Parody site ClownStrike refused to bow to CrowdStrike’s bogus DMCA takedown

Doesn't CrowdStrike have more important things to do right now than try to take down a parody site?

That's what IT consultant David Senk wondered when CrowdStrike sent a Digital Millennium Copyright Act (DMCA) takedown notice targeting his parody site ClownStrike.

Senk created ClownStrike in the aftermath of the largest IT outage the world has ever seen—which CrowdStrike blamed on a buggy security update that shut down systems and incited prolonged chaos in airports, hospitals, and businesses worldwide.

Although Senk wasn't personally impacted by the outage, he told Ars he is "a proponent of decentralization." He seized the opportunity to mock "CrowdStrike's ability to cause literal billions of dollars of damage" because he viewed this as "collateral from the incredible amount of 'centralization' in the tech industry."

Setting up the parody site at clownstrike.lol on July 24, Senk's site design is simple. It shows the CrowdStrike logo fading into a cartoon clown, with circus music blasting throughout the transition. For the first 48 hours of its existence, the site used an unaltered version of CrowdStrike's Falcon logo, which is used for its cybersecurity platform, but Senk later added a rainbow propeller hat to the falcon's head.

"I put the site up initially just to be silly," Senk told Ars, noting that he's a bit "old-school" and has "always loved parody sites" (like this one).

It was all fun and games, but on July 31, Senk received a DMCA notice from Cloudflare's trust and safety team, which was then hosting the parody site. The notice informed Senk that CSC Digital Brand Services' global anti-fraud team, on behalf of CrowdStrike, was requesting the immediate removal of the CrowdStrike logo from the parody site, or else Senk risked Cloudflare taking down the whole site.

Senk immediately felt the takedown was bogus. His site was obviously parody, which he felt should have made his use of the CrowdStrike logos—altered or not—fair use. He immediately responded to Cloudflare to contest the notice, but Cloudflare did not respond to or even acknowledge receipt of his counter notice. Instead, Cloudflare sent a second email warning Senk of the alleged infringement, but once again, Cloudflare failed to respond to his counter notice.

This left Senk little choice but to relocate his parody site to "somewhere less-susceptible to DMCA takedown requests," Senk told Ars, which ended up being a Hetzner server in Finland.

Currently on the ClownStrike site, when you click a CSC logo altered with a clown wig, you can find Senk venting about "corporate cyberbullies" taking down "content that they disagree with" and calling Cloudflare's counter notice system "hilariously ineffective."

"The DMCA requires service providers to 'act expeditiously to remove or disable access to the infringing material,' yet it gives those same 'service providers' 14 days to restore access in the event of a counternotice!" Senk complained. "The DMCA, like much American legislation, is heavily biased towards corporations instead of the actual living, breathing citizens of the country."

Reached for comment, CrowdStrike declined to comment on ClownStrike's takedown directly. But it seems like the takedown notice probably never should have been sent to Senk. His parody site likely got swept up in CrowdStrike's anti-fraud efforts to stop bad actors attempting to take advantage of the global IT outage by deceptively using CrowdStrike's logo on malicious sites.

“As part of our proactive fraud management activities, CrowdStrike’s anti-fraud partners have issued more than 500 takedown notices in the last two weeks to help prevent bad actors from exploiting current events," CrowdStrike's statement said. "These actions are taken to help protect customers and the industry from phishing sites and malicious activity. While parody sites are not the intended target of these efforts, it’s possible for such sites to be inadvertently impacted. We will review the process and, where appropriate, evolve ongoing anti-fraud activities.”

Senk called CrowdStrike's response "typical corporate bullshit" that takes "zero accountability."

"In my opinion, it is completely on-brand for them, given the rest of their responses to the incident," Senk told Ars. "It does not matter if 'parody sites are not the intended target.' My parody site was impacted."

Corynne McSherry, a copyright expert and legal director of the digital rights group the Electronic Frontier Foundation, told Ars that even using an unaltered logo can fall under fair use.

