Hacker News new | comments | show | ask | jobs | submit login
Jotform domain seized by US due to user generated content (jotform.net)
605 points by Maxious 1955 days ago | hide | past | web | 236 comments | favorite

If you read through the comments there's a lot of angry users demanding refunds and questioning the service. There's a fair chance that they won't be able to bounce back after this. Especially if the domain doesn't come back up within a day or two.

In other words, this might very well kill a company that someone worked hard to get off the ground. And if you have any usergenerated content it might happen to your company too. Apparently without due process, and without warning.

This is preposterous.

This is why the Pro IP Act from 2008 needs to be repealed as soon as possible. It's worse than SOPA for Americans because it can pretty much do all SOPA could do, but for domestic domains (.com, .org, .net, .us) rather than foreign ones. The Pro IP Act managed to pass by us just like SOPA almost did it, too.

I'm questioning the service, because I had to read about the outage on HN...and not through a warning email from jotform.

At the very least, they should have sent an email, telling people to switch the urls so the forms would work.

looks like they are on the ball, just got the email

But they needed to shut down Jotform because otherwise it would kill American jobs... right?

Those comments really got to me too. What really struck me was that they seemed to be angry at Jorform! These angry users are talking about security too as if they were attacked or something. I really feel for the users but at the same time I'm angry at them for placing the blame where it doesn't belong. Instead of being mad at Jotform they should be mad at the government.

A while back I was advocating that we reach out to such people and explain this SOPA censorship stuff in a way they understand and this is precisely why. SOPA's supporters have done a really great job of training regular folks to think like some of these angry users making them think that somehow it was Jotform that did wrong. If they only knew how totally arbitrary this stuff is I think they'd be mad at the Feds like they should be.

It's so sickening that the government probably just hurt not one but maybe thousands of companies in one fell swoop and everyone's pissed at the wrong guy. Then the politicians want to go around talking about creating jobs... Ha! How about destroying them? That's what it looks like to me.

Why shouldn't they be angry at jotform? It looks like they had no expedited process for reporting phishing forms which had to have been a known risk somewhere around #1 on their list of known risks, they actually made it easier to go upstream instead of searching for their contact page (only linked in the footer) and hoping someone replies today.

Did they have any automated detection? If they didn't have a "report a bad form" button then maybe they didn't even try and find bad forms ... like anything with a sign in button or password field. 2 million forms is too many to inspect, but you could narrow that list down very easily.

What happened to them sucks but it seems like the problem could probably have been avoided.

Edit: it let me make a form with "Account number" and "Password" complete with emailing me what people put in it which is suggestive of no preventative measures at all.

Edit: it let me make a form with "Account number" and "Password" complete with emailing me what people put in it which is suggestive of no preventative measures at all.

See this comment by the founder of Jotform: http://news.ycombinator.com/item?id=3597821 (Relevant quote: "Our Bayesian phishing filter has suspended 65.000 accounts last year.")

Some good points.

But surely they should have been sent a warning, even a 24 hour one, to remove some content before just being wiped off the Internet.

This action is business destroying and draconian.

Don't get me wrong, I absolutely agree they shouldn't have been destroyed and that GoDaddy has no right to be the executioner.

Then how do you rectify the statement you made that their customers should be angry with them, and that they shouldn't be destroyed? I really want to hear this.

Because there are two things here:

1) GoDaddy overstepping their bounds and shutting down a website

2) JotForm having inadequate, perhaps even non-existant measures in place to prevent or respond to phishing

Obviously #1 dwarfs #2 significantly but that doesn't make #2 okay.

How doesn't it? The argument could be made that GoDaddy would have done that deed anyway, even if (2) hadn't been rectified.

GoDaddy might not have, if those provisions had been in place. Do these sorts of stories with GoDaddy happen often?

GoDaddy's actions don't cancel it out because ignoring or not adequately preparing for phishing was wrong every single day and a foreseeable problem for about a decade now. They had a responsibility to prevent this for their paying users.

Maybe it wouldn't have saved them, but there are a lot of free-x-hosting companies out there that haven't been shut down in spite of abuse.

Do you plan for every illegal thing that could happen on your website?

It's easy to not imagine what sort of evil your site could be used for when you're thinking of just the awesome problem you're trying to solve.

This isn't really some unforeseeable edge case that nobody could have reasonably expected to happen - their site lets you build a form, embed it on a page, and they either email or save the form data for you. Not anticipating phishing would be fine if it was 10 years ago.

benologist please stop trying to make it sound as if there is any dependency between your 1 and 2.

How can anyone who has ever used the Internet or has even a basic understanding of the Domain Name System believe that it is a registrar's right or responsibility to take down a domain, especially without notice, and that does nothing to contravene the conditions of owning that domain name?

I wouldn't even say you are beating a dead horse with that dependency. It was never a horse to begin with!

The blame obviously lies squarely with the US federal agencies - you do not see this happen in other developed countries, for example (UK does not count since its a US colony in all but name).

In particular, to be able to shutdown or ruin the reputation of a business at the drop of a hat due to alleged breaking of the law - not even by the business itself - before it has even been processed by the justice system!

Just imagine if this had been a takedown of Google, Microsoft, Apple or Facebook site, all of which easily meet or have met the conditions for alleged infringements of US IP or other laws at some point, if for no other reason than hosting user-generated content...

You misread what I'm saying. Jotform users deserve to be angry about this situation which in the last decade has been successfully avoided by many free-x-hosting companies who actually prepared for obvious problems.

GoDaddy is, regardless, ridiculous.

benologist please stop trying to make it sound as if there is any dependency between your 1 and 2.

He didn't. In fact, his point was that there is not a dependency between the points - which is what it means that even if 1 is worse than 2, 2 is still a serious problem.

There's no evidence whatsoever that this was a US govt take-down. Everything we've seen so far indicate that it was GoDaddy's doing.

The U.S. Secret Service was involved.

Welcome to risk management 101. Lesson 1: assume the worst of the general public, and you won't be disappointed.

Do you think this would have been averted if they took all the measures you are proposing ? There are no set guide lines here according to which the government is taking down stuff.. This is not DMCA related to create an process to take down stuff.. Even if they could not find the contact page, taking the whole website seems to be ridiculous thing to do.

I think things like this will make websites with user generated content to move away from .com domains and even move into countries where there is more due process to things like this.

I think there's a decade of history that shows it could probably have been avoided - they're not the first free-x-hosting company to ever be abused for phishing.

The history of this matter stopped being relevant when domain-seizures stopped being the last option.

The same risk existed last year alongside the many exploitable-by-phishing flavors of hosting. Although this wasn't even a domain seizure, this is just an overzealous domain registar which has also, always, been a risk to web services.

That's the big joke man... modern day 'politicians' do not seek to create jobs. They seek control and power.

It's up to nerds like us to design, develop and innovate systems that decentralize not only the internet - but politics as well.

JotForm should have bailed from GoDaddy when most other people did. Instead, they were apathetic and took a chance with their business and all of their clients as well.

Damn right it's their fault.

I'm not sure many US-based registrars would be willing go against a law enforcement agency. Or would be able to do it twice.

It all depends on what was on the letter they got and who sent it.

Should they have ditched GoDaddy? Most probably yes. Would that save them now? I wouldn't bet my company.

