In October, there were fears that indie/experimental games repository Itch might have some issues thanks to the, uh, decline of the British Empire. Two months later and the site has indeed gone down, but not because of shifts in the geopolitical landscape. Rather, Itch is blaming Funko.
The whole site has gone down tonight, with anyone trying to visit it greeted with a "This site can’t be reached" message. After a bit of confusion as to why that was, Itch were able to provide some info, tweeting:
I kid you not, @itchio has been taken down by @OriginalFunko because they use some trash "AI Powered" Brand Protection Software called @BrandShieldltd that created some bogus Phishing report to our registrar, @iwantmyname, who ignored our response and just disabled the domain
Itch later added:
Also, for transparency, we did take the disputed page down as soon as we got the notice because it's not worth fighting stuff like that. Regardless, our registrar's automated system likely kicked to disable the domain since no one read our confirmation of removal.
Itch say that, until their registrar (iwantmyname) replies to their emails asking "WTF is going on", the site will remain down.
Just to make it clear: Itch say their whole site is down because the company that makes Funko Pops used a shitty AI service that wrongfully filed a phishing report.
UPDATE, 6:30am, December 9: It's back.
UPDATE 2, 5:30pm, December 9: itch's Leaf has elaborated a little on the likely causes, writing on Hacker News:
I'm the one running itch.io, so here's some more context for you:
From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this. Their website, if you care: https://www.brandshield.com/
About 5 or 6 days ago, I received these reports on our host (Linode) and from our registrar (iwantmyname). I expressed my disappointment in my responses to both of them but told them I had removed the page and disabled the account. Linode confirmed and closed the case. iwantmyname never responded. This evening, I got a downtime alert, and while debugging, I noticed that the domain status had been set to "serverHold" on iwantmyname's domain panel. We have no other abuse reports from iwantmyname other than this one. I'm assuming no one on their end "closed" the ticket, so it went into an automatic system to disable the domain after some number of days.
I've been trying to get in touch with them via their abuse and support emails, but no response likely due to the time of day, so I decided to "escalate" the issue myself on social media.