"There's plenty of ways in which you could use a logo, and it would still be clear parody and perfectly lawful," McSherry said, while noting that "courts have confirmed that" CrowdStrike was obligated to consider that claiming the use is illegal, "because fair uses are, by definition, legal."

On ClownStrike, Senk did not mince words responding to CrowdStrike's failure to adequately consider parody as a fair use of its trademark.

"Seeing as how this site is an obvious parody, that any 'reasonable person' would be able to clearly identify AND there is no commercial use, no product being sold, no money being made in any way, shape, or form… You can go straight to hell CrowdStrike," Senk wrote. "This is fair use."

McSherry agreed that without considering fair use, CrowdStrike and Cloudflare were essentially censoring lawful speech.

"I have sympathy for CrowdStrike because it's probably a very difficult time for them right now," McSherry said. "And going after malicious and phishing sites is a legitimate thing to do. On the one hand, this is understandable. But on the other hand, it's not OK to take down lawful speech."

"You might not like it," McSherry said, while noting that it remains unclear if CrowdStrike disliked the parody site. But "I would hope they have bigger fish to fry right now than that."

Cloudflare acknowledged parody can be fair use

Cloudflare did not respond to multiple requests for comment, but the world-leading global network provider eventually reached out to Senk, who shared Cloudflare's message with Ars.

Apparently, Cloudflare never received either of Senk's counter notices, which is a problem since Cloudflare only allows a 72-hour window to contest a takedown notice. However, as news about ClownStrike's bogus takedown spread online—causing the parody site's traffic to jump from a couple hundred views to over 80,000 unique visitors—Cloudflare seemingly got wind of the issue. In its message, Cloudflare claimed that "although we have not received information from you directly in response to the complaint we received and forwarded to you, we understand based on public reports that you may have legitimate objections to the abuse complaint based on the parody nature of your website."

"Please note that we would not take action to remove content in response to a trademark abuse report if you moved back to our hosting service and provided a legitimate counter notice of the parody nature of your website," Cloudflare said.

Senk told Ars that he has no plans to move ClownStrike back to Cloudflare's hosting service. Instead, he responded by suggesting that Cloudflare update its abuse-reporting system to confirm receipt of counter notices, build a web portal where users can track abuse reports, and perhaps most significantly, revoke CSC's ability to submit abuse reports as a penalty for sending a bogus takedown.

McSherry told Ars that major service providers like Cloudflare can become "chokepoints," where lawful speech gets taken down because, regardless of intent, "they can't be precise in what they do" once their platform gets too big and reports get too numerous. She agreed with Senk that a few large companies controlling vast amounts of content online can be problematic.

"It is true that there are a relatively small number of companies that have outsized influence over what is available online," McSherry said. "And that can be really difficult or create a real problem because sometimes they don't have any choice but to sort of overcensor."

McSherry pointed out that CrowdStrike's takedown notice came at the time when Senk's parody site would be most relevant as commentary on the fallout from the IT outage. Potentially, the two-week counter notice period could have helped CrowdStrike take down the parody site during the most heightened period of criticism, which could make it appear to be inappropriately using the DMCA to censor online criticism.

In this case, "there was just big companies using big processes and not being careful," McSherry said. "And that is not acceptable."

McSherry also agreed with Senk that Cloudflare should update its abuse process so that fair use is clearly considered, as required by the DMCA.

"When you're talking about online speech, when you're talking about expression generally, this is not how the default should work," McSherry said. "The default should be that that lawful speech stays up, not the other way around." Cloudflare should instead "go overboard" in "trying to have a really good appeals process."

Despite his bad experience, Senk told Ars that because Cloudflare is "too big to ignore," he plans to continue using the company's services for his other professional work. One reason why he promptly moved ClownStrike off of Cloudflare was out of fear that the bogus takedown might terminate his account, which he uses to assist many clients who use Cloudflare. Senk suggested that Cloudflare owes its customers more consideration in these cases.