As recent headlines have made clear, our online life is often far from private. Hacking, phishing, and even common search engine results can expose us to dangers ranging from identity theft to routine spam.

Legitimate concern for one’s privacy and the desire to protect one’s information from bad actors are major reasons many domain name owners use Whois privacy (or “proxy”) services to hide their identity. When someone looks up the Whois record for a certain domain, these services show the information of the privacy service, rather than the true owner, and often supply a substitute email address such as [domain.tld]@domainsbyproxy.com, which will forward messages to the owner.

However, these Whois privacy services are also popular with cybersquatters.

A Cybersquatter’s Shield

Privacy services can help cybersquatters evade detection – the Whois privacy service hides the identity of the person behind an infringing website and makes it more challenging for brands to enforce their trademarks.

For example, domains using Whois privacy services likely won’t show up when researching whether a given cybersquatter owns other infringing domains or was the target of past UDRP complaints. Also, if a brand owner wants to save money by sending a demand letter prior to filing a complaint, privacy protection doesn’t give any other options for contact beyond the above-mentioned substitute email address. Some registrars will help out by disclosing the domain owner’s identity if you can convince them that infringement is occurring, but this varies quite a bit and some registrars are less than accommodating.

The good news is that the use of a Whois privacy service does not prevent a brand owner from filing a UDRP or URS complaint against the domain and, in fact, may actually help its case.

A Brand Owner’s Sword

Under paragraph 4(c)(ii) of the UDRP, a respondent may show that it has rights or legitimate interest in a domain if it or its business is “commonly known by the domain name.” If the domain name owner uses a privacy service to hide its identity, however, a brand owner can argue that the respondent wants exactly the opposite – to not be known by the domain.

Further, use of a Whois privacy service can be used as evidence of a respondent’s bad faith registration and use. This was upheld earlier this year, when the National Geographic Society brought a case against the domain name natgeokids.com. The Respondent used a private registration service and failed to respond to three attempts at email contact before the complaint was filed. While the facts of the case supported bad faith in other ways, the Panel felt compelled to note that the use of a privacy service “raises the rebuttable presumption of bad faith in the commercial context. Given the Respondent’s obligation to provide correct WHOIS information and its unexplained failure to do so, this raises the rebuttable presumption of bad faith.”

Since the Respondent submitted no evidence or argument to rebut this presumption, the finding of bad faith was reinforced and the domain was ordered to be transferred. In an earlier decision involving the domain quner.com (similar to a mark used by a company in Beijing) the Panel noted “the fact that the disputed domain name was registered anonymously and protected by Premium Registration Service is consistent with bad faith in this Panel’s view.”

So, as a practical matter, the use of Whois privacy services by cybersquatters can frustrate and sometimes delay the resolution of a domain dispute but it can’t prevent the inevitable. In the end, its more common and, in my own opinion, more pernicious effect is the wastefulness of the brand owner having to incur the expense of filing a UDRP or URS complaint. As mentioned above, emails sent through Whois privacy services don’t always get through and many disputes could have been avoided had communication been more open.