Super Slimey: Comodo Tries To Trademark 'Let's Encrypt' [Updated]
from the that's-just-bad dept
See the update at the endAlmost two years ago, we excitedly wrote about the announcement behind Let's Encrypt, a free certificate authority that was focused on dramatically lowering the hurdles towards protecting much more of the internet with HTTPS encrypted connections. It took a while to launch, but it finally did and people have been gobbling up those certificates at a rapid rate and getting more and more of the web encrypted. This is a good thing.
Unfortunately, it appears the old guard of certificate authorities doesn't like this very much. Comodo, which has provided certificates for quite some time (and, in fact, is where Techdirt's certificate comes from) has apparently, somewhat ridiculously, been trying to trademark versions of "Let's Encrypt." The most troubling one is the one on purely "Let's Encrypt," but the other two (Comodo Let's Encrypt and Let's Encrypt with Comodo) are equally problematic -- especially since (as Comodo admits directly) it's never used that phrase in offering its existing certificates.
This seems like a clear situation where Comodo is seeking to confuse the market -- and thus the clear case where trademark law actually makes some sense. As we've said basically forever, trademark is quite different than copyrights and patents, in that it was really designed as a consumer protection law, to keep consumers from being tricked into buying something that they believe is from a different entity. Trademarks are widely and frequently abused, but there are times where the original intent of consumer protection makes sense, and this seems like one of them. What's incredible is that when Let's Encrypt reached out to Comodo about this, the company refused to abandon the attempt to trademark these names.
Since March of 2016 we have repeatedly asked Comodo to abandon their “Let’s Encrypt” applications, directly and through our attorneys, but they have refused to do so. We are clearly the first and senior user of “Let’s Encrypt” in relation to Internet security, including SSL/TLS certificates – both in terms of length of use and in terms of the widespread public association of that brand with our organization.At the very least, this kind of stupid stunt has me reconsidering if we should ever use Comodo's certificates on our site going forward. We've been a happy Comodo customer for many years, but I hate supporting bullies. Update: And... of course, after this goes public, Comodo suddenly backs down. Of course that doesn't explain why it refused to do so when asked months ago.
If necessary, we will vigorously defend the Let’s Encrypt brand we’ve worked so hard to build. That said, our organization has limited resources and a protracted dispute with Comodo regarding its improper registration of our trademarks would significantly and unnecessarily distract both organizations from the core mission they should share: creating a more secure and privacy-respecting Web. We urge Comodo to do the right thing and abandon its “Let’s Encrypt” trademark applications so we can focus all of our energy on improving the Web.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: certificate authority, certificates, competition, https, let's encrypt, trademark
Companies: comodo, let's encrypt
Reader Comments
Subscribe: RSS
View by: Time | Thread
However, I disagree that they're trying to confuse the market so much as put the hurt on Let's Encrypt. Long term plan: get the marks, then sue LE, hopefully out of existence. Here's an entity giving away what Comodo sells.
[ link to this | view in chronology ]
The one where Comodo replaces Chrome with their own, less-secure (and for Chrome that's saying something) browser:
http://www.theregister.co.uk/2016/02/02/google_disses_chromodo/
"As explained in this advisory today, users who install Comodo Internet Security may not realize that their Chrome installation is replaced with Comodo's own browser, Chromodo.
That little bit of crapware isn't secure at all: it's set as the default browser, and "all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices," Google's Tavis Ormandy notes.
Chromodo is promoted as a "private browser" on Comodo's website, but it's not only not private, it's not remotely safe to use, because it also disables Chrome's same-origin policy.
The same-origin policy enforces a rule that one script can only access data in another script if they're both from the same site. Without it, users are exposed to malicious sites sniffing private data.
Google went public with the feature bug because Comodo was unresponsive, we're told."
The one where Comodo's security kit installed an unprotected VNC server on host PCs:
http://www.theregister.co.uk/2016/02/18/comodo_flaw/
"When installing Comodo Anti-Virus, Comodo Firewall, or Comodo Internet Security on a Windows PC, you'll get a program called GeekBuddy, which Comodo staff can use to carry out remote technical support on people's PCs (in exchange for money).
GeekBuddy allows this by installing a VNC server that has admin-level privileges, is enabled by default, and is open to the local network. At one point the server had no password protection at all – so anyone could connect and commandeer a system. That was fixed by enabling password protection, although Ormandy discovered the passwords were predictable.
If you're running Comodo's software, malware on your PC, miscreants on your network, or perhaps anyone on the internet, could have potentially gained control over your computer."
I wouldn't trust them with my money and security. Especially not if they are doing this shady-looking shit with Let's Encrypt.
[ link to this | view in chronology ]
Re:
Software Privdog worse than Superfish
It appears that Comodo is run by dishonest sleazeballs who don't care about security, privacy or encryption: only their own profits. Time to make sure that everyone knows this. I'll be spreading the word on Monday morning throughout the corporation that all their products are to be decommissioned and that they are to be placed on the same purchasing blacklist as Sony.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
The best thing I can possibly say about Comodo is that they are not trustworthy.
[ link to this | view in chronology ]
Dump Comodo now
Personally I wanted to use Let's Encrypt for a new site I configured recently, but after spending the better part of a day trying to get it to work, I gave up and went with the option that my host (NameCheap) provided for $2.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Let's Encrypt should have filed for registration previously, and they wouldn't be in this situation. Even if Comodo get the registration, however, they can't stop Let's Encrypt from using the mark in places where Let's Encrypt has priority (and when you're talking about the internet, that's potentially anywhere, though I guess it would be limited to places where they can show "sales").
[ link to this | view in chronology ]
Re:
http://tsdr.uspto.gov/#caseNumber=86790719&caseType=SERIAL_NO&searchType=statusSearch
Th is one specifically is just for "Let's Encrypt". They haven't been granted that one yet, but it hasn't been denied, either.
[ link to this | view in chronology ]
Re: Re:
The problem is, maintaining an opposition proceeding isn't exactly cheap.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
You can still get a registration even if a non-registered entity is already using the name, but you can't go in and stop them. Traditionally this is limited by geographic location. For example, if I own a chain of restaurants in Los Angeles, and you're in New York and we have the same name...if I was there first but didn't register it and you did, you have presumptive nationwide rights to the name EXCEPT in Los Angeles, where I priority over you. You can't come into L.A. and stop me using the name.
This was relatively easy to figure out in the pre-internet days, but of course now everyone is online so the boundaries become a bit more fuzzy.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Blech. I understand this advice, and I understand why lots of lawyers say this, but I think it's lame and only encourages over registration. Let's Encrypt has a perfectly viable common law mark on the name without registering it.
[ link to this | view in chronology ]
Re: Re:
The problem here, apart from Comodo's bad behavior, is that the trademark examiner didn't conduct a proper search. If he had, the Let's Encrypt common law mark would have turned up.
[ link to this | view in chronology ]
Comodo's backdown
All this means is that they're cowards who are unwilling to take ownership of their own actions. They'll do it again -- or something similar -- as soon as they think nobody's watching. So not only they sleazeballs, they're wimps: afraid to take public criticism for their actions, skulking in the shadows, waiting for their next opportunity to rip off the public when they think they can evade scrutiny.
Disgusting.
[ link to this | view in chronology ]
Updated
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Translation: We deserve to do whatever the courts and the PTO will let us get away with, without any criticism from anyone else! Only once we've been definitively held to have been violating the law, and all appeals exhausted, can anyone say we were doing the wrong thing!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Revisionist History Being Made Here
Double Plus Good!
[ link to this | view in chronology ]
Comodo used to be the only "free" antivirus
[ link to this | view in chronology ]
Re: Comodo used to be the only "free" antivirus
[ link to this | view in chronology ]
Re: Re: Comodo used to be the only "free" antivirus
If I wanted something better and with less problems I'd run a real OS - FreeBSD not some wierd-assed GNU/Linux crap.
[ link to this | view in chronology ]
Re: Re: Comodo used to be the only "free" antivirus
Already done and dusted, currently converting neighbours as fast as they bring in their Win10 computers.
[ link to this | view in chronology ]
Re: Comodo used to be the only "free" antivirus
[ link to this | view in chronology ]
Re: Re: Comodo used to be the only "free" antivirus
Thank you for actually answering the question VS the "just move to linux" crap answer.
I used to use AVG 'till they did the "we've mailed you this bill - please pay it" move. Then moved to Comodo as their license was not "$0 for home" - at the time of the licence reading ANYONE could use it. Guess its time to move back to AVG because the bill thing was a crap move, Comodo is worse at this point.
(Sophos and AVG seem to be $0 for "home". For commercial use....pay up sucka)
[ link to this | view in chronology ]
Re: Comodo used to be the only
[ link to this | view in chronology ]
What is planned next Comodo?
[ link to this | view in chronology ]
EFF/Chrome/Firefox death penalty for Comodo
Done.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]