Slashdot Mirror
MySpace and GoDaddy Shut Down Security Site
Several readers wrote in with a CNET report that raises novel free-speech questions. MySpace asked GoDaddy to pull the plug on Seclists.org, a site run by Fyodor Vaskovich, the father of nmap. The site hosts a quarter million pages of mailing-list archives and the like. MySpace did not obtain a court order or, apparently, compose a DMCA takedown notice: it simply asked GoDaddy to remove a site that happened to archive a list of thousands of MySpace usernames and passwords, and GoDaddy complied. Fyodor says the takedown happened without prior notice. The site was unavailable for about seven hours until he found out what was happening and removed the offending posting. The CNET article concludes: "When asked if GoDaddy would remove the registration for a news site like CNET News.com, if a reader posted illegal information in a discussion forum and editors could not be immediately reached over a holiday, Jones replied: 'I don't know... It's a case-by-case basis.'"
0) Take responsibility for your security being laughable, fire the people responsible, and secure your own shit before flinging it at others?
Hmmm.......
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
Everyone who is asking "WTF why do they even have the list?!" needs to go back and read the seclists.org list. It is an archive of a mailing list post, one which tens or hundreds of sites probably also have archived.
I believe MySpace and GoDaddy are both to blame here for reasons that any sensical person can see. I think I'll be looking for a new registrar now.
I have a dedicated server hosted by GoDaddy, and a few days before Christmas got an automated DMCA takedown request for something allegedly on the server.
/John Doe/
I got an email from GoDaddy saying "please take this down and respond that, under penalty of perjury, you did so."
I happened to be checking my email at this moment, 12:30 at night, so I looked into the issue and responded to the email that the issue was resolved.
The next morning, my server wasn't responding to pings. So I email again saying, "hey, I took care of the complaint before you unplugged my machine, can you, you know, plug it back in?"
Day goes by. Eventually I get a response:
"Thank you for your response to the Copyright Department. In order to reactivate the site in question we will need you to provide the following information in a single email response:
A. An electronic signature. (This can be a scanned copy of your physical signature, or as simple as typing your full name.)
B. Identification of the material in question.
C. A statement, under penalty of perjury, that the material has either been removed or will promptly be removed."
So I write back again, explaining the details. Again.
Day goes by. I call the tech support number and explain the situation. The tech support guy (who was very nice) told me he couldn't help, and I should try emailing the address I already had, twice. Sigh. I do it again.
Day goes by. I get the following response:
"Thank you for contacting the Copyright Claims Department. Unfortunately your previous email did not include a statment under penalty of perjury. Please submit a complete content removal statement at your earliest convenience to have your services reactivated. For your reference an example of a complete copyright removal statement is listed below.
I, John Doe, under penalty of perjury, will remove the offending content at http://www.mydomainname.com/myfile/page.htm promptly after the reactivation of my services.
John Doe
(Please accept the above as an electronic signature.)"
Okay, great. I finally found the magic formula. I copy the template exactly and fill in my details, send it out.
Day goes by. I get this back:
"Thank you for your email. We appreciate your responsiveness and cooperation on this matter. We have re-activated the account and services associated with your site. As some services require some time for propagation to take full effect, please allow 1-2 hours for the changes to take effect."
Ok, progress, finally.
Day goes by.
Day goes by.
Server still isn't responding. I email tech support to see if there's a problem. They tell me to try using the automatic reboot request form on the web panel. Sure enough, the system responds within minutes.
So basically, they were really on top of that from every angle. In the week my server was unavailable, I arranged for hosting at one of their competitors, Dreamhost.com, who rocks quite a bit. Specifically because of this incident, I probably won't renew the GoDaddy contract when it expires, but I also wonder if I'm really safer at any other ISP in America.
It's partially a shame because I really was perfectly satisfied with GoDaddy's hosting before this incident, and they just flat out botched it. The server provides bandwidth offloading for my main site, so I could survive without it for a week, but I couldn't imagine someone trusting their business to GoDaddy if they can callously cut your oxygen for a week.
It's also a shame because the DMCA required GoDaddy to have a knee-jerk reaction in the first place. I was basically accused, tried, and convicted by my service provider without any evidence or chance to defend myself. They should be looking at this as bad for business in even well-handled situations, and recognize that the best thing to do is take
Don't say, "don't quote me," because if no one quotes you, you probably haven't said a thing worth saying.