US Government 'Suspends' JotForm.com Over User Generated Forms; Censorship Regime Expands

from the not-cool dept

One of the key principles behind the growth of the internet was belief in protection against secondary liability claims. That is, if you set up a website where users can post stuff, the people who post stuff are liable for the content — not you as the service provider in the middle. This is the core purpose behind Section 230 of the CDA (and, to a lesser extent) the DMCA’s safe harbors. But there are some loopholes where technically there are no official safe harbors (though common sense says you still shouldn’t be liable). The website JotForm.com, which allows individuals to create their own forms easily, has had its main domain, jotform.com “suspended” by the US government, due to “an ongoing investigation.” Because of this JotForm is forcing all of its users to change their forms to use their .net domain rather than their .com.


Many people on the comments assumed the content was posted by us. This can happen to any site that allows public to post content. SOPA may not have passed, but what happened shows that it is already being practiced. All they have to do is to ask GoDaddy to take a site down. We have 2 millions user generated forms. It is not possible for us to manually review all forms. This can happen to any web site that allows user generated content.

I’m at a loss as to how this possibly makes sense. Even if the forms were being used for some illegal purpose (and it’s important to note that Section 230 does not apply to criminal activity — just civil offenses), I still can’t fathom a reason why it should lead to everyone else getting censored and an internet startup facing a massive hardship wherein tons of users have had their service disrupted with millions of useful forms being suddenly disappeared.

And I won’t even bother spending any time on the fact that apparently it was GoDaddy who helped the US government “suspend” the domain.

For a government that insists it’s trying to help small businesses and startups, to go and disrupt one and all of its users over some possible illegal usage by a small number of users is just crazy. It’s this kind of overly broad censorship (and, yes, this is clear censorship) that is what people were afraid of under SOPA. As JotForm notes, it’s important to recognize that the US government already believes it has these powers. And the damage here for a small business is massive. JotForm has been filling its Twitter feed with customer service attempts at helping upset customers, and making it clear it has no information on why the .com disappeared. It looks like the US government asked, and GoDaddy just took away the domain. If you’ve never worked for a startup, perhaps you can’t imagine just how insanely disruptive and destructive such a situation can be. Everyone is so busy working and building a company — but something like this means suddenly all of their time has to switch over to help all of those upset customers (and doing so without being able to use the site that everyone will go look at first!).

Activities like this will chill innovation and entrepreneurship in the US. Why locate here or even setup under a .com if the US government might kill your business with no explanation at any moment?

Filed Under: , , , ,
Companies: godaddy, jotform

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “US Government 'Suspends' JotForm.com Over User Generated Forms; Censorship Regime Expands”

Subscribe: RSS Leave a comment
373 Comments
Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re: Time to go

Marcus, you are making a very standard mistake that is often made on this site.

It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many users are signed up to a service and say “well, we can’t police that one, can we?”.

If the site was currently being used in a phishing scam (as has been suggested on other sites), it was expedient to protect millions of potential victims by shutting the domain down, at least temporarily, until a solution can be found. I for one find it comforting that law enforcement isn’t willing to just play whack-a-mole with it, shutting down the ones they know about.

It sucks for the other people involved, but what can you do?

Let’s say there is a guy in the youth hostel you live in with a gun. He is holding police at bay. The police remarkably stop you from getting back to your bunk. Are they stopping your rights to freely move about? Is your right to move about more important than their right to deal with a law breaker, an illegal situation?

Based on what I can see on Google, jotform is one of the “tools of choice” for phishing and email collection scams. The domain has been blocked before for phishing scams by opendns, etc. There is plenty of indication out there that this service was used widely by phishers. If I was a potential user of their service, I would sort of check them out first. I wouldn’t stake my multi million dollar online business on a third party form builder being up and online.

Marcus Carabsays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. … Let’s say there is a guy in the youth hostel you live in with a gun. He is holding police at bay. The police remarkably stop you from getting back to your bunk ….

No, you are making the elementary mistake you always make by forgetting that things are different when it comes to speech. Staying in a hostel is not speech; providing web forms to interact with people is. You cannot shut down protected speech just to get at the illegal speech – just as you cannot seize a printing press because a newspaper printed one illegal thing.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Time to go

Marcus, the police can shut down a park, they can stop you from putting your soap box in the middle of their crime scene, and yes, they can stop you from picking your soap box out of a crime scene.

This isn’t censorship, it appears much more to be an active crime scene.

Berenerdsays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Time to go

Define shutting down a park? They can clear it for health reasons but as soon as the health reasons are gone they must allow people back in (assuming this park is paid for by taxpayer dollars). If its a protest, then as long as it remains peaceful then no, they can’t, not just on a hunch or random complaint.

Anonymoussays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re: Time to go

The police could declare the park a crime scene, and keep it closed for as long as they needed to investigate the crime.

They could also declare something inside the park a public health risk, and close that area for as long as it takes to mitigate the risk.

If the park is filled with guys selling crack, the potential is that they could go in, make arrests, and order the park emptied while the search for drugs and dangerous needles.

You seem to forget that this site wasn’t closed down just for the fun of it. They had something to work from.

Oblatesays:

Re: Re: Re:7 Re: Re: Re: Re: Re: Re: Re: Re: Re: Time to go

This is not like shutting down a park for a valid reason. This is more like they suspect crime in one park, so they shut down all the parks. Your picnic basket? You’ll get that back when they feel like it. Maybe. Don’t complain, because most of your food will still be in it.
Hopefully this highlights the apparent ridiculousness of the situation.

Just Johnsays:

Re: Re: Re:7 Re: Re: Re: Re: Re: Re: Re: Re: Re: Time to go

Actually, you just hit the nail on the head, and yet sadly are arguing against your own logical reasoning:
If the park is filled with guys selling crack, the potential is that they could go in, make arrests, and order the park emptied while the search for drugs and dangerous needles.

So, they could get a court order to Subpoena the IP of the “criminals”, and then go arrest, gasp, the ones participating in illegal activities, instead of shutting down everyone, including those not participating in illegal activities (bank robbers and cars come to mind, so lets take your car because you can use it to assist bank robbers…).

They could, gasp, apply due process and get a court order shutting down the site while investigations occur, instead of just saying “We can take it, no matter what due process says”. That is, if they could convince the courts that this site was indeed set up to facilitate crimes (although it seems that more and more judges are sadly jumping on the shoot first, ask questions later issue).

G Thompsonsays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Time to go

I’m going to have to side with the AC here Marcus.

If this site has been used for high range illegal (criminal) purposes then the best and most equitable source of action is to instantly remove the offending tool, as long as its specifically and surgically done (in this case it looks like it is because the .net was left alone) until at such time that some type of recourse can be taken.

This solves a few problems in that:
* current victims are given ability to see that investigation is proceeding.
* any future victims will not eventuate (via this website) and this is the main duty the Law Enforcement has to society at large
* Evidence is kept untainted and in stasis

Though if this surgical removal is carried out there needs to be clear and present unequivocal evidence that this has occurred via this site and that there was a clear and present danger to society. If this has not occurred then the Authority that sut it down should have all and any immunity removed and suffer the full force of civil actions.

I don’t believe this is a Speech issue, nor censorship issue since criminal speech is NOT protected and the rights of society at large (especially if this was in the high crime area of multi-$mill phishing) and victims (future and current) are paramount.

Its not nice for the web site, not nice for it’s customers (who use a free service and have other avenues.. and can actually use the service still just on the .net domain), but its the price of doing business any business whether offline or online if as the case appears here the Enforcement Agency has classified your place of business as a crime scene. They also do not have to (and normally wont) tell the Web site what its all about since that could prejudice any investigation.

Josh in CharlotteNCsays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Time to go

as long as its specifically and surgically done (in this case it looks like it is because the .net was left alone) until at such time that some type of recourse can be taken.

Wrong on all counts.

Surgical? No, the entire jotform.com DNS entry was redirected by GoDaddy at request of the government.

The .net DNS entry was not active until after the seizure. As far as the entire internet was concerned it did not exist.

Considering that Jotform regularly deals with abuse of its service, and has well established methods for dealing with it, you cannot even make the argument that it is faster to shut the entire domain down! It’s faster to contact Jotform and tell them one of their 2 million forms is being used for illegal purposes so they can investigate and turn it off.

I don’t believe this is a Speech issue, nor censorship issue since criminal speech is NOT protected and the rights of society at large

So the 1,999,999 perfectly legal forms that were taken down on account of the 1 that was criminal are not protected speech?

This is akin to shutting down the entire telephone network in this country on account of 1 person who is alleged to have used it for criminal purposes.

Marcus Carabsays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Time to go

I’m going to have to side with the AC here Marcus.

Well, that’s your right… but I think you’re crazy 😛

I don’t believe this is a Speech issue, nor censorship issue since criminal speech is NOT protected and the rights of society at large (especially if this was in the high crime area of multi-$mill phishing) and victims (future and current) are paramount.

I think you’re missing the point… No, criminal speech is not protected, but it is an “expressive activity” and that makes enforcement a constitutional speech issue. Stopping the criminal speech is good – but the courts have made it very clear that when you are attempting to stop an illegal expressive activity, you have to do so in a narrowly-tailored way that does not impinge on any protected expression.

That did not happen here. There is nothing “surgical” about this. A whole bunch of legitimate speech was taken down alongside the illegal speech. Yes, you can make the argument that it is all still accessible – but I think that’s like saying a newspaper can always buy a new printing press after the government seizes theirs. The law doesn’t say that the remedy has to be somewhat narrowly tailored – law enforcement is expected and required to be as vigilant as possible in targeting only the illegal speech, and temporarily impinging upon small amounts of protected speech only if absolutely necessary. I don’t see that happening here – they just brought the hammer down on the whole domain, legitimate users be damned.

G Thompsonsays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re: Time to go

You only think I’m crazy? Dammit I must be slipping 🙂

I understand this is absolutely the activity of expressive speech hat has been constrained here and that under your 1st amendment there has to be a clear objective not to impinge on expressive speech that might be collaterally caught up in any enforcement procedures.