I'd like to think that this is still a free country, and that there are some companies that still act as though we live under the rule of law, rather than automatically complying with every whimsical demand our government agencies dream up.

Now thiiis is a valid reason for it being their fault

Even if its not. Bail from Godaddy.com. Seriously. Granted the same problem may persist given that .coms have a US based organization that governs them (I think). Nonetheless, this is the exact same godaddy.com that supported SOPA. There have been so many forks in the road where the obvious choice was to bail on GoDaddy.com. Yet, they stayed and here they are.

This is why we can't have nice things.

Verisign, an American company based in Virginia, is the authoritative registrar for .com and .net.

More precisely Verisign is the registrY, GoDaddy the registrAR. Not that it changes anything in this case.

That's not a very solid argument. GoDaddy sucking is besides the point here. I doubt many if any registrars would refuse the government like that. But even that's beside the point.

What the real issue here is, is that law enforcement pretty much busted in and took down a domain name without warning. They shot first and asked questions later. Jotform is a legit site, not even close to dubious like some others where you can actually argue that they might have been knowingly violating copyright and such. This is scary stuff. There was no due process, no warning, nothing. They just did it. It's proof that any more laws giving the Feds power to take down sites is totally superfluous and unnecessary as its already happening in a very public way.

You don't get mad at the company for not switching registrars (even if they are a douchey one). Jotform could have been able to take care of this situation had someone just alerted them to the problem. No way is this their fault, especially not for the reason you put forth.

namecheap does, it is well known that GoDaddy needs nothing but an email from a semi-serious domain with bogus claims to shut down your business.

This was even a reason people were advocating against GoDaddy before the whole SOPA story.

We need a list of startups using GoDaddy, with alternatives, so we can be aware and not use these services for storing anything important.

I no longer want to take this risk blindly.

https://github.com/astronoob/NoDaddy Here is a chrome extension that notifies you if the domain you're on is registered through GoDaddy. Looks like it does an XHR request to who.is and then matches on: new RegExp("/(registrar\.godaddy\.com|whois\.godaddy.com)/")

Can we all PLEASE agree to stop using GoDaddy?

This is a GoDaddy thing, plain and simple. They get one complaint--they shut your domain name down by changing the name servers to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM and NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM. Exactly what happened here.

This has been going on for at least SIX years now; see http://seclists.org/nmap-hackers/2007/0 (and I saw a hosting company shut down for similar reasons a year before that.)

Wasn't their support of SOPA enough? When are we all going to wake up? How many times does this have to happen?! STOP. USING. GODADDY.

Seriously. I was prepared to be sympathetic until I saw GoDaddy's involvement. Jotform chose to use a despicable company with a long history of behaving in this way. They shouldn't be surprised when they're the next to get screwed.

They're trying to get sympathy from the internet by framing this as an example of SOPA-like abuse after they financially supported a company which supported SOPA. That shouldn't fly.

Heh, that was exactly my reaction. I was literally reading the statement out loud to a friend of mine as we talked about it and stopped midsentence and said "ha! godaddy. No wonder."

But that wasn't because Godaddy supported SOPA, although that does make me feel shadenfreude, it's because I used to work in the domaining industry. I honestly thought that even average web site operators with limited knowledge about registrars would know not to have your business domain on Godaddy. Even accounting for their scale there are a lot of shady episodes like this.

The SOPA part is just icing on the cake they were eating instead of doing their due diligence.

Yes. For another account, see David Rusenko's blog post about GoDaddy and Weebly: http://david.weebly.com/1/post/2011/12/godaddy-a-glimpse-of-...

Their .com doesn't seem to have the same ugly ICE/government/FBI logo landing page, so that seems to also implicate GoDaddy.

If that's the case they could get their services up again by just switching registrars and DNS servers. (?)

If it's anything like the others I've seen, GoDaddy will charge an "administrative fee" of hundreds of dollars to get the domain name turned back on, let alone unlocked and able to be transferred out.

I have been telling people this for YEARS. Yet everyone always thinks "It won't happen to me." Until it does.

Yet everyone always thinks "It won't happen to me." Until it does.

This principle also keeps Paypal in business.

Indeed, but there are zillions of good alternatives to GoDaddy (shouldn't the name be a clue???), many, sometimes no alternatives to PayPal.

(Wasn't I just reading something recently about a payments system startup that isn't likely to extend itself to Australia due to their laws and regulations?)

If you look at the spam-and-abuse.com domain, all the records pointed to it are GoDaddty domains, the IP addresses it uses are GoDaddy's, and the domain itself is registered to GoDaddy:


GoDaddy may not have fought very hard for Jotform, but I'm pretty sure any US registrar would be hard pressed to the US Government saying "Turn off this website or else."

Or else what?

If there's an actual law and due process, ok. If people are just supposed to automatically comply because somebody in a government agency says so...well, I hope we haven't sunk that far.

At this point it seems negligent at best to host your site on a US or US ally based registrar

...or on a .com, .net or .org tld, since "having a business connection with Verisign" is enough to put you under US jurisdiction. Apparently.

The USA judicial system might think you are under their juristiction, but your local juristicion might disagree.

I can't wait till they cross the line, and block some .com, then a group in that (non-US) country gets local injunctions forcing it to resolve. It could split DNS or wrestle it out of US control.

That's assuming your local jurisdiction has a spine. I have multiple .com and .net domains all done through Canadian registars, for the sole purpose of not wanting to deal with the BS that is going on down south. If what I'm reading is true, they can be pulled offline whenever someone gives the word go and they're gone. I have no faith that the local courts will do anything of use, especially with the current government that we have. I'd be hard pressed to think of any western nation that would.

Let's not get out of hand here. This didn't happen because it was in the US, this happened because the domain was on GoDaddy.

Having your domain hosted with a reasonable registrar would have been enough to prevent this.

Not saying this is what we would do (as a registrar) but an order from the government generally has a time stamp on it where you can verify the "order" and then comply. While I can't get into the time period allowed or any details like that I can say that it would be possible to alert the registrant and/or stall the request if one so chooses to do that. I'm not saying we would do this of course. I'm just saying that getting an order from the US Government, unless it appears on it's face to be a true emergency situation, a registrar could always take the time to check with legal counsel.

And if it were a true emergency the Government would go straight to Verisign (for .com/net) and not even bother with the registrar.

Do we have any evidence that the US Govt pressured them?

The fact that the secret service are involved? http://news.ycombinator.com/item?id=3597821

Fair enough, although that wasn't posted at the time I made that comment (which is why I asked).

Although to be fair, the SS just made a request, and GoDaddy had no responsibility to comply, they did so on their own accord without any type of process.

In my book, it's GoDaddy's responsibility to do the right thing, not the SS' responsibility to not complain. If they would have been with a reasonable registrar, this would not have happened.

This is exactly what I thought. I think SS just emailed GoDaddy and GoDaddy just shut down everything. Everyone is moving to different registrars, mainly NameCheap, I just hope they will be able to stand up for their users and ask for a court order. If other registrars start to shut down at the whim of the US Government, then we might have to move to registrars overseas. Unfortunately, that doesn't even seem safe to me, since there has been news of US pressuring other governments to put out SOPA-like laws. There is also the case of the British kid who was extradited to US.

I somehow have the feeling that moving out of GoDaddy won't protect you from any of this. Potentially the US "authorities" can take down your dot com domain (operated by Verisign), your hosting if in US, or maybe even prevent DNS resolutions to your domain inside the US (they can ask large ISPs to update their DNS servers). What you are left with is using a non dot com, non US hosting, and avoid having too much business from US customers. Then you might run into the same in Europe, etc. That does not sound like a good long term strategy.

Wow. There are over 224,000 domains that are linked to spam-and-abuse.com


Founder of JotForm here. I’d like to thank you all for your sympathy.

JotForm.com has been suspended by Godaddy for more than 24 hours now. They have disabled the DNS without any prior notice or request. They have told us the domain name was suspended as part of an ongoing law enforcement investigation. In order to resolve the issue, they asked us to contact the officer in charge at U. S. Secret Service.

When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.

Our guess is that this is probably about a phishing form. We take phishing very seriously. Our Bayesian phishing filter has suspended 65.000 accounts last year. We have been training it for many years, so it can detect phishing forms with great accuracy. We also take any reports about phishing very seriously and quickly suspend the accounts and let the other party know about it. By the way, we are also very serious about false positives. If we suspend an account accidentally, we will quickly resolve the issue, and apologize.

I believe this can happen to anybody who allows users to create content on the web. So, if you have such business, my recommendation would be to make sure that you can contact your most active users quickly if your domain is disabled. Many of our users are shocked and angry at us. But, many also thanked us for quickly letting them know about the issue by email and providing instructions to continue operating their forms. Since DNS propagation takes some time, many active users were able to switch their forms to the new domain before it went down. We still have not contacted all users, we are sending emails most active users first.

Whats happening to you is an absurd abuse of power. Call the EFF, get a good lawyer, and get in front of a judge as soon as possible. Call your senator, your representative, and the local media. Don't annoy the secret service agent who is destroying your business because it likely won't help.

Yeah, you need an experienced lawyer and you need to go after GoDaddy immediately. They are at fault here. The terms of any user agreement may be invalid.

Next, you need to spend 100% of your time raising hell about this. This story has all of the marks of stuff the tech press loves to eat up.

#1 Godaddy is run by a bunch of assholes who walk all over their customers rights.

#2 The secret service is still full of a bunch of buffoons. These are the same guys that raided a roleplaying game company because they couldn't tell the difference between an imaginary game and a hacker manual. I'm sure the press would like to answer the question, are they still hiring FBI rejects?

You have to turn this story the other way around. You can make jotform a name people remember.

I've used jotform myself for quite some time (2 years or close to it?) It is a great service. Obviously you were doing nothing illegal, and were going to great lengths to stop the bad guys. Thats a news story everyone wants to hear.

What if you give us the phone number of the agent in question?

Personally I think you made a horribly stupid decision to use GoDaddy, but it is what it is. Sounds like you need to launch a PR campaign about this.

Tell your customers to call the agent in charge. Tell your users to call GoDaddy to complain.

Put up a web page with a running ticker of how many people are getting their service interrupted because of this. Tell the world who is sitting on their hands while your business collapses. Call news stations. Put up a youtube video. Shine a light on this, don't just sit there hoping for an agent to give a crap.

Make this shit a bigger deal that the government and GoDaddy have made it. GoDaddy doesn't give a shit about your domain or your business. Make them give a shit. The agent in question couldn't care less about your troubles, their full time work is about making someone (hopefully the right person) miserable. You are just one more such person in the big stack. Make that agent give a shit.

Solution (1) - get another DNS name from another provider, and get your users using that for now.

Solution (2) - get a lawyer and prepare to sue for lack of due process.

Thank you for the details. Is your .net domain safer than the .com? and if yes, why? Also, do you think the domain suspension could have been avoided if you had used another registrar?

I don't know much about your defences, but a good way of making your site less attractive to phishers might be to put an artificial delay inbetween when a form is submitted and when the owner can get access to the submitted data.

If that delay is longer than it usually takes for an abuse report to come in, and for it to be acted on, then it would prevent phishers from getting any data before the page is taken down. Maybe just do this for free users?

Although this might prevent (a bit) that the phishers get the actual data and hence protect the victims, I am pretty sure that it won't cause any drop in phishing attempts. However for the legitimate users it will probably have a huge negative impact.

It's comparable to trying to stop spam in forums/blogs by disabling url's in posts. Usually you'll get the same number of spam posts, but the url's will be plain text.

It might actually be a good thing commercially. It gives them something to upsell. If you have a paid account, you get instant access to your form data. Free accounts have to wait.

I doubt it. Very little annoys users more than taking away something they are used to and trying to sell it back to them.

Thank you for the notification yesterday. We were able to move our forms to the new domain.

You provide an excellent service. Keep up the good work!

Depending on how much money your company has lost from this, I'd say its the foundation for some substantial lawsuits

Uh... I feel sorry for you guys getting abused like this, but.... Godaddy? You had know you were putting your business at risk using this company. Did you save enough money to make it worth going out of business?

This is complete bullcrap! From everything I've read, Jotform polices itself and actively tries to remove illegal material. This is EXACTLY what Google does. However, you don't see Big Brother going after Google just because they did a search on child porn and some hits came up.

We are taught not to bully but this is exactly what the U.S. Gov't is doing. Mixed messages?

Move to an .EU or .ME domain - problem solved. US government can't shut down these domains as they have no jurisdiction.

Oh.. and don't register the domains at Godaddy.

To get an .eu you need to be a company or a resident in the EU, they're not open to anyone.

The registry of .me, doMEn, is a joint venture between Godaddy and two other companies.

They also did that to me a few years ago, golden rule #1 don't host any domain of value with godaddy

Spin up JotForm2.com!

Sorry, but you get no sympathy from me. You are a financial supporter of pro-SOPA Godaddy and it bit you in the ass.

I'm just glad I haven't done business with you.

I have a friend who works for the Secret Service... but unfortunately, he doesn't work on stuff like this!

Today's sysadmin todo list:

0. Get corporate membership with EFF.

1. Identify all applications with user-generated content.

2. Move all associated domains to a non-US based registrar.

3. Migrate DNS, web serving and other critical services to non-US based servers.

4. Migrate yourself to a non-US controlled country.

I'm sorry for US sites and users. Your government is hell-bent on turning the internet into a read-only device like TV, easily regulated and controlled. The population will be required to sit quietly and keep their eyes glued on the screen so they don't miss the ads, with any infringers deemed terrorists and pedophiles and thus deserving of summary punishment by DHS squads.

Hopefully the internet will route around the damaged segment, and the rest of us can continue to enjoy the amazing interactivity it has brought our society.

It doesn't stop there. USA has been known to curb Internet Freedom by threatening foreign governments in private despite their hypocritical attitude of condemning censorship regimes.

You can see the list of governments whose policies is controlled by USA with the signatories of ACTA.

"hell-bent on turning the internet into a read-only device"

well put

Agreed. Quote of the fucking year.

It's only February. Or is the fucking year on a different schedule?

>> read-only devices like TV and newspapers

Their beauty is not only in their read-only nature, but also in the fact that their number and content can be controlled.

Losing control of the narrative means the end of the narrative.

In our case, the concept of centralized power is dying, because the tales that justify it are dying in unwatched TV programs and unread newspapers.

Unfortunately, their dying will take some time.

Fortunately, any measure taken to save a dying narrative hasten its end.

As someone who has been in the Internet business from the beginning with a number of startups under my belt and who "migrated myself to a non-US controlled country" (East and SE Asia) 25 years ago I would offer my the following formula for happiness:

1. Set up your company outside of the US.

2. Don't keep a bank account in the same country that your company is in.

3. Don't have customers in the same country that your country is in or where your bank account is.

4. Don't live in the country where your company, bank account or customers are.

5. Don't live in the same time zone as your in-laws.

I live in Thailand (for 13 years now) and have a company in Singapore. We are opening companies in Laos this year then Cambodia and then Burma over the next two years. My Bank Accounts are in Hong Kong. I try to find customers in any country other than those listed above, and the States.

Bandwidth is better out here than in most places in the States. And hardware is cheaper because you're buying closer to the source. And as long as you aren't living in Singapore, Hong Kong or Toyko, the cost of living is far cheaper than in the States.

This is not as difficult as it might seem. It's great living out here, and I would encourage everyone to do the same.

BTW our latest startup is an infrastructure for the semantic Web and about as cutting edge as you could hope for, so don't whine about how you can only do your startup in Silicon Valley. The future is here, not in the States.

"hell-bent on turning the internet into a read-only device like TV" At the behest of mostly the music and movie industries - who are so dead set on their antiquated business model, who see the free and open internet as a big big threat on all fronts. On one side you have this so called "rampant piracy problem" (lol) but on the other side you have the internet as a medium for artist to create, distribute, advertize, and sell their work without any need for the big players in the industry. This is what scares them most.. How dare this free and open thing put a chink into our profits, and forcing us to come up with a different way of thinking about the future. But instead their plan is to assault it, with the help of our bought lawmakers, and bring it under their control.

This case has everything to do with GoDaddy, and probably nothing to do with the US government.

I like to bash GoDaddy as much as anyone else, but it's not only their fault if they obeyed a law enforcement agency that issued an ilegal order. I'd like to see government officials being punished for that kind of authoritarian atitude more frequently (we have plenty of that here in Brazil too).

A tax audit is crippling enough for business. Registrars like GoDaddy are exposed to a huge vulnerability in the form they don't know exactly with whom they do business. All you need is a credit card.

A well response but possibly a useless one. I could not put this in words like you did but I believe, this process we are going through is not only US related.

It is by no means limited to the US, but various sources (such as wikileaks cables) make it clear that it is mostly the US government pushing for such draconian measures worldwide. So moving your business away from there to make it clear that you don't agree is a good thing.

You might find step 4. a bit difficult, finding a "non-US controlled country" isn't easy these days, and I'm not sure I'd like to live there.

Much as I like my country (Uruguay), I know we'd cave in faster than New Zealand did with Kim Dotcom.

China might not be US-controlled, but they have their own issues. And a smaller country means it's probably going to be bullied by the US. Maybe Switzerland? (that does sound like a nice place to live :) ).

How about Iceland? At least this web hosting company http://www.orangewebsite.com/ is touting "better level of privacy and lower censorship" as a selling point. (Although, I note it itself is using .com) Anyway, I think it won't be long until some countries or territories will wisen-up to create internet freedom friendly jurisdictions as a competitive advantage to lure tech capital and talent away from the increasingly hostile US with its IP and military industrial complex weapons of wealth destruction.

Where would you suggest moving to? Hong Kong, South Korea?

What about the good old Swiss? Probably one of the strongest tech industries on the planet and (apart from banks doing biz in the good ol' US of A) rather uninterested in listening to other govt's.

Plus the skiing's great here :)

Bankers have more power and influence in Switzerland than in the US. UBS handed Phil Gramm a vice chair position. They've bought into Casino Capitalism hook, line, and sinker.

I am of two minds about these draconian attempts to maintain IP laws. Although, I abhor the corporatist position that they need harsher more invasive tools to maintain their IP claims against piracy, the creation of such laws and enforcement tools will push the wider public to understand and perhaps embrace tools that make them free. Free software and practices that enforce one's own privacy and free will might only became widespread when the average citizen understands in a personal way the need for a free and open set of tools for living in an information based culture. On the other hand, it is only rational to look at the history of oppression and see the harm this pattern of legislation can foster. We should, as educated free individuals collectively speak out and act out against legislation which furthers the trading of freedoms for corporate or personal profit.

"Internet Privacy" is an oxymoron. Safety and freedom are incompatable; you can have one or the other but not both. America says "Safety first"; humanity says "No thanks!". Maybe what we need is an intercontinental virtual RAID array so that no one country can shut it down? (Disclaimer: I use Linux, I live in Thailand.)

If Al-Qaeda really wants to piss off the USA they should just open a censorship free anti-takedown compliant web hosting company. They could run it as a non-profit putting most of the profits back into expanding their business and attracting more clients. LOL

People can do that now. Check out "TOR hidden services". Doesn't cost you anything if you already have an internet connect and a machine to run the software.

What would be the optimal freedom combination ie. jurisdiction to domicile, another for hosting? What are the gambling sites doing lately?

The European gambling sites are normally in the Isle of Man, Gibraltar or Malta. Many Caribbean countries have online gambling companies. Belize is another for the more shadier operators.

I wouldn't run a serious web business in the US. The liabilities are just too high.

Regime change

Where would one relocate to? Only real options appear to be a .ru domain and location.

good luck. if any of your users then criticises the kremlin you might be involved in a tragic accident, like countless other people advocating free speech in .ru

"Hopefully the internet will route around the damaged segment"


I love it!

Well put. Like some said its not only in the US. Count Europe in also. Perhaps even or more badly. I'm chocking in Europe. Must get rid of their power. The Central Banks

technically, it's not so much of a 'scare' but a fucking pain in the ass we can do without.

good night, and good luck.

A large (10m uniques/mo) web site I used to work for had a complete DMCA takedown process in place. Links on every page, web forms, contact emails, physical addresses, etc. Then our site went dark one evening. I spent an hour frantically trying to figure out where our main web servers had gone, only to discover that a "online anti-terrorism team" had taken issue with some user-submitted content that didn't seem very friendly towards Americans. They contacted Softlayer, our hosting provider, and said that anti-American content was in violation of some commerce law--don't recall the exact details. It wasn't what I would describe as a "credible legal threat"--they left no name, no physical address, their web site looked like a vigilante operation. Softlayer, in turn, sent us a "generic you have a support ticket" email and b.) 72 hours later, unplugged the web server NICs. We suffered hours of downtime without any idea what was happening.

We juggled dozens of Softlayer tickets at the time, so another anonymous tracking number just got lost in the shuffe. Never underestimate the power of unaccredited strangers to fuck you through your hosting provider.

Hosting provider sysadmin here. We're required to do exactly what soft layer did here, and 72 hours is pretty generous. We typically call the client if they don't respond to the DMCA takedown notice within 24 hours an give them another 24 to take down whatever content they're being DMCA'd for. It's shit and I hate it, but if they don't respond, we do the very minimum damage possible to make the content unavailable, as required of us by DMCA safe harbor provisions.

If it is a managed service, we'll just chmod the image to 000 or whatever does the least damage to their site. Unfortunately, if we don't have the login to the server (unmanaged) or if it's a colo, we just have to disable that IP on the switch or router (or null-route their IP for a bit) until they contact us and can take their "illegal" content down.

My point: hate DMCA, not SoftLayer, for this. They (assuming unmanaged service) just did what they were legally required to do.

[edit] It's good that you call the clients. Nothing drives me nuts more than trying to sift through a painful ticket system where everything is tracked only by reference number.

What pisses me off was that this wasn't even a DMCA request--SL had no legal responsibility to take action. It was just some random internet vigilantes making an unsubstantiated threat.

Come to think of it, SL may have taken us down for DMCA as well. We had an obvious path for handling abuse that both the accusers and SL could have used. After some negotiation I think we were able to convince them to just forward abuse emails to our address--but it took some doing.

Ahh, Gotcha. When that ("frivolous legal threats")happen to us, we just don't even reply to the person reporting it in most cases. If they're persistent, we say in so many words "get a court order, then we'll talk".

We've had India law firms call us screaming at 6PM on a friday, and we told them: - we require that they submit all abuse matters to our abuse@ e-mail address per RFC 2142 (kinda, but this sounds official when you say it to some law intern chump) - they can scream all they want; we're not taking it down unless they submit a "valid legal order" to us (I don't even mention DMCA because I don't want to give them ideas) - we're not responsible for the content of our clients, so they need to take it up with them

>"We had an obvious path for handling abuse that both the accusers and SL could have used." They (accusers) don't, and they do this on purpose. They don't really want the content just gone, they want collateral damage as revenge for your "violation".

>"After some negotiation I think we were able to convince them to just forward abuse emails to our address--but it took some doing."

Sorry that that even required negotiation. We forward all abuse e-mail besides spam complaints for managed services. With anything like this, we try our best to do as little damage as possible to our clients.

No, everyone involved is to blame, just nobody has the fortitude to do do anything about it as long as they are getting paid. If a hitman is paid to kill you, is he not guilty? The problem is everyone is okay with everything, as long as the gun isn't pointed to their heads. This is wrong. People need to realize this and start protesting for the laws to change. Everyone needs to wake up and start taking responsibility for being a pawn in this chess game.

Tone down the hyperbole. Some sysadmin doing the best job (s)he can in the face of a legal request by law enforcement officers is not a 'hitman'.

Compliance does not excuse them from responsibility. Yes, both are trying the best job they can in the face of a request, but both also have the individual freedom to choose not to execute a hit job. Outrageous actions call for outrageous metaphors.

>"Compliance does not excuse them from responsibility" Please read about how DMCA Safe Harbor works. If we don't comply with it, we are held responsible for the "violations" of our clients.


Because we're in the US, it's critical that we comply with all the DMCA crap, otherwise DHS/FBI/CIA/whatever will come in and seize our equipment. They've actually done it before when we SWIP'd some stuff for a client, so we didn't get the abuse mail. They just ignored it, and one day some people showed up with a court order and we had to hand over their server (it was a colo.)

I see now that this JotForm issue might not be due to DMCA, which is pretty appalling, but to put it lightly, "they [gov't] have ways of making you comply".

From this article: http://thenextweb.com/insider/2012/02/16/online-form-buildin...

"GoDaddy had complied with a Secret Service request to take down the domain" Are you suggesting that service providers should say "no" to the secret service? Real talk: I really don't think that telling the secret service to get stuffed would turn out well. In fact, since ATT is so in bed with gov't at this point, they'd probably just have our uplink shut off if we tried to pull that.

Please tell me they switched providers after that.

We established multiple datacenters across different providers with active-active DNS, so neither of them could take us down. It's not really for the faint of heart, though. We spent a fair amount of time trying to get the right services to communicate correctly across DCs.

Would you care to/be kind enough to share more info on how this is done and any obstacles you faced in deploying this?

Sure. This is a really quick off the cuff summary, so I'm gonna say some things that are loose, out of date, or maybe flat out wrong. Comments welcome. :)

The ideal situation is that both datacenters can handle your total load, but when one fails, the other doesn't explode under the thundering herd of traffic rerouted its way. So you need to plan your systems in such a way that they're elastic under load; response times rise within these limits, but you won't see outright failures.

You use a DNS failover service to provide each client with the appropriate DNS. There are various issues around caching and preferred A records--for instance, some name servers or DNS clients will pick the first A record, sorted, which can send all your traffic to one datacenter. Typically you hand out different combinations of A records depending on locality, so clients are hitting, say, the two closest datacenters to them.

When a DC fails, you remove the DNS entries which pointed to that datacenter's IPs, and lookups start returning only the known good ones. Clients which already have your multiple A records can detect the failure and fail over immediately. Where client software doesn't support that, they have to wait until DNS caching expires to get the new records.

The datacenters themselves need to contain enough of your infrastructure to function autonomously, but also should share state. Cassandra, Oracle, Riak MDC... there are lots of options out there. We were on MySQL at the time, and maintained a slave in the secondary DC which could be promoted in the event that the primary DC was, say, nuked from orbit. This system was not partition-tolerant; if the mysql link between datacenters failed, one DC would become functionally read-only. We proxied DB traffic back and forth over SSH tunnels managed by upstart init jobs. This was shockingly reliable. We actually started off using mysql's SSL support but as it turns out mysql will segfault if it gets more than, say, 8 ssl connections in a short timeframe. So we tunneled everything--redis, mysql, stats, over SSH.

The rest of the infrastructure had little shared state, so we ran the typical web stack: two identical boxes running nginx (static content) -> haproxy (load balancing) -> rails and ramaze apps spread across various boxes. Each nginx forwarded to both haproxies, both haproxies forwarded to all the app servers, so you could lose either machine in a given DC and service would keep running. We used heartbeat to manage a shared virtual IP interface between the two forwarding boxes, so you'd drop TCP conns but failover switch time was generally in the tens of milliseconds--however long it took to ifup and gratuitous-arp the rack's L3 switch.

We ran memcache independently in both DCs--since user sessions almost never switched between DCs it was OK for us to just have two distinct pools. Queues were split up as well. Some services weren't critical enough to split across DCs so we just accepted that if the primary DC died they'd be down for a few hours, until we could deploy another copy on the backup DC. Non-critical things like statistics, garbage collection, etc. Automated deployment made that a lot less painful.

I wouldn't recommend doing this at an early stage--dual environments, especially on different hardware, takes a lot of testing to get right. You have to worry about doing everything twice--two DNS zones, two Redis clusters, etc. You also have to worry about asymmetries if you're doing master-slave replication. All of this comes with operational and development overhead; your app needs to be aware that might might running in a partitioned state, that writes might take much longer than reads if you're doing master->slave across DCs, etc. I'm a strong believer in planning for that stage of your growth--but you always have to strike a balance between the ultimate reliable configuration and getting other things done.

Does that help answer your question? :)

I have been using MySQL's master-master scheme for a long while for fail-over situations. Though, my databases are relatively simplistic. The master-master thing is nice because one server uses even values on auto-increment fields and the other uses odd values. Thus, no chance for collisions if all of your tables are designed with an auto-increment id field.

Thats a great way to handle it. In our case we had an, er, extensive legacy schema to preserve. Moral of the story: plan to scale early. You don't have to actually build that scaling infrastructure ... but keep its requirements in mind.

I looked into round robin dns recently (for performance reasons, not for reliability), but decided not to go there just yet.

I'm curious - I keep hearing that some clients don't support this. Which clients are that in particular? Is it a real issue, or a rather esoteric case?

Honestly I never found a briowser that didn't support multiple a record failover. Older versions of ie mostly. You do need to be aware that many nameservers will reorder a records by integer sort or delta to their own IP, which can make your traffic pattern uneven. There are various managed DNS products to handle that, and you can build it yourself with enough time.

Thanks - That was my suspicion.

Which doesn't help you in any way if your registrar is asked to take down a domain and does so.

So this solution is totally unrelated to the story at hand.

Thanks a lot for taking the time to write it! I am tempted to submit your comment to HN... oh wait we already are at HN.

I agree. That was really interesting. I might not have understood half of it, but enough to get the general gist and it's really cool to read about advanced solutions like this.

And indeed you might want to consider reposting that explanation on your or your company's blog--just for showing off ;-)

I have no idea what you're talking about, but I find it very interesting. I think it would be well received if you wrote a blog post expanding on this experience.

The time has come to publicly shame any YC or startup that has a godaddy domain. Switching registrars is not hard, and using godaddy is like having an @aol.com email address.

I spent a few minutes checking the registrar for YC companies with press in techcrunch:







for the record, memsql.com is no longer registered with GoDaddy.

Time for GoDaddy to go out of business.

I'll do my small part. I have over 200 domains registered with them as well as a couple servers (to play with, not for anything important).

I'll start to transfer everything as soon as I identify a registrar that won't fuck over their clients like this.

Any registrar care to make a statement of loyalty here on HN so we know that you have our backs?

I am really starting to think that a coalition of large internet companies needs to stage a full and real shutdown. I am talking about something substantial, like a full day. This would send a strong message home to idiots running this country.

This could be advertised and announced on a daily basis over the Internet and TV for a full month. Then, on that Monday morning, all services go quiet for a day while displaying an appropriate announcement on their sites. If the event is well communicated to all users this should protect all involved from legal action. If you've been told about it every day for thirty days that should pretty much cover it.

Due process should apply to everything. We want due process. Sites that engage in criminal behavior are one thing, but, when the government is the criminal you are dealing with something entirely different.

Time to make noise again?

Namecheap had a solid marketing push during the whole GoDaddy/SOPA business. I moved my stuff there and am quite happy with them so far.

Are they doing any deals for transferring hundreds of domains?

Not that I know of, but they do bulk pricing like GoDaddy does, and they have a decent referral program. You might try emailing their customer service and see if they'll cut you a deal.

namecheap.com was recommended constantly on Reddit during the whole GoDaddy-boycott, and I'm pretty impressed with them.

Why didn't you move your domains with everyone else during the SOPA uprising? JotForm sat on their asses and stayed with GoDaddy, now look at them.

Stop the song and dance. If you haven't moved your domains already, you probably never will.

I moved to Namecheap three GoDaddy scandals ago (the elephant one, before Jotform and SOPA). You've got to wonder how they've got any customers left.

Maybe this is a good way to measure internet time - "We launched our first service four GoDaddy scandals ago, and pivoted two scandals later."

Nicely said. I'm did the same. The elephant incedent was more than enough incentive for me never to do business with them again.

EDIT: Foxylad, you're the kind of ethical person I would like to work with in the future. Please leave some contact info in your profile so I can reach you. Thank you.

Frankly, cost and a call from a GoDaddy rep. I decided to hang tight and see how it played out. Mission accomplished. Now it's just a matter of deciding where to go. I have zero interest in playing musical registrars.

This can happen to any web site that allows user generated content.

How come we don't see Youtube, Yahoo, Facebook suspended? Do they have procedure in place? Does that mean that you're much weaker if you're small? What are the legal safeguards for UGC startups?

There should be equal rights for all companies. Right now it seems the US government is picking those it can easily bully.

> How come we don't see Youtube, Yahoo, Facebook suspended? Do they have procedure in place?

Yes, they do. And if you allow users to post content, you should too. You need to formally register as a hosting company and have a DMCA process published and usable.

First, register here:


If you've done it right, you'll get one of these:


Then post a notice on a Policy page linked from every page of your site. For example:

In compliance with the Digital Millennium Copyright Act (the “DMCA”), please send DMCA notifications of claimed copyright infringements to: Advection.NET c/o Jonathan Band PLLC, 21 Dupont Circle NW, 8th Fl, Washington, DC 20036, with electronic copy by e-mail to...

Pursuant to the DMCA, Advection.NET will terminate the accounts of repeat infringers. Advection.NET will cooperate fully with any civil and/or criminal litigation arising from the violation of this policy.

EVERY .com, .net and .org website should do this, whether you support user generated content or not (e.g. remember, user comments on your blog are user generated). Without it, you are risking this kind of thing happening.

Even the suggestion that 'everyone should sign up' for this is a big flag itself.

wow - didn't know you had to find a designated agent to register. It must be simpler than it actually looks. Definitely very hidden. Thanks for pointing out this.

What if I'm not an American company, I just happen to use a .com domain?

Congratulations, .com is considered part of America (in the same way that .ly is Libyan). You are now doing business with the US Government.

Better safe than sorry?

I had no idea that this existed and was about to ask whether you knew if there was a place online that consolidated the many legal considerations one must take to start an online business, but then I found this page on the Citizen Media Law Project ( http://www.citmedialaw.org/legal-guide/legal-issues-consider... ), which covers both DMCA-related issues and how to pick hosting providers that will fight for your rights. The entire site seems to be a treasure trove of information about things like this. I'm posting this here in case it could help anyone else.

I notice the linked guide mentions DirectNIC as the US registrar with the most extensive guarantees against unnecessary domain name suspensions. Consider this a +1 recommendation.

We've used DirectNIC for nearly a decade and never had a problem even when Echostar (improperly) tried to make them take us down because of one of our clients. We also recommend http://www.puregig.com/ as a web hosting colo for the same reasons along with their distance from natural disasters.

They do have a proper procedure in place, but they have a lot of other advantages. First of all, they're all multi-billion dollar companies, and can afford a great legal team. Secondly, average people use these sites, so if they were taken down, a LOT of people would be angry. Jotform might have a few thousand users, but that's not enough to get people angry at the Feds. For Facebook, Youtube etc., which has probably at least millions of American users who use at least one daily, it would be a HUGE deal, and would cause a great outcry. Plus, it would be covered by a lot of news. The US government doesn't want to cause that much PR damage, thus it is only targeting sites that most people don't care about.

yes there should be but unfortunately that's not how the world works. In politics (which this clearly is) you always pick a fight with someone you know you can beat. It's hard to beat facebook or youtube.

They're not dumb enough to use godaddy...

But yeah your point about fairness is loud and clear.

Godaddy can seize your domain even if they're not your registrar.

How so?

Here's http://blog.ericgoldman.org/archives/2011/11/court_oks_priva... an example court order giving "an injunction against the top-level domain name registry, directing it to change the registrar of record for the domain names to GoDaddy".

In that case it looks more like Chanel convinced a court to sieze a domain; GoDaddy had little to do with it.

Well it's a pretty funny coincidence how whenever there's domains to be seized they always seem to end up at GoDaddy.

Well, according to some data I found[1], GoDaddy has 36 million registrations, while the next closest registrar is Enom at 9.7 million. In fact, GoDaddy has more registrations than the next six most popular companies combined. So, it probably makes sense that most of the registration-relation things you hear about involve GoDaddy.

[1] http://www.webhosting.info/registrars/fastest-growing-regist...

To be clear, these are instances of domains specifically being moved to GoDaddy.

When I have spot-checked lists of seized domains in other cases, domains registered with GoDaddy were serving the ICE seizure page while domains with other registrars were simply down.


When you are your own domain registrar and hosting provider, the government calls you directly and you can handle the user-generated content yourself.

I'm starting to think that the DNS as a whole needs to be replaced by something that is more resilient against broken legal and political systems.

I'm not saying governments should not fight crime or that there should be no way to shut down a website, but what we're witnessing these days is a total breakdown of long established principles of law, including due process and proportional justice.

It may sound strange and some would say nonsensical, but I feel that legal systems worldwide and especially in the US have gone down hill since 9/11. What seems to have changed is that governments have given up the idea that global problems can be solved within the framework of established legal principles.

It feels like everything they do is guided by a mindset of martial law. It's all a helpless thrashing about. It's going to take a long time for the globalised world to find its footing again and until then we have to find better technical solutions to limit the damage they're able to do.

I'm as eager as anyone else to blame overzealous US authorities and GoDaddy, but something doesn't fully add up. This doesn't fit the pattern of other seizures we've seen.

Why isn't there a big scary US ICE seizure banner on the domain? They're usually quite proud of their work.

Why is his .net domain still operational?

This looks to me more like GoDaddy operating on their own.

It's not a copyright issue. Scuttlebutt is that someone used their forms for phishing.

Seems like a plausible explanation.

Still, if the guy had not used Godaddy he probably would have his domain back already.

This form of law enforcement is wrong on so many aspects.

Out of online community, these kinds of law violations are handled in a more sanely fashion. For instance, if a firms one department has a law violator, law enforcers makes a case against the violators in obscurity and proceed to handle violators trying to be as low damaging as possible. They won't block any roadblocks that leads to every building or holding to that firm and try to exclude any not related property or individual. But the things are different on the Internet. It's ridiculous. The law enforcers treat online entities like there is no business going around and every business is crime oriented. So they just go forth and block every way of execution of the entity.

We must stand against this.

Also this is an ongoing trend over the world. And seems like it won't end any time soon.

Governments are revolting against the Internet. I think they believe Internet is becoming uncontrollable , so they are trying to make every ridiculous move to make online entities miserable so they will settle with hard control instead of these unbelievable ones and be happy.

Why would GoDaddy open themselves up for this liability without a court order?

Registrant: Interlogy, LLC

Registered through: Go Daddy Domain Name: JOTFORM.COM


I have no clue, but it almost happened to us, too: http://david.weebly.com/1/post/2011/12/godaddy-a-glimpse-of-...

This is actualy a perfect example. The specific laws aren't the only concern. once the atmosphere is created where registars are expected to take down domains in response to legal claims, complaints, and such it exists. once this becomes part of their job they will seek to do it with minimal costs and risk. Since the cost of losing one customer to godaddy is so out of sync with the cost of to the customer of being taken down, we can expect these kinds of results.

Shutting down a domain will always be a lot cheaper than any involvement of a legal team.

This is interesting. Obviously you've moved your domain away from GoDaddy, what are some more reputable registrars?

EasyDNS is excellent, but more expensive. It isn't a good place to park a lot of domains, but a great place to host a few important ones. YC/HN uses them, I've contacted them a few times, nice Canandian group.

I use dnsimple, but I've heard good things about namecheap as well. Find any anti-godaddy thread on HN or Reddit and you'll see a ton more names.


Bahamas, baby.

I think they'd be opening themselves up to liability from the US government through the revocation of their DMCA safe harbour provision by not complying.

I'm failing to see any indication that the government was actually involved. Did the US government serve upon GoDaddy?

JOTFORM.COM nameservers are set to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM, and spam-and-abuse.com is owned by GoDaddy. Just doesn't seem to be the normal way the government has been involved, but then again, nothing should be normal about domain seizures.

This is probably standard procedure at GoDaddy, and since GoDaddy is very loyal to the authorities, they probably considered the regular way of seizing the domain unnecessary.

People making new sites need to stop making that mistake! Get something that isn't .com (.me .info etc) and register it at a non-US based registrar. We KNOW that US registrars always cooperate with corrupt government agencies, so stop giving them business just to save a buck, and risk your whole business.

I am not quite sure if 'Seized by US" is the case, if you check out the dns look up it points to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM which is owned by Godaddy. After some searching it appears that that's what happens when Godaddy suspends there service to you, from similar cases it seems that they can transfer the domain to another registrar.

Earlier today I got a phishing attempt with a link to a form hosted with Google Docs. Does this mean the same thing can happen to Google?

This is nothing to do with copyright issues: its to do with phishing and scamming forms being setup by a handful of users. One would think they could just remove those users and be done with it - this heavyhanded approach by govt. is a total disgrace. When scam ads were found being run on the NYTIMES website (without the knowledge of the NYTIMES) a while ago, did the govt. shut down that domain? No f---ing way - because that would have p---ed off too many people.

Am I the only one who has slightly less sympathy with this company for staying on the shitty webhost known as godaddy? Even after the SOPA debacle? You wait until they affect you personally before doing the right thing?

Shoulda shown solidarity. That's what you get.

not unprecedented for godaddy: http://seclists.org/nmap-hackers/2007/0

such willfull misunderstanding in those comments. my sympathy to the people behind jotform.

the only way this can be (legally) fixed is by a court deciding that despite all the mumbo-jumbo in the registrar terms of service, domain names look an awful like property, and are not to be yanked without due process. unfortunately it seems courts mostly write opposite-minded decisions these days.

Domain names look a whole lot like rental property. They're hardly allodium.

So? The same is true for real estate and most everything else with a central registry. Jotform is paid up with ICANN through 2020. Even a commercial tenant can't be evicted instantaneously.

Agreed. My only point was that, contrary to your original assertion, domain names do not look anything like property owned by the registrant.

That said, I do not support the confiscation, and I hope Jotform sues and wins. I'm not holding my breath, though.

I would love to see a DNS replacement that is not only decentralized but allodial.

Is it possible for any distributed human-meaningful name to be allodial? You're always at the mercy of a network of nodes to agree that you hold a name, and probably have to incentivize them even. A non-human-meaningful public-key based name would be allodial (even if you're relying on others to distribute that fact). The latter system could certainly replace many uses of DNS, but doesn't solve the introduction problem (granted, introductions could be needed a lot less, ie Jotform forms would still be working, as they wouldn't require a reintroduction to 'jotform.com' for every visit)

(You're right in that I was incorrectly implying a domain name would be property owned by the registrant. But it certainly could be considered property that the registrant is currently in possession of)

I hope the answer is "yes", but it's a challenging question.

Any details on what the content was? The post implies that only a small amount of user generated content is being investigated. This is the first I've heard of a website being taken down entirely when only a small amount of it's content is questionable.

I feel like a huge chunk of this story is missing.

It appears people were setting up phishing forms using the service to grab peoples' bank info.

Well at least it wasn't copyright related.

Too bad jotform.net is also registered via GoDaddy. Should we be talking about registrar diversification now?

What we ought to be talking about is moving .com/.net/.org out of US jurisdiction entirely, not just diversification. This will eventually happen in one of two ways, one of which will leave US customers with a completely separate com/net/org registry from the rest of the planet.

I don't think we'd get much further than we already have in earlier anti-SOPA talks. The irony of the situation gave me a chuckle though. Hopefully they move away after this, to a company which would at least try to put up a fight.

There are a large number of companies still using GoDaddy even after hearing so many horror stories. Even some YC companies use them. If I had to choose a service provider, then I would most definitely forego the ones who are reliant on GoDaddy, even if it they are really awesome. After all being there trumps being awesome by a huge margin.

I guess it's time customers started calling up these companies and telling them that the reliance on GoDaddy is something that they are worried about.

Who needs SOPA when you can do whatever the hell you want. Great to know our taxes are being put to good use and helping create new jobs and services. Thank you US Government.

I can't believe this is being tolerated by our generation.

I'm glad it isn't being tolerated by the new one. Look at the protests on the streets. That is amazing by itself, but even more so is that it actually appears to have some effect.

Me either. Sad to say, but most people don't give a damn nowadays.

This can happen to any web site that allows user generated content. Yes, that's true that it can happen just as almost anything can happen. But to act as if this comes as a surprise for which such a company should not be prepared is either ill-informed or disingenuous, and somewhat unbelievable in light of all the publicity around DMCA law recently. A company like Jotform, or any company hosting user-generated content (not just to pick on Jotform), can do a lot to help prevent it and protect their legitimate customers.

DMCA lays out several things which can be done to at least attempt to have the appearance of qualifying for safe harbor. If you host user-generated content, do you do one or more of these?

- adopt and reasonably implement a policy of addressing and terminating accounts of users who are found to be “repeat infringers?

- remove or disable access to the allegedly infringing material upon notice?

- implement any sort of "red flag" process?

We don't know that this has anything to do with copyright.

It's a form hosting site; the user-generated content could be bank account phishing pages.

DMCA does not provide safe harbor from being an accessory to financial scams.

You could be right: http://www.jotform.net/answers/72220-Fraudulent-site-please-...

And JotForm appears to respond quickly and take action, at least to that request.

"This can happen to any web site that allows user generated content." Suddenly reminds ourselves of this site call Facebook.

#1, you're not Facebook, #2, I am quite confident these days Facebook has a quite extensive understanding of their legal position and the policies and procedures they must follow (http://www.facebook.com/legal/copyright.php is only a start), and #3, I am rather sure they have a direct line to whoever is the registrar of record for facebook.com and pay well to be kept up to date on any potential developments.

"As a part of an ongoing investigation about a content posted in our site, a US government agency has temporarily suspended our jotform.com domain. We are fully cooperating with them, but it is not possible to say when the domain would be unblocked."

The dns is set to a godaddy domain which has over 224,000 domains attached to it.


As a registrar that has been contact by the US Government this (change of dns) isn't consistent with what we have experienced when contacted about a problem site. It's more consistent with an individual registrars policies.

If the government was seizing a domain, generally, they would change the whois information. It wouldn't still be listed in the name of the registrant.

This isn't an attempt by the way to get one up on godaddy. They are a gazillion times bigger than we are and they cater to an entirely different market segment.

I've been searching for a good .com domain for my upcoming CMS (SaaS), but after reading this I'll probably get a non-US controlled domain at least for the service itself, and just use .com for a marketing site, if at all. Moreover, .com is already overcrowded.

It's so wrong that a legit business can be killed overnight.

Got an email from JotForm:

"Because of a Godaddy suspension, our jotform​.​com domain is currently disabled. Since, we do not know when the issue might be resolved we recommend changing your forms from jotform.com to jotformeu.com. "

So their .com domain is suspended, and they move to a new .com domain?

I don't understand; why don't they move to a European country top level domain like jotform.co.uk (that one's been domain squatted, but I'm sure they could find one they like.)

Reading the comments below, am I safe if I have my domain name registered with Namecheap? How can I make sure that this won't happen to one of my sites? Is this Godaddy specific or all domain name registrars affected by this? What about non-US registrars (can you guys name some)?

Any .com, .net, .org, .biz, .us, .tel, and .travel domain is subject to seizure by a US court order. What company you register the domain at (and what country it's in) is irrelevant since the registry itself (Verisign for .com/.net/.org, NeuStar for the others) is in the US.

Yeah but this doen't appear to be a US court order seizure

I don't know if it is because of Godaddy or not but boy I am glad i moved away from them.

It seems clearer than ever that, if we allow them to, our politicians are intent on destroying the Internet as we know it.

Pretty ironic coming from the country that gave it birth.

If you use a DNS provider like pair.net - is godaddy involved at all? ie. are there reselling/subcontracting of domain services we don't know about?

It doesn't matter what DNS service you use when the registrar can change the DNS records for your domains, which is what they've done.

Three letters: .is

What's so special about .is?

From http://www.isnic.is/en/: "The registration of a domain confers rights to the use of the domain name according to ISNIC rules at any time but does not confer ownership of the domain."

Two actually, and a punctuation mark :)

This is a good reminder that startups need to have a basic legal gameplan as well as an engineering and financial one.

Sometimes you need to disregard legal advice (though, you do need to be aware of the legal issues), else you wouldn't get anything done.

I had a nice startup idea, it was shot down by my legal adviser (which happens to be my father :P ), and Google went ahead and implemented it (well, at least he saved me from competing with Google).

Does that mean it takes one abuse of an account to take down a hugely popular domain name?

That spam must have been terrible.

Ron Paul 2012 our (tech community) only chance, research yourself.

"He's got a chance!"

"Yeah, in France!"

"Bet you'd vote for Palin!"


this is really interesting. what's the basic rule behind it?

i thought this only happens in china.

Worth noting that this is a top 5,000 global site, roughly speaking. The fascist machine is definitely continuing to raise the bar on the commoners they're willing to take down (they were always willing to go after a site like MegaUpload, but this is a different category of assault).

Cycle it a few years forward and it wouldn't be surprising if 1% to 2% of the biggest 10,000 .coms have been seized (100 to 200 sites).

>All they have to do is to ask Godaddy to take a site down.

Fuck Godaddy.

I have been a vocal proponent of Godaddy over the years - but no longer.

Godaddy's involvement with and support of SOPA is reprehensible, but I was hoping their about-face was for real, but this action is the last nail.

Look at jotform's nameservers:


That's just great....

I've got hundred of domains registered at GD, but I'll be damned if they'll be there after tomorrow.


It's "tomorrow" now, have you moved the domains?

It's time for a widespread revolt against domain name seizures and suspensions without due process. Where do we start? This path will undermine the internet economy and sets precedents for horrible oppression and control by large interests down the line.

We need a replacement for ICANN. In other words, we need a replacement for DNS. It is going to take a while to get enough of the public on board but it seems inevitable to me.

I'll go register "saynotoseizures.com" at godaddy and we can start an online petition!

hahahahaha Godaddy sucker! just love the NS:

   Registered through: Go Daddy 
   Domain Name: JOTFORM.COM 

   Domain servers in listed order: 

I am sure this is all fine. Our fine government would never do the wrong thing.

</bitter sarcasm>

Did you know you can't buy the Israeli domain fuck.co.il?

Source: http://translate.google.com/translate?hl=en&sl=auto&...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact