Slashdot Mirror
JotForm.com Gets Shut Down SOPA-Style
itwbennett writes "In a post on the company blog, JotForm.com cofounder Aytekin Tank alerts users that 'a US government agency has temporarily suspended' the jotform.com domain. He explains that it is part of an 'ongoing investigation' of content posted to its site by a user. Although which user and what content haven't yet been disclosed, there is speculation about forms used for a phishing attack on a South African bank. JotForm hosts over two million user-generated forms, and uses software to block fraudulent accounts (65,000 so far), so you can see there's plenty of opportunity for mischief."
A lot of people haven't heard of Slashdot. Would that make it right if it were taken offline on the arbitrary say-so of some government functionary?
Dog is my co-pilot.
away from the authority of a shoot first ask questions later country.
It was my understanding that in the United States, law enforcement (of any kind) is obligated to use the "least intrusive means" they reasonably can to effect an arrest or seizure.
In cases like this, blocking the domain name is so obviously the opposite of "least intrusive", I wonder if they have grounds to prosecute under 18 US 242. I know I would consider it, if this were done to me or my company.
A legitimate business was shut down globally for an unknown length of time because one of their customers was doing something wrong. Instead of working with the company to stop it like, oh, I don't know, every other internet business ever, they shot first and asked questions later.
It's the incompetence we've all come to expect from law enforcement that either don't understand or don't care about the consequences of their actions as soon as a computer's involved.
First they came for Julian Assange and Wikileaks. I didn't like Julian Assange or approve of Wikileaks' methods, so I didn't speak up.
Then they came for MegaUpload. I'm not a computer pirate, so I didn't speak up.
Then they came after JotForm. I hadn't even heard of JotForm, so I didn't speak up.
Then they came after me and my blog. There was no one left to speak up....
Does this
SPECULATION: Jotform was using GoDaddy when this happened, and have decided to move every other domain they own off GoDaddy ASAP. The worry is that GoDaddy is following law enforcement requests without asking any questions. No idea if a court order or not. In either case, Jotform is having to heal with hundred thousands broken accounts because GoDaddy rolled over or because one judge somewhere saw only the law enforcement side of the case. The great majority of Jotform accounts are used for legitimate purposes. This is NOT like MegaUpload. You cannot make the argument that Jotform's goal is to break any law. They helped a great many businesses. It is pro big corporation actions like this that will hold our economy back, not the threat of a free internet as some politicians believe.
Looks like not.
Neither story covering it mentions a court order or a subpoena; one of them says that "it may have been done without a court order."
http://arstechnica.com/tech-policy/news/2012/02/secret-service-asks-for-shutdown-of-legit-website-over-user-content-godaddy-complies.ars
http://www.rawstory.com/rs/2012/02/16/successful-online-startup-kicked-off-domain-without-stated-reason/
Check your premises.
They host two million forms created by 700,000 users, so plenty of people have heard of them.
Did you say "insightful" or "inciteful"?
Even if the owners are not guilty of negligence, which it appears they are not (65K forms removed), this sort of arbitrary, no-warrant, no-subpoena, no due-process can absolutely ruin a business.
There is no way the Feds can make up for this; CIO's will say, "Well, I guess we shouldn't use them - we might not have access to our data."
Check your premises.
Let's not say "some government" when it's always the US government.
Please mark .com as depreciated.
Followup: relevant paragraphs:
And it all may have been done without a court order. ...
Note the two criteria: a court order or a notification from a prosecutor. That latter category amounts to an unproven allegation—and it's what Tank believes derailed him here. "No, as far as I know, there is no judge order," he told me. "They sent a request to GoDaddy and GoDaddy complied."
Check your premises.
And people wonder why we have a 2nd Amendment....
It's there to protect the 1st.
I thought this was EXACTLY the worry that Facebook, Google, Wikimedia, etc. had. The worry was that a user posting "problem material" could get an entire site pulled without a court order. It looks like this is EXACTLY what happened here. (Though I am still unsure if a court order was made or not. It seems like there was no court order.)
And how many CIO's will say, pull our forms from them - we can't guarantee access to our data?
It just takes once to do massive damage to reputation. And for data management / cloud companies, reputation of perfect availability of a user's data is absolutely everything.
Lose that, and you're done.
Check your premises.
I think you meant deprecated, and .com is not the only one.
It's always the US government because the US government is in complete control over the DNS for the entire planet. If that is what you mean by shut down.
As for blocking, not only the US government does that. It is immensely popular in a lot of countries to do so, and most notably, TPB is being blocked by BREIN recently.
If anything the current DNS system, along with the root servers, needs to be marked as deprecated and replaced with something else.
All the talk of what happens when your data is in the cloud and the business is sold or shutters itself, here is another example. Not only do you have to worry about your dates security and availability for those reasons, now the feds can shut down a service you may use for god knows what important aspects of your business, but you can bet your perfectly legal and confidential business records are now available to the feds sans-warrant. Yeah, cloud computing is the end-all be-all. Think again, get the buzz words out of your head, and your head out of the 'cloud'.
Silence is a state of mime.
Let's not say "some government" when it's always the US government.
Which government do you mean? The grand and glorious one of "We The People" or the one pwned by 1%?
A feeling of having made the same mistake before: Deja Foobar
This is news because it means that any cloud or SaaS site that businesses or non-profit orgs depend on can be shutdown with no recourse for the innocent users. This shows that it is not just users of file sharing sites like MegaUpload (that may live on the edge) that are in danger, but any site (with only the best intentions) but with many users,( some possibly violating the sites usage terms) is at risk. I for one used JotForms for several small sites where the application was not critical, but it could have been. When Intuit (quickbooks online) or Sales Force sites are suspended, it will be no more tragic than this is for some non-proffits and small businesses. I have empathy for the owners and users of the 2 Million or so innocent forms, and so should at least a few slashdotters IMHO.
sure seems to me that every CIO now has the fiduciary duty to move mission critical domains away from GoDaddy, registering with them at this point is no more dependable then running a server out of an intern's basement to save space in the datacenter
Snowden and Manning are heroes.
Here, let me introduce you to regulatory capture.
Dog is my co-pilot.
What is interesting to me is that large websites, such as Facebook and Youtube would probably get a second look by GoDaddy or whatever law enforcement agent dealt with this case. tiny websites with no users are not a threat to anyone and fly under the radar. The way things are set up, the companies who get hurt the most are growing companies with good products, exactly the type we want to help our economy!
A legitimate business was shut down globally for an unknown length of time because one of their customers was doing something wrong
Suppose someone used a Toyota automobile as getaway car after robbing a bank. Certainly you don't think that Toyota should be allowed to continue operating if their products are being used in this way?
Let us shoot the government, using INTERNET BULLETS
Without warrant, due process or subpoena - on an anonymous accusation alone - their business was probably just ruined. Because a cloud company that loses it's reputation as a stable data location is DOA.
If one has reasonable cause, the next step is to get a court order. The above linked articles indicate that it is extremely unlikely that such was done.
Furthermore, the linked articles state that the business in question has, on their own initiative, taken down 65K bad forms.
There may have been something amiss with some of their customer's data, but there is no way in hell that this was the appropriate response. There is no way that taking down this site without due process prevented a nuclear or biological attack, or any other 24-esque scenario.
Check your premises.
Goddamn right.
I'm a U.S. citizen, and I'm so fucking sick and tired of the shit my government is doing lately, particularly this shit. Since we obviously can't vote our way out of this crap (since all players are bought long before they even get their fucking name on a ballot), what's next? Half the people in this country don't even care that their rights are being shit upon and just want to go watch NASCAR or Keeping Up With the Kardashians. The rest are split between the people that still have faith in their government (although I can't see how, not anymore) and those that think the whole fucking thing is FUBAR and gave up long ago.
This country is going to end up in civil war again. If I were a foreign business that had any type of connection to the United States, I would get the fuck out ASAP.
First they came for Julian Assange and Wikileaks. I didn't like Julian Assange or approve of Wikileaks' methods, so I didn't speak up.
Then they came for MegaUpload. I'm not a computer pirate, so I didn't speak up.
Then they came after JotForm. I hadn't even heard of JotForm, so I didn't speak up.
Then they came after me and my blog. There was no one left to speak up.
And then they kicked down my front door, and I had no way to tell anyone.
Check your premises.
BS!
They took down the whole domain, instead of the form(s) in question. They caused grief to some part of the up to 2 MILLION legitimate business users. The company made it clear they were fully willing to cooperate. Yet this agency just disregarded that and shut down the whole domain. Calling it SOPA-style may not be an exact comparison, but it is by the means SOPA is well know to have tried to advance ... by defying due process.
When the police close down a store due to a robbery, it is just that one store that is closed and this is done while the police are on scene actually investigating.
What actually happened would be the brick and mortar equivalent of the police having the store's electricity cut off (so they can't function), and their store front boarded up (so no one can see the store signs), and then when asked about why this is done, telling the store own they'll get around to looking into it in a few days.
It it only fortunate that jotform.com did have another domain name that this agency probably just didn't realize was usable. Given that they were able to activate the jotform.net domain, it's clear the actual servers were not seized. So there wasn't even an investigate (as in trying to look for other forms that may be at issue).
Never attribute to malice that which can be adequately explained by stupidity.