That doesn’t mean that reasonably expected, unintentional, or unexpected collateral damage cannot occur that is statutorily or reasonably outweighed by investigative procedures cannot occur.

It really comes down to whether or not the benefit to society of stopping the criminal activity is outweighed by the collateral damage that can/will/might occur to unintended parties. Well that’s the theory, whether it works in practice and is equitable to all is a debate for another day (and I’m a cynic so my opinion is that it doesn’t work as much as it should).

I notice that the domain has no been unsuspended and the Secret Service (which I am going to assume means that this criminal activity had to be associated with monetary fraud) are investigating whether the correct protocols were done in the request to GoDaddy. I suspect that maybe if there was a major problem in the protocols it might be because they never expect to have providers actually listen to these requests and want legal warrants first.

I know the Speech problem is their in this case, but I equate it fully with a law Enforcement Authorities ability and mandatory responsibility to initiate a crime scene.

If a crime has occurred within a business’s premises whether that is a crime on the person, property, or other then if a crime scene is created then that business cannot enter to conduct business until at such time as the scene has been processed and evidence collected. If the tools to conduct that business are part of the evidence then those tools are kept until such time as investigation has FULLY been finalised. This is whether or not the business was a party to the crime or an innocent victim itself or whether the business has customers who rely on it, that’s what insurance is for (or should be). and whether or not that business gives a service that is giving expressive speech ability to its patrons is irrelevant to the crime scene.

It’s a horrible experience for any business to go through, I’ve seen it happen numerous times, have initiated the crime scene once myself, and had the scene happen to my own premises once too. It’s not fun, it’s stressful, it pisses customers off but it’s part of the risks of doing business whether online or offline.

MrWilsonsays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it.”

Your logic elsewhere: “It doesn’t matter how many LEGAL messages were being sent by email, if email is used for illegal purposes like selling counterfeit viagra, we must shut email down.”

“It doesn’t matter how many LEGAL items were being sent by UPS, if UPS is used for illegal purposes like shipping illicit drugs or counterfeit goods, we must shut UPS down.”

“It doesn’t matter how many citizens defend themselves with firearms LEGALLY, if guns are used for illegal purposes like robbery and murder, we must confiscate all guns.

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many users are signed up to a service and say “well, we can’t police that one, can we?”.”

That is the freaking problem the police doesn’t check, the business is not responsible for what others do and should not be, to close it all down because of others is foreclosing the entire business of offering something to others, is like closing down Ford because one of its suppliers is a crook.

Torgsays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

I’d like to poke at this “until a solution can be found” business.

This website is based around user submissions. Letting people quickly and easily create forms to fill out is their business model. Finding a good general solution to the occasional phisher would require each submission to be reviewed manually. That isn’t feasible given their traffic volume. I suppose it could also be possible for a computer to clear each submission, provided that Artificial General Intelligence is invented soon, but that doesn’t seem like a safe assumption. So as reviewing everything their customers do isn’t an option, the remaining solution is whack-a-mole. You know, the thing they could’ve done in the first place instead of shutting the site down.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Time to go

So what you are saying is that people having free forms for their sites is much more important than perhaps millions of dollars in fraud if the site is being used for phishing?

I think that you ignore the potential scale of this stuff. If you have ever tried running a fourm with standard software (like vbulletin or other) you will understand the depth of the problem of spam, phishing attempts, and such. These guys go all out. I wouldn’t be shocked to hear that a single group could generate tens of thousands of forms. Whack a mole just wouldn’t deal with it.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Time to go

So what you are saying is that people having free forms for their sites is much more important than perhaps millions of dollars in fraud if the site is being used for phishing?

Okay, so this post is either going to be a
-Strawman
-Intentional misrepresentation of the problem
-Attempt to poison the well

Let’s see which it is!

These guys go all out. I wouldn’t be shocked to hear that a single group could generate tens of thousands of forms.

Let’s hear it for misrepresentation!

“CRIMINALS COULD USE FORMS FOR PHISHING SCHEMES, THIS UNRELATED, LEGITIMATE BUSINESS MUST BE STOPPED BECAUSE SOMEONE DOING SOMETHING ILLEGAL USED THEIR SERVICE!”

I heard a criminal once drove a car, let’s impound every car in the country.

What’s funny is that you have no words for things like “Pastebin”, places that could be used to host thousands of magnet links or other illicit links. OR as it’s more commonly used, a place for programmers and other people to save a piece of text to look at later.

But since user generated content is evil, let’s just take down pastebin while we’re at it.

Hanssays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many users are signed up to a service and say “well, we can’t police that one, can we?”.”

It doesn’t matter how much legal recording is done with VCRs, if it is used for illegal purposes, that is pretty much it. Law enforcement doesn’t check how many legitimate uses there are for VCRs and say “well, we can’t police that one, can we?”

B Pickelsays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

I find hypotheticals to compare physical world issues to digital issues are often like line graphs involving x^2, X3 etc where the point(s) crossing the y axis are your base arguments for why the digital world is the same as ?insert situation.?
Nether the less I have adjusted your hypothetical to be more accurate to this issue
?Let’s say there is a guy in the youth hostel you live in with a gun. He is holding police at bay. The police remarkably stop you from getting back to your bunk .?

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it.

That’s why google and youtube were both taken down in 2004, right?

Typically when there is some illegal content on a site with a basis in user-or-algorithmic-generated-content, they tend to work with the webmasters to help clean the site up. In fact there was something passed in America that dealt with that possibility explicitly, maybe you’ve heard of it.

Or maybe you just like spouting crap and have decided that the typical act of going from article to article posting “freetards” is getting old, and decided to instead try your hand at debating and arguing. Word to the wise, stick to the basics, kid, you’re not ready for the big leagues.

Anonymoussays:

Re: Re: Re: Re: Re: Re: Time to go

Oh, I’m sure there’s illegal activity going on. The question is whether we needed to use a hammer quite that size to go after it. Another question is why the government can’t get back to the site owner the same day as to why his domain was seized.

“If there are phishing forms on the server, and the server belongs to the company, then who’s forms are they?

Nobody’s?”

Just because we don’t know who they belong to doesn’t mean they belong to nobody. Say I’m a counterfeiter and rent a room at a hotel. I register under a false name and leave a suitcase full of fake $100 bills in there. If the Secret Service raid the room, they aren’t going to assume the suitcase belonged to the hotel. And they aren’t likely to shut the entire hotel down over it, even if it turned out that a bunch of counterfeiters were renting different rooms for some sort of meeting. And they aren’t going to assume that a hotel employee was using the room, either, even though the hotel can’t “prove” that’s not the case.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re: Time to go

I think the problem is this: the suitcase is in the hotel “luggage storage area”, has been for weeks, has no name tag on it, etc. While they may not assume it’s the hotel’s bag, they might question the staff about it, because it would require some complicity for it to stay there that long without any tag or claim on it.

Further, if the hotel only allowed guest to register as “anonymous” and nobody was actually ever shown in the rooms, what would you think?

If every fire hose cabinet and every stairwell space was packed with bags full of fake money, don’t you think the hotel would come under SOME suspicion? Don’t you think if the police found counterfeit money in multiple places that they might lock the doors and start a careful search?

We don’t know the circumstances, but we do know that there are issues. You don’t eliminate suspects in a crime just because they seem nice.

Torgsays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

Hotel luggage storage areas tend to be small enough for mortals to examine without trouble. If a hotel’s storage area was the size of, say, Massachusetts, I’d be willing to give them the benefit of the doubt.

And then you go off on this tangent about a hotel being filled to the brim with counterfeit money and none of the customers ever using their rooms. I have no idea where you’re getting this idea from, since “is used by phishers” and “is dedicated solely to phishing” are as far apart as a city that contains drug dealers is from a city in which you can’t turn your back on anyone or they’ll run up behind you and fill you with heroin. Yes, in the second case I’d think that the people running the city had something to do with it, but we haven’t seen any evidence that this website’s phishers are anything but the natural result of a website that helps people to collect information other people give them.

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Time to go

“Don’t you think if the police found counterfeit money in multiple places that they might lock the doors and start a careful search?”

Again… all they did was lock the front door. Which (A) Will cause many customers to go away, not knowing about the back door, and will greatly harm the business. (B) Does allow anyone to use the back door, legitimate users and criminals alike. (C) Alerts the hotel owners (and hotel users) to the existence of the investigation. (D) Does nothing to obtain evidence. (E) Does nothing to preserve evidence. (F) Totally ruins the chess tournament that was going to be held in the conference room, because only 6 people show up instead of 50. I guess the tournament organizers shouldn’t have based their entire business model on a third-party location, right?

Look: Even you have to admit, seizing one domain while leaving the site active on another is stupid. If you think the site should be shut down, then the site should be actually shut down. If you think it should not be shut down, then it should not be shut down. Going halfway serves no purpose, and I would like to know exactly why the government feels this was the correct course of action.

As to why they went halfway: My guess is that they didn’t have enough evidence to actually do anything. But you don’t need evidence to politely ask GoDaddy to shut down the domain. After all, that’s not the government shutting down the demain, that’s GoDaddy shutting down the domain. So they did this, because they could.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Time to go

“Look: Even you have to admit, seizing one domain while leaving the site active on another is stupid.”

No, not really. If this is about phishing, it is likely that the phishers have set this all up to work on the default .com domain. Right now, all of their efforts, all of their link spam, all of their facebook trickery… that is all lost.

Further, leaving the other domains up means that we don’t really get into censorship, because the site is still available to for legit users (with minor modifications to their sites).

Seems like a win-win to me.

Oh, and yes, they would need something to get godaddy to shut it down. They aren’t going to just randomly turn it off because someone at justice gave them a call and said “please”. I am thinking warrant, myself.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Time to go

“They aren’t going to just randomly turn it off because someone at justice gave them a call and said “please”.”

