Go Daddy, MySpace Lock out SecLists - A Little Hasty?
(Page 4 of 4 )
Against this backdrop, Go Daddy’s actions do look a little precipitous. The company maintains, however, that “As an established partner with the National Center for Missing and Exploited Children, we…take action based on sites that pose a significant threat to or exploitation of children – as was the case in this instance.” SecLists.org archived a list that had been available elsewhere on the Internet for at least a week. Did the fact that it was a popular site somehow make it more likely that pedophiles or other malicious people would get their hands on that list? It’s certainly possible – but with the list having been out so long already, did it really make sense for Go Daddy and MySpace to act so fast? Would one more hour have made that much difference?
“Think of the children” sentiment aside – and I certainly sympathize with that appeal – the hasty action reminds me of someone eager, nay, almost desperate, to cover up a mistake. Does it make sense that SecLists.org should be punished for a security lapse on the part of MySpace? If MySpace wanted to act quickly, why didn’t they go directly to the site owner, who presumably has the most control over the site, and simply ask him to take the list down? Wired blogger Kevin Paulson has a theory: “So why did MySpace call Go Daddy, instead of Fyodor or his ISP? – the polite and customary approach. My theory is MySpace went forum shopping for the best place to get the password list squelched, and ended up at Go Daddy because it expected the friendliest reception there.”
That’s all well and good, but let’s consider the other reasons Go Daddy might take down a domain name without a court order. As the company said in reply to the CNet survey, “Go Daddy takes action to suspend a domain name in cases where the domain name is being used for, or in association with, illegal activities. Our most common instances involve phishing sites, child pornography web sites, terrorist sites and the like.” That’s commendable…until it bumps into questions of free speech. In these touchy times, would Go Daddy take down a web site that described how to put together a pipe bomb? Or how to grow pot? Even more worrisome, how many people would defend Go Daddy's actions, saying that these forms of speech should not be defended under the First Amendment?
I’m not defending the posting of names and passwords online, of children or adults. But the way MySpace and Go Daddy went about getting that list off the Internet seemed to assume that Fyodor would not have been reasonable enough to take it down if asked. And it makes the rest of us worry whether something we post will be considered to be the next threat to the U.S. or to children online, and whether some corporation – not even the U.S. government mind you, but some large private entity we may not even have a direct connection with – will tell our registrar that our entire site needs to be taken down because of that one post.
That’s not a comforting thought to those of us who own web sites, especially sites with active forums. No one likes the idea of a “slippery slope.” Let’s hope that this isn’t the beginning of one.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |