GoDaddy, you got some ‘splainin’ to do!
Normally, that phrase (or one like it) invokes comical images, but this is no laughing matter, if appearances are fact. You see, the true power in the modern Webworld lies in the control and protection of user information. Just take a look at the mayhem caused, and still being caused, by Heartbleed. The feeding frenzy and panic will go on for some time, as websites everywhere try to pick up the pieces after discovering that their beloved SSL wasn’t quite as secure as the first S (it’s the first S, for God’s sake!) led people to believe.
User information is sacred, especially to organizations that make their business off the backs of users. Without a basic understanding of the fundamental protections that we all expect as customers – implied and regardless of the Terms of Use – companies won’t be companies for very long. And one company is in the crosshairs this week after some rather disturbing news which, if true, puts companies, spammers, and users in a three-way debate over whether companies are doing enough to protect their users from the predators that stalk them.
Case in point Jamie Bernstein, a blogger for Skepchick, received a strange email in 2012. With a subject of ““Transcendental Argument for the existence of God (17:36)”, Bernstein knew something was hinky. Business Insider reports that Bernstein “said the email was sent to her, along with a bunch of other people she didn’t know, whose names also began with the letter ‘J.’” She quickly determined that both the email account and the link within the email belonged to GoDaddy, so she reported the message to GoDaddy’s abuse department. Bernstein recounts her ordeal on her blog in an article entitled “GoDaddy Released My Personal Information to a Spammer Troll.”
Jump ahead two years. According to Bernstein, she “began to get emails from friends of mine forwarding a piece of creepy-looking spam they received that contained my name. All emails said the following:
if you go to:
<website redacted>
4/14/14
you can read a 1-page word.doc
featuring Jamie Bernstein of Skepchick.
neither her name, nor your organization’s name
appear anywhere in the story … only Jamie’s picture”
To her horror, she discovered that clicking the link brought her to the spammer’s page, with a picture of Bernstein splashed across the top. It didn’t stop with the photo, however, and the little weasel who posted the pic felt it would be nifty to spread some pretty harsh invective. Clicking the photo opened the Word document, which contained her full name. The document stated that “in 2011 he sent an email to “hundreds of atheists” with a link to his website and that I had reported him for violating GoDaddy’s policies against spam. He was supposed to pay a $200 fine or risk the suspension of his domain. Instead, he argued with GoDaddy’s customer service until they agreed to waive the fine as long as he promised never to send spam again.”
The spammer goes by the handle Neo, a clear indication that he probably still lives with his mother and hasn’t quite given up on the notion that we all live inside the matrix. If his actions so far aren’t proof enough that this diminutive fellow isn’t all there, here’s how he ended his diatribe on Bernstein:
“When I was threatened on my talk show by neo-Nazis (“I’m going to kill you and your family”), I didn’t “run to mommy” and try to get them in trouble – I handled it myself, like a grownup. Compare my response to physical threats to the complainer’s response to merely watching a video about science/religion.”
Somehow, he got access to Bernstein’s contacts. She knew something wasn’t right. “He would never have been able to retaliate had he not known who had reported him. The email in question went to a lot of people and there was no way for him to have known that I was the one who reported the email if GoDaddy had not released personally identifiable information about me to my spammer.”
Bernstein writes that GoDaddy has put her personal privacy and safety at risk, and points out that GoDaddy’s abuse resolution policy contains the following: “We review all complaints for validity and will take appropriate action, and as part of our investigation it may also be necessary for us to corroborate your complaint with our customer.”
BI reports that “Bernstein said that GoDaddy never confirmed to her that it had told Neo she was the one who reported him. However, Neo told Business Insider via email that the company did indeed out her as the reporter behind the incident.”