Cell phone companies have given out the location of cell phones to law enforcement without any court order or warrant literally millions of times. I must admit to not knowing whether a court order was involved in this case or not, but I don’t think we can just assume one was involved.

yosays:

Re: Re: Re: Re: Time to go

For starters the usa should have no god damn rights in any outher country but r own, i live in us and i can see how being tue global police has fucked us over. Why the fuck do i care what people post, the people who comment are reliable not the damn website owners anyways. Obama is a horrible presidant. Nin addition i dont care what anyone posted the cons. Is the the highest law so therefor you have the right to post what you god damn please

sumboutritesays:

Re: Re: Re: Re: Re: Re: Time to go

Thanks for the invite.

holy motherfucking eagle hunting thread.

as for PP… looks about right.

the government is subverting its guardians.

we are the keepers. if we fail we shall be ruled by and for the engines of economy and its concentrated wealth and power.

speak freely, often and with something akin to integrity.

the pace is quickened,
your comms are monitored and your guns are an accounted for order of battle.

and we wait and sacrificial skirmishes continue. where is the real skirmish line? its certainly not privacy, apparently. guns? possibly. anonymity? probably. speach? looking probable too.

a freedom dictated. is not a free i think we’re supposed to be content with. too many have died for this. yet, the time to ask how many more may yet be asked again.

true freedom is infectious and its spread is still preventable.

pay your toll. freedom is not free.

PaulTsays:

Re: Re: Time to go

Depends on what you mean by “hosted”. In terms of servers, a weaker dollar means that it can be much cheaper to use the US than other regions. The exchange rate alone can be a big saver, especially on things like bandwidth compared to some other countries.

If you refer to having the .com domain, which appears to be the case here, it’s down to marketing and visibility. For better or worse, people automatically assume that a site will end in .com, and if you want one of those you have to involve the US.

el_segfaultosays:

Re: Re: Time to go

I moved all of my sites belonging to a startup that I’ve been working for to another outside of the United States. The datacenter we used to use was in the same city, now we have to deal with increased latency and a plethora of other small issues. The issue was that we didn’t want to be vulnerable to a competitor with a similar business model.

Yeah…SOPA will create jobs and keep businesses in the U.S.

Baldaur Regissays:

Re: Re: Time to go

We were about to launch with a .com address and an American registrar; now we’ll have to take the time to research an alternate route.

It’s informative to read the user comments on the JotForm blog – a .com address is considered by many to be more “legitimate” than others; until recently this was possibly true.

After this incident we have concluded that America is no longer a safe place to conduct business. Pity.

Machin Shinsays:

Re: Re: Re:2 Re: Re: Re: Re: Time to go

Well it is not really that simple is it? You say I have the “right” to leave the country. What do you think will happen when I try to board a plane for another country? After getting raped by the TSA they are going to tell me I cant leave without passport. The other country also will not let me in. So no I don’t really have the right to leave.

On to other point. I am a US citizen. I was raised to be proud of what this nation stood for. I refuse to leave because some asshole is screwing the nation up. I will stand and fight for what principles this nation was built on. I will not abandon it to be destroyed.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re: Time to go

Most un-American of you. True American would stay and defend against erosion of his rights, demand accountability from his elected officials, expect and receive justice for all, call out corruption and abuse done by those he pays with his tax dollars, question the benefit of the status quo, push for change for the better of all, even if it may inconvenience him or go against his personal belief system. True American would do this not just for himself but for his fellow citizens because he knows that if his fellows don’t have their basic rights defended, then neither will he.

He wouldn’t cut and run. You can thank him later for doing the work for you.

But you probably won’t.

And if any of that bothers you, there’s the door.

Baldaur Regissays:

Re: Re: Re: Re: Re: Re: Time to go

Oh, we’re Americans too, and that’s the bitch of it – setting things up offshore is an incredible hassle (just think non-US payment systems, for one fun example).

And to the AC above who suggests people can leave if they don’t like it – a very special fuck you AND the horse you rode in on. America is awesome; the government is not.

Keroberossays:

Re: Re: Re: Re: Time to go

After this incident we have concluded that America is no longer a safe place to conduct business.

Incorrect, the U.S. is a perfectly safe place to conduct business, as long as you’re a multi-billion dollar corporation with millions of dollars of lobbying bribes, you can buy all the government protection you need–Including the ability to stifle all competition.

Just Johnsays:

Re: Re: Time to go

I live in Taiwan, so if you want to move your hosting over here, feel free to contact me. Although, I am not sure that too many can move here, since Taiwan’s political status internationally leaves it vulnerable to the US leaning on them to get it their way…
Maybe we can limit how many I can help move here so we do not have Taiwan put on the same list as Hong Kong.

Anonymoussays:

Actually, it is legally one of the problems of user submitted sites, and one that uses your own arguments against IP addresses as being valid to prove the point.

If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings. Remember now, a log of IP addresses is something that most people here claim isn’t enough for prosecution, so why should it be enough to prove innocence?

The safe harbors should exist only to protect the company, not the individuals involved. They should be required to know who is uploading, who is responsible, so that the law can be applied fully. Otherwise, the safe harbors become a shield for illegal activity.

Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.

Anonymoussays:

Re: Re: Re: Re: Re: Re: Arrgh@!

agreed, i dont know if their trolling or if they actually believe in what they say, all i know is that their comments, through ignorance or arogance, makes me want to get involved, rather then assume that enough people will contest the corruption, so, a big thankyou guys, you big bunch of idiots, instead of letting it die down, which to me felt like a real risk, you instead keep us on our toes

oh and finally, the obligatory….STFU, with the understanding that its your right not to STFU, either way …..STFU

Anonymoussays:

Re: Re: Re: Re: Re: Re: Arrgh@!

Yet, here we are in another situation where you guys are all off riding your copyright horses, not realizing that this probably has nothing to do with copyright at all.

I think your STFU is more an indication that you don’t want to hear the truth, you have already drawn a conclusion and nothing will change your views.

Too bad. You use to be a good debater.

Marcus Carabsays:

Re: Re: Re:2 Re: Re: Re: Re: Arrgh@!

Yet, here we are in another situation where you guys are all off riding your copyright horses, not realizing that this probably has nothing to do with copyright at all.

There are like three people here who have mentioned copyright. The post doesn’t mention it at all, and the majority of commenters are not talking about it. And it is a related topic, even if it’s not the specific issue at hand here. We’re hardly “all off riding our copyright horses”

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Arrgh@!

Marcus, you have, yourself, mentioned censorship in this deal. Are you saying that shutting down illegal activity is censorship?

I can (barely) accept the very thin argument of censorship in relationship to copyright violations, even though I think it’s another foxhole to try to hide in more than anything. But I have a much harder time taking a term like censorship seriously in relationship to illegal activities.

It just doesn’t add up, sorry.

Marcus Carabsays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Arrgh@!

Umm, you didnt accuse us of riding our “censorship” horses – you said “copyright” horses.

Did you mean “censorship”? That’s fine if it was a typo. Yes – we are all talking about censorship, because that’s what happened here. A whole bunch of protected speech got censored. It doesn’t matter that a little bit of illegal speech got stopped with it.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Arrgh@!

So, what is your version of several?

What happens if the legal 300,000 forms account for 2 million page views, and the “several” phishing forms are getting even 10% of that traffic. How many people have to get scammed before there is a balance?

Would you feel the same if your parents were scammed out of their savings by a phishing scam?

You use to be a good debater, now you are just “angry dude” in a white hat.

Anonymoussays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re: Arrgh@!

“Would you feel the same if your parents were scammed out of their savings by a phishing scam?”

I would want the scammer punished. Not the tools he used to accomplish the scam. Lots of old people get scammed over the phone, lets shut down ATT.

You can’t write laws to protect against stupidity. The scammers will move on to a new scam and the people who used the site legitimately are the ones who really lose out.

JMTsays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Arrgh@!

“I can (barely) accept the very thin argument of censorship in relationship to copyright violations…”

And that is why you will have derision and scorn heaped upon you by most people here, and in fact by most people who value basic human rights over an invented (and abused) monopoly right.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re: Arrgh@!

Hence the “with the understanding that its your right not to STFU”

Door swings both ways my friend, both sides, are essentially saying STFU, just in a more eloquent and not so eloquent way

They can say what they like, i, just like them, dont have to like whats being said

Im happy to listen to Government sheep, once i feel that Government choices and decisions are no longer influenced by those with power and money, and are in fact more interested in debating with its people

Re: Re: Re:2 Re: Re: Re: Re: Arrgh@!

I want to hear the truth, why don’t you tell it to me. You are not allowed to use ad hominem attacks, repeat the same talking points, use links that have nothing to do with the conversation, and you have to stick to the topic, in this case the removal of JotForm.com from DNS by GoDaddy.

“Too bad. You use to be a good debater.”

Thanks, I still am. I am just very tired of hearing the same talking points from a dozen trolls across 30 or so blogs.

As a side note. What you are seeing online now is very similar to what happened before the Arab spring. Only this time it is targeted at the content industry not a government.

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re: Arrgh@!

Congrats for adding nothing.

I brought something to the table. The history of Jotform as it relates to phishing scams, mentioning that it was blocked in the past by opendns as a result of it, etc. We also have Godaddy’s statement of the type of things they would pull a site for. Seems so far we are on the right track.

So there are no talking points, no nothing. Just facts.

“What you are seeing online now is very similar to what happened before the Arab spring.”

All I can say is that you are truly full of yourself. You get on me about speculation, and then you post up that crap? You use to be a good debater, that is really gone now.

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Arrgh@!

“All I can say is that you are truly full of yourself. You get on me about speculation, and then you post up that crap?”

Please, its not speculation, it’s forecasting trends and the psychology of large groups. While not an exact science due to free will, it does give pretty good estimate of when events will occur.

Here is what I see. Thirty years of the content industry abusing people with a small group talking about it. Five years of people using Facebook, 2 years with Facebook reaching a threshold in a way where memes take on a life of their own.

