>>TECH

On the morning of Jan. 24, Fyodor Vaskovich awoke to discover that his Web site, SecLists.org, had been transformed into a giant error message. The message said his domain couldn’t be resolved. This troubled him greatly: SecLists is an archive of several computer security–related mailing lists that contains more than 50,000 pages of technical information. It has thousands of visitors per day and nets Vaskovich a fair amount of income from Google ads. Where had the site gone? He checked with the registrar that sold him his site, GoDaddy, and discovered the megacorporation had changed the site’s name servers—addresses that tell your browser how to find the place where a Web site is hosted. Instead of his Web host’s name servers, he found this name server: ns1.suspended-for.spam-and-abuse.com

What the hell? Vaskovich checked his answering machine and found a message from somebody at GoDaddy telling him they were going to pull the plug on his domain. Based on his logs, it appeared that his name servers had been changed less than a minute after the call was made. Essentially, he’d been given a few seconds’ notice before a major Internet resource (and source of revenue) was shut down.

For the rest of the day Vaskovich was on the phone with GoDaddy trying to untangle what had happened. Luckily, he kept careful records. These records corroborated his story that he’d been given less than a minute’s notice and that GoDaddy refused to give him customer service for several hours. At last he learned that SecLists had been yanked offline because MySpace contacted GoDaddy and requested it. One of the 50,000 pages on SecLists contained an e-mail in which somebody had listed the names and passwords of several MySpace users. Instead of asking Vaskovich to take down the page with passwords—which is standard industry practice—MySpace asked GoDaddy to squash the whole site. GoDaddy should have contacted Vaskovich first, and asked for a legal takedown notice. But they didn’t.

What makes GoDaddy’s actions seem worse is that the passwords in question had been leaked about 10 days before. They appeared on dozens of other security-related and hacker Web sites. Security expert Bruce Schneier had even written a column about the quality of about 30,000 of the leaked passwords. (Among the top 10 popular passwords was “f**kyou,” which completely mirrors my feelings for MySpace.)

So passwords were already circulating, and MySpace needed to tell its customers to change them. Squelching SecLists wasn’t going to protect anyone. Yet GoDaddy’s general counsel, Christine Jones, defended its actions because she believed pedophiles would get access to children’s names and passwords. “For safety implications like that, we take it really seriously,” she told Wired News Editor Kevin Poulsen. “I think the fact that we gave him notice at all was pretty generous.”

Writing about the incident, Poulsen added, “Every link in Internet service willing to take on a censorship role increases the likelihood of legitimate content being suppressed.”

What this GoDaddy disaster makes clear is that instant censorship is possible, with no court oversight. And for users who aren’t as savvy or well-connected as Vaskovich, getting shut down by GoDaddy would be essentially a death sentence for speech. Indeed, he told me that he couldn’t get any service from GoDaddy until he told their customer service rep that he spends thousands of dollars on domains with the company every month. Suddenly, his two-day wait for service would be cut down to minutes.

In the short term, what this means is do not use GoDaddy as your registrar. Vaskovich has set up a site at NoDaddy.com, where you can learn more.

The GoDaddy spokesperson said the company will take legal action if any of its statements are untrue. Given that GoDaddy disputes Vaskovich’s story, such a suit seems inevitable.

ANNALEE NEWITZ is a surly media nerd who still isn’t clear on how, exactly, a pedophile would figure out which passwords on SecLists belonged to children.