
Jotform domain seized by US due to user generated content - Maxious
http://www.jotform.net/blog/45-JotForm-com-Suspended
======
mixmax
If you read through the comments there's a lot of angry users demanding
refunds and questioning the service. There's a fair chance that they won't be
able to bounce back after this. Especially if the domain doesn't come back up
within a day or two.

In other words, this might very well kill a company that someone worked hard
to get off the ground. And if you have any usergenerated content it might
happen to your company too. Apparently without due process, and without
warning.

This is preposterous.

~~~
billpatrianakos
Those comments really got to me too. What really struck me was that they
seemed to be angry at Jorform! These angry users are talking about security
too as if they were attacked or something. I really feel for the users but at
the same time I'm angry at them for placing the blame where it doesn't belong.
Instead of being mad at Jotform they should be mad at the government.

A while back I was advocating that we reach out to such people and explain
this SOPA censorship stuff in a way they understand and this is precisely why.
SOPA's supporters have done a really great job of training regular folks to
think like some of these angry users making them think that somehow it was
Jotform that did wrong. If they only knew how totally arbitrary this stuff is
I think they'd be mad at the Feds like they should be.

It's so sickening that the government probably just hurt not one but maybe
thousands of companies in one fell swoop and everyone's pissed at the wrong
guy. Then the politicians want to go around talking about creating jobs... Ha!
How about destroying them? That's what it looks like to me.

~~~
benologist
Why shouldn't they be angry at jotform? It looks like they had no expedited
process for reporting phishing forms which _had_ to have been a known risk
somewhere around #1 on their list of known risks, they actually made it easier
to go upstream instead of searching for their contact page (only linked in the
footer) and hoping someone replies today.

Did they have any automated detection? If they didn't have a "report a bad
form" button then maybe they didn't even try and find bad forms ... like
anything with a sign in button or password field. 2 million forms is too many
to inspect, but you could narrow that list down very easily.

What happened to them sucks but it seems like the problem could probably have
been avoided.

Edit: it let me make a form with "Account number" and "Password" complete with
emailing me what people put in it which is suggestive of no preventative
measures _at all_.

~~~
AndyJPartridge
Some good points.

But surely they should have been sent a warning, even a 24 hour one, to remove
some content before just being wiped off the Internet.

This action is business destroying and draconian.

~~~
benologist
Don't get me wrong, I absolutely agree they shouldn't have been destroyed and
that GoDaddy has no right to be the executioner.

~~~
sukuriant
Then how do you rectify the statement you made that their customers should be
angry with them, and that they shouldn't be destroyed? I really want to hear
this.

~~~
benologist
Because there are two things here:

1) GoDaddy overstepping their bounds and shutting down a website

2) JotForm having inadequate, perhaps even non-existant measures in place to
prevent or respond to phishing

Obviously #1 dwarfs #2 significantly but that doesn't make #2 okay.

~~~
sukuriant
How doesn't it? The argument could be made that GoDaddy would have done that
deed anyway, even if (2) hadn't been rectified.

GoDaddy might not have, if those provisions had been in place. Do these sorts
of stories with GoDaddy happen often?

~~~
benologist
GoDaddy's actions don't cancel it out because ignoring or not adequately
preparing for phishing was wrong _every single day_ and a foreseeable problem
for about a decade now. They had a responsibility to prevent this for their
paying users.

Maybe it wouldn't have saved them, but there are a lot of free-x-hosting
companies out there that _haven't_ been shut down in spite of abuse.

~~~
sukuriant
Do you plan for every illegal thing that could happen on your website?

It's easy to not imagine what sort of evil your site could be used for when
you're thinking of just the awesome problem you're trying to solve.

~~~
benologist
This isn't really some unforeseeable edge case that nobody could have
reasonably expected to happen - their site lets you build a form, embed it on
a page, and they either email or save the form data for you. Not anticipating
phishing would be fine if it was 10 years ago.

~~~
drucken
benologist please stop trying to make it sound as if there is any dependency
between your 1 and 2.

How can anyone who has ever used the Internet or has even a basic
understanding of the Domain Name System believe that it is a registrar's right
or responsibility to take down a domain, especially without notice, and that
does nothing to contravene the conditions of owning that domain name?

I wouldn't even say you are beating a dead horse with that dependency. It was
never a horse to begin with!

The blame obviously lies squarely with the US federal agencies - you do not
see this happen in other developed countries, for example (UK does not count
since its a US colony in all but name).

In particular, to be able to shutdown or ruin the reputation of a business at
the drop of a hat due to _alleged_ breaking of the law - not even by the
business itself - before it has even been processed by the justice system!

Just imagine if this had been a takedown of Google, Microsoft, Apple or
Facebook site, all of which easily meet or have met the conditions for alleged
infringements of US IP or other laws at some point, if for no other reason
than hosting user-generated content...

~~~
drusenko
There's no evidence whatsoever that this was a US govt take-down. Everything
we've seen so far indicate that it was GoDaddy's doing.

~~~
rooshdi
The U.S. Secret Service was involved.

------
ericabiz
Can we all PLEASE agree to stop using GoDaddy?

This is a GoDaddy thing, plain and simple. They get one complaint--they shut
your domain name down by changing the name servers to NS1.SUSPENDED-FOR.SPAM-
AND-ABUSE.COM and NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM. Exactly what happened
here.

This has been going on for at least SIX years now; see
<http://seclists.org/nmap-hackers/2007/0> (and I saw a hosting company shut
down for similar reasons a year before that.)

Wasn't their support of SOPA enough? When are we all going to wake up? How
many times does this have to happen?! STOP. USING. GODADDY.

~~~
zacharycohn
GoDaddy may not have fought very hard for Jotform, but I'm pretty sure any US
registrar would be hard pressed to the US Government saying "Turn off this
website or else."

~~~
JumpCrisscross
At this point it seems negligent at best to host your site on a US or US ally
based registrar

~~~
regularfry
...or on a .com, .net or .org tld, since "having a business connection with
Verisign" is enough to put you under US jurisdiction. Apparently.

~~~
rmc
The USA judicial system might think you are under their juristiction, but your
local juristicion might disagree.

I can't wait till they cross the line, and block some .com, then a group in
that (non-US) country gets local injunctions forcing it to resolve. It could
split DNS or wrestle it out of US control.

~~~
calloc
<http://lmgtfy.com/?q=Rojadirecta.org>

[https://www.eff.org/deeplinks/2011/08/court-refuses-give-
sei...](https://www.eff.org/deeplinks/2011/08/court-refuses-give-seized-
domain-name-back-claims)

The domain has still not been returned.

------
aytekin
Founder of JotForm here. I’d like to thank you all for your sympathy.

JotForm.com has been suspended by Godaddy for more than 24 hours now. They
have disabled the DNS without any prior notice or request. They have told us
the domain name was suspended as part of an ongoing law enforcement
investigation. In order to resolve the issue, they asked us to contact the
officer in charge at U. S. Secret Service.

When I contacted the Secret Service, the agent told me she is busy and she
asked for my phone number, and told me they will get back to me within this
week. I told them we are a web service with hundreds of thousands of users, so
this is a matter of urgency, and we are ready to cooperate fully. I was ready
to shutdown any form they request and provide any information we have about
the user. Unfortunately, she told me she needs to look at the case which she
can do in a few days. I called her many times again to check about the case,
but she seems to be getting irritated with me. At this point, we are waiting
for them to look into our case.

Our guess is that this is probably about a phishing form. We take phishing
very seriously. Our Bayesian phishing filter has suspended 65.000 accounts
last year. We have been training it for many years, so it can detect phishing
forms with great accuracy. We also take any reports about phishing very
seriously and quickly suspend the accounts and let the other party know about
it. By the way, we are also very serious about false positives. If we suspend
an account accidentally, we will quickly resolve the issue, and apologize.

