WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

Meta Platforms, Inc. v. Domain Admin, GuardPrivacy.org

Case No. D2021-4165

1. The Parties

The Complainant is Meta Platforms, Inc., United States of America (“U.S.”), represented by Tucker Ellis, LLP, U.S.

The Respondent is Domain Admin, GuardPrivacy.org, Hong Kong, China.

2. The Domain Name and Registrar

The disputed domain name <facebooksecurity.com> is registered with Dynadot, LLC (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on December 10, 2021. On December 13, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On December 14, 2021, the Registrar transmitted by email to the Center its verification response confirming that the Respondent is listed as the registrant and providing the contact details.

The Center verified that the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on December 21, 2021. In accordance with the Rules, paragraph 5, the due date for Response was January 10, 2022. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on January 12, 2022.

The Center appointed Peter Burgstaller as the sole panelist in this matter on January 21, 2022. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant operates the world-famous Facebook social networking website since 2004 in various languages; the Facebook social networking is also provided as a mobile application (Annex 1, 6, 7 to the Complaint). In addition, the Complainant provides users of its social network with updates about how to protect their information both on and off the Facebook social media platform.

The Complainant owns various trademark registrations for the mark FACEBOOK in many jurisdictions around the world, including:

- U.S. Registrations No. 3,122,052, for services in classes 35 and 38, registered since July 25, 2006 and Registration No. 3,881,770, for services in classes 35, 38, 41, 42 and 45, registered November 23,2010 with first use in commerce April 2, 2004 (Annex 13 to the Complaint);
- EU Registrations No. 9151192,registered since December 17, 2010 for goods and services in classes 9, 35, 36, 38, 41, 42 and 45, and No 9776618 registered since November 2, 2011 for goods and services in classes 9, 16, 35 and 36 (Annex 14-01 and 14-02 to the Complaint);
- International Registration No. 1075094, for goods and services in classes 9, 35, 36, 38, 41, 42 and 45, registered since July 16, 2010, designated for various countries around the world (Annex 14 to the Complaint).

Moreover, the Complainant owns a number of domain names, containing the mark FACEBOOK (Annex 11 to the Complaint).

The disputed domain name was registered on May 30, 2009 (Annex 2 to the Complaint) and is currently not actively used (Annex 15 to the Complaint).

5. Parties’ Contentions

A. Complainant

The Complainant operates the world-famous Facebook social networking website and mobile application provided in more than 70 languages. The Complainant’s social network has more than one billion daily active accounts and over two billion monthly active users from all over the world.

The Complainant also offers several security features as part of its products, such as login alerts and two-factor authentication.

The Complainant owns the exclusive rights in the mark FACEBOOK which is used since 2004. The FACEBOOK mark is inextricably linked with the products and services offered by the Complainant. The FACEBOOK mark ranked 15th in Interbrand’s current Best Global Brands report. Hence, the FACEBOOK mark is unquestionably famous and recognized around the world as signifying high-quality, authentic goods and services provided by the Complainant.

The Complainant owns numerous registrations protecting the mark FACEBOOK in the U.S. and around the world.

Besides the main web-address <facebook.com> the Complainant also owns the domain name <facebook-security.com>, which redirects to “www.facebook.com/security”, a webpage where the Complainant updates users about how to protect their information both on and off the Facebook social media platform.

In addition to the Complainant’s web-addresses <facebook.com> and <facebook-security.com> it owns and operates numerous other domain names consisting of the FACEBOOK mark in combination with various generic Top-Level Domain extensions (“gTLD”), including <facebook.org> and <facebook.net>.

The disputed domain name, which merely adds the term “security” to the Complainant’s FACEBOOK mark, is confusingly similar to the Complainant’s FACEBOOK mark.

Moreover, the Respondent has no rights or legitimate interests in the disputed domain name; the Complainant has not licensed nor authorized the Respondent to use the Complainant’s FACEBOOK mark, nor does the Respondent have any legal relationship with the Complainant that would entitle the Respondent to use the FACEBOOK mark. The Respondent is not making a bona fide offering of goods or services at the disputed domain name, is not commonly known by the disputed domain name and is not making a legitimate noncommercial or fair use of the disputed domain name.

Finally, the Respondent has registered and is using the disputed domain name in bad faith, since it has registered a domain name that is confusingly similar to the Complainant’s FACEBOOK mark. Because the FACEBOOK mark is so obviously connected with the Complainant and its well-publicized services and mobile application, and the disputed domain name clearly references this mark, the registration and passive holding of the disputed domain name by the Respondent, who has no connection with Complainant, supports a finding of bad faith under the Policy. Moreover, the disputed domain name is confusingly similar to the domain name <facebook-security.com> which is in itself bad faith use.

There is no conceivable use of the disputed domain name by the Respondent that could be legitimate.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

According to paragraph 4(a) of the Policy, the Complainant must prove that

(i) the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and

(ii) the Respondent has no rights or legitimate interests with respect to the disputed domain name; and

(iii) the disputed domain name has been registered and is being used in bad faith.

A. Identical or Confusingly Similar

The Complainant submitted evidence, which incontestably and conclusively establishes rights in the trademark FACEBOOK.

The disputed domain name is confusingly similar to the Complainant’s registered trademark FACEBOOK since it entirely contains this famous and distinctive mark and only adds the word “security”.

It has long been established under UDRP decisions that where the relevant trademark is recognizable within the disputed domain name the mere addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) will not prevent a finding of confusing similarity under the first element of the Policy (see section 1.8 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition “WIPO Overview 3.0”).

Finally, it has also long been held that gTLDs are generally disregarded when evaluating the confusing similarity of a disputed domain name.

The Panel therefore finds that the Complainant has satisfied paragraph 4(a)(i) of the Policy.

B. Rights or Legitimate Interests

While the overall burden of proof in UDRP proceedings is on the complainant, panels have recognized that proving a respondent lacks rights or legitimate interests in a domain name may result in the often impossible task of “proving a negative”, requiring information that is often primarily within the knowledge or control of the respondent. As such, where a complainant makes out a prima facie case that the respondent lacks rights or legitimate interests, the burden of production on this element shifts to the respondent to come forward with relevant evidence demonstrating rights or legitimate interests in the domain name. If the respondent fails to come forward with such relevant evidence, the complainant is deemed to have satisfied the second element (see section 2.1 of the WIPO Overview 3.0). Here, the Complainant has put forward a prima facie case that the Respondent lacks rights or legitimate interests in the disputed domain name, which has not been rebutted by the Respondent.

Furthermore, the nature of the disputed domain name, comprising the Complainant’s famous and distinctive mark in its entirety together with the term “security”, cannot be considered fair as these falsely suggest an affiliation with the Complainant that does not exist (see section 2.5 of the WIPO Overview 3.0).

Noting the above, and in the absence of any Response or allegations from the Respondent, the Panel finds that the Complainant has satisfied paragraph 4(a)(ii) of the Policy.

C. Registered and Used in Bad Faith

As stated in many decisions rendered under the Policy (e.g. Robert Ellenbogen v. Mike Pearson, WIPO Case No. D2000-0001) both conditions, registration and use in bad faith, must be demonstrated; consequently, the Complainant must show that:

- the disputed domain name was registered by the Respondent in bad faith, and
- the disputed domain name is being used by the Respondent in bad faith.

(i) The Complainant has rights and is the owner of the well known, famous and highly distinctive registered trademark FACEBOOK, which is registered and used in many jurisdictions around the world. Moreover, the Complainant registered and is using various domain names containing FACEBOOK e.g. <facebook.com>, <facebook.org>, <facebook.net> or <facebook-security.com> among others.

It is inconceivable for this Panel that the Respondent registered or has used the disputed domain name without knowledge of the Complainant’s rights, which leads to the necessary inference of bad faith. This finding is supported by the fact that the disputed domain name incorporates the Complainant’s distinctive trademark FACEBOOK entirely.

Moreover, the disputed domain name contains the term “security”, which in fact even strengthen the impression that the Respondent must have known the mark FACEBOOK when registering the disputed domain name, since the suffix “security” refers to a relevant business and service of the Complainant, which is providing users of its social network with updates about how to protect their information both on and off the FACEBOOK social media platform.

Therefore, the Panel is convinced that the disputed domain name was registered in bad faith by the Respondent.

(ii) Although there is no evidence that the disputed domain name is being actively used, previous UDRP panels have found that bad faith use under paragraph 4(a)(iii) does not necessarily require a positive act on the part of the respondent – inaction is within the concept or paragraph 4(a)(iii) (see especially Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003; Ladbroke Group Plc v. Sonoma International LDC, WIPO Case No. D2002-0131).

This Panel also concludes that the present passive holding of the disputed domain name, constitutes a bad faith use, putting emphasis on the following:

- the Complainant’s trademark FACEBOOK is famous with a high distinctiveness and is well-known globally;
- the Respondent has failed to present any evidence of any good faith use with regard to the disputed domain name;
- the disputed domain name incorporates the Complainant’s trademark in its entirety, and is thus suited to divert or mislead potential web users from the website they are actually trying to visit (the Complainant’s site);
- the disputed domain name moreover contains the suffix “security” which refers to a relevant service and business of the Complainant; and
- there is no conceivable plausible reason for good faith use with regard to the disputed domain name.

Taking all these facts and evidence into consideration this Panel finds that the disputed domain name has been registered and used in bad faith under paragraph 4(a)(iii) of the Policy.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <facebooksecurity.com> be transferred to the Complainant.

Peter Burgstaller
Sole Panelist
Date: February 4, 2022