I'm a huge defender of privacy; I use browser plug-ins to block tracking cookies and I would be the first to criticize anyone who violates privacy, but didn't this bypass allow them to do exactly what's automatically allowed on every other browser? From what I read, no one selected these settings - it's just the default, abnormal behavior of Safari. Working around it only affects people signed into Google services - allowing them to do things like +1 ads. If I've misunderstood the situation, I'd definitely like to know.
Without proof of who is actually uploading, it's a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.
Right, but the company is supposed to be presumed innocent until proven guilty. Hell, all the investigating agency had to do was, you know, investigate the site to see that they have hundreds of thousands of users and are proactive in combating phishing. Then do something crazy like contacting the owners to see if they respond / can provide useful information about the problem form(s).
Founder of JotForm here. I’d like to thank you all for your sympathy.
JotForm.com has been suspended by Godaddy for more than 24 hours now. They have disabled the DNS without any prior notice or request. They have told us the domain name was suspended as part of an ongoing law enforcement investigation. In order to resolve the issue, they asked us to contact the officer in charge at U. S. Secret Service.
When I contacted the Secret Service, the agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week. I told them we are a web service with hundreds of thousands of users, so this is a matter of urgency, and we are ready to cooperate fully. I was ready to shutdown any form they request and provide any information we have about the user. Unfortunately, she told me she needs to look at the case which she can do in a few days. I called her many times again to check about the case, but she seems to be getting irritated with me. At this point, we are waiting for them to look into our case.
Our guess is that this is probably about a phishing form. We take phishing very seriously. Our Bayesian phishing filter has suspended 65.000 accounts last year. We have been training it for many years, so it can detect phishing forms with great accuracy. We also take any reports about phishing very seriously and quickly suspend the accounts and let the other party know about it. By the way, we are also very serious about false positives. If we suspend an account accidentally, we will quickly resolve the issue, and apologize.
I believe this can happen to anybody who allows users to create content on the web. So, if you have such business, my recommendation would be to make sure that you can contact your most active users quickly if your domain is disabled. Many of our users are shocked and angry at us. But, many also thanked us for quickly letting them know about the issue by email and providing instructions to continue operating their forms. Since DNS propagation takes some time, many active users were able to switch their forms to the new domain before it went down. We still have not contacted all users, we are sending emails most active users first.
That's an interesting legal theory. Is there *any* precedent for it, specifically interacting with a publicly accessible service in an unapproved manner being ruled making a derivative of the original? That really sounds like a load of crap, as the application never includes or accesses craigslist code, and the only infringement is redisplaying public elements of the site in in a different window.
I only mentioned the gun because it's a center city Philadelphia theater and there was a double shooting there last year (http://abclocal.go.com/wpvi/story?section=news/local&id=7221808). I hadn't been to the theater in a while and assumed the metal detecting wand was part of their response to that incident. It was only after we saw two other people bagging up phones that we realized we had the metal detector was only being used to enforce the no phones rule. It seemed totally ridiculous given the context.
In response to a couple other comments:
The guard didn't care about the gun - I don't think my friend showed his license (as others pointed out, only law enforcement can require you to do so) and I'm not even sure he showed it to the guard - when the wand beeped I think he just said it was his legally registered and licensed firearm and that was it.
I never downloaded the movie, so I don't know for certain if the xvid screener posted to a.b.movies 3 months ago is legit, but it wasn't tagged as password protected like many other crap posts, so I assumed it was good. If not, it doesn't detract from the ridiculousness of all this effort for a movie that was publicly released 2 hours after the viewing and highly likely to be leaked via screener anyway (just like most other Oscar contenders).
(untitled comment)
The CEO of Rumblefish has gone on Reddit to answer questions. The response has been mixed.
http://www.reddit.com/r/IAmA/comments/q7via/im_the_ceo_of_rumblefish_i_guess_were_the_newe st/
Re:
I'm a huge defender of privacy; I use browser plug-ins to block tracking cookies and I would be the first to criticize anyone who violates privacy, but didn't this bypass allow them to do exactly what's automatically allowed on every other browser? From what I read, no one selected these settings - it's just the default, abnormal behavior of Safari. Working around it only affects people signed into Google services - allowing them to do things like +1 ads. If I've misunderstood the situation, I'd definitely like to know.
Re:
Without proof of who is actually uploading, it's a pretty good assumption that the uploads come from someone involved in the company. There is no proof to the contrary.
Right, but the company is supposed to be presumed innocent until proven guilty. Hell, all the investigating agency had to do was, you know, investigate the site to see that they have hundreds of thousands of users and are proactive in combating phishing. Then do something crazy like contacting the owners to see if they respond / can provide useful information about the problem form(s).
(untitled comment)
Wow, and here's the super helpful response from the investigating agency.
http://news.ycombinator.com/item?id=3597821
Re: This post should be taken down, Techdirt is being manipulated.
That's an interesting legal theory. Is there *any* precedent for it, specifically interacting with a publicly accessible service in an unapproved manner being ruled making a derivative of the original? That really sounds like a load of crap, as the application never includes or accesses craigslist code, and the only infringement is redisplaying public elements of the site in in a different window.
(untitled comment)
I only mentioned the gun because it's a center city Philadelphia theater and there was a double shooting there last year (http://abclocal.go.com/wpvi/story?section=news/local&id=7221808). I hadn't been to the theater in a while and assumed the metal detecting wand was part of their response to that incident. It was only after we saw two other people bagging up phones that we realized we had the metal detector was only being used to enforce the no phones rule. It seemed totally ridiculous given the context.
In response to a couple other comments:
The guard didn't care about the gun - I don't think my friend showed his license (as others pointed out, only law enforcement can require you to do so) and I'm not even sure he showed it to the guard - when the wand beeped I think he just said it was his legally registered and licensed firearm and that was it.
I never downloaded the movie, so I don't know for certain if the xvid screener posted to a.b.movies 3 months ago is legit, but it wasn't tagged as password protected like many other crap posts, so I assumed it was good. If not, it doesn't detract from the ridiculousness of all this effort for a movie that was publicly released 2 hours after the viewing and highly likely to be leaked via screener anyway (just like most other Oscar contenders).