I believe this can happen to anybody who allows users to create content on the
web. So, if you have such business, my recommendation would be to make sure
that you can contact your most active users quickly if your domain is
disabled. Many of our users are shocked and angry at us. But, many also
thanked us for quickly letting them know about the issue by email and
providing instructions to continue operating their forms. Since DNS
propagation takes some time, many active users were able to switch their forms
to the new domain before it went down. We still have not contacted all users,
we are sending emails most active users first.

~~~
colechristensen
Whats happening to you is an absurd abuse of power. Call the EFF, get a good
lawyer, and get in front of a judge as soon as possible. Call your senator,
your representative, and the local media. Don't annoy the secret service agent
who is destroying your business because it likely won't help.

~~~
AJ007
Yeah, you need an experienced lawyer and you need to go after GoDaddy
immediately. They are at fault here. The terms of any user agreement may be
invalid.

Next, you need to spend 100% of your time raising hell about this. This story
has all of the marks of stuff the tech press loves to eat up.

#1 Godaddy is run by a bunch of assholes who walk all over their customers
rights.

#2 The secret service is still full of a bunch of buffoons. These are the same
guys that raided a roleplaying game company because they couldn't tell the
difference between an imaginary game and a hacker manual. I'm sure the press
would like to answer the question, are they still hiring FBI rejects?

You have to turn this story the other way around. You can make jotform a name
people remember.

I've used jotform myself for quite some time (2 years or close to it?) It is a
great service. Obviously you were doing nothing illegal, and were going to
great lengths to stop the bad guys. Thats a news story everyone wants to hear.

------
foxylad
Today's sysadmin todo list:

0\. Get corporate membership with EFF.

1\. Identify all applications with user-generated content.

2\. Move all associated domains to a non-US based registrar.

3\. Migrate DNS, web serving and other critical services to non-US based
servers.

4\. Migrate yourself to a non-US controlled country.

I'm sorry for US sites and users. Your government is hell-bent on turning the
internet into a read-only device like TV, easily regulated and controlled. The
population will be required to sit quietly and keep their eyes glued on the
screen so they don't miss the ads, with any infringers deemed terrorists and
pedophiles and thus deserving of summary punishment by DHS squads.

Hopefully the internet will route around the damaged segment, and the rest of
us can continue to enjoy the amazing interactivity it has brought our society.

~~~
lightyrs
"hell-bent on turning the internet into a read-only device"

well put

~~~
cgarvey
Agreed. Quote of the fucking year.

~~~
astrange
It's only February. Or is the fucking year on a different schedule?

------
aphyr
A large (10m uniques/mo) web site I used to work for had a complete DMCA
takedown process in place. Links on every page, web forms, contact emails,
physical addresses, etc. Then our site went dark one evening. I spent an hour
frantically trying to figure out where our main web servers had gone, only to
discover that a "online anti-terrorism team" had taken issue with some user-
submitted content that didn't seem very friendly towards Americans. They
contacted Softlayer, our hosting provider, and said that anti-American content
was in violation of some commerce law--don't recall the exact details. It
wasn't what I would describe as a "credible legal threat"--they left no name,
no physical address, their web site looked like a vigilante operation.
Softlayer, in turn, sent us a "generic you have a support ticket" email and
b.) 72 hours later, unplugged the web server NICs. We suffered hours of
downtime without any idea what was happening.

We juggled dozens of Softlayer tickets at the time, so another anonymous
tracking number just got lost in the shuffe. Never underestimate the power of
unaccredited strangers to fuck you through your hosting provider.

~~~
seanp2k2
Hosting provider sysadmin here. We're required to do exactly what soft layer
did here, and 72 hours is pretty generous. We typically call the client if
they don't respond to the DMCA takedown notice within 24 hours an give them
another 24 to take down whatever content they're being DMCA'd for. It's shit
and I hate it, but if they don't respond, we do the very minimum damage
possible to make the content unavailable, as required of us by DMCA safe
harbor provisions.

If it is a managed service, we'll just chmod the image to 000 or whatever does
the least damage to their site. Unfortunately, if we don't have the login to
the server (unmanaged) or if it's a colo, we just have to disable that IP on
the switch or router (or null-route their IP for a bit) until they contact us
and can take their "illegal" content down.

