Hacker News new | past | comments | ask | show | jobs | submit login
BugMeNot Is Gone? (bugmenot.com)
116 points by jacopoj on Nov 15, 2022 | hide | past | favorite | 50 comments



Looks like it's just misconfigured. The non-https is still around: http://bugmenot.com


Looks like that's gone too


It's not, the HTTPS site has the HSTS header, so your browser will always redirect to the HTTPS version even if you try the plaintext port. Gotta clear your browser cache, or try another browser.


Not from here, no...


Hsts?


HTTP Strict Transport Security

It allows servers to specify that browsers should never even attempt to make an unencrypted request to the site and instead silently convert any such requests to encrypted requests.

This header is good for security but it’s also convenient for old sites that don’t want to update their existing links. They can upgrade the whole site to HTTPS without any content changes.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/St...


https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Trying from another browser works


That stands for HTTP Strict Transport Security. Its a http header that basically tells your browser to only connect to this website via HTTPS/TLS for a configurable amount of time.

Its a protection mechanism that prevents encryption stripping man-in-the-middle attacks.


I know, that's why I mentioned it. The http site worked fine for me, so I figured parent post already has a HSTS entry in his browser


works fine for me


that doesn't work either


It got less and less useful in the last years a lot of sites killed a login as soon as it hit bugmenot understandable to shut it down.


Still worked for ~75% of sites I visited. Especially smaller sites and those annoying forums that required a login to download attachments.


Web-browsers are a lot better at auto-filling registration forms correctly thesedays, and now that even Office 365 supports disposable e-mail addresses means that registering for online services is far less of a chore than it was before. Also, many sites support federated identity (OIDC, Sign-in-with-Google, etc) which also takes a lot of the pain away.

I remember in years gone-by, before data/privacy-laws were either introduced or widely understood by web-devs that sites would have all manner of required fields just because someone from marketing or management thinks they need to collect everyones' home address, age, home, work, and mobile phone numbers, and sex/gender - now that they legally can't (without a good reason) things are a lot smoother.

So in summary, BugMeNot is gone because the severity of the problem it aimed to solve (online registration tedium) has been reduced below the threshold of action.


No, that's not it: privacy from corporate tracking.


Yeah. It's been "gone" for a decade, in some sense.


I think the past 5 times I've tried getting a valid user/password combination from here it has not worked.


Hadn't used it in a while but I used to love this site years ago. Such a convience.


It seems only the 'https' site is gone, the 'http' site is still around[0].

[0] http://bugmenot.com/view/news.ycombinator.com


Not working for me ~8 minutes later.


It's probably your browser trying to protect you from yourself, re: HTTPS. It works in non-user hostile browsers.


Which browser from this decade ignores HSTS completely?


Chrome can actually bypass HSTS if you enter the super secret code in the security warning screen. The code is changed regularly though, you'll have to check chromium source code to get the current bypass code. (e.g. https://chromium.googlesource.com/chromium/src/+/refs/tags/1... )

Very useful for testing but don't make a habit to use it on some random websites.


It works for me in firefox, but I've got it locked down pretty hard.

I have the following all set to false in about:config

  network.stricttransportsecurity.preloadlist
  dom.security.https_first
  dom.security.https_first_pbm
  browser.fixup.fallback-to-https


Safari on iPadOS 16 loads that just fine for me.

I’d forgotten all about this site, don’t remember ever using it but I certainly heard of it.


Haven’t managed to find a site (apart from HN) that it does allow yet!


I reckon this is because MediaTemple migrated a bunch of customers over to cPanel today…

My old (gs) website started showing the same error page within minutes of this being posted.


They used to be hosted by NearlyFreeSpeech.Net


Still works via HTTP

Used it recently for ABC iview because now they require a fucking account, even though I'm paying for this through my taxes.

Used it about 2 months ago for a download off some random forum which required an account.

Great site!


I stopped using this site along with retailmenot a long time ago as they aren't very useful anymore...


Mediatemple. Haven't heard that name in ages. It looks like they're still in CA.


With the amount of paywalls with 'Premium articles' the usefulness of Bugmenot declined IMHO. It sucks, because I used it quite a bit back in the day.


I find for a lot of these webshites [sic], going into Firefox reader mode and reloading the page works.


Blocked in uBO by The Block List Project - Malware List.


Block list without veracity or traceability doesn't mean much...


I was hoping someone would know why it was blocked as malware, thinking it might be compromised and that people should be warned. VT says it's safe though so it's likely a mistake. Not sure what you mean about traceability. You could check the github.


Didn’t work in recent times anyway.


I check the copied password for whitespace and usually that's the reason for the password not working


interesting. Will check again in future. Thank you.


BugMeNot was a good example of a pivot - RetailMeNot https://en.wikipedia.org/wiki/RetailMeNot ($90 million for the founders)

Which is why they let BugMeNot start slipping over a decade ago removing domains when requested, they didn't want to risk the cash cow.


It wasn't a pivot - the founders were great bootstrapped hackers who wanted to try out different models.

They promoted RMN to BMN users which gave it a meaningful early boost.


Too bad RMN is garbage these days.

Either the promo codes don't work, or they're not even promo codes at all, just a list of sales. And half the time, those sales are expired.

I just use Honey these days to automate trying all the codes. Yes, I know I'm certainly giving away my shopping habits, but I don't really care.


Never understood why people use it seems to be too risky.

You can end up sharing an account with someone associated with some unsavory activity and end up having to explain it.

Plus many sites allow users to view their login and download activity logs which means your private information can leak that way.

Sure VPNs and TORs can help mitigate some of that risk but BMN isn’t for opsec it’s for continence if you already are taking extra steps for opsec you might as well use disposable email addresses for your disposable accounts.


I only ever used it to access things that should not have been behind a user account in the first place. It was really just an opt out for the forced "sign up for our newsletter/spam to download our app" type paths. The only thing it'd really leak is that someone with a particular IP had used bugmenot... Which many would likely consider an advantage over going through creating an account and potentially getting spammed.


I rely on email proxy for most stuff nowadays, so when I register an account I can at least temporarily disable the address used for this particular service if it gets too spammy.

Combined with a password manager it's mostly the only way to stay sane online.


It doesn’t matter you use it to access a news article someone else uses it to issue a death threat as a joke or do something worse your IP is tagged on the same account and someone might come knocking.

Law enforcement isn’t even likely to know that the account is on BMN or even what it is. And what’s worse is if the rest of the IPs are foreign but you are local well congrats you’ve now become the focus simply for being within reach.


That sure is a bunch of fearmongery. With how mobile everyone is these days an account can be logged into by hundreds of IPs, including residential IPs like friends and family. It's not a very significant data point for law enforcement unless they can find any actual dirt through that.


You typically don't put in any information in these systems.

It is mainly to combat download links that require you to create an account etc.

I really don't see any risk if you use it for stuff like that. And they'd have to really put in an effort to even find you.


I created several BugMeNot accounts over the years without any issues. I guess if any of them got used for unsavory stuff it would be pretty clear from the logs that the account was shared.


Throwaway email addresses were not a thing.

Spam laws were not there.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: