JotForm.com Gets Shut Down SOPA-Style 188
itwbennett writes "In a post on the company blog, JotForm.com cofounder Aytekin Tank alerts users that 'a US government agency has temporarily suspended' the jotform.com domain. He explains that it is part of an 'ongoing investigation' of content posted to its site by a user. Although which user and what content haven't yet been disclosed, there is speculation about forms used for a phishing attack on a South African bank. JotForm hosts over two million user-generated forms, and uses software to block fraudulent accounts (65,000 so far), so you can see there's plenty of opportunity for mischief."
Re:I hope... (Score:5, Informative)
Re:I hope... (Score:5, Informative)
Looks like not.
Neither story covering it mentions a court order or a subpoena; one of them says that "it may have been done without a court order."
http://arstechnica.com/tech-policy/news/2012/02/secret-service-asks-for-shutdown-of-legit-website-over-user-content-godaddy-complies.ars [arstechnica.com]
http://www.rawstory.com/rs/2012/02/16/successful-online-startup-kicked-off-domain-without-stated-reason/ [rawstory.com]
Re:I hope... (Score:5, Informative)
Followup: relevant paragraphs:
And it all may have been done without a court order. ...
Note the two criteria: a court order or a notification from a prosecutor. That latter category amounts to an unproven allegation—and it's what Tank believes derailed him here. "No, as far as I know, there is no judge order," he told me. "They sent a request to GoDaddy and GoDaddy complied."
Re:Least Intrusive? (Score:5, Informative)
If their rights were violated, they have grounds. Period. But actually prosecuting is another matter of course. Even so, 242 is used every year, and the conviction rate is very high. Much higher than most kinds of criminal prosecution.
Re:Site that you've never heard of is shut down (Score:4, Informative)
Here, let me introduce you to regulatory capture [wikipedia.org].
No surprise (Score:4, Informative)
Go Daddy has a history of pulling registrations without notification to domain owners. Remember seclists.org and familyalbum.com? Those domains were redirected because of third party complaints. The complaints were not even made by law enforcement. The GoDaddy TOS expressly allows them to suspend service at their discretion and they do it at the first sign of trouble.
I'm not defending GoDaddy in the least, but people doing business with them should be aware of their history and policies.
Google has this problem with their forms, too. (Score:5, Informative)
It's not just JotForms. Google is now the leading site being exploited to host phishing pages. [sitetruth.com] Google has reasonable defenses against phishing for their "sites" product. However, Google doesn't seem to have those protections on their document and spreadsheet products. Here's a fake login form hosted by Google. [googlegroups.com] That's been up since 2010. Here's a fake login page hosted as a Google spreadsheet. [google.com] Google allows unlimited HTML in a spreadsheet, which means it can be abused in this way. We have a full list, if anyone is interested.
"formbuddy.com" and "surveymonkey.com" [surveymonkey.com] can also be abused in this way. Formbuddy seems to kick phishing pages off quickly. Surveymonkey, not so good at this.
If you offer free hosting, and don't have aggressive anti-phishing controls in place, you will be pwned.