My point: hate DMCA, not SoftLayer, for this. They (assuming unmanaged
service) just did what they were legally required to do.

~~~
aphyr
[edit] It's good that you _call_ the clients. Nothing drives me nuts more than
trying to sift through a painful ticket system where everything is tracked
only by reference number.

What pisses me off was that this wasn't even a DMCA request--SL had no legal
responsibility to take action. It was just some random internet vigilantes
making an unsubstantiated threat.

Come to think of it, SL may have taken us down for DMCA as well. We _had_ an
obvious path for handling abuse that both the accusers and SL could have used.
After some negotiation I think we were able to convince them to just forward
abuse emails to our address--but it took some doing.

~~~
seanp2k2
Ahh, Gotcha. When that ("frivolous legal threats")happen to us, we just don't
even reply to the person reporting it in most cases. If they're persistent, we
say in so many words "get a court order, then we'll talk".

We've had India law firms call us screaming at 6PM on a friday, and we told
them: \- we require that they submit all abuse matters to our abuse@ e-mail
address per RFC 2142 (kinda, but this sounds official when you say it to some
law intern chump) \- they can scream all they want; we're not taking it down
unless they submit a "valid legal order" to us (I don't even mention DMCA
because I don't want to give them ideas) \- we're not responsible for the
content of our clients, so they need to take it up with them

>"We had an obvious path for handling abuse that both the accusers and SL
could have used." They (accusers) don't, and they do this on purpose. They
don't really want the content just gone, they want collateral damage as
revenge for your "violation".

>"After some negotiation I think we were able to convince them to just forward
abuse emails to our address--but it took some doing."

Sorry that that even required negotiation. We forward all abuse e-mail besides
spam complaints for managed services. With anything like this, we try our best
to do as little damage as possible to our clients.

------
jcampbell1
The time has come to publicly shame any YC or startup that has a godaddy
domain. Switching registrars is not hard, and using godaddy is like having an
@aol.com email address.

I spent a few minutes checking the registrar for YC companies with press in
techcrunch:

crowdtilt.com

doublerecall.com

drchrono.com

memsql.com

verbling.com

readyforzero.com

~~~
ericfrenkiel
for the record, memsql.com is no longer registered with GoDaddy.

------
robomartin
Time for GoDaddy to go out of business.

I'll do my small part. I have over 200 domains registered with them as well as
a couple servers (to play with, not for anything important).

I'll start to transfer everything as soon as I identify a registrar that won't
fuck over their clients like this.

Any registrar care to make a statement of loyalty here on HN so we know that
you have our backs?

I am really starting to think that a coalition of large internet companies
needs to stage a full and real shutdown. I am talking about something
substantial, like a full day. This would send a strong message home to idiots
running this country.

This could be advertised and announced on a daily basis over the Internet and
TV for a full month. Then, on that Monday morning, all services go quiet for a
day while displaying an appropriate announcement on their sites. If the event
is well communicated to all users this should protect all involved from legal
action. If you've been told about it every day for thirty days that should
pretty much cover it.

Due process should apply to everything. We want due process. Sites that engage
in criminal behavior are one thing, but, when the government is the criminal
you are dealing with something entirely different.

Time to make noise again?

~~~
mansolo
Why didn't you move your domains with everyone else during the SOPA uprising?
JotForm sat on their asses and stayed with GoDaddy, now look at them.

Stop the song and dance. If you haven't moved your domains already, you
probably never will.

~~~
foxylad
I moved to Namecheap three GoDaddy scandals ago (the elephant one, before
Jotform and SOPA). You've got to wonder how they've got any customers left.

Maybe this is a good way to measure internet time - "We launched our first
service four GoDaddy scandals ago, and pivoted two scandals later."

~~~
mansolo
Nicely said. I'm did the same. The elephant incedent was more than enough
incentive for me never to do business with them again.

EDIT: Foxylad, you're the kind of ethical person I would like to work with in
the future. Please leave some contact info in your profile so I can reach you.
Thank you.

------
gabaix
_This can happen to any web site that allows user generated content._

How come we don't see Youtube, Yahoo, Facebook suspended? Do they have
procedure in place? Does that mean that you're much weaker if you're small?
What are the legal safeguards for UGC startups?

There should be equal rights for all companies. Right now it seems the US
government is picking those it can easily bully.

~~~
Terretta
> _How come we don't see Youtube, Yahoo, Facebook suspended? Do they have
> procedure in place?_

Yes, they do. And if you allow users to post content, you should too. You need
to formally register as a hosting company and have a DMCA process published
and usable.

First, register here:

<http://www.copyright.gov/onlinesp/>

If you've done it right, you'll get one of these:

<http://www.copyright.gov/onlinesp/agents/a/auganllc.pdf>

Then post a notice on a Policy page linked from every page of your site. For
example:

 _In compliance with the Digital Millennium Copyright Act (the “DMCA”), please
send DMCA notifications of claimed copyright infringements to: Advection.NET
c/o Jonathan Band PLLC, 21 Dupont Circle NW, 8th Fl, Washington, DC 20036,
with electronic copy by e-mail to..._

 _Pursuant to the DMCA, Advection.NET will terminate the accounts of repeat
infringers. Advection.NET will cooperate fully with any civil and/or criminal
litigation arising from the violation of this policy._

~~~
unconed
What if I'm not an American company, I just happen to use a .com domain?

~~~
count
Congratulations, .com is considered part of America (in the same way that .ly
is Libyan). You are now doing business with the US Government.

------
fauigerzigerk
I'm starting to think that the DNS as a whole needs to be replaced by
something that is more resilient against broken legal and political systems.

I'm not saying governments should not fight crime or that there should be no
way to shut down a website, but what we're witnessing these days is a total
breakdown of long established principles of law, including due process and
proportional justice.

It may sound strange and some would say nonsensical, but I feel that legal
systems worldwide and especially in the US have gone down hill since 9/11.
What seems to have changed is that governments have given up the idea that
global problems can be solved within the framework of established legal
principles.

It feels like everything they do is guided by a mindset of martial law. It's
all a helpless thrashing about. It's going to take a long time for the
globalised world to find its footing again and until then we have to find
better technical solutions to limit the damage they're able to do.

------
marshray
I'm as eager as anyone else to blame overzealous US authorities and GoDaddy,
but something doesn't fully add up. This doesn't fit the pattern of other
seizures we've seen.

Why isn't there a big scary US ICE seizure banner on the domain? They're
usually quite proud of their work.

Why is his .net domain still operational?

This looks to me more like GoDaddy operating on their own.

~~~
aptwebapps
It's not a copyright issue. Scuttlebutt is that someone used their forms for
phishing.

~~~
marshray
Seems like a plausible explanation.

Still, if the guy had not used Godaddy he probably would have his domain back
already.

------
fsniper
This form of law enforcement is wrong on so many aspects.

Out of online community, these kinds of law violations are handled in a more
sanely fashion. For instance, if a firms one department has a law violator,
law enforcers makes a case against the violators in obscurity and proceed to
handle violators trying to be as low damaging as possible. They won't block
any roadblocks that leads to every building or holding to that firm and try to
exclude any not related property or individual. But the things are different
on the Internet. It's ridiculous. The law enforcers treat online entities like
there is no business going around and every business is crime oriented. So
they just go forth and block every way of execution of the entity.

We must stand against this.

Also this is an ongoing trend over the world. And seems like it won't end any
time soon.

Governments are revolting against the Internet. I think they believe Internet
is becoming uncontrollable , so they are trying to make every ridiculous move
to make online entities miserable so they will settle with hard control
instead of these unbelievable ones and be happy.

------
Joakal
Why would GoDaddy open themselves up for this liability without a court order?

Registrant: Interlogy, LLC

Registered through: Go Daddy Domain Name: JOTFORM.COM

Domain servers in listed order: NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM

~~~
drusenko
I have no clue, but it almost happened to us, too:
[http://david.weebly.com/1/post/2011/12/godaddy-a-glimpse-
of-...](http://david.weebly.com/1/post/2011/12/godaddy-a-glimpse-of-the-
internet-under-sopa.html)

~~~
dcesiel
This is interesting. Obviously you've moved your domain away from GoDaddy,
what are some more reputable registrars?

~~~
rkalla
EasyDNS is excellent, but more expensive. It isn't a good place to park a lot
of domains, but a great place to host a few important ones. YC/HN uses them,
I've contacted them a few times, nice Canandian group.

------
tonywebster
I'm failing to see any indication that the government was actually involved.
Did the US government serve upon GoDaddy?

JOTFORM.COM nameservers are set to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM, and
spam-and-abuse.com is owned by GoDaddy. Just doesn't seem to be the normal way
the government has been involved, but then again, nothing should be normal
about domain seizures.

~~~
Zirro
This is probably standard procedure at GoDaddy, and since GoDaddy is very
loyal to the authorities, they probably considered the regular way of seizing
the domain unnecessary.

------
dendory
People making new sites need to stop making that mistake! Get something that
isn't .com (.me .info etc) and register it at a non-US based registrar. We
KNOW that US registrars always cooperate with corrupt government agencies, so
stop giving them business just to save a buck, and risk your whole business.

------
glfomfn
I am not quite sure if 'Seized by US" is the case, if you check out the dns
look up it points to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM which is owned by
Godaddy. After some searching it appears that that's what happens when Godaddy
suspends there service to you, from similar cases it seems that they can
transfer the domain to another registrar.

------
millzlane
Earlier today I got a phishing attempt with a link to a form hosted with
Google Docs. Does this mean the same thing can happen to Google?

------
damian2000
This is nothing to do with copyright issues: its to do with phishing and
scamming forms being setup by a handful of users. One would think they could
just remove those users and be done with it - this heavyhanded approach by
govt. is a total disgrace. When scam ads were found being run on the NYTIMES
website (without the knowledge of the NYTIMES) a while ago, did the govt. shut
down that domain? No f---ing way - because that would have p---ed off too many
people.

------
Karunamon
Am I the only one who has _slightly_ less sympathy with this company for
staying on the shitty webhost known as godaddy? Even after the SOPA debacle?
You wait until they affect you personally before doing the right thing?

Shoulda shown solidarity. That's what you get.

------
mindslight
not unprecedented for godaddy: <http://seclists.org/nmap-hackers/2007/0>

such willfull misunderstanding in those comments. my sympathy to the people
behind jotform.

the only way this can be (legally) fixed is by a court deciding that despite
all the mumbo-jumbo in the registrar terms of service, domain names look an
awful like property, and are not to be yanked without due process.
unfortunately it seems courts mostly write opposite-minded decisions these
days.

~~~
literalusername
Domain names look a whole lot like _rental_ property. They're hardly allodium.

~~~
mindslight
So? The same is true for real estate and most everything else with a central
registry. Jotform is paid up with ICANN through 2020. Even a _commercial_
tenant can't be evicted instantaneously.

~~~
literalusername
Agreed. My only point was that, contrary to your original assertion, domain
names do not look anything like property owned by the registrant.

That said, I do not support the confiscation, and I hope Jotform sues and
wins. I'm not holding my breath, though.

I would love to see a DNS replacement that is not only decentralized but
allodial.

~~~
mindslight
Is it possible for any distributed human-meaningful name to be allodial?
You're always at the mercy of a network of nodes to agree that you hold a
name, and probably have to incentivize them even. A non-human-meaningful
public-key based name would be allodial (even if you're relying on others to
distribute that fact). The latter system could certainly replace many uses of
DNS, but doesn't solve the introduction problem (granted, introductions could
be needed a _lot less_ , ie Jotform forms would still be working, as they
wouldn't require a reintroduction to 'jotform.com' for every visit)

(You're right in that I was incorrectly implying a domain name would be
property owned by the registrant. But it certainly could be considered
property that the registrant is currently in _possession_ of)

~~~
literalusername
I hope the answer is "yes", but it's a challenging question.

------
forrestthewoods
Any details on what the content was? The post implies that only a small amount
of user generated content is being investigated. This is the first I've heard
of a website being taken down entirely when only a small amount of it's
content is questionable.

I feel like a huge chunk of this story is missing.

~~~
tdfx
It appears people were setting up phishing forms using the service to grab
peoples' bank info.

~~~
narrator
Well at least it wasn't copyright related.

------
jcoder
Too bad jotform.net is also registered via GoDaddy. Should we be talking about
registrar diversification now?

~~~
beedogs
What we ought to be talking about is moving .com/.net/.org out of US
jurisdiction entirely, not just diversification. This will eventually happen
in one of two ways, one of which will leave US customers with a completely
separate com/net/org registry from the rest of the planet.

------
mds101
There are a large number of companies still using GoDaddy even after hearing
so many horror stories. Even some YC companies use them. If I had to choose a
service provider, then I would most definitely forego the ones who are reliant
on GoDaddy, even if it they are really awesome. After all being there trumps
being awesome by a huge margin.

I guess it's time customers started calling up these companies and telling
them that the reliance on GoDaddy is something that they are worried about.

------
rooshdi
Who needs SOPA when you can do whatever the hell you want. Great to know our
taxes are being put to good use and helping create new jobs and services.
Thank you US Government.

------
wxlittlemanxk
I can't believe this is being tolerated by our generation.

~~~
Zirro
I'm glad it isn't being tolerated by the new one. Look at the protests on the
streets. That is amazing by itself, but even more so is that it actually
appears to have some effect.

------
joedev
_This can happen to any web site that allows user generated content._ Yes,
that's true that it _can_ happen just as almost anything can happen. But to
act as if this comes as a surprise for which such a company should not be
prepared is either ill-informed or disingenuous, and somewhat unbelievable in
light of all the publicity around DMCA law recently. A company like Jotform,
or any company hosting user-generated content (not just to pick on Jotform),
can do a lot to help prevent it and protect their legitimate customers.

DMCA lays out several things which can be done to at least attempt to have the
appearance of qualifying for safe harbor. If you host user-generated content,
do you do one or more of these?

\- adopt and reasonably implement a policy of addressing and terminating
accounts of users who are found to be “repeat infringers?

\- remove or disable access to the allegedly infringing material upon notice?

\- implement any sort of "red flag" process?

~~~
dangrossman
We don't know that this has anything to do with copyright.

It's a form hosting site; the user-generated content could be bank account
phishing pages.

DMCA does not provide safe harbor from being an accessory to financial scams.

~~~
joedev
You could be right: [http://www.jotform.net/answers/72220-Fraudulent-site-
please-...](http://www.jotform.net/answers/72220-Fraudulent-site-please-shut-
down-Standard-Bank-12220-)

And JotForm appears to respond quickly and take action, at least to that
request.

------
larrys
"As a part of an ongoing investigation about a content posted in our site, a
US government agency has temporarily suspended our jotform.com domain. We are
fully cooperating with them, but it is not possible to say when the domain
would be unblocked."

The dns is set to a godaddy domain which has over 224,000 domains attached to
it.

<http://www.dailychanges.com/spam-and-abuse.com/>

As a registrar that has been contact by the US Government this (change of dns)
isn't consistent with what we have experienced when contacted about a problem
site. It's more consistent with an individual registrars policies.

If the government was seizing a domain, generally, they would change the whois
information. It wouldn't still be listed in the name of the registrant.

This isn't an attempt by the way to get one up on godaddy. They are a
gazillion times bigger than we are and they cater to an entirely different
market segment.

------
Yaggo
I've been searching for a good .com domain for my upcoming CMS (SaaS), but
after reading this I'll probably get a non-US controlled domain at least for
the service itself, and just use .com for a marketing site, if at all.
Moreover, .com is already overcrowded.

It's so wrong that a legit business can be killed overnight.

------
jarofgreen
Got an email from JotForm:

"Because of a Godaddy suspension, our jotform​.​com domain is currently
disabled. Since, we do not know when the issue might be resolved we recommend
changing your forms from jotform.com to jotformeu.com. "

So their .com domain is suspended, and they move to a new .com domain?

I don't understand; why don't they move to a European country top level domain
like jotform.co.uk (that one's been domain squatted, but I'm sure they could
find one they like.)

------
wenbert
Reading the comments below, am I safe if I have my domain name registered with
Namecheap? How can I make sure that this won't happen to one of my sites? Is
this Godaddy specific or all domain name registrars affected by this? What
about non-US registrars (can you guys name some)?

~~~
dangrossman
Any .com, .net, .org, .biz, .us, .tel, and .travel domain is subject to
seizure by a US court order. What company you register the domain at (and what
country it's in) is irrelevant since the registry itself (Verisign for
.com/.net/.org, NeuStar for the others) is in the US.

~~~
dotBen
Yeah but this doen't appear to be a US court order seizure

------
waxy
I don't know if it is because of Godaddy or not but boy I am glad i moved away
from them.

------
robomartin
It seems clearer than ever that, if we allow them to, our politicians are
intent on destroying the Internet as we know it.

Pretty ironic coming from the country that gave it birth.

------
caycep
If you use a DNS provider like pair.net - is godaddy involved at all? ie. are
there reselling/subcontracting of domain services we don't know about?

~~~
dangrossman
It doesn't matter what DNS service you use when the registrar can change the
DNS records for your domains, which is what they've done.

------
rabidsnail
Three letters: .is

~~~
literalusername
What's so special about .is?

From <http://www.isnic.is/en/>: "The registration of a domain confers rights
to the use of the domain name according to ISNIC rules at any time but does
not confer ownership of the domain."

~~~
rabidsnail
[http://en.rsf.org/islande-nouvel-
article-18-06-2010,37771.ht...](http://en.rsf.org/islande-nouvel-
article-18-06-2010,37771.html)

------
anigbrowl
This is a good reminder that startups need to have a basic legal gameplan as
well as an engineering and financial one.

~~~
GFischer
Sometimes you need to disregard legal advice (though, you do need to be aware
of the legal issues), else you wouldn't get anything done.

I had a nice startup idea, it was shot down by my legal adviser (which happens
to be my father :P ), and Google went ahead and implemented it (well, at least
he saved me from competing with Google).

------
bilban
Does that mean it takes one abuse of an account to take down a hugely popular
domain name?

That spam must have been terrible.

------
propercoil
Ron Paul 2012 our (tech community) only chance, research yourself.

~~~
bitwize
"He's got a chance!"

"Yeah, in France!"

"Bet you'd vote for Palin!"

[http://www.collegehumor.com/video/3980096/we-didnt-start-
the...](http://www.collegehumor.com/video/3980096/we-didnt-start-the-flame-
war)

------
hetaoblog
this is really interesting. what's the basic rule behind it?

i thought this only happens in china.

------
shingen
Worth noting that this is a top 5,000 global site, roughly speaking. The
fascist machine is definitely continuing to raise the bar on the commoners
they're willing to take down (they were always willing to go after a site like
MegaUpload, but this is a different category of assault).

Cycle it a few years forward and it wouldn't be surprising if 1% to 2% of the
biggest 10,000 .coms have been seized (100 to 200 sites).

------
drivebyacct2
> _All they have to do is to ask Godaddy to take a site down._

~~~
cr1t1calh1t
Fuck Godaddy.

I have been a vocal proponent of Godaddy over the years - but no longer.

Godaddy's involvement with and support of SOPA is reprehensible, but I was
hoping their about-face was for real, but this action is the last nail.

Look at jotform's nameservers:

NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM

That's just great....

I've got hundred of domains registered at GD, but I'll be damned if they'll be
there after tomorrow.

cr1t1calh1t

~~~
paulgb
It's "tomorrow" now, have you moved the domains?

------
aneth
It's time for a widespread revolt against domain name seizures and suspensions
without due process. Where do we start? This path will undermine the internet
economy and sets precedents for horrible oppression and control by large
interests down the line.

~~~
sounds
We need a replacement for ICANN. In other words, we need a replacement for
DNS. It is going to take a while to get enough of the public on board but it
seems inevitable to me.

------
droithomme
I am sure this is all fine. Our fine government would never do the wrong
thing.

</bitter sarcasm>

------
necenzurat
hahahahaha Godaddy sucker! just love the NS:

    
    
       Registered through: Go Daddy 
       Domain Name: JOTFORM.COM 
    
       Domain servers in listed order: 
          NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM 
          NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM

------
radagaisus
Did you know you can't buy the Israeli domain fuck.co.il?

Source:
[http://translate.google.com/translate?hl=en&sl=auto&...](http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Froom404.net%2F%3Fp%3D49444)

