In Germany we have an approach with a somewhat similar effect.
For any site with an commercial intent (which is pretty loosely defined) it is mandatory to have an Imprint with the person representing the company, the address of the HQ as well as the companies registration number and court location. It makes it somewhat more transparent what company is behind the site and gives you information you can lookup in public registries.
I hate it from a privacy perspective but it’s okay for for consumer protection.
My rude opinion: imprint is nonsense. It does not protect you from fake shops at all. It’s no brainer to copy one from another shop. As a legit seller you can be sued by shady layers for errors in imprint. Who is looking in public registers while shopping online…
I actually do know quite a few people who look up the imprint before shopping there, especially when they buy stuff as a business. You’re obviously right but it’s fairly easy to copy an imprint, and the whole shady lawyer thing for minor errors also is absolutely a pain.
I don’t think it’s completely useless, but it’s certainly not perfect either. As the parent comment suggested having a business register It’s legit domains would probably makes sense from a consumer protection point of view.
However, with the current state of the digital administration in Germany this change would introduce so much overhead that it would lead to a lot of justified opposition.
Family members as commercial buyers not only read imprints, but also check the seller and his company in various scoring portals. In commercial domain nice consumer protection does not exist anymore.
For well known shops: Probably nobody. But if I find a good price on an unknown (to me) shop I'll check the tax ID from the imprint on Google.
CRT.sh is also nice to figure out how long an operation has been using SSL (e.g. mtz-elektronik[dot]de is used by scammers on hacked Amazon shops since a few days).
Oh they do copy this information! I became victim of such a fraud because the whole website looked really legitimate to me, and I am the "tech guy" in our family. Thing is: fraudsters create good looking websites and just copy all the company information from other stores, put in a non-working telephone number and email and they are good to go. There are thousands of small businesses that sell stuff online.
One would argue that there is a Handesregistereintrag (record of commerce at the officials) that might help, but it only contain information about the seller including contact details and what the does, and not domains. And the record is not needed for small businesses.
TLDR: Germany seems to have hurdles for fraudsters, but they are easily taken by simply copying information from legit stores.
Yes copying that information is obviously fairly easy and allows the scammer to make at least short term legit looking websites.
Adding the legit domains to the Handelsregister doesn’t seem like the worst idea to me. However, as the digital access to government services is still basically non-existent this would lead to a whole lot of additional bureaucracy and slowed down processes.
Let's say I set up a site that's critical of an authoritarian government. I fund it with sales of merch and books and such.
I want to be anonymous - for obvious reasons - but if I have to register my details I can't be.
Also, accountability doesn't work without international authority. Some countries are more enthusiastic about accountability and the rule of law than others, and the ones who aren't can make money by selling "credible" domains to bad actors.
Of course after a while those domains will become less credible. But there are a lot of TLDs out there now, which makes the system very difficult to police without international cooperation.
In reality I can run a scam operation from a beach in Thailand, bank the money, shut it down, then run a very similar scam operation from a beach in Vietnam or Costa Rica. That won't change until there's some kind of international cyberpolice agency which will hunt me down across borders.
But then you get the anonymity problem.
Not simple, and no registration system will fix this.
Internationally and more broadly, you're totally right. In the subthread of Germany and their existing Imprint registration system though, we have the technology for making it so the imprints can't just be copied by scammers, or at least make it harder than it currently is.
Yes, I do think it’s absolutely sensible to make something like this mandatory for people who sell stuff or have some kind of commercial interest.
However, the law is pretty unclear about what is considered commercial interest. This effectively leads to the situation where basically any site of any kind is expected to have an imprint or otherwise, you can expect to get a nice and expensive writing from a lawyer.
For any site with an commercial intent (which is pretty loosely defined) it is mandatory to have an Imprint with the person representing the company, the address of the HQ as well as the companies registration number and court location. It makes it somewhat more transparent what company is behind the site and gives you information you can lookup in public registries.
I hate it from a privacy perspective but it’s okay for for consumer protection.