Cyanogen mod is perhaps the best known modding community for Android that is followed by millions of Android users who are able to tweak their smartphones. Sometime last night a rogue member decided to pull the plug on the community and threatened to take it offline. The member, who had registered and had control over Cyanogen.com, was caught entering into referral deals under Cyanogen’s name and then asked for $10,000 to hand over control of the domain and email servers. When the team declined, he took down Cyanogen.com.
The Cyanogenmod team then changed their domain to Cyanogenmod.org and posted the following message.
We at CM are very trusting of our members, showed by both respect and permissions granted to those people we consider part of the team. Last month, this trust was violated in a substantial way. In the spirit of openness, here is what happened.
CM’s history is well established, with Cyanogen releasing his original ROM for the G1 on XDA forums. Back then, there was no “CyanogenMod” in terms of the organization and structure that we have today. The builds were hosted on Steve’s personal machine, the original server was a donation of spare kit from Phaseburn. And due to the small size (and lack of funds), the CyanogenMod.com domain was bought by a third-party back in 2009 and donated to CM, when CM was a much smaller project and had no online presence besides XDA.
Fast-forward 3 years, we have 3 extremely powerful build boxes donated by the community and an army of developers, contributors, and supported devices. But, a little over a week ago, things took a bad turn. The person owning the CyanogenMod.com domain was caught impersonating Steve to make referral deals with community sites. When confronted and asked to hand over control of the domain amicably, he decided he wanted 10K USD for it, which we won’t (and can’t) pay.
We contacted those he had established deals with, only to discover that the person tasked with maintaining our web presence was setting up deals under the CM name, and impersonating Cyanogen himself. Plenty of satisfying evidence was provided by those sites / entities to make us certain that this wasn’t a misunderstanding or one-time thing.
This leaves us at a critical impasse. Being trusted with CM’s web presence means this member had control over the CM social network accounts (Twitter/FB) as well as domains (cyanogenmod.com). We have changed ownership of the social media accounts. When asked again to make the transition nicely, he responded with the following
“Hi, so you think by removing all my access across the infrastructure was going to be a great idea? We had a chat yesterday, you’ve decided to end this bitter. How about I just change the DNS entries right now. CM will practically go down.”
Refusing to be extorted for funds, and then being threatened is “ending it bitter”? Today, it happened: all of our records were deleted, and cyanogenmod.com is slowly expiring out of the Internet and being replaced by blank pages and non-existing sites. @cyanogenmod.com e-mail is now being directed to a mailserver completely out of our control, too.
A few hours and probably a lot of backlash later, the rogue member relented and gave over control back to the team. They have now restructured internally and there is no single-point of failure with one person not having control over everything. They have also decided to use Cyanogenmod.org as their primary domain and from now on Cyanogenmod.com would redirect to that domain. The Android modding community can now heave a sigh of relief.