Can Web Sites Go Offshore For Free Speech?

invoke asks: "All the recent stories about Web pages being yanked for various supposed violations of DMCA make me worry that I may inadvertently irritate some large corporation. What I am seeing now in America and the EU suggests that I would most likely find my Internet connection terminated with no real recourse, causing me no end of hassle. I can't afford to lose my connectivity, as I run several domains off my static IP. Therefore, I'm looking for a safe-harbor solution for hosting a 'vanilla' free speech site. I'm not intending to host warez or serialz, just stuff that might irritate people-with-money. Any suggestions?"

The "Radio Caroline" Solution

[jd]

Radio Caroline was a very popular pirate radio station in Britain, for a lot of years, precicely because it pandered to nobody. It was parked outside the 10 mile limit, putting it in international waters, where national law simply doesn't apply.

To do the same, or something similar, with a web server demands some additional resources, but is actually not that different in practice.

Instead of being parked outside of the physical legal domain, you now have to be parked outside of the virtual legal domain.

What does this mean, in practice? Using "pirate" IP numbers, a "pirate" DNS, and (most importantly) NO logical connection.

If there is no logical point of connection, then there is nothing to shut off. There is also no easy way of tracking where the server physically is.

In short, you must be able to intercept packets for your server at arbritary points on the physical network, and inject synthesised packets also anywhere in the physical network.

(By "anywhere", I mean more than 1 place, and the more places the better.)

Tunneling to a large number of proxies (ALL of whom have the same vhost IP/name) would be one way.

Another, less legal, way would be to borrow the same idea as used in DDOS attacks, but install a distributed proxy service instead.

A third method would be to extend the Gnutella protocol to support anycast proxying. (Essentially Gnutella is 9/10ths there, so this wouldn't be overly difficult.)

A fourth, -definitely- illegal and strongly NOT recommended method (but perhaps the most water-tight) would be to use one of the first two methods with injected routes. By this, I mean transmit valid BGP4 and/or RIP2 packets to a random set of routers, of which at least one is connected to each proxy. The injected routes would create randomly and continuously shifting paths to each proxy, making it much more difficult to figure out where anything is. Combine this with a randomly shifting IP address, and it becomes impossible to block or trace. Individual sysops could remove proxies, if ordered to or if not approved. However, with no burden on any one proxy and no continuous load along any one path, it's unlikely any given proxy would ever be found, or even objected to, if it was. (Most computer-literate people are closet Robin Hoods, whether they'll admit to it or not. Provided something is not interfering with legitamate use of resources, is unlikely to bring the Wrath of God down on their heads, and doesn't compromise "security" (read: bring their prawn collection to the attention of the media), most sys admins are likely to decide it's more hastle than it's worth... ...and bookmark the website for future "reference".

All these methods boil down to The Golden Rule of Real Security: DON'T put your eggs in one basket, and keep moving the baskets. It royally buggers up the egg-smashers.

Basic Problem of Connection

[sphealey]

The problem here is that the "offshore" site (non-US, non-EU) must connnect to the rest of the world through some physical connection. That connection is most likely provided by a peering arrangement with one of the global telecomm providers. And there is a major asymmetry of power between the smaller country and the {US,EU}.

So when your posting annoys someone with serious clout, they have a quite chat with the State Department and the interconnecting telecomm player. They in turn have private chats with their peers, and your site disappears. The alternative is for, say, voice service into that country to "stop working" for a few days, until the point gets across.

IMHO the best choice is to set up your own site with a local or regional ISP in your home country, get some legal advice, and fight the battles you need to fight. That's the only way to prevail in the long run.

sPh

well, actually..

[mcc]

yes, they were in there, but not in the manner they're used today.

The Congress shall have power.. To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;

In other words, the constitution only includes patents and copyright to a reasonable, non-unlimited extent, and "to promote the progress of science and useful arts". This isn't what we're complaining about. This is a good thing. What we're complaining about is patents and copyrights used as weapons for corporations to silence individuals, something that was added much, much later, far after the first amendment bits.

What was originally there is more or less to _protect_ people-- i.e. to stop someone from taking the work of others at the expense of the original creator, such as burning 3000 copies of "Dre 2001" and selling them on the street, in which case Dre is in a very real way failing to recieve money that was his due, because 3000 people who would otherwise have bought the album from Dre bought them from the guy on the street. Making the case that the patent/copyright stuff in the constitution was intended to prevent people from taking ideas and concepts from a work and using those ideas and concepts to create a new, independent work, as is done in the case of a parody or the music of Negativland.. well, that doesn't seem to use the same spirit as the parts of the U.S. constitution, seeing as a new work as such would be progress of useful art, and the original creator suffers no loss.

You'll also notice the bits in the original constitution do not contradict free speech, really, and i see NOTHING in there to support the idea of preventing the spread of information-- i.e. preventing information about a technology from being spread. The idea behind the patents was originally to encourage the spread of information-- that in order to convince someone to allow science to progress, they would tell the world how their process worked, and in return would be granted a limited-time monopoly on that process. The idea that something like the DMCA could prevent someone from spreading information they found independantly about a process-- say, cyberpatrol's encryption scheme-- is completely antithetical to the original idea of a patent and what the constitution says, even if the information about said process is in a language other than English (say, C++..)

You'll also note the "for limited times" bit. Current copyright/patent laws extend far, far past the useful lifespan of the ideas they encompass, and the lifespan of a copyright seems to get longer every time that the date of the expiration of Mickey Mouse's copyright comes within the forseeable future. You think it will _ever_ be legal for me to distribute a Legend of Zelda 1 ROM, no matter how long i live and no matter how many years have passed since Nintendo has gotten a penny from that game? Ha.

