anything wrong with targeting different audiences — it’s a valid practice in business. But if you are going to simply squat a trademark or domain name and not really be using it, how fair is it?

Government ‘Seizures’

On many occasions, the FBI has boasted its glorious overpowering authority when it has seized domains under the pretence of “copyright infringement” among others. We heard of the Megaupload.com scandal and seizure, only to become aware of a revived Mega.nz, founded by the same Kim Dotcom.

A template FBI frequently uses when seizing domains.

Who’d have known that the federal — not international law-enforcement arm of the U.S. government — a government which, according to some, has mostly failed at anything would be so concerned about copyright? To me, this was nothing other than finding a skeleton in Kim Dotcom’s closet — an excuse to get him for something more grave through an overwhelming display of power. One is but tempted to think doesn’t the FBI — an organisation not even dedicated to enforcing laws outside the U.S., has better things to do than track illegal downloads?

Many more domains have been seized by governments in the past — whether for legitimate reasons or for censorship, although without stating the latter as the official reason.

Regulating a Million Dollar Market

Finally, what is fair game and what are the rules, if any?

Even though I have always preferred the internet being a free space with minimal regulation, domain squatting is truly a bothersome practice which can be abused: from profiteering from ‘catchy sounding’ names to hurting startups by grabbing these names early on and pricing them exorbitantly to censoring domains you see as a threat to your establishment — political, religious, dogmatic, or otherwise.

And then there are very legitimate use cases of the practice as well.
From trademark and brand image protection to offering country-specific variants of your service: think in terms of google.cn, google.in, google.fr, ….

ICANN and IANA, the regulatory authorities — rather non-profit parent organisations behind the world’s domain names and IPs, currently maintain their own policies regarding domain registration, cybersquatting, and dispute resolution. They often do so in conjunction with a country’s government who gets to somewhat define yet their own rules, pertaining to the use of domain names comprising the TLDs of that country. So, back to the fastpiz.za example: Zambian government would have some additional authority over this name due to the .za TLD.

The super-rich and influential, like Barclays, just get their own .barclays TLDs by paying ICANN off and in effect are bypassing a lot of barriers. But no one is exempt from the Supremes: ICANN and IANA.

ICANN and IANA are headquartered in the U.S. This means, the laws and authority of the U.S. government virtually dominate the world wide web and all of the domains in existence. There is some leeway and rules do vary, for example, to buy a .eu TLD domain name, you need to have a legitimate business or be trading in a European country. These restrictions greatly reduce the possibility of domain squatting. A U.S.-based or Australian domain broker, in that case, can no longer ‘squat’ a .EU domain without a bona-fide intent of trading within Europe.

Still, at the end of the day, the virtual world of domains remains a vastly unregulated space with enough loopholes and possibilities to acquire a fancy domain name for mere $9.95 and sell it for a whopping $50 million.

The question isn’t if cybersquatting is a big deal, but with so much ambiguity in the space, so much money involved, and the potential for abuse, who gets to decide what is fair game, and what even is fair game?

© 2019. Akshay ‘Ax’ Sharma. All Rights Reserved.
Twitter: @AkshaySharmaUS

The Startup

Medium's largest active publication, followed by +489K people. Follow to join our community.

Akshay ‘Ax’ Sharma

Written by

Security Researcher/Engineer, Digital Technologist and a perpetual learner. https://akshaysharma.net

The Startup

Medium's largest active publication, followed by +489K people. Follow to join our community.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade