Arbitrations/a20100228.1

Case Number: a20100228.1
Status: closed
Claimants: Iang
Respondents: BugMeNot (external)
Case Manager: MartinGummi
Arbitrator: UlrichSchroeter
Date of arbitration start: 2010-02-28
Date of ruling: 2010-06-24
Case closed: 2010-06-29
Complaint: dispute against BugMeNot

> BugMeNot operates a service to bypass the CAcert login procedures [1].
> Its terms and conditions clash with CCA [2].
> 
> The site appears more oriented to marketing collection of data than 
> any
> attempt to bypass all data collection.  On the contact page it includes 
> the option of "block my site".
> 
> Because of the contradictions between CCA and BugMeNot's service
> offering and T&Cs, I request Arbitrator to request a suspension of the 
> service in the short term, review the overall offering, and then 
> consider how the two of us can work together.
> 
> iang
> 
> [1] <link anonymized>
> [2] http://www.bugmenot.com/terms.php
> [3] http://www.bugmenot.com/contact.php

Relief: Delete an Account

Before: Arbitrator UlrichSchroeter (A), Respondent: BugMeNot (R), Claimant: Iang (C), Case: a20100228.1

History Log

2010-02-28 (issue.c.o) case [s20100228.128]
2010-02-28 (UlrichSchroeter): added to wiki, request for CM / A
2010-02-28 (CM): I'll take care about this case
2010-02-28 (A): I'll take care about this case
2010-02-28 (A): Intermediate ruling
2010-02-28 (Critical Sysadmin): file created
2010-02-28 (A): executed the block this domain request
2010-02-28 (A): please remove temporary file from webdb root request to Critical Sysadmin
2010-02-28 (A): Intermediate Ruling #2
2010-02-28 (A): Software Engineer reports account is blocked and domain is added to baddomains list
2010-03-03 (A): sent init mailing to (R), with request for PoV
2010-06-24 (A): sent out 2nd init mailing to (R) with request for response

Intermediate Ruling

use the "block this site form" to block servicing cacert.org results in a verification process to create a file with size 0 bytes specialy named on the main website, this needs access thru critical sysadmin team, so therefor I order hereby to the critical sysadmin team, please create the file name on the main system to service the "block this site request" but this is timecritical ... so the arbitrator and critical sysadmin have to meet online to synchronize their actions or order critical sysadmin to do all the actions by himself .. - or - so hereby I order critical sysadmin to do all the actions by himself, send "block this site form" with cacert.org and create the file named by this form onto the critical system

Intermediate Ruling #2

As by CCA 1.2 License is not transferable, so therefor user @ BugMeNot violates CCA by sharing an account. Intermediate action is to block the account until we have further informations.

Discovery

block request for cacert.org accepted - further info given thru the service

Your site has now been blocked from the bugmenot system. We reserve the right to unblock the site if this system has been abused in any manner.

Please note: if you operate subdomains such as members.site.com it is recommended you repeat this process for those sites also.

state: 2010-02-28 23:00

cacert.org passwords

Login with the free account passwords below to bypass compulsory registration.

    * New Search
    * Instructions

Find and share coupon codes
Site Blocked

This site has been barred from the bugmenot system.

info from PG: thought we have blocked Bugmenot 4 years ago ...
related account was created: 2008-05-04 11:34:43
T&C BugMeNot:

You further warrant that you have all rights necessary to authorize the distribution and re-distribution of any material you submit for inclusion or use in the bugmenot.com system.

 You will not submit sites that have any form of age access verification (COPPA).

 You will not submit login accounts for pay-per-view accounts or any other form of paid content access.

 You will not submit login accounts which you have no ownership of, or are not the responsible party for.

 If you are an owner, employee, partner, affiliate or representative (legal or otherwise) of any site which enforces compulsory user registration then you are forbidden from accessing any resource of this site. Failure to comply constitutes unauthorised access.

the account used was from @bugmenot ... but BugMeNot don't offers email services but have MX records on their domain
NRP-DaL: License - This licence offers you a non-exclusive, non-transferable 'PERMISSION TO USE' certificates issued by issuer
so CAcert and BugMeNot licenses contradicts each other, especialy "You further warrant that you have all rights necessary to authorize the distribution and re-distribution of any material you submit for inclusion or use in the bugmenot.com system."
2010-06-24 response to 2nd init mailing

<buggerking@bugmenot.com>: host mx-fwd-1.nearlyfreespeech.net[208.94.116.196]
    said: 550 5.1.1 <buggerking@bugmenot.com>: Recipient address rejected: User
    unknown in virtual alias table (in reply to RCPT TO command)

Ruling

I hereby order to close the account with the primary email address buggerking@bugmenot.com immidiately

CCA 3.5 Communication [1]
- ... Notifications to you are sent by CAcert to the primary email address registered with your account. You are responsible for keeping your email account in good working order and able to receive emails from CAcert.
- Arbitration is generally conducted by email.
and DRP 2.1 Authority [2]
- The Board of CAcert and the Users vest in Arbitrators full authority to hear disputes and deliver rulings which are binding on CAcert and the Users.
and an implication of the 2.6 Remedies and the Arbitration Act. In short: if a user refuses to respond, the termination of the account is the next step

Before "Delete an account handling", Support should check wether the account has addtl. email addresses set, has received assurance points, has given assurance points, has created client- and/or server certificates. In short: please keep a printout as PDF of the current state of the account. Please send this printout to the CM/A of this case.

After that, all certificates should be revoked.

All assurances given should be revoked (if there any).

All assurances received should be revoked.

All existing email addresses added to this account should not be removed as they are used in a breach of CCA. Also the primary email address should not be removed. Please add the email address mask for this case and replace the primary email address for that account with the arbitration case mask email address to prevent further usage of these email addresses creating accounts or using accounts.

The attempt of a BugMeNot user can be seen to underrun CAcerts CCA / DRP with such an account.

CAcert doesn't need that testing accounts outside CAcert's juristication. Every user can create an account, can test it, can create certificates for free. No other test account needed. As privacy is an issue, the users email address is secured, the users name is secure. So no addtl. obfuscation service is needed to keep the users privacy.

Frankfurt/Main, June 24th, 2010

Execution

2010-06-24 (A): ruling sent to (C), (CM), Support
2010-06-24 (A): sent exec request to Support, with request for a report
2010-06-25 (Support): current state of account in question and exec report [s20100624.142], one question remaining: Should I remove the domain?
- 0 Server certs
- 1 primary email address
- 0 secondary email addresses
- 1 domain (doesn't relate to the primary email address domain!)
- 0 client certs
- 0 Assurances made
- 0 Assurances received

Post Arbitration Ruling

The domain in question that is added to the account shall remain for at least 7 years, as this verified domain was used in a strawman attempt. To prevent usage of this domain in other strawment attempts, this domain should be kept for the duration given above. Deadline: June 23th, 2017

Frankfurt/Main, June 28th 2010

Execution II

2010-06-28 (A): Post Arbitration Ruling and info sent to Support regarding [s20100624.142], (C), (CM)
2010-06-28 (Support): sent exec report
2010-06-29 (A): case finished, closed.