So yeh, copyrights and patents do predate free speech in U.S. law to an extent, but not in any manner that is antithetical to the idea of free speech.

Re:Set Up Your Own Web Server Or Go Offshore

[paulio]

I would recommend that you get a high speed DSL/Cable connection to your home and use one of the free DNS providers to ensure that people can always reach your IP from a domain.

I think that going offshore/self-hosting encourages a false sense of security. It seems like you have solved the problem but you haven't. This encourages apathy because the problem seems to go away. It seems like you have freedom of speech when you really don't.

You can still be shut down by your DSL service provider in the same way that your web host provider can shut you down. Nothing has changed.

Remember how in the old days, the internet was designed to discourage spam/commercial activity. When you got internet access, you promise not to do a bunch of things. One of them is spam so let's use spam as an example. The penalty for sending spam is that you get your service pulled and your account terminated. Your service provider had the same kind of contract with it's service provider. If your service provider allows it's customers to spam then it's service provider can cut it off. This continues down the line to the backbones. They have the same kind of contract. The agreement states that they will exchange data as long as there is no spam. The penalty for a backbone allowing it's customers to spam is that the other backbones will cut them off, they will not exchange data.

Remember the Spam King and the Ageis network? The Spam King became his own service provider connected directly to the Ageis backbone. It seemed like an ideal solution. The problem was that all the other backbones threatened to cut off Ageis' access to their backbones. Ageis was forced to pull the plug on the Spam King even though they didn't want to. If the other backbones had cut them off, they would have gone out of business.

Think about this globally. The US can pass a law that the US backbones cannot exchange information with "rogue networks," networks that don't follow US law. The US can pass a law that they will not trade with countries that don't pass similar laws. The UK can do the same. Pretty soon, there is no where to go.

If you don't think that this can be done, remember that until very recently, the US phone networks were prohibited from connecting to the Cuban phone network so you couldn't easily make a phone call from the US to Cuba. Yes, I know that the internet has obvious ways to route around this kind of block but big governments can put a lot of pressure on service providers.

Remember that service providers are corporations. Like it or not, they are amoral. Their loyalty is to shareholders not to your freedom of speech. If the CEO of a corporation puts your freedom of speech above shareholder value, he can be sued and he will certainly loose his job.

Ideas for anonymous publishing

[jonathanclark]

I wrote a discussion on how one might do anonymous/untraceable publishing on the internet:

http://jonathanclark.com/diary/anonpub/

I wasn't aware of freedom net at the time, but they use many of the same ideas. They do not do publishing (i.e. only outgoing connections) mainly for fear of legal problems.

Another method I've seen tossed around is to use redirecting proxy servers where URLs look like this:

http://site1.com/XXX
where XXX decrypts to -> http://site2.com/YYY and
YYY decrypts to http://site3.com/actual_content.html

The only trouble is getting people to run the proxy servers.

One other idea I have played around with is to use spoofied ping packets to transfer content semi-anonymously. It work by the connecting party somehow requesting the content and the posting their IP address. Then you, the server, send it to some random machine on the internet inside of a ping packet with a spoofed return address to them. This can be used to make the chain of computers between you and them very long - also making it travel through countries that are hard to get search warrents.
The main problem is making the initial request, but that could be done with a Gnutella like network.
The other problem here is the receiving computer needs to somehow specifiy which packets weren't received (because ping is lossy).

food for thought...

Depends on content.

[guran]

Most smaller countries would probably bend over if you posted something that really bothered some big enough company.

Your best bet is to find a host who agrees with your views.
Second best, find someone who might not agree with you, but likes to be trouble to the same guys who might not like your content.

Anti-MS: Post it on /.
Anti-Linux: Go MSN
Anti-[generic US company]: Post it in France
Anti-$cientology: Germany
etc.

Remember that *your* powerful enemies has *their* enemies too. They might not be your friends, but they could be your allies. Just be prepared to move when the wind changes...

Offshore ISP?

[AngrySpud]

I wonder if setting up a satellite-based ISP on a boat or something in international waters would work. Basically a big floating server farm, with high-speed satellite links.

If the Simpsons has taught me anything (and it has), it's that anything is legal in international waters :)

But seriously. It would have the benefits of being mobile and outside the jurisdiction of everyone. Of course, you would probably have some weather-related problems, plus the fact that you might have to "go down with the server"

Is offshore the answer?

[fmogavero]

I don't think that offshore is the answer. The Internet is a GLOBAL community. I think that big business is just that, BUSINESS. They are in business to make money and anyone that thay percieve is attempting to take away their fair share of the pie is subject to their intervention. How do we create a global community that is not subject to big business intervention? I propose a VPI. (Virtual Private Internet) Has anybody done this yet? Maybe Big Business is reading this right now and will steal the idea. Free speech is a constitutional right. Copyright is not. The only way to prove copyright is with sufficient documentation and witnesses to stand up in a court of law. I declare this message copywritten in my name. That is all the notice I need to put on this work to copyright it according to US law. International copyrights are a different matter. Now if anyone tries to use any of the words in this post I could try to sue them. (maybe Merriam Webster should sue the entire english speaking world) It won't stand up in a court of law, but I could still try. Once again I think a VPI would be the way to go. "hackers" could support "hackers" and exclude "big business" from infringing on that "net". W3 was a good idea. How about a new consrtium? VPI1?