What is happening now is a phase change in the way people communicate and do things. It has been growing (read this) and is continuing to expand. Every government on the planet has had briefs on this. None of them actually get or understand it. The content industry doesn’t understand that all is needed is one or two more pushes and real copyright reform will happen. The monopoly will end.

mineratsays:

Re: Re:

Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.
Right, but the company is supposed to be presumed innocent until proven guilty. Hell, all the investigating agency had to do was, you know, investigate the site to see that they have hundreds of thousands of users and are proactive in combating phishing. Then do something crazy like contacting the owners to see if they respond / can provide useful information about the problem form(s).

Anonymoussays:

Re: Re: Re: Re:

Innocent until proven guilty doesn’t mean “ignore until convicted”. If there is a criminal complaint, then law enforcement needs to act.

It would appear that it’s a question of something that was on a form, or what the form was doing. A quick example I could come up with would be forms with child porn images on them, being used as part of CP distribution. I could also picture the same for various other forms of illegal porn, from snuff to the old two girls, one cup deal.

It’s not clear what the issue specifically is, but clearly it is enough to merit law enforcement taking action.

Further, let’s be clear here: The old “too big to check” excuse is getting very, very tired now. It’s a sad excuse that companies can pretty much abdicate responsibility for what is on their site, while at the same time not being able to indicate the sources for it. That is an untenable situation, which creates the mysterious “nobody is responsible”, which just won’t stand.

Too big to check? That just isn’t a tolerable excuse anymore.

Rikuosays:

Re: Re: Re: Re: Re: Re:

You just defeated your own argument. You argue that one form could possibly be illegal content – yes, that’s probably true, it can happen. But it doesn’t mean you BLOCK THE ENTIRE WEBSITE!

And how is too big to check intolerable? Youtube has days worth of video being uploaded every minute. This site had millions of forms. Besides, what’s being argued is not “too big to check” but being too big to check proactively, at a cost of both immense resources, time, money and civil rights. For example, Youtube could check each and every video before its uploaded: but because it can’t determine what’s legit and what’s not, that would simply be a waste.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re:

Rikou, it would appear (from what I can gather) that the forms in questions were phishing scams or similar, and were put up repeatedly. Some reports suggest they were not removed or handled promptly by the company when notified. I don’t know if this is true, but there you go.

This is a case where taking the domain domain is the most expedient way to assure that nobody is phished.

Richardsays:

Re: Re: Re:7 Re: Re: Re: Re: Re: Re: Re: Re: Re:

I hope Mike takes action to ban the user who threatened physical violence.

Firstly I don’t think he was serious.

Secondly you have been so stupid, unpleasant and irrational in this thread that it is not surprising that you have provoked a reaction.

Please go away and think about the logical consequences of the line you have been taking.

G Thompsonsays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re:

That sort of comment is very VERY uncalled for and why this place sadly still needs a “report” button since every so often some moron (or troll.. since your comment is a real trolling comment) comes around who can’t control his anger and needs to be censored fully.

This place sometimes needs a Ban hammer wielded strongly

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

Hey he wants these people out of a job because of some of info he got from “some reports”, I just want him out the world because of info I am getting from “some reports” on him.

Its pushing an argument beyond the norm so you can see how flawed the logic is. Because “some reports” say they may not have followed the correct procedure he wants these people to lose their jobs, their families to fall on hard times, and for all this to happen BEFORE they get any sort of due process.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re:

What if the site owner is the source? Are we going to start calling drug dealers to let them know when you are going to raid their crack dens?

Think about it. There is no simple way to know what involvement if any the company has in whatever they are investigating. So why tip them off before you take action?

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

There is no simple way but there is a way that is why they pay “investigators” for isn’t it?

You don’t go around closing others people’s business because you suspect he is a crook you first prove it.

I hope the people responsible for this get slapped hard with a counter suit asking for millions in restitution and damages this is just abuse.

Anonymoussays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re:

“You don’t go around closing others people’s business because you suspect he is a crook you first prove it.”

No, it doesn’t work that way. You don’t have to prove it, you only have to get a reasonable suspicion, the level required to get a warrant or to take action.

Proof is used in a court of law to determine innocence or guilty. The standards for arrests, searches, and seizures pending investigation and trial are a little lower.

Josh in CharlotteNCsays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

This is a case where taking the domain domain is the most expedient way to assure that nobody is phished.

Wrong! Completely and utterly wrong in every possible way imaginable.

That comment shows your lack of technical knowledge as well as lack of common sense.

Let’s compare what you would need to do to either remove a single form or redirect the entire domain.

Single form:
1) Send abuse report to Jotform.
2) Jotform removes form. Form no longer accessible pretty much immediately.

Redirect domain:
1) Identify domain registrar.
2) Send abuse report to domain registrar.
3) Registrar redirects domain.
4) Wait anywhere from a few hours to days for DNS records to propagate throughout the internet. After 2 days, most likely no one can access the site.

Here, read it straight from GoDaddy: http://help.godaddy.com/article/1746?locale=en

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re: Re: Re:

Umm, can you please learn to read? I didn’t say that the site had child porn on it, only that an unchecked system would be an open invitation for these people to operate there.

“And bending over backwards to point out how it was totally reasonable to kill an entire website over x number of things that could have been surgically removed.”

How do you know that for sure? Are you 100% confident that this is only on a single form, and not many? Are you 100% confident that nobody involved in the company, it’s service providers, and such are not involved at all ever? How do you happen to have this proof?

See how it works?

You are a sad, sad troll.

Re: Re: Re:3 Re: Re: Re: Re: Re: Re: Re:

You are right this isn’t about copyright, its about prior restraint. There are half a million users at JotForm.com. There are now over 300,000 web sites that have partial functionality because of this take down by the Secret service. Blog comments forms, contact forms, order forms, etc all taken down due to a lack of due process.

Gwizsays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Re: Re:

Again, are you suggesting “too big to be dealt with by the law?”

No, he wasn’t suggesting that.

What exactly is wrong with a calculated measured response that doesn’t detrimentally affect the innocent users?

Think about in medical terms, OK? Do doctors hack up people with chain saws causing death to the patient because there is small tumor on the liver? No, they surgically and precisely remove the cancer with minimal damage to the body.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re: Re: Re:

“Again, are you suggesting “too big to be dealt with by the law?”

There ARE some things that too big to be dealt with by the law – at least if you’re looking for 100% enforcement. The police can monitor a stop sign to make sure nobody runs it. They can respond to complaints about a particular car running the sign at the same time every day (but like an IP address, even a licensed and registered car does not indicate a user, you still need to investigate who was driving!). But they don’t have the manpower to put an officer at every single stop sign in the city. And even if they did, they’d need to have another officer ready to go and actually arrest the guy who ran the stop sign, since the first officer would have to stay at the stop sign in case someone else ran it. And even THEN, what happens when the cop looks down for a second to grab his coffee (hey, monitoring a stop sign for 8 hours is pretty boring work) and isn’t quite sure whether that last car came to a complete stop?

That’s not an indication that the police don’t care if you run a stop sign. It’s cold hard reality. The system of roads in a city is too big to be 100% dealt with by the law. The alternative is to either hire a police force so large it cripples the city, or to severely limit the number of roads, also crippling the city. Similarily, the number of forms submitted to JotForm and the number of videos submitted to YouTube is too large for those companies to look at them individually and determine legality.

Remeber that Beatle who tried to respond to every fan letter? It’s kind of like that. You eventually end up with a 30 year backlog.

ltlw0lfsays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Re: Re:

You are right this isn’t about copyright, its about prior restraint. There are half a million users at JotForm.com. There are now over 300,000 web sites that have partial functionality because of this take down by the Secret service. Blog comments forms, contact forms, order forms, etc all taken down due to a lack of due process.

If they can do it to JotForm.com, they can easily do the same with Google Docs. I have a ton of shared forms on Google Docs, and have seen others use them for the same purpose. If Google Docs goes down, I believe the web itself would disappear for a while.

ltlw0lfsays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

I really wish they would shut down a really large site.

Give it time. If there is one thing I’ve learned in government is that there is no shortage of stupidity, especially the higher you go.

Given that Google Docs uses docs.google.com, I wonder if they would just block that URL or if they would go for google.com instead? And if they did, much to the chagrin of the ACs here with tinfoil hats, I believe that would be a black day on the internet.

Dirkmastersays:

Re: Re: Re: Re: Re: Re: Too big to check isn't tolerable

But the only solution to a “too big to check” is to have an algorithm that checks, WHICH THIS COMPANY HAD. So effectively, you are saying that there’s no way for them to win. Or that the only solution is a perfect algorithm.

Let me know when you write that.

The simple truth is that this is overreach by the government pure and simple. And the fact that a business can be shut down, and the investigating officer can be too busy to look into it FOR DAYS is inexcusable and SHOULD BE criminal. But of course, the law will PROTECT the abuser, while punishing the innocent.

Shameful.

hmmsays:

Re: Re: Re:2 Re: Re: Re: Re:

they do that now you know…

If I accuse you of being a terrorist then you get hauled off to camp xray or one of those lovely “holiday villas” they have in alaska, poland or the chinese mainland….no lawyer, never find what you’re charged for for several years…then released with no apology or compensation.

And remember, the FBI sez everyone with a GPS (or a tidy garden) is a terrorist…….

Anonymoussays:

Re: Re: Re: Re: Re: Re:

Needed to act responsably and in a way to minimize any collateral damage, not go in and try to destroy a business because of a few bad apples.

Do the police seize the assets of labels for the bad habits of their singers and employees?

Of course not they would have been hit with so many counter lawsuits they would be litigating for decades.

Maybe is that what people should do prepare a super fund for legal expenses and just wait for the government to come around and BAM sue them for loss of business, damages, calumny, defamation, incompetency and anything possible so they learn that they can’t just go seizing anything at will.

weneedhelpsays:

Re: Re:

“Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company.”