Well, which is it? It sure looks more like malice to me. Now, will you argue I should follow Hanlon's razor and just attribute it to stupidity? It's one or the other.
now we need to go OSS in diesel cars
Go Daddy has a history of pulling registrations without notification to domain owners. Remember seclists.org and familyalbum.com? Those domains were redirected because of third party complaints. The complaints were not even made by law enforcement. The GoDaddy TOS expressly allows them to suspend service at their discretion and they do it at the first sign of trouble.
I'm not defending GoDaddy in the least, but people doing business with them should be aware of their history and policies.
Where would we be if Wheel had hid her round rock in a cave instead of showing everyone how it rolls?
SOPA/PIPA would have allowed takedowns without due process.
Which is exactly what happened here.
Check your premises.
This country is going to end up in civil war again.
Probably not. I doubt one region of the country is so enamored with the federal government that it would be willing to take up arms and battle the rest of the nation to defend it. The first civil war was fought over states rights, among other things, and there was a pretty clear line between the industrial north and the agricultural south. Our present day issues are not so much a battle of conflicting ideologies and regional economies, but the increasing oppressiveness and financial abuse of the common man by the ruling elite. Yes, that old chestnut. So this is less likely to turn into another Civil War (or War Between the States, if you will), and more something resembling the American Revolution, if anything.
You drive a taxi for a living.
While carrying your passengers to an important meeting, you are pulled over. The officer takes the tires off your vehicle without telling you why, and only returns them when a large crowd of people start muttering and taking pictures.
Unfortunately, the same crowd also uses your taxi service - or used to, until they discovered that they cannot rely upon your ability to get them from point A to point B because J Random Law Enforcement Official might take your tires again, and they'd be stuck until he decided to give them back.
Check your premises.
The issue is about the lack of due process. SOPA/PIPA just want to make due process totally defunct (without following the Constitutional amendment process).
now we need to go OSS in diesel cars
A government should fear it's people, a people should not fear it's government. I'll let you figure out where that paraphrasing comes from.
Om, nomnomnom...
Yeah - if they can shut down this site like this without anything resembling due process, what's to stop them from shutting down Azure or AWS because someone says that a customer has pirated music or the plans for a WMD somewhere in those clouds?
Check your premises.
The problem with ongoing investigations, particularly with international ongoing investigations, is that transparency can work against you in big ways. So I really think that the outrage at the US Federal Government is really kind of baseless at this point. They made a request and... Godaddy complied.
However, it's pretty goddamn clear GoDaddy doesn't give two shits about their customers. They should be ashamed of what they do.
Non impediti ratione cogitationus.
That has nothing to do with the fact that an entire website was nuked off the face of the internet without any judicial oversight whatsoever.
If I get stopped and searched for no reason whatsoever, when the cop decides to let me go because he had no reason to stop me in the first place, should I just say "Well, he let me go, so all's well that end's well"? Come on. That's retarded.
There's a reason why we require court orders before police are just allowed to do whatever they fuck they want, and situations like this are precisely why.
Perhaps this is why GoDaddy was a SOPA supporter. So they could have company policy codified into law.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
There is an "or" in there that makes all the difference. What it actually says is:
"... or to different punishments, pains, or penalties, on account of such person being an alien, or by reason of his color, or race, than are prescribed for the punishment of citizens..."
So it actually applies to:
"... the deprivation of any rights, privileges, or immunities secured or protected by the Constitution or laws of the United States"
OR to:
"... different punishments, pains, or penalties, on account of such person being an alien, or by reason of his color, or race, than are prescribed for the punishment of citizens..."
So it's deprivation of rights OR discrimination. And while IANAL, I have looked up cases and that is how the court has consistently interpreted it.
Because malicious or even illegal use by some users is not probable cause for the seizure of the entire domain. That is the point everybody has been making here.
Obviously, they need SOPA to force other registrars to do what GoDaddy happily does without question.
You know the MPAA takes down legit videos on YOUTUBE that do not even infringe on its content. Google admitted this but they were powerless to stop them or else they would sue and no longer would partner advertising with them.
This and other stories of the FBI simply taking servers with data on them from ISPs away and shutting down businesses whose lives depend on it is SCARY. You do not just take a factory away because someone might have smoked some weed in the parking lott. That business will be dead within 48 hours long after the investigation.
This is insanity and shows that the MPAA/RIAA/Feds were planning SOPA style raids like this all along and just were hoping to get this ruber stamped to prevent outrage and any legal challenges.
http://saveie6.com/
Mostly just the conservatives. They've been trying to reenact Laisseiz-Faire ever since the 1930s when we threw that broken shit out for causing a depression.
Fast-forward to now: they caused another depression (by repealing Glass-Steagall in 1998 and removing most of the other regs when George Dumbya Shrub and the republican congress were doing things unchecked 2001-2007), and they're currently trying to blame the depression they caused on the black guy.
In some ways, I agree with your point.
But I've since re-imagined the War between the states since we had the "Tea Party" march on Washington so that Wall Street tycoons could get more tax breaks. Oh, and so that history books wouldn't bring up inconvenient facts of history about the founding fathers -- because delusional hero worship is so very healthy...
I now think that the South was NOT REALLY fighting for states rights. The Civil War was really a class war. The 1% who had slaves, wanted the rest of the workers who had to compete with slave labor to say; "Hey, you Northern oppressors -- we want to import cheap goods and not have to buy American, because we can't compete by selling good not made by slave labor."
The Slave Masters wanted everyone in the South to say; "WE are being harmed by the North economically" -- when really, slavery probably reduced wages for MOST Southerners.
>> So if there is another civil war -- it will be between the people fighting for the Common Good, and those people who are convinced that they are destined to be a CEO.
>>"ad space available -- low rates!!!"
It's not just JotForms. Google is now the leading site being exploited to host phishing pages. Google has reasonable defenses against phishing for their "sites" product. However, Google doesn't seem to have those protections on their document and spreadsheet products. Here's a fake login form hosted by Google. That's been up since 2010. Here's a fake login page hosted as a Google spreadsheet. Google allows unlimited HTML in a spreadsheet, which means it can be abused in this way. We have a full list, if anyone is interested.
"formbuddy.com" and "surveymonkey.com" can also be abused in this way. Formbuddy seems to kick phishing pages off quickly. Surveymonkey, not so good at this.
If you offer free hosting, and don't have aggressive anti-phishing controls in place, you will be pwned.
They had to do some pretty disgusting things against the third that didn't care, the legislatures were controlled by the third that did care and there was somewhere for the third who didn't care to go.
Also there was a lot of money to be made by getting out of British domination. eg land speculators who were pissed at the tyrant wanting to treat all his subjects equally as well as the laws favouring the established British businesses. Some very articulate people with presses on the side of those who cared as well.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
and they're currently trying to blame the depression they caused on the black guy.
To be fair, having a black president and having our credit rating subsequently drop doesn't exactly help Obama's case.
Random Thoughts From A Diseased Mind (Not For Dummies)
A state is a monopoly on violence exercised over territory. I'll let you figure out where THAT paraphrasing is from (Hint: it's from someone who didn't own slaves).
And way to quote Dick Analfroth, grandparent. What are we gonna do? March to the doors of the "government" and start shooting government employees because they handled an online identity theft case indelicately? Hint: before you start whipping your libertarian dick out, make sure there's a reason to, and maybe also make sure it's big enough that you won't be embarrassed.
Actually, it would shut down all toyotas on the road everywhere too. Fun times.
Except that the credit rating agency explicitly said that the reason they reduced the credit rating was because of the grandstanding Republicans did against raising the national debt limit.
TCP: Why the Internet is full of SYN.
It might look like cruel move, but in these times fast reaction like this is the only way to protect the artists. Of course, these filthy pirates are now crying all kinds of bullshit like that they didn't host files but forms, but we all know that the site was used mainly for piracy.
Take note of this: "...the Secret Service still isn't talking, returning a bland and meaningless statement to press requests: 'We are aware of the incident and we're reviewing it internally to make sure all the proper procedures and protocols were followed.' "
When the company contacted the Secret Service, asking why their site was down, "the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week".
To date they still have no explanation and no court order concerning the take-down of their site. Even if there were a court order, there is zero reason not to contact the business and provide them a chance to cushion the effects for their legitimate customers. This sort of behavior is irresponsible. Clearly, court orders, due process and formal procedures are for wimps, not the elite *drum roll* Secret Service.
I hope JotForm can afford to file a court case over this. This sort of thing can do immense damage to a company's reputation, and someone in the Secret Service needs a slap upside the head.
In any case, as others have observed, any serious Internet company needs to avoid all TLDs controlled in the USA. Sure, register a .com address, but use it to forward to your real site, hosted under a different TLD - and make it clear to users that the non-.com TLD is the correct one.
Unrelated to the Internet, but nonetheless relevant: About 10 years ago I was with a small European company that was marketing a new ERP system to small companies. Our attorney told us flat-out: do not sell to anyone in the USA. The legal system is so screwed that it just isn't worth the risk - the laws are impossible, the customers sue at the drop of the hat, etc, etc. To underscore this, any sort of legal or liability insurance we looked at specifically excluded coverage for business transacted with US customers. It appears that things have only gotten worse...
Enjoy life! This is not a dress rehearsal.