Helping Users Avoid Fraud Sites and Get the Real Firefox

A while back I posted on some of the various Firefox fraud schemes and deceptive sites that trick users into paying for Firefox or downloading malware branded as Firefox. The goal was to explain how we analyze these matters and discuss the tools available to address the problem.  Gerv recently posted on this as well – which was great.

What my last post on this subject didn’t do was talk about the specifics of particular cases. I can’t do that for a number of reasons – there are legal implications and in some cases what we say is constrained by law. However, we can do a better job of keeping those that submit reports informed, and a general update is long over-due, so here goes:

Over the past nine months, these are some of the activities we’ve undertaken in response to user reports we’ve received and activities we’ve discovered:

  • Asserted claims that caused 15 European (mostly German) sites to discontinue their deceptive practices involving Firefox and Thunderbird. These were the result of injunctions or cease and desist efforts (German courts have issued seven legal injunctions in response to our applications);
  • Reviewed more than 4,300 sites;
  • Reported a host of sites to regional consumer protection agencies;
  • Recovered 50 or so domains that were engaged in questionable activities (i.e. subscription traps or distributing malware);
  • Caused 122 US sites to discontinue unauthorized or infringing  practices in response to our requests; and
  • Alerted search engines to these practices when we thought they would act.

More info on European and US activities is available here. While this is really good, there’s more to be done.  Ultimately, we’ll need to address some of the even larger syndicates using legal tools. It seems operators of some of these sites are making so much money from the scams that they will spend even more money to assert frivolous defenses to keep it going.   Fortunately, the courts have to date, seen through these technical defenses.

Cease and desist campaigns, or filing injunctions where possible, is not a scalable or cost effective approach in the long run however.  Already, about 30% of Mozilla’s legal matters are trademark enforcement related.  Long term, to really scale to meet this problem, we’re going to need to explore alternative approaches that utilize organizations like, so users can be notified in advance when they end up on these sites.  In combination, we may also need more messaging to warn users about the subscription traps that exist. In the interim, however, we’ll continue to utilize the tools we have so fewer users are scammed and more get the really great product contributors have created.

As Asa Dotzler Tweeted recently: “If you’re being asked to pay for Firefox, it’s a scam! Firefox is absolutely 100% free. Always get Firefox from Please RT”

More to come.

Trademarks – the Good, the Bad and the Ugly

On an all too frequent basis, we receive reports of websites selling the Mozilla Firefox browser, using the Mozilla trademarks to promote other products and services, or using modified versions of the Mozilla trademarks. The problem is that these activities are deceptive, harm users, cause consumer confusion, and jeopardize the identity and meaning of the Mozilla brands – not to mention being illegal. The cases seem to fall into three different categories that I’ll nominally call the good, the bad, and the ugly.  When we receive reports or identify problematic activities, we “exercise due diligence, care and prudence”  all of which means we analyze the reports and treat each case differently based on the intent and severity of the matter.

The Good. There’s a category of cases that involve good intentions but improper use of the trademarks. Typically, these folks really support the project, the brand, and the mission, and in their efforts to engage others and share their excitement about the products, they may have used the trademarks in a way that’s improper. In truth, we’re lucky to have this problem because it indicates people care about what we’re doing. This is almost always easily corrected with a phone call or short note. These matters are not troubling in my view, because they’re indicative of a user’s desire to embrace the brands in ways that are relevant and meaningful to them. Maintaining trademark protection (good trademark hygiene) and having supporters embrace the brand should not be mutually exclusive nor inconsistent. Trademark law as it exists today is technically more constraining, but I hope to see it evolve to recognize these complementary concepts. For further perspectives on trademark law, see a recent paper Tiki Dare and I wrote on this topic in the International In-house Counsel Journal.

The Bad. This category involves people who are intentionally trading on the brand for their own benefit. At the core, these cases are based on people or entities misrepresenting themselves as Mozilla. The problem may manifest itself as domain name hijacking, using the marks to promote other products, or manipulating search terms to acquire web traffic and users. Some calculations estimate that 2 to 7 million potential Firefox users per year are diverted to these fraudulent sites. This is especially offensive because these actors are trading on the value of the Firefox brand built by the community and ripping off users in the process.

The Ugly. These cases involve a clear intent to deceive, manipulate and steal from users in a highly organized and syndicated fashion. They’re a form of fraud, and frequently include other software products as well, and they seem to make a business out of charging for FOSS code and shareware. Often the identities of these infringers are intentionally hidden under layers of corporate obfuscation across multiple countries. When we can ascertain their identities, we notify them and first try to resolve it amicably. In response, we generally get the proverbial stiff arm. At times I wonder why we even bother with this step because if you’ve gone through the effort to set up an elaborate scheme to hide your identity and rip people off, why would you just stop if we say “please” and ask nicely. As an added bonus, these sites may also continue to charge the user’s credit card even after the user realizes the deception and cancels the subscription.

Many of you have sent us links about sites you suspect infringe. Thank you. At any given time there are 50 – 70 matters under investigation. Also, we now have a central place for everyone to report such sites. The more information you provide us when you file the report, the easier it is to evaluate and respond appropriately.

When we come across the bad and the ugly, and we can’t reach an accord with the person(s) responsible, we sometimes have to use legal remedies.  This may include legal action or administrative procedures where and when appropriate. For example, if a cease and desist letter does not work, we have instituted UDRP proceedings at WIPO (World Intellectual Property Organization). In some jurisdictions, we have filed and obtained preliminary injunctions to compel the infringer to stop. Surprisingly, sometimes a court order is not even enough. So far, we have been successful in the actions we’ve initiated. Recently we recovered a bunch of domains from a domain hijacker and in other actions, we obtained preliminary injunctions against web site operators engaged in fraudulent practices. In almost all of these cases, a community member reported the problem or it may even have been first reported in the media.

These actions are not only expensive and time consuming, but they divert us from our primary purpose. Unfortunately, it’s an area where I foresee continued growth and continued efforts to defend the meaning of the brands. Having the support and help of our community makes our work easier and more worthwhile.