You do realize how asinine that sounds?
Without proof of who is actually uploading you should not ASS-U-ME anything.

“If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings.” Please tell me how you do, and dont assume.

“it’s a pretty good assumption” No, its not really.

Silly AC.

Anonymoussays:

Re: Re: Re: Re:

Marcus, WTG on trying to take something out of context.

If the material is there, the “proving innocence” is showing that they are not the source. Think about it. In legal terms, the site is owned by the company, the servers are operated by the company, and the material is on the servers operated by the company. In a very basic way, this is “dead to rights”. What these “user submitted” companies are doing is claiming innocence because someone else did it. That would be “proving innocence”.

Nice of you to totally misunderstand. Typical of your crap.

Rikuosays:

Re: Re: Re: Re: Re: Re:

Youtube.com is owned by Youtube LLC, their servers are operated by Youtube LLC and all videos are on servers operated by Youtube LLC.
Now suddenly, Youtube is guilty of copyright infringement, using the metric you outlined above.
Again, due process says that the government should prove guilt before punishment. No law says that you have to prove your innocence. If I’m accused of a crime and the government can’t bring any actual evidence to trial, I don’t have to say anything or do anything at all. The lack of evidence (should) get me acquitted.

Marcus Carabsays:

Re: Re: Re: Re: Re: Re:

If the material is there, the “proving innocence” is showing that they are not the source. Think about it. In legal terms, the site is owned by the company, the servers are operated by the company, and the material is on the servers operated by the company. In a very basic way, this is “dead to rights”. What these “user submitted” companies are doing is claiming innocence because someone else did it. That would be “proving innocence”.

Umm, okay, but my point remains: they shouldn’t have to “prove” their innocence before they are punished like this. Because yes, it is a punishment – a few days without your domain and a few thousand confused customers can be enough to sink a startup.

The fact that it’s possible for employees to use the service for illegal purposes does not justify seizing it without any actual evidence that they are doing so. That’s insane.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re:

Marcus, this isn’t punishment, any more than police showing up to execute a search warrant and locking the doors to the business would be. It might be no different than towing away to impound an ice cream truck found to have a pound of crack in it.

This is perhaps the best explanation I can give you. What happens isn’t any different from the real world in this regard.

It’s not considered punishment when done in the real world, is it?

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re:

Marcus, would you considering the police shutting down a book store temporarily during an investigation as censorship, or a criminal investigation?

Would you consider it an affront to free speech if a library was closed because there was a crazed gunman inside?

Would you consider it broad censorship if a radio station was taken off the air because police needed to shut down the transmitter to get to someone who was hanging off the transmission tower threatening suicide?

There is no absolutes in play here. If the allegations floating around are true, I feel sorry for the other users, but phishing scams are a real crime, a real problem, and they need to be addressed directly. Your short term “freedom of speech” issues are not enough to stop law enforcement from doing their jobs.

Marcus Carabsays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

sigh

I assume you are trying to lead me down the rabbit hole to Arcara v. Cloud so you can triumphantly wave that in my face. But once again, you are making an elementary mistake: none of those crimes you give as examples involve speech. They may take place alongside speech, or in a place where speech happens, but they are not speech themselves, and that changes the legal contours.

The key here is United States v. O’Brien, which requires a statute that quashes illegal speech to be no broader than necessary. Cloud Books presented that in their defense, saying that closure of the book store was broader than necessary to prevent prostitution. However, the courts in Arcara v. Cloud held that since prostitution is not itself an expressive activity, U.S.v.O’Brien had no relevance.

That is the difference between your examples (which are all very similar to Arcara v. Cloud) and the situation with JotForm, where the illegal activity is also itself speech, just not protected speech.

Anonymoussays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re:

Okay, let me give you a better example to work from. Say a newspaper (nice legit business full of free speech) is doing well. But one of the guys running the printing press has found a way to use that press to print money in the off hours. He stores the fake money in broom closets and storage rooms all over the newspaper building.

Further, the techniques used to do this printing are hidden on the company’s computers.

Now, would you consider it censorship if the newspaper building was locked for, say, 48 hours during an investigation, searching for the money? Would you consider it an affront to free speech if the company servers were seized, and access to that particular printing press shut down during the investigation?

I have a hard time seeing a computer form as “speech” in any great meaningful way. I just gave you an example that is clearly on speech… how do you deal with it, without hurting the investigation?

Anonymoussays:

Re: Re: Re:7 Re: Re: Re: Re: Re: Re: Re: Re: Re:

Once again: The core difference is that the shutdown in your example is temporary and required for the gathering of evidence. The domain name shutdown is not going to gather or preserve any evidence. And it’s not going to be for just 48 hours, I assume. Maybe they’ll get it back in 9 months with no explaination? That seems to be how the government handles this sort of thing…

“I have a hard time seeing a computer form as “speech” in any great meaningful way.”

I guess it depends on the form. For example, this TechDirt comment submission form. It doesn’t have a whole lot of speech in it, but it DOES facilitate speech – more like how a printing press isn’t speech in itself. Or imagine a form that allows you to solicit donations for a political candidate. I would imagine such a thing would be protected under the First Amendment.

Marcus Carabsays:

Re: Re: Re:7 Re: Re: Re: Re: Re: Re: Re: Re: Re:

I’m not sure counterfeiting counts as speech, either. But, if the example you describe occurred, and a printing press of a legitimate newspaper was seized because it had been used illegally by an employee, then I suspect that case would make it to the supreme court, because it would be an important prior restraint decision.

I am not saying there is NO way for law enforcement to conduct their investigation, or that there can never be ANY disruption of the site at all. What I am saying is that this is dangerous territory – and law enforcement and the courts are expected to tread very carefully when it comes to freedom of speech. This is not a “48-hour” shutdown – indeed JotForm was told that it would take a week to even tell them why they’ve been shut down. What has happened to JotForms is clearly too extreme and broadly-targeted of a remedy when speech is involved.

Anonymoussays:

Re: Re: Re:8 Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

Here’s an example… they pull down the domain, and then they look at all the requests for it. They look around for all of the phishing forms, while making it impossible for any spammer who directly linked the forms to get data. Perhaps they are recording all the incoming requests to the .com to see who is actually using the forms in question, etc.

Considering that Jetform has in the past been the host for phishing forms, and has again and again over the last couple of years been noted for the same issues, including on their own chat boards, it would seem that perhaps there is more here than meets the eye. How about we let it settle out before we draw any conclusions?

Marcus Carabsays:

Re: Re: Re:9 Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

Considering that Jetform has in the past been the host for phishing forms, and has again and again over the last couple of years been noted for the same issues, including on their own chat boards, it would seem that perhaps there is more here than meets the eye.

No, it wouldn’t. Google, Live Mail and Facebook are INUNDATED with illegal spammers, and false accounts being used to commit worse crimes than spam – and despite ongoing efforts to prevent it, it still happens en masse, and has been for years. Shall we seize all their domains as well?

Anonymoussays:

Re: Re: Re:10 Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

Can you please give me an example of a phishing page hosted on hotmail?

Can you give me an example of a phishing page hosted on Google?

Can you give me an example of Google being used to host many, many phishing pages?

Can you show me hotmail or google providing the technology to specifically collect user information?

Oh, oops. Marcus is about to fail.

A Monkey with Atitudesays:

Re: Re: Re:7 Re: Re: Re: Re: Re: Re: Re: Re: Re:

except in the case of a website, its even easier for the police to investigate with out taking the domain… if its a phishing scam they can work with jot to figure out what was happening and why in real time.. taking the Domain does nothing other than punish, it preserves no evidence, it does nothing you cite the police doing. And if the police have multiple forms that are bad or suspect of criminal activity you take those, NOT THE WHOLE Fing THING.. ITS STUPID and ITS WHAT I HAVE COME TO EXPECT FROM THE USELESS TITS we have now running both the authorities and the legislation.

AND YOUR THE REASON THEY DO IT because they can point the finger at the likes of you and SAY “FOR THE CHILDREN” and bingo its all good… well i think that is going to come to an end pretty quick as it seems as if people are getting more and more sick of the crap/lies/fundamental destruction of rights….

Anonymoussays:

Re: Re: Re:8 Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

If the phishing scam is a single page, perhaps it is easier to leave up.

If it is thousands of pages, and they aren’t sure if they know of all of them, the risk of leaving them up to scam people is higher than the reward of leaving them up.

Sort of amazing to watch you guys come up with a justification for leaving an unknown number of illegal pages up.

Anonymoussays:

Re: Re: Re:9 Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

Oh awesome, laws and law enforcement actions to prevent us from unknown dangers! Who knows how many criminals are in Detroit, lets just lock up the whole town. What you want to justify letting an unknown amount of criminals left free? Who cares about the innocent people, there are criminals in there.

Actually lets start writing all our laws to protect morons from unknown dangers. What a great world this will be when we protect the lowest common denominator from themselves. We can replace cars with bumper cars, nothing can have sharp edges anymore, no more peanuts actually no more anything anyone has ever been allergic too ever. We never know how many people will be allergic too it in the future, best not to leave too many unknown dangers laying around. Lets see, no hot anything. No more hard surfaces, we can replace everything with moon-bounces. Lets just let the government handle everyones money so they don’t get scammed or lose any of it.

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

Of course it is and the police can get slapped hard for doing it wrong, that is why they get proof first of wrong doing by the owner of any establishment or they are screwed unless you are talking about a poor owner of some poor store than the cops harass and do whatever they like just the way you like it isn’t it?

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

“Marcus, this isn’t punishment, any more than police showing up to execute a search warrant and locking the doors to the business would be.”

Except seizing the domain doesn’t actually seize any evidence. It would be like locking the front door to the business but leaving the back alley door alone. Which I don’t think police have ever done unless there was something about the front door in particular that was a problem.

“It doesn’t matter how much LEGAL content is on a domain, if it is used for illegal purposes, that is pretty much it. “

Seriously? Then we need to shut down the Internet. The wire going from California to Florida has a TON on illegal stuff going over it, we need to sever it! And since the Internet will automatically try to route around the damage, we need to sever every single connection because otherwise it will be used for illegal activity.

Or if you think that only applies to domains – well, as people have said, pretty much every email provider has hosted illegal emails. Every generic search provider has returned links to sites doing illegal things. Any site that allows user-generated content has at least the potential for an illegal submission. There won’t be much left if your standard is that any illegal activity means a domain needs to shut down, regardless of the percentage.

Rikuosays:

Re: Re:

I didn’t know that establishing someone’s guilt in a criminal case just involved the investigation not having enough evidence.

Seriously, you need help. You say that without proof (evidence) then its a good thing to just assume that someone is guilty?

Oh look. I had a dinner party and a purse belonging to one of my guests was stolen. Without proof of who actually stole it, it’s a pretty good assumption that the theft was the guy hosting the party (i.e., me). There is no proof to the contrary.

Anonymoussays:

Re: Re: Re: Re:

No, that is a bad example. Any one of the guests could be responsible. Are you truly that dumb?

You guys always push that IP addresses aren’t enough to convict anyone. Well, why should they be enough to prove that the site owners didn’t put up the content?

Think about it. I know it is hard, but THINK.

Rikuosays:

Re: Re: Re: Re: Re: Re:

“No, that is a bad example. Any one of the guests could be responsible. Are you truly that dumb?”

Obviously, when I said that I, the host of the party, would be held responsible, I was being sarcastic and also pointing out the fallacy of your argument. You argued that, in the absence of evidence, you should just assume (your word) that someone is guilty.

“You guys always push that IP addresses aren’t enough to convict anyone. Well, why should they be enough to prove that the site owners didn’t put up the content?”
You can’t ask someone to prove a negative. That’s why.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re:

You don’t point out any fallacy. If the host is the only person in the house besides the 1 guest, they would be considered the prime suspect unless there was forced entry into the house.

You are alluding to a room with a bunch of guess people can see. That just isn’t a parallel to this story at all.

The only point you are making is that you don’t understand the difference between a room full of people and anonymous web posting.

Rikuosays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

Room full of guests = the meatspace equivalent of a server with a couple million forms. i.e., there’s more than one obvious suspect and still a lack of evidence that either the guests (the users) or the host (Jobform) are guilty.
In both cases, the law says that no-one can be punished without having a trial and being declared guilty.

Again, you have argued for assuming that someone is guilty when you have no evidence.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re:

No, a server full of forms is just a server full of forms. Who put them there?

YOU DON’T KNOW!

That’s the point. I can see thousands of guests. I can’t see anyone attached to a form, I just see data.

A server full of forms is a room full of pictures of past guests, not actual current guests.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

It hurts to read your posts.

And I know who you are, you’ve been posting on TD for years. You have the same posting style and everything.

Yet you don’t give up, even when you’re backed into the corner and admit that you are both wrong and stupid, you find some way to continue, some way to convince yourself that you’re fighting the good fight.

Here’s an idea: You hate Mike so much? Go make another blog about it. Call it “Mike Masnick is the great Satan” and post all you want about how wrong and dumb you think he is and you would get to have front-page privileges to boot!

And the best part is: You would be able to delete comments of the people who would call you out on how wrong and stupid you are! No more having to make an ass of yourself in the TD comment section!

E. Zachary Knightsays:

Re: Re: Re: Re: Re: Re:

No, that is a bad example. Any one of the guests could be responsible. Are you truly that dumb?

I think it was a great example. Why? Because it forced you to contradict your original point.

Your original point was that because law enforcement couldn’t identify the form creators, it was the site owner’s who were guilty. Now you claim that any of the users could have been responsible. Which is it?

Think about it. I know it is hard, but THINK.

Someantimalwareguysays:

Re: Re: Re: Re: Re: Re:

You guys always push that IP addresses aren’t enough to convict anyone. Well, why should they be enough to prove that the site owners didn’t put up the content?

Think about it. I know it is hard, but THINK.

And if someone calls the police with accusations of your wife beating activities you will not scream when they cuff you and throw you in the back of the squad car in front of all your neighbors then?

Someantimalwareguysays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

And if someone wanted to really screw with you for some reason and planted a packet of crack in your car while you are in the store and then calls the police with a “tip” about you having illegal narcotics in your car? Are you guilty?

What if a LEO had a gripe against you and did this him/herself and then arrested you to up their arrest rate statistics…are you still guilty?

Should you be arrested for that crack in your car if some perp tried to hide their illegal activities while running from the police by throwing the evidence into an open window while you were away from your vehicle?

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

“It’s on par with a pound of crack on the drivers seat of your car.”

No, it’s more on par with a pound of crack in a suitcase in the back seat of a taxi. It would be foolish to assume it belonged to the driver. And in THAT case you might even impound the taxi – but only becasue it actually might contain evidence. The domain name does not contain evidence. The servers might, but they aren’t seizing the servers. It’s like they welded shut the passenger side door of the taxi. The taxi can still drive, it can even still drive the people transporting crack. They just have to walk over to the driver’s side.

“There is at least enough there to merit further investigation.”

Fine, investigate!

Anonymoussays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re:

Seizing the domain (at least for the moment) stops all of the potential phishing activity cold. If some group has spiked the domain with thousands of phishing forms, it’s pretty much a better deal to do something to stop the illegal activity, and work to restore service to valid customers going forward.

I would rather than millions of people are protected from scammers than a few thousand businesses get to keep using freebie forms. That’s just my opinion.

Anonymoussays:

Re: Re: Re:7 Re: Re: Re: Re: Re: Re: Re: Re: Re:

It also stops a business from operating, putting people out of work unnecessarily. Instead of blaming the company and alerting the real criminals, work quietly with the company and catch the real criminals in the act while allowing everyone else their rights. I would rather a few thousand do not have their rights stomped into the curb than a few million avoid having to learn how to avoid a scam.

Rikuosays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

“Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.”

That’s what you said, directly quoted. You are saying that when you have no proof of who is guilty of a crime, you can still ASSUME someone is guilty anyway, based on a tangential link.

COP: Good evening, Mr. Jotform owner. There’s a phishing form found on one of your servers. At this point in time, we don’t know who is responsible for it, either an external user, or someone from your company. But, we’re going to shut down your entire website anyway. Be thankful we didn’t arrest you as well!

That’s what you’re arguing (or at least, half the time. You keep switching between no evidence required and evidence required).

Rikuosays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

Ahh…I think I get you now. You’re a complete moron. One or two lapses I could accept as mere poor wording on your part.

You’re confusing being a suspect with being guilty. The two are very different. When you’re a suspect, you’re typically arrested, you get the chance for bail and you have certain rights that the government must protect.
Being guilty is when you’ve been through a trial, the judge and/or jury have seen the evidence and decided that you are guilty of whatever the accusation is. You are then punished and either sent to jail/fined/have property seized, etc.
In all the examples you’ve said, yes, I guess I could see thing like that happening to a SUSPECT.
But, in legal terms, you cannot say “assume you are guilty”. You say “You are now considered a suspect, because the phishing forms were found on your computers and there is no other evidence to the contrary”.
The newspaper scenario you posted, because the fact that its a newspaper means the police would need to have a high standard of evidence that there is counterfeiting going on before they can storm in and shut them down for a couple of days (otherwise, you would have the scenario of people complaining to police every three days that Newspaper X is counterfeiting money, and the newspaper being shut down every day).

Are you mad?says:

Re: Re:

“Actually, it is legally one of the problems of user submitted sites, and one that uses your own arguments against IP addresses as being valid to prove the point.

If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings.”

This is were RIAA etc.. massively fall down. You don’t prove negatives you prove positives.

Hypothetical situation, someone has stolen a tv, you have a very basic description, tall, mid 30’s, black hair. Person A matches this. How do you use their description to prove it wasn’t them….

You can’t.

You can’t use IP addresses to show whose who in any circumstance. They can be used to give an indication i.e. if my friend was arrest for something he did online and his IP at the time was mine, then it could be used as support evidence (although it would be circumstantial)

If you suspect companies who have safe harbour provisions are taking the mickey and want to protect against this then the best you can push for is to require them to log their activity, but this is a massive infringement on the employees basic rights, which ultimately trump copyright/int prop rights.

Paul Clarksays:

Re: Re: Guilty Until Proven Innocent

ok. So you are guilty until proven innocent?

So under that logic are you ok with this logic?

You own a fast car. People with fast cars speed. I am going to issue you 5 tickets in a row because you commute to work each week day and I know you are going to speed each day. Oh wait. Five tickets means your license is suspended so you can’t drive at all. Since we know that you will drive without a license as you are a criminal, we are impounding your car. After your license suspension, if you can prove that you will not speed again, your car will be returned to you. In the meantime, we will make use of your car as we see fit.

PaulTsays:

Re: Re:

Wow, where to start…

“If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings”

If “in the company”, you mean within the company hosting the service, they will have their own logs. Most companies will use an internal network that translates IP addresses to communicate to the outside world. Therefore, you should be able to tell quite easily whether the internal network or external network was involved.

It can be a little more complicated than that, but you immediately have a greater level of falsifiable evidence than the RIAA have ever submitted to a court.

“The safe harbors should exist only to protect the company, not the individuals involved.”

Indeed, but one of the things that goes along with the due process you mock people here for defending is the idea of the assumption of innocence before proof of guilt. It’s down to you to prove that the company is guilty, not for them to prove your accusation false. Since, as you admit, it’s a company and not an individual that needs to be identified, the burden of proof is lower.

“They should be required to know who is uploading, who is responsible, so that the law can be applied fully.”

…and how do they do that, genius? You seem to again be talking about identifying individuals rather than simply whether an internal or external source was involved. How do they do that to satisfy you?

“Without proof of who is actually uploading, it’s a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.”

It’s a pretty good assumption that you were paid to write this post by GoDaddy to make their critics look bad. There is no proof to the contrary.

That’s as accurate as what you’re saying.

