BugMeNot Is Gone?

zachflower 3 years ago |

Looks like it's just misconfigured. The non-https is still around: http://bugmenot.com

misterbwong 3 years ago | |

Looks like that's gone too

sph 3 years ago | | |

It's not, the HTTPS site has the HSTS header, so your browser will always redirect to the HTTPS version even if you try the plaintext port. Gotta clear your browser cache, or try another browser.

antx 3 years ago | | |

Not from here, no...

jbverschoor 3 years ago | | |

Hsts?

sholladay 3 years ago | | |

HTTP Strict Transport Security

It allows servers to specify that browsers should never even attempt to make an unencrypted request to the site and instead silently convert any such requests to encrypted requests.

This header is good for security but it’s also convenient for old sites that don’t want to update their existing links. They can upgrade the whole site to HTTPS without any content changes.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/St...

ricardo81 3 years ago | | |

https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Trying from another browser works

lhoff 3 years ago | | |

That stands for HTTP Strict Transport Security. Its a http header that basically tells your browser to only connect to this website via HTTPS/TLS for a configurable amount of time.

Its a protection mechanism that prevents encryption stripping man-in-the-middle attacks.

jbverschoor 3 years ago | | |

I know, that's why I mentioned it. The http site worked fine for me, so I figured parent post already has a HSTS entry in his browser

AdamJacobMuller 3 years ago | | |

works fine for me

titaniumtown 3 years ago | |

that doesn't work either

theCrowing 3 years ago |

It got less and less useful in the last years a lot of sites killed a login as soon as it hit bugmenot understandable to shut it down.

pifm_guy 3 years ago | |

Still worked for ~75% of sites I visited. Especially smaller sites and those annoying forums that required a login to download attachments.

DaiPlusPlus 3 years ago | | |

Web-browsers are a lot better at auto-filling registration forms correctly thesedays, and now that even Office 365 supports disposable e-mail addresses means that registering for online services is far less of a chore than it was before. Also, many sites support federated identity (OIDC, Sign-in-with-Google, etc) which also takes a lot of the pain away.

I remember in years gone-by, before data/privacy-laws were either introduced or widely understood by web-devs that sites would have all manner of required fields just because someone from marketing or management thinks they need to collect everyones' home address, age, home, work, and mobile phone numbers, and sex/gender - now that they legally can't (without a good reason) things are a lot smoother.

So in summary, BugMeNot is gone because the severity of the problem it aimed to solve (online registration tedium) has been reduced below the threshold of action.

1letterunixname 3 years ago | | |

No, that's not it: privacy from corporate tracking.

loeg 3 years ago | |

Yeah. It's been "gone" for a decade, in some sense.

dinobones 3 years ago |

I think the past 5 times I've tried getting a valid user/password combination from here it has not worked.

f0e4c2f7 3 years ago |

Hadn't used it in a while but I used to love this site years ago. Such a convience.

codefined 3 years ago |

It seems only the 'https' site is gone, the 'http' site is still around[0].

[0] http://bugmenot.com/view/news.ycombinator.com

scrapcode 3 years ago | |

Not working for me ~8 minutes later.

superkuh 3 years ago | | |

It's probably your browser trying to protect you from yourself, re: HTTPS. It works in non-user hostile browsers.

sph 3 years ago | | |

Which browser from this decade ignores HSTS completely?

neurostimulant 3 years ago | | |

Chrome can actually bypass HSTS if you enter the super secret code in the security warning screen. The code is changed regularly though, you'll have to check chromium source code to get the current bypass code. (e.g. https://chromium.googlesource.com/chromium/src/+/refs/tags/1... )

Very useful for testing but don't make a habit to use it on some random websites.

autoexec 3 years ago | | |

It works for me in firefox, but I've got it locked down pretty hard.

I have the following all set to false in about:config

  network.stricttransportsecurity.preloadlist
  dom.security.https_first
  dom.security.https_first_pbm
  browser.fixup.fallback-to-https

stuartd 3 years ago | | |

Safari on iPadOS 16 loads that just fine for me.

I’d forgotten all about this site, don’t remember ever using it but I certainly heard of it.

stuartd 3 years ago | | |

Haven’t managed to find a site (apart from HN) that it does allow yet!

jw1224 3 years ago |

I reckon this is because MediaTemple migrated a bunch of customers over to cPanel today…

My old (gs) website started showing the same error page within minutes of this being posted.

jmm5 3 years ago | |

They used to be hosted by NearlyFreeSpeech.Net

idonotknowwhy 3 years ago |

Still works via HTTP

Used it recently for ABC iview because now they require a fucking account, even though I'm paying for this through my taxes.

Used it about 2 months ago for a download off some random forum which required an account.

Great site!

Ptchd 3 years ago |

I stopped using this site along with retailmenot a long time ago as they aren't very useful anymore...

1letterunixname 3 years ago |

Mediatemple. Haven't heard that name in ages. It looks like they're still in CA.

alex3305 3 years ago |

With the amount of paywalls with 'Premium articles' the usefulness of Bugmenot declined IMHO. It sucks, because I used it quite a bit back in the day.

PontifexMinimus 3 years ago | |

I find for a lot of these webshites [sic], going into Firefox reader mode and reloading the page works.

Tanath 3 years ago |

Blocked in uBO by The Block List Project - Malware List.

1letterunixname 3 years ago | |

Block list without veracity or traceability doesn't mean much...

Tanath 3 years ago | | |

I was hoping someone would know why it was blocked as malware, thinking it might be compromised and that people should be warned. VT says it's safe though so it's likely a mistake. Not sure what you mean about traceability. You could check the github.

sdze 3 years ago |

Didn’t work in recent times anyway.

vborovikov 3 years ago | |

I check the copied password for whitespace and usually that's the reason for the password not working

sdze 3 years ago | | |

interesting. Will check again in future. Thank you.

aaron695 3 years ago |

BugMeNot was a good example of a pivot - RetailMeNot https://en.wikipedia.org/wiki/RetailMeNot ($90 million for the founders)

Which is why they let BugMeNot start slipping over a decade ago removing domains when requested, they didn't want to risk the cash cow.

sandykory 3 years ago | |

It wasn't a pivot - the founders were great bootstrapped hackers who wanted to try out different models.

They promoted RMN to BMN users which gave it a meaningful early boost.

Sohcahtoa82 3 years ago | |

Too bad RMN is garbage these days.

Either the promo codes don't work, or they're not even promo codes at all, just a list of sales. And half the time, those sales are expired.

I just use Honey these days to automate trying all the codes. Yes, I know I'm certainly giving away my shopping habits, but I don't really care.

dogma1138 3 years ago |

Never understood why people use it seems to be too risky.

You can end up sharing an account with someone associated with some unsavory activity and end up having to explain it.

Plus many sites allow users to view their login and download activity logs which means your private information can leak that way.

Sure VPNs and TORs can help mitigate some of that risk but BMN isn’t for opsec it’s for continence if you already are taking extra steps for opsec you might as well use disposable email addresses for your disposable accounts.

blackfawn 3 years ago | |

I only ever used it to access things that should not have been behind a user account in the first place. It was really just an opt out for the forced "sign up for our newsletter/spam to download our app" type paths. The only thing it'd really leak is that someone with a particular IP had used bugmenot... Which many would likely consider an advantage over going through creating an account and potentially getting spammed.

m-p-3 3 years ago | | |

I rely on email proxy for most stuff nowadays, so when I register an account I can at least temporarily disable the address used for this particular service if it gets too spammy.

Combined with a password manager it's mostly the only way to stay sane online.

dogma1138 3 years ago | | |

It doesn’t matter you use it to access a news article someone else uses it to issue a death threat as a joke or do something worse your IP is tagged on the same account and someone might come knocking.

Law enforcement isn’t even likely to know that the account is on BMN or even what it is. And what’s worse is if the rest of the IPs are foreign but you are local well congrats you’ve now become the focus simply for being within reach.

mid-kid 3 years ago | | |

That sure is a bunch of fearmongery. With how mobile everyone is these days an account can be logged into by hundreds of IPs, including residential IPs like friends and family. It's not a very significant data point for law enforcement unless they can find any actual dirt through that.

tjoff 3 years ago | |

You typically don't put in any information in these systems.

It is mainly to combat download links that require you to create an account etc.

I really don't see any risk if you use it for stuff like that. And they'd have to really put in an effort to even find you.

seri4l 3 years ago | |

I created several BugMeNot accounts over the years without any issues. I guess if any of them got used for unsavory stuff it would be pretty clear from the logs that the account was shared.

jbverschoor 3 years ago | |

Throwaway email addresses were not a thing.

Spam laws were not there.