If you read through the comments there's a lot of angry users demanding refunds and questioning the service. There's a fair chance that they won't be able to bounce back after this. Especially if the domain doesn't come back up within a day or two.
In other words, this might very well kill a company that someone worked hard to get off the ground. And if you have any usergenerated content it might happen to your company too. Apparently without due process, and without warning.
This is why the Pro IP Act from 2008 needs to be repealed as soon as possible. It's worse than SOPA for Americans because it can pretty much do all SOPA could do, but for domestic domains (.com, .org, .net, .us) rather than foreign ones. The Pro IP Act managed to pass by us just like SOPA almost did it, too.
Those comments really got to me too. What really struck me was that they seemed to be angry at Jorform! These angry users are talking about security too as if they were attacked or something. I really feel for the users but at the same time I'm angry at them for placing the blame where it doesn't belong. Instead of being mad at Jotform they should be mad at the government.
A while back I was advocating that we reach out to such people and explain this SOPA censorship stuff in a way they understand and this is precisely why. SOPA's supporters have done a really great job of training regular folks to think like some of these angry users making them think that somehow it was Jotform that did wrong. If they only knew how totally arbitrary this stuff is I think they'd be mad at the Feds like they should be.
It's so sickening that the government probably just hurt not one but maybe thousands of companies in one fell swoop and everyone's pissed at the wrong guy. Then the politicians want to go around talking about creating jobs... Ha! How about destroying them? That's what it looks like to me.
Why shouldn't they be angry at jotform? It looks like they had no expedited process for reporting phishing forms which had to have been a known risk somewhere around #1 on their list of known risks, they actually made it easier to go upstream instead of searching for their contact page (only linked in the footer) and hoping someone replies today.
Did they have any automated detection? If they didn't have a "report a bad form" button then maybe they didn't even try and find bad forms ... like anything with a sign in button or password field. 2 million forms is too many to inspect, but you could narrow that list down very easily.
What happened to them sucks but it seems like the problem could probably have been avoided.
Edit: it let me make a form with "Account number" and "Password" complete with emailing me what people put in it which is suggestive of no preventative measures at all.
Edit: it let me make a form with "Account number" and "Password" complete with emailing me what people put in it which is suggestive of no preventative measures at all.
See this comment by the founder of Jotform: http://news.ycombinator.com/item?id=3597821 (Relevant quote: "Our Bayesian phishing filter has suspended 65.000 accounts last year.")
Then how do you rectify the statement you made that their customers should be angry with them, and that they shouldn't be destroyed? I really want to hear this.
GoDaddy's actions don't cancel it out because ignoring or not adequately preparing for phishing was wrong every single day and a foreseeable problem for about a decade now. They had a responsibility to prevent this for their paying users.
Maybe it wouldn't have saved them, but there are a lot of free-x-hosting companies out there that haven't been shut down in spite of abuse.
This isn't really some unforeseeable edge case that nobody could have reasonably expected to happen - their site lets you build a form, embed it on a page, and they either email or save the form data for you. Not anticipating phishing would be fine if it was 10 years ago.
benologist please stop trying to make it sound as if there is any dependency between your 1 and 2.
How can anyone who has ever used the Internet or has even a basic understanding of the Domain Name System believe that it is a registrar's right or responsibility to take down a domain, especially without notice, and that does nothing to contravene the conditions of owning that domain name?
I wouldn't even say you are beating a dead horse with that dependency. It was never a horse to begin with!
The blame obviously lies squarely with the US federal agencies - you do not see this happen in other developed countries, for example (UK does not count since its a US colony in all but name).
In particular, to be able to shutdown or ruin the reputation of a business at the drop of a hat due to alleged breaking of the law - not even by the business itself - before it has even been processed by the justice system!
Just imagine if this had been a takedown of Google, Microsoft, Apple or Facebook site, all of which easily meet or have met the conditions for alleged infringements of US IP or other laws at some point, if for no other reason than hosting user-generated content...
You misread what I'm saying. Jotform users deserve to be angry about this situation which in the last decade has been successfully avoided by many free-x-hosting companies who actually prepared for obvious problems.
benologist please stop trying to make it sound as if there is any dependency between your 1 and 2.
He didn't. In fact, his point was that there is not a dependency between the points - which is what it means that even if 1 is worse than 2, 2 is still a serious problem.
Do you think this would have been averted if they took all the measures you are proposing ? There are no set guide lines here according to which the government is taking down stuff.. This is not DMCA related to create an process to take down stuff.. Even if they could not find the contact page, taking the whole website seems to be ridiculous thing to do.
I think things like this will make websites with user generated content to move away from .com domains and even move into countries where there is more due process to things like this.
I think there's a decade of history that shows it could probably have been avoided - they're not the first free-x-hosting company to ever be abused for phishing.
The same risk existed last year alongside the many exploitable-by-phishing flavors of hosting. Although this wasn't even a domain seizure, this is just an overzealous domain registar which has also, always, been a risk to web services.
JotForm should have bailed from GoDaddy when most other people did. Instead, they were apathetic and took a chance with their business and all of their clients as well.
I'd like to think that this is still a free country, and that there are some companies that still act as though we live under the rule of law, rather than automatically complying with every whimsical demand our government agencies dream up.
Even if its not. Bail from Godaddy.com. Seriously. Granted the same problem may persist given that .coms have a US based organization that governs them (I think). Nonetheless, this is the exact same godaddy.com that supported SOPA. There have been so many forks in the road where the obvious choice was to bail on GoDaddy.com. Yet, they stayed and here they are.
That's not a very solid argument. GoDaddy sucking is besides the point here. I doubt many if any registrars would refuse the government like that. But even that's beside the point.
What the real issue here is, is that law enforcement pretty much busted in and took down a domain name without warning. They shot first and asked questions later. Jotform is a legit site, not even close to dubious like some others where you can actually argue that they might have been knowingly violating copyright and such. This is scary stuff. There was no due process, no warning, nothing. They just did it. It's proof that any more laws giving the Feds power to take down sites is totally superfluous and unnecessary as its already happening in a very public way.
You don't get mad at the company for not switching registrars (even if they are a douchey one). Jotform could have been able to take care of this situation had someone just alerted them to the problem. No way is this their fault, especially not for the reason you put forth.
https://github.com/astronoob/NoDaddy
Here is a chrome extension that notifies you if the domain you're on is registered through GoDaddy. Looks like it does an XHR request to who.is and then matches on:
new RegExp("/(registrar\.godaddy\.com|whois\.godaddy.com)/")
In other words, this might very well kill a company that someone worked hard to get off the ground. And if you have any usergenerated content it might happen to your company too. Apparently without due process, and without warning.
This is preposterous.