Slashdot Mirror
JotForm.com Gets Shut Down SOPA-Style
itwbennett writes "In a post on the company blog, JotForm.com cofounder Aytekin Tank alerts users that 'a US government agency has temporarily suspended' the jotform.com domain. He explains that it is part of an 'ongoing investigation' of content posted to its site by a user. Although which user and what content haven't yet been disclosed, there is speculation about forms used for a phishing attack on a South African bank. JotForm hosts over two million user-generated forms, and uses software to block fraudulent accounts (65,000 so far), so you can see there's plenty of opportunity for mischief."
A lot of people haven't heard of Slashdot. Would that make it right if it were taken offline on the arbitrary say-so of some government functionary?
Dog is my co-pilot.
away from the authority of a shoot first ask questions later country.
It was my understanding that in the United States, law enforcement (of any kind) is obligated to use the "least intrusive means" they reasonably can to effect an arrest or seizure.
In cases like this, blocking the domain name is so obviously the opposite of "least intrusive", I wonder if they have grounds to prosecute under 18 US 242. I know I would consider it, if this were done to me or my company.
A legitimate business was shut down globally for an unknown length of time because one of their customers was doing something wrong. Instead of working with the company to stop it like, oh, I don't know, every other internet business ever, they shot first and asked questions later.
It's the incompetence we've all come to expect from law enforcement that either don't understand or don't care about the consequences of their actions as soon as a computer's involved.
First they came for Julian Assange and Wikileaks. I didn't like Julian Assange or approve of Wikileaks' methods, so I didn't speak up.
Then they came for MegaUpload. I'm not a computer pirate, so I didn't speak up.
Then they came after JotForm. I hadn't even heard of JotForm, so I didn't speak up.
Then they came after me and my blog. There was no one left to speak up....
Does this
SPECULATION: Jotform was using GoDaddy when this happened, and have decided to move every other domain they own off GoDaddy ASAP. The worry is that GoDaddy is following law enforcement requests without asking any questions. No idea if a court order or not. In either case, Jotform is having to heal with hundred thousands broken accounts because GoDaddy rolled over or because one judge somewhere saw only the law enforcement side of the case. The great majority of Jotform accounts are used for legitimate purposes. This is NOT like MegaUpload. You cannot make the argument that Jotform's goal is to break any law. They helped a great many businesses. It is pro big corporation actions like this that will hold our economy back, not the threat of a free internet as some politicians believe.
Looks like not.
Neither story covering it mentions a court order or a subpoena; one of them says that "it may have been done without a court order."
http://arstechnica.com/tech-policy/news/2012/02/secret-service-asks-for-shutdown-of-legit-website-over-user-content-godaddy-complies.ars
http://www.rawstory.com/rs/2012/02/16/successful-online-startup-kicked-off-domain-without-stated-reason/
Check your premises.
They host two million forms created by 700,000 users, so plenty of people have heard of them.
Did you say "insightful" or "inciteful"?
Even if the owners are not guilty of negligence, which it appears they are not (65K forms removed), this sort of arbitrary, no-warrant, no-subpoena, no due-process can absolutely ruin a business.
There is no way the Feds can make up for this; CIO's will say, "Well, I guess we shouldn't use them - we might not have access to our data."
Check your premises.
Let's not say "some government" when it's always the US government.
Please mark .com as depreciated.
Followup: relevant paragraphs:
And it all may have been done without a court order. ...
Note the two criteria: a court order or a notification from a prosecutor. That latter category amounts to an unproven allegation—and it's what Tank believes derailed him here. "No, as far as I know, there is no judge order," he told me. "They sent a request to GoDaddy and GoDaddy complied."
Check your premises.
And people wonder why we have a 2nd Amendment....
It's there to protect the 1st.
I thought this was EXACTLY the worry that Facebook, Google, Wikimedia, etc. had. The worry was that a user posting "problem material" could get an entire site pulled without a court order. It looks like this is EXACTLY what happened here. (Though I am still unsure if a court order was made or not. It seems like there was no court order.)
All the talk of what happens when your data is in the cloud and the business is sold or shutters itself, here is another example. Not only do you have to worry about your dates security and availability for those reasons, now the feds can shut down a service you may use for god knows what important aspects of your business, but you can bet your perfectly legal and confidential business records are now available to the feds sans-warrant. Yeah, cloud computing is the end-all be-all. Think again, get the buzz words out of your head, and your head out of the 'cloud'.
Silence is a state of mime.
Let's not say "some government" when it's always the US government.
Which government do you mean? The grand and glorious one of "We The People" or the one pwned by 1%?
A feeling of having made the same mistake before: Deja Foobar
sure seems to me that every CIO now has the fiduciary duty to move mission critical domains away from GoDaddy, registering with them at this point is no more dependable then running a server out of an intern's basement to save space in the datacenter
Snowden and Manning are heroes.
Here, let me introduce you to regulatory capture.
Dog is my co-pilot.
A legitimate business was shut down globally for an unknown length of time because one of their customers was doing something wrong
Suppose someone used a Toyota automobile as getaway car after robbing a bank. Certainly you don't think that Toyota should be allowed to continue operating if their products are being used in this way?
Let us shoot the government, using INTERNET BULLETS
Without warrant, due process or subpoena - on an anonymous accusation alone - their business was probably just ruined. Because a cloud company that loses it's reputation as a stable data location is DOA.
If one has reasonable cause, the next step is to get a court order. The above linked articles indicate that it is extremely unlikely that such was done.
Furthermore, the linked articles state that the business in question has, on their own initiative, taken down 65K bad forms.
There may have been something amiss with some of their customer's data, but there is no way in hell that this was the appropriate response. There is no way that taking down this site without due process prevented a nuclear or biological attack, or any other 24-esque scenario.
Check your premises.
Goddamn right.
I'm a U.S. citizen, and I'm so fucking sick and tired of the shit my government is doing lately, particularly this shit. Since we obviously can't vote our way out of this crap (since all players are bought long before they even get their fucking name on a ballot), what's next? Half the people in this country don't even care that their rights are being shit upon and just want to go watch NASCAR or Keeping Up With the Kardashians. The rest are split between the people that still have faith in their government (although I can't see how, not anymore) and those that think the whole fucking thing is FUBAR and gave up long ago.
This country is going to end up in civil war again. If I were a foreign business that had any type of connection to the United States, I would get the fuck out ASAP.
BS!
They took down the whole domain, instead of the form(s) in question. They caused grief to some part of the up to 2 MILLION legitimate business users. The company made it clear they were fully willing to cooperate. Yet this agency just disregarded that and shut down the whole domain. Calling it SOPA-style may not be an exact comparison, but it is by the means SOPA is well know to have tried to advance ... by defying due process.
When the police close down a store due to a robbery, it is just that one store that is closed and this is done while the police are on scene actually investigating.
What actually happened would be the brick and mortar equivalent of the police having the store's electricity cut off (so they can't function), and their store front boarded up (so no one can see the store signs), and then when asked about why this is done, telling the store own they'll get around to looking into it in a few days.
It it only fortunate that jotform.com did have another domain name that this agency probably just didn't realize was usable. Given that they were able to activate the jotform.net domain, it's clear the actual servers were not seized. So there wasn't even an investigate (as in trying to look for other forms that may be at issue).
Never attribute to malice that which can be adequately explained by stupidity.
Well, which is it? It sure looks more like malice to me. Now, will you argue I should follow Hanlon's razor and just attribute it to stupidity? It's one or the other.
now we need to go OSS in diesel cars
Go Daddy has a history of pulling registrations without notification to domain owners. Remember seclists.org and familyalbum.com? Those domains were redirected because of third party complaints. The complaints were not even made by law enforcement. The GoDaddy TOS expressly allows them to suspend service at their discretion and they do it at the first sign of trouble.
I'm not defending GoDaddy in the least, but people doing business with them should be aware of their history and policies.
Where would we be if Wheel had hid her round rock in a cave instead of showing everyone how it rolls?
This country is going to end up in civil war again.
Probably not. I doubt one region of the country is so enamored with the federal government that it would be willing to take up arms and battle the rest of the nation to defend it. The first civil war was fought over states rights, among other things, and there was a pretty clear line between the industrial north and the agricultural south. Our present day issues are not so much a battle of conflicting ideologies and regional economies, but the increasing oppressiveness and financial abuse of the common man by the ruling elite. Yes, that old chestnut. So this is less likely to turn into another Civil War (or War Between the States, if you will), and more something resembling the American Revolution, if anything.
You drive a taxi for a living.
While carrying your passengers to an important meeting, you are pulled over. The officer takes the tires off your vehicle without telling you why, and only returns them when a large crowd of people start muttering and taking pictures.
Unfortunately, the same crowd also uses your taxi service - or used to, until they discovered that they cannot rely upon your ability to get them from point A to point B because J Random Law Enforcement Official might take your tires again, and they'd be stuck until he decided to give them back.
Check your premises.
That has nothing to do with the fact that an entire website was nuked off the face of the internet without any judicial oversight whatsoever.
If I get stopped and searched for no reason whatsoever, when the cop decides to let me go because he had no reason to stop me in the first place, should I just say "Well, he let me go, so all's well that end's well"? Come on. That's retarded.
There's a reason why we require court orders before police are just allowed to do whatever they fuck they want, and situations like this are precisely why.
Obviously, they need SOPA to force other registrars to do what GoDaddy happily does without question.
In some ways, I agree with your point.
But I've since re-imagined the War between the states since we had the "Tea Party" march on Washington so that Wall Street tycoons could get more tax breaks. Oh, and so that history books wouldn't bring up inconvenient facts of history about the founding fathers -- because delusional hero worship is so very healthy...
I now think that the South was NOT REALLY fighting for states rights. The Civil War was really a class war. The 1% who had slaves, wanted the rest of the workers who had to compete with slave labor to say; "Hey, you Northern oppressors -- we want to import cheap goods and not have to buy American, because we can't compete by selling good not made by slave labor."
The Slave Masters wanted everyone in the South to say; "WE are being harmed by the North economically" -- when really, slavery probably reduced wages for MOST Southerners.
>> So if there is another civil war -- it will be between the people fighting for the Common Good, and those people who are convinced that they are destined to be a CEO.
>>"ad space available -- low rates!!!"
It's not just JotForms. Google is now the leading site being exploited to host phishing pages. Google has reasonable defenses against phishing for their "sites" product. However, Google doesn't seem to have those protections on their document and spreadsheet products. Here's a fake login form hosted by Google. That's been up since 2010. Here's a fake login page hosted as a Google spreadsheet. Google allows unlimited HTML in a spreadsheet, which means it can be abused in this way. We have a full list, if anyone is interested.
"formbuddy.com" and "surveymonkey.com" can also be abused in this way. Formbuddy seems to kick phishing pages off quickly. Surveymonkey, not so good at this.
If you offer free hosting, and don't have aggressive anti-phishing controls in place, you will be pwned.
A state is a monopoly on violence exercised over territory. I'll let you figure out where THAT paraphrasing is from (Hint: it's from someone who didn't own slaves).
And way to quote Dick Analfroth, grandparent. What are we gonna do? March to the doors of the "government" and start shooting government employees because they handled an online identity theft case indelicately? Hint: before you start whipping your libertarian dick out, make sure there's a reason to, and maybe also make sure it's big enough that you won't be embarrassed.