Anonymoussays:

Re: Re: Re: Re:

“If “in the company”, you mean within the company hosting the service, they will have their own logs. Most companies will use an internal network that translates IP addresses to communicate to the outside world. Therefore, you should be able to tell quite easily whether the internal network or external network was involved.”

Paul, you are one of the ones who has pointed out that IP addresses are not enough (in your opinion) to convict anyone. Any computer guy with half a lick of sense could whip up all sorts of fake logs. What’s your point?

Someone working at the company can upload to the servers, and then fake the log to show it coming from outside. Is that really proof?

Come on. If you are going to take the side of an argument, accept that it applies in both directions. Stop flip flopping.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re:

First off, let’s be clear: if the company runs the servers, and the servers contain illegal material (let’s say phishing to make it legally easier to understand). Now, at that point, the company is pretty much “dead to rights”. Their answer would be to say “wait, that is a user account, and this is the user information”, right?

The problem? They may not have user information, they may have nothing more than an IP address in a log. Now, if that IP isn’t enough to merit a conviction in other cases, why should it be enough to get them off?

If the form is on the server, and the server belongs to the company, they are already very close to proving guilt, don’t you think?

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

They are close, yes, but that is not proof of guilt anymore than find a bloody knife in your home proves you stabbed the man on the street. Further evidence is required, as what you have is circumstantial. Ergo, the logs would be examined. You say the logs can be modified, but that does not automatically negate their usefullness. A forensics examiner that specializes in systems can determine if the logs were modified and give a possible time frame as to when. Do not discredit ANY evidence based upon your own bias.

PaulTsays:

Re: Re: Re: Re: Re: Re:

“Paul, you are one of the ones who has pointed out that IP addresses are not enough (in your opinion) to convict anyone.”

That’s correct. they can be the jumping off point for an investigation, but they can NEVER be used as the sole piece of evidence, not least because they do not identify a person.

Why do you twist words to fit your own fake version of reality? By all means, use IP addresses as part of your case. But, you will lose if they are the entire case.

“Someone working at the company can upload to the servers, and then fake the log to show it coming from outside.”

So, because they can be faked, we should just ignore any investigation and assume the company is at fault? Scammers would love your world, they can get away with anything so long as they managed to find a scapegoat, and that’s trivially easy by the level of proof you’re demanding. No scammer would ever get caught, and no business that offers any kind of user service would ever stay in business.

The eejitsays:

Re: Re:

You, sir, are an idiot.

How do you prove a negative? And why, may I ask, are you even posting here if you wish to ramian anonymous? What laws such as SOPA do, is to remove anonymity, which is, to a point, essential for demodracy to function.

What companies like Universal fail to realise, is that they are trading long-term growth, for short-term profit at the expense of the consumer. And that is an unsustainable business model, as once the consumers no longer trust you in a symbiotic economic relationship, it makes the situation ripe for a new competitior to steal their market share by learning from their mistakes.

Trailssays:

Re: Re:

“If you allow anonymous user postings, please tell me how you prove it wasn’t someone in the company doing the postings”

Prove you didn’t kill someone or the gov’t will seize your domain.

Remember now, innocence is assumed, and the gov’t is the one who needs to come up with substantiating evidence in order to seize property.

Your strawman is teh suk, please try again (or not).

Machin Shinsays:

Re: Re:

Yup and by your logic the government should be allowed to have cameras in all our homes and businesses. Every move every person makes should be watched. Privacy is just a shield criminals hide behind.

In other words, until you setup webcams in every part of your house broadcasting 24/7 to the web so we can be sure you are not doing anything illegal I will just reject any arguments you make to take away my privacy online.

December Advocatesays:

Re: Re:

So you say “without proof of who is actually uploading” and then go on to suggest that it can be assumed that the company itself is involved. Well, that’s the thing about law is that you can’t just go assuming without proof or the whole thing falls apart.

I mean, I’m assuming you are responsible. I can’t find proof that you aren’t so I am going to assume you are and take legal action accordingly.

Anonymouse Cowardsays:

Re: Re:

“Remember now, a log of IP addresses is something that most people here claim isn’t enough for prosecution, so why should it be enough to prove innocence?”

Because we don’t have to. We are presumed innocent until proven guilty. If you have to prove your innocence then we are no longer living in a free and democratic society.

Rikuosays:

Re: Re: Re: Re: Re: Re:

“If there are phishing forms on the server, and the server belongs to the company, then who’s forms are they?

Nobody’s?”

Then do some f*cking investigative work and find out who is responsible.
You DO NOT shut down the website without due notification. You DO NOT assume someone is guilty when you declare a a lack of evidence.

Just…why are you arguing that, in the event of the police being unable to find out who actually posted the phishing forms, then the company must automatically be guilty of the crime?

Anonymoussays:

Re: Re:

Why should anyone assume that an anonymous post on a site that allows user generated content comes from the site’s operators? It could be from anyone. What happened to “innocent until proven guilty”?

Your second argument seems to be that someone needs to be held responsible for the content, so if we can’t find someone else to blame, we should hold the site’s owners liable, and blame them for not recording enough information on their users for a successful prosecution. The problem with this policy is that it has the effect of stifling anonymous speech, and anonymous speech is vital to free speech.

Anonymoussays:

Re: Re:

Do you understand the concept of burden of proof? Have you ever heard of the presumption of innocence, that you are innocent until proven guilty?

If there is a problem, let the government go into court and make the case. If they prove such a problem exists, then corrective action may be made, and only to the extent to correct the problem. That is not what happened here.

Dudersays:

Re: Re: what?

“so why should it be enough to prove innocence?”

This is the crux of what’s wrong here. You’re trying to flip the whole justice system on its head. Its INNOCENT UNTIL PROVEN GUILTY!

How would you feel if you were arrested on rape charges, but you didn’t do it. However, since you can’t prove that you didn’t do it you go to jail and get listed as a sex offeder. Does that sound fair to you?

twogunmickeysays:

Re: Re:

Why should company receive protection but not individuals? That’s backwards. It all comes down to people It’s “We the people” not “We the business”. Since when did a company have right? They shouldn’t but for some reason they do, and they get treated like people, and are give more rights then the average person. So what you want to do is give the rights to the company, but not to the people. Yeah that kind of thinking is just one of the many things wrong with the USA.

Anonymoussays:

All they have to do is to ask GoDaddy to take a site down.

If people bothered reading TOS/AUP BEFORE giving them the money to run the backbone of their site, then they wouldn’t have a problem. Plenty of excellent registrars that will require a court order to do anything. But GoDaddy can terminate your account and auction off your domain simply because they tell you they can. People need to learn to read, especially when it’s the door to your business.

mineratsays:

Wow, and here’s the super helpful response from the investigating agency.

http://news.ycombinator.com/item?id=3597821

Founder of JotForm here. I?d like to thank you all for your sympathy.

JotForm.com has been suspended by Godaddy for more than 24 hours now. They have disabled the DNS without any prior notice or request. They have told us the domain name was suspended as part of an ongoing law enforcement investigation. In order to resolve the issue, they asked us to contact the officer in charge at U. S. Secret Service.

When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.

Our guess is that this is probably about a phishing form. We take phishing very seriously. Our Bayesian phishing filter has suspended 65.000 accounts last year. We have been training it for many years, so it can detect phishing forms with great accuracy. We also take any reports about phishing very seriously and quickly suspend the accounts and let the other party know about it. By the way, we are also very serious about false positives. If we suspend an account accidentally, we will quickly resolve the issue, and apologize.

I believe this can happen to anybody who allows users to create content on the web. So, if you have such business, my recommendation would be to make sure that you can contact your most active users quickly if your domain is disabled. Many of our users are shocked and angry at us. But, many also thanked us for quickly letting them know about the issue by email and providing instructions to continue operating their forms. Since DNS propagation takes some time, many active users were able to switch their forms to the new domain before it went down. We still have not contacted all users, we are sending emails most active users first.

Violatedsays:

Re: Re:

It sounds like the US Secret Service are operating outside their area. From Wikipedia…

The U.S. Secret Service has two distinct areas of responsibility:

Treasury roles, covering missions such as prevention and investigation of counterfeiting of U.S. currency and U.S treasury securities, and investigation of major fraud.

Protective roles, ensuring the safety of current and former national leaders and their families, such as the President, past Presidents, Vice Presidents, presidential candidates, foreign embassies (per an agreement with the U.S. State Department’s Bureau of Diplomatic Security (DS) Office of Foreign Missions (OFM)), etc.

The closest match there is major fraud but of course JotForm have not done even minor fraud when anything that has happened is through their users.

I would say the person at JotForm was being nice to her for her to get irritated. Had it been me I would so be calling her three-word abusive terms by now with the middle word always being “lazy”

You would think she would be able to answer exactly why this domain was taken offline even before she took it offline. So to now have no answer indicates that there was no valid reason to take it offline.

yogisays:

Ditch the US

Yes, that is exactly what I told my wife, the musician: that her website, domain name, and server location should be as far away as possible from the US. I imagine that any other start-up not already based in the US would do the same.
Basically US has turned into Soviet Russia as far as freedom of speech and due process are concerned. The KGB is alive and well in America, thanks to the MAFIAA, the Democratic Party, and especially Obama, who made the necessary appointments in his government to make this possible.

Anonymoussays:

Re: Re: Ditch the US

Ah, you were so close, you had me till you took a sharp turn into the looney bin of people who believe that Jack Johnson is different from John Jackson (the donkeys and elephants). Take a moment to realize they’re ALL the same when it comes to being in big business’ pockets and the only difference between them is which part of life they want to dictate how we live, which they have no business to be a part of.

Yes, 25 years ago, there was a difference. Now, there’s not.

A Monkey with Atitudesays:

Re: Re: Re: Re: Re: Re: Ditch the US

not really… only difference is ones mostly Marxists at this point and the other are corporate shill/corportists (let the big corps rule, cant remember the proper term)…

Ill let you decide which is which… both could give a piss about the rest of us you know the actual citizens) and both tell tall stories to try get you believe they are different.

That Anonymous Cowardsays:

So this is the way it works online, lets apply it in reality.

We know that some members of Congress are corrupt and taking bribes. Until we can get around to getting the actual lawbreaker, we are suspending Congress and holding all members until a week from next Tuesday when we might read the case and figure out that grabbing hundreds of uninvolved people might have been stupidity on a scale the likes of which we haven’t seen since the last **AA press release.

Makes perfect sense.

That Anonymous Cowardsays:

Re: Re:

http://www.techdirt.com/articles/20120215/18044017773/us-government-suspends-jotformcom-over-user-generated-forms-censorship-regime-expands.shtml#c100

It might have been a form used in phishing, but they haven’t had time to actually look at the case and tell them while they are diligently working on destroying the entire business over what could be a complaint on 1 form that may or may not have already been removed by the automated system designed to combat these things.

Michaelsays:

Re: Re: Re: Re:

That’s what I’m trying to figure out. If they’re going to seize a website, they should’ve informed the owner immediately as to the specific reason why. This sort of case is setting a precedent for the future where government/law enforcement just walks up and seizes without explanation. Today it’s JotForm.com; tomorrow there will be another. Perhaps they’re trying to condition us into becoming complacent with this sort of behavior.

Gwizsays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

Too bad that this has nothing to do with copyright.

Fuck me, you guys are dense and fast to judgement!

Would you like to share with the rest of the class then, AC?

Since it appears that you are somehow omnipotent and have information that the guy running Jotform doesn’t even have, please fill us in. Or were you just pulling crap out of your ass again?

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re:

The owner of jotform has indicated that it is something to do with uploaded user forms.

There are plenty of indications that jotform was being used as a phishhaus. Just google “jotforms phishing” and you can enjoy plenty of interesting stories and “how to” websites.

There is absolutely no indication that this has anything to do with copyright. How are you making that conclusion?

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

So what, the police should go after the people responsible for the scams not the provider of a service that make it easier for them to do it, which is not illegal and is directed for law abiding citizens not them scamers.

This nothing like say a torrent website I want to see the government demonstrate that the majority of the users there are scamers and not honest people doing business.

Gwizsays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

There is absolutely no indication that this has anything to do with copyright. How are you making that conclusion?

Umm. I haven’t made a conclusion either way. You did when you stated empirically that it had nothing to do with copyright. So I asked how you might possibly know that.

And yes, I did see a few indications that this somehow involved phishing scams. I also saw a claim that this was a result of a DMCA notice, so…..

Adam jsays:

Whew! I’m glad that RIMDOJ (Riaa/ICE/MPAA/DOJ) stepped in and took down the website before finishing the investigation (insert sarcasm). So do we need SOPA/ACTA when RIMDOJ already takes down stuff they don’t like or understand? Nope.

I wonder if GoDaddy even hesitated, or considered the ramifications to Jotform’s business and all of its customers before it right clicked and hit “disable”.
I think it might be time for another GODADDY boycott.

PaulTsays:

Re: Re:

At this point, it doesn’t really matter. The domain’s been seized, rendering many of the company’s services broken. This has a knock-on effect to all the other companies utilising their services, probably a rather sizeable number given the number of forms created.

If jotform themselves were the ones responsible for the complaint, they have been denied due process, and the shutdown was ineffective at stopping them (since the site is still active on another domain). If they weren’t, then they were shut down because someone else did something wrong, as were all of their other customers.

Regardless of what the original problem was, there’s no justifying this.

Anonymoussays:

Competition is a bitch

I see in the comments on that post that at least one competitor has jumped in to steal users already… a competitor that isn’t even setup to allow user registration (which is kind of ironic for a webform generating tool).

Makes one wonder if this “competitor” had anything to do with the phishing scam that got jotform in trouble.

Anonymoussays:

It would appear that jetform was being used as a landing site for phishing scams, and some have suggested in comments (and on other pages in Google) that when RSA complained to them, they did not promptly remove the forms, and allowed more similar forms to be created.

If this is the case, this is clearly one of those reasons why you cannot simply have a blank “user submitted” universe without responsibility.

That Anonymous Cowardsays:

Re: Re:

well jetform is the devil then.
Shame they shut down jotform.

RSA, you mean the morons who were hacked by the incompetence of their staff and ended up denying they lost the keys to the kingdoms until the 4th customer of theirs was hacked using the stolen RSA keys?

Cause everything on the web is reals and stuff…
Google Santorum… I’ll wait.

Q – If RSA sends you a letter asking you to burn your house down would you do it?

Define “promptly”.

Your one of the reasons the idea of personal responsibility is dead. Its not my fault I got hacked, this form hosted online without a secure connection, from someone I’d never heard of told me I was getting MILLIONS of course I filled it out.

A blank user submitted universe would suck, which is why its awesome that people create things.

Buhbye mr shill man….

0/10 – cite sources, spell names correctly, get new buzzwords

Anonymoussays:

Re: Re: Re: Re:

Paul, perhaps you might look at their site:

http://www.jotform.net/answers/71999-Phishing-site-hosted-at-Jotform+jotform+phishing&cd=3&hl=en&ct=clnk&gl=ca

or this cached tutorial on how to use them for phishing:

http://webcache.googleusercontent.com/search?q=cache:bDxF20GK1-4J:hamycheeta.blogspot.com/2011/11/hacking-tut.html+jotform+phishing&cd=7&hl=en&ct=clnk&gl=ca

it would appear that the service was VERY popular with scammers.

That Anonymous Cowardsays:

Re: Re: Re: Re: Re: Re:

We would look at their site….
EXCEPT ITS OFFLINE.
headtilt are you new to the interwebs?

And from that webcached site…

“Note:
? Your form will not last forever so check your form daily if it still working and if not, make another form then replace your Facebook”
(bet your surprised I managed to copy paste off of that site as they “block” you doing that.)

So like jotform actually did scan and remove bad things…

It would appear guns are very popular with criminals… LETS SEIZE THEM ALL!!!! RARWBLARGH!

yawn

Anonymoussays:

Re: Re: Re: Re: Re: Re:

It would be nice if the owners of the site were actually informed of what the problem was or why the site was seized, wouldn’t it?

Who cares that it was purportedly popular w/scammers? Scammers don’t run or own or operate the site. Those that do are the ones due an explanation when legal action is taken against them.

It’s only fair until it happens to you, right?

MeryRsays:

Re: Re: Re: Re: Re: Re:

Click the links, dork. They work.

The second link can’t really say if its the people at Jotform who wrote that or not, but that’s what a court case is about.

HOWEVER! Your first link sure seems to indicate that they do indeed respond to reported pfishing forms and remove them.

To quote the response to the forensic investigator’s post in its entirety here you go:


Answered by liyam on January 31, 2012
Thank you for reporting this, Aileen. I have now suspended the account. If there is anything that you need regarding this incident, please let us know and we’ll be glad to assist you.

Warm regards,

Liyam

Note that’s a same day response on a request for them to pull something down. So, we’re going with them being guilty why again? They have forms that clearly there is a guide to make… and its their fault someone else is making something using their service?

Shall we now ban brake fluid, guns, cars, hammers, knives and other sharp/pointy/blunt things that can be used in the commission of a crime?

BartBsays:

Re: Re: Anonymous Coward

“It would appear that jetform was being used as a landing site for phishing scams, and some have suggested in comments (and on other pages in Google) that when RSA complained to them, they did not promptly remove the forms, and allowed more similar forms to be created.”

Please give us the url to the US government agency site where you found this information at. Because “If” this is true you are right. but If you are just throwing this out there from other anonymous posters on other google pages on this subject, with no proof yourself (isn’t that ironic, you work for GoDaddy??) then it just proves you are a malicious idiot.

Anonymoussays:

Whenever I come across articles here that seem somewhat counterintuitive I try to do a quick bit of research to see how it is being reported by legacy and other media sources that have an established and widely respected reputation for being sources of generally unbiased news.

Unfortunately, here the only reporting as of now are various websites and blogs merely repeating what they read elsewhere. Thus, no new insights or facts are added from which I can get an idea what are the relevant facts.

The only thing I did learn, but as of now it is unsubstantiated, is that a request was purportedly lodged with GoDaddy by the US Secret Service. If this proves true, then perhaps there is something present on the site that is not an ordinary, run of the mill document.

I guess I will have to wait a little bit until more of the facts are fleshed out. In the meantime, I believe it would be inappropriate to post comments based on conjecture.

That Anonymous Cowardsays:

Re: Re:

They found a baggie of weed in a house 4 doors down from yours, so they closed down the entire city.

This is what Secret Service did, and they can not even be bothered to tell the owners what law they supposedly violated. They need a week to review the case before they can say anything.

This is shades of when the government meant to take down a website, and instead killed an entire domain and informed all of the visitors that they were shut down for being pedophiles. Because the idea of subdomains was something they lacked comprehension of. Still not sure they said sorry for that yet…. because that will surely undo accusing people of being pedophiles… works for the media.

Rikuosays:

Re: Re: Re: Re: Re: Re:

If you’re a regular reader of Techdirt, that last paragraph happened.

http://www.techdirt.com/articles/20110215/01092813096/did-homeland-security-seize-then-unseize-dynamic-dns-domain.shtml

http://www.techdirt.com/articles/20110217/00082213144/homeland-security-wont-even-admit-whether-not-it-seized-mooocom-taking-down-84000-innocent-sites.shtml

http://www.dhs.gov/ynews/releases/pr_1297804574965.shtm

Basically, thousands of people woke up one morning to find a big official banner over their website for all to see, accusing them of being child pornographers.

Rikuosays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

From the DHS.gov link
“Individuals attempting to access the seized websites will now find a banner notifying them that the domain name of that website has been seized by federal authorities.”

Go here to see the actual banner
http://techland.time.com/2011/02/17/operation-protect-our-children-accidentally-shutters-84000-sites/