Bitwarden, Inc. v. Yang Yang
Claim Number: FA2203001990025
Complainant is Bitwarden, Inc. (“Complainant”), represented by Christine B. Redfield of Redfield IP PC, California, USA. Respondent is Yang Yang (“Respondent”), China.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <bitwarden.pro>, registered with DNSPod, Inc..
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
David L. Kreider, Chartered Arbitrator (UK), as Panelist.
Complainant submitted a Complaint to the Forum electronically on March 28, 2022; the Forum received payment on March 28, 2022.
On March 29, 2022, DNSPod, Inc. confirmed by e-mail to the Forum that the <bitwarden.pro> domain name is registered with DNSPod, Inc. and that Respondent is the current registrant of the name. DNSPod, Inc. has verified that Respondent is bound by the DNSPod, Inc. registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On April 4, 2022, the Forum served the Complaint and all Annexes, including a Chinese and English language Written Notice of the Complaint, setting a deadline of April 25, 2022 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@bitwarden.pro. Also on April 4, 2022, the Chinese and English language Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
On April 4, 2022, the Respondent sent an email to the Forum: “不应诉,我是小小的网民,不懂这个”, which the Panel translates as meaning: “I won’t respond [to the Complaint], I’m just a little netizen, who doesn’t understand this”.
On April 11, 2022, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed David L. Kreider as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2.
Complainant requests that the domain name be transferred from Respondent to Complainant.
The Registration Agreement is in Chinese, a language that the Complainant does not apprehend, whereas the Respondent, upon receiving notice of these administrative proceedings, communicated to the Forum that he would not be submitting a response to the Complaint. Following Rule 11 and having regard to the circumstances, the Panel has decided in its discretion that the language of these proceedings shall be the English language. All English translations from the original Chinese documents are those of the Panel.
A. Complainant
“The Complainant, Bitwarden, Inc., is the owner of the BITWARDEN trademark (the “Mark”) and the bitwarden.com domain name and has used the Mark and bitwarden.com domain name in connection with its acclaimed password management products and services since November 16, 2015.
Without the Complainant’s authorization, the <bitwarden.pro> domain name (the “Disputed Domain Name”) was registered on March 18, 2020, by the Respondent, “Yang Yang”, whose address is “Jin Xian Xian Sheng Li Zhong Lu 22 Hao, NanChang, Jiangsu, China” through the registrar DNSPod, Inc., according to the Whois records. Additional registrant data is privacy protected.
The Disputed Domain Name is identical to the Complainant's Mark for which the Complainant has superior rights and holds valid US Registration Nos. 5580631 and 6227472 and International Reg. No. 1563326 designating the EU.
The Complaint avers that the Respondent is engaged in a phishing scam and has created a website that mimics the Complainant’s website and purports to offer the same password protection and management services. When visiting the website associated with <bitwarden.pro>, a Microsoft warning appears stating that “This site has been reported as unsafe” and “Microsoft recommends you don’t continue to this site. It has been reported to Microsoft for containing phishing threats which may try to steal personal or financial information”. Upon clicking “more information”, the warning goes on to state “phishing sites can impersonate trusted sites to trick you into revealing personal or financial information. Even if it looks and feels trustworthy, the site you are trying to visit could be a phishing site in disguise. By continuing to this site, you may be putting your sensitive information – like passwords, credit card numbers, contact info, or software activation keys- at risk. These attacks often use spam emails, advertisements, or redirections from other sites that try to trick you into revealing sensitive information. If in doubt, go back. The options are to report that the site doesn’t contain phishing threats or “continue to the unsafe site (not recommended).”
Once visitors click through to the website, they encounter a site that impersonates the Complainant’s website, uses the Complainant’s mark and logo, offers a password management tool and incorporates the Complainant’s blue color scheme throughout the site so as to create the same look and feel as the Complainant’s website. Visitors will mistakenly believe they have landed on the Complainant’s site and may enter sensitive personal data such as credentials, passwords and other personal identifying information in the login field. In addition to putting consumers’ data at risk, the Respondent’s activities are disrupting Complainant’s business and tarnishing the value of the Bitwarden brand.
B. Respondent
The Respondent submitted no response to the Complaint. By email on April 4, 2022, the Respondent informed the Forum that he would not respond to the Complaint.
The Complainant’s password management solution guards against password hacking and theft by generating and managing strong and unique passwords across all applications and devices employed by the user. The user need only commit to memory a single password or passphrase (a “master” password) to access the Bitwarden service, thereby enabling access to all other unique passwords for specific applications across all of the users devices via the Bitwarden password manager.
The Disputed Domain Name <bitwarden.pro> is identical with the Complainant’s registered trade mark at the second level, substituting only the gTLD “.pro” at the top level. The website to which the Disputed Domain Name resolves has a similar look and feel to the Complainant’s official website at URL “bitwarden.com”, except that it appears in Chinese, with an added message to users: “Bitwarden -- 国内服务”, which the Panel translates as meaning: “Bitwarden – Mainland China service”.
The Panel finds that the Disputed Domain Name was registered and is being used for the purpose of misappropriating the “master” Bitwarden passwords of Chinese-speaking Internet users, thereby gaining access to all password “protected” applications and services across all the hapless victim’s devices.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
The Panel finds the Disputed Domain Name is confusingly similar to the BITWARDEN mark and bitwarden.com domain name in which Complainant has superior rights, as it contains the BITWARDEN mark in its entirety and merely adds the “.pro” gTLD. The addition of a gTLD to a mark fails to sufficiently distinguish a domain name from a mark.
The Complainant has satisfied the first element at Policy Paragraph 4(a)(i).
BITWARDEN is an arbitrary term which has no meaning outside its use as a means to identify Complainant as a source of certain products and services. Respondent is not a licensee of Complainant nor is Respondent otherwise authorized to use Complainant's BITWARDEN mark for any purpose.
The Complainant having made out a prima facie case that the Respondent has no rights or legitimate interests in the Disputed Domain Name, the burden of adducing rebuttal evidence passes to the Respondent. Here, the Respondent has failed and refused to submit a response timely, or at all.
The Complainant has satisfied the second element at Policy Paragraph 4(a)(ii).
The Expert finds that the Disputed Domain Name was registered and is being used in bad faith since the Respondent registered the domain names primarily for the purpose of disrupting the business of its competitor, Bitwarden, Inc. By using the Disputed Domain Name, the Respondent has intentionally attempted to attract for commercial gain, Internet users to Respondent’s websites by creating a likelihood of confusion with the Complainant's mark as to source, sponsorship, affiliation or endorsement of registrant's website. It is apparent from the Respondent’s fraudulent and malicious behavior that there is no legitimate basis for Respondent’s registration or use of the Domain Name.
Rather than the “little netizen who doesn’t understand such matters” the Respondent purports to be, the Panel considers that the Respondent lies behind an insidious scheme to misappropriate the “master” Bitwarden passwords of Chinese-speaking Internet users to gain access to all password “protected” applications and services across all of the hapless victims’ devices – by using the defrauded individuals’ master Bitwarden password to access the users’ entire store of passwords on the Internet.
The Complainant has satisfied the third element at Policy Paragraph 4(a)(iii).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <bitwarden.pro> domain name be TRANSFERRED from the Respondent to the Complainant.
David L. Kreider, Panelist
Dated: April 12, 2022
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page