Slashdot Mirror
MySpace and GoDaddy Shut Down Security Site
Several readers wrote in with a CNET report that raises novel free-speech questions. MySpace asked GoDaddy to pull the plug on Seclists.org, a site run by Fyodor Vaskovich, the father of nmap. The site hosts a quarter million pages of mailing-list archives and the like. MySpace did not obtain a court order or, apparently, compose a DMCA takedown notice: it simply asked GoDaddy to remove a site that happened to archive a list of thousands of MySpace usernames and passwords, and GoDaddy complied. Fyodor says the takedown happened without prior notice. The site was unavailable for about seven hours until he found out what was happening and removed the offending posting. The CNET article concludes: "When asked if GoDaddy would remove the registration for a news site like CNET News.com, if a reader posted illegal information in a discussion forum and editors could not be immediately reached over a holiday, Jones replied: 'I don't know... It's a case-by-case basis.'"
So consider this: you run a business and another website manages to get the usernames and passwords of your customers, and posts them online. Do you:
1) Contact the site maintainer and convince them them to take the page down. Keep in mind that the website owner obviously didn't care about the sensitivity of the information, otherwise the page(s) would have never been made public. Additionally, would you be willing to risk the time lag between a response and action -- anywhere from 24 hours and beyond -- knowing quite well that your customers private information is available?
2) If that fails, contact the hosting provider, and convince them to take the page down. (Just the page, not the whole site.) So now you've waited for a response from the site owner and probably didn't receieve one. Time goes by, you get even more frustrated, so you decide to contact the host. Same deal here. Wiping out a page probably isn't a high priority, so you wait.
3. If that fails, and only then, contact the registrar and convince them to suspend the site. Sounds like the best solution of them all! You get the problem solved without going through the two previous steps -- and the problem is solved much faster.
So to reiterate, if your customers login information is publicly available, do you diplomatically try to resolve the situation, or do you go straight to the top to slit this website's throat?
When it's a matter of business and protecting my customer's information, I'll take the knife over a kinder approach anyday, and this is exactly what MySpace did. And they did nothing wrong.
For he today that sheds his blood with me shall be my brother.
When someone is suspected of murder, do you:
1) Call the police to report the crime, wait for them to arrest the suspect, perhaps allow him out on bail while the prosecutor collects evidence to build a case. All the while, this person is available to commit further crimes.
2) Testify in court any possible evidence that you have that might send the accused to prison for the crime you believe he's committed.
3) If that fails, pull out a gun and shoot the suspect, killing him without any due process. Sounds like the best solution of them all! You get the problem solved without having to go through the previous steps -- and the problem is solved much faster.
So to reiterate, if you suspect someone of a crime, do you diplomatically try to resolve the situation, or do you go straight to the top and slit the suspect's throat?
When it's a matter of protecting my community's safety, I'll take the knife over a kinder approach anyday,, and this is exactly what MySpace did. And they did nothing wrong.
While I am hardly a friend of contemporary corporate practices, surely one can hardly argue that one needs no authority to ask something of another....and if the other complies with the request...I say "Yay!" for keeping the courts out of it. If the courts became involved that is when freedom falls to the wayside.