Slashdot Mirror
Web Hosting For Privacy Activists?
BritishColumbian writes "I'm thinking about setting up a Web site driven by user submissions. I was wondering which locations have the most liberal (i.e., libertarian) privacy laws. There are some great hosts in the US, however there have been so many FBI requests for user data that I don't want a server hosted under US jurisdiction. Does anyone have any thoughts/suggestions as to a suitable jurisdiction? It doesn't look like Sealand's HavenCo is guaranteed to be privacy-friendly any more."
What's wrong with geocities? :p
I host my website from a mini server taped to the back of the toilet in a local coffee shop with free wifi. I change the battery twice a month.
I don't want a server hosted under US jurisdiction. ...as of lately, nearly the entire planet is under US jurisdiction.
Tor has a few blog hosts available. That way nobody would know who's hosting it. Of course, only tor clients could see the blog....
OTOH, you could just create an account on blogspot while you're on Tor, and only post to it via Tor. That should keep you kinda safe, as long as you don't reveal yourself on the blog.
Care about electronic freedom? Consider donating to the EFF!
https://www.nearlyfreespeech.net/ They will allow you to pay in cash, anonymously.
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
xs4all.nl is brave enough to face $cientology in a 10-year lasting court case. And winning!
Well basically nowhere!
Let's say you find a hosting company in a country that is very libertarian and will not comply with any request for info.
The routers to that place can be sniffed here in North America (or anywhere along the route) and voila the trick is done. Not as easy as getting logs but...
If your subjects are that hot, then an easy break-in into the premises of that hosting company. (or a bribe). Remember Watergate?
hosting in another country won't save you. if they find out who you are the government will just arrest you anyway, they don't even need a real reason these days.
If you mod me down, I will become more powerful than you can imagine....
If your server is hosted in a safe area but you (the owner/responcible operator) reside in the US. Can the FBI contact or require you to provide that info?
Having it hosted in a safe are only protects the hosting company. The FBI will not get anything from them, the next step is for them to contact you (if they can figure out who you are).
Atleast that way, you know when the FBI is trying to get info about you or your users.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
go after terrorist organizations, child pornographers, etc.
if you are hosting such things, you deserve to be hunted down
but with your jibe at "libertarian" one assumes you are the usual privacy absolutist who simply doesn't understand the government has no interest in you. it inflates your ego to think anyone in society or the government actually feels threatened by you
it is of course evil for governments to oppress people just for speaking their minds
luckily for you, unless you are in iran or china, no one is going to do that
people actually do evil things in this world, and governments actually go after them for that. and that's a good thing
Right on!! I am all in favor of the government doing everything they can to hunt down and kill terrorists, child molesters, and people who type in all lower-case and consider periods optional.
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
You have a few options, the first being Havenco in the micro-nation of Sealand, which is an old WWII off shore platform that claims sovereignty. They have not, however, been recognized by other states, leaving their international legal status in limbo. They do claim, however, to not be under the jurisdiction of other nations laws.
Your second and cheaper option is hosting via Tor network. There are a few blogs and other sites hosted via Tor, although there are some technical difficulties involved.
Be aware, if your privacy blog angers a powerful entity such as China, they can choose to just block all traffic to your site, rather than forcing your site offline.
--Boycott Nokia - Stop corporate Greed. Nokia, connecting people with the unemployment line.
Bluntly put, but not untrue.
Basically, you're going to have to pick the least-bad option. The idea of 'data havens' where conventional meatspace law doesn't apply is sadly seeming more and more like a lost concept. It seemed possible during the early 90s, when government and the big corporate interests really hadn't caught on to 'the Internet,' but now that they have, it's going to become more and more regulated, just like every other area of human endeavor. It was fun while it lasted, I guess, and it'll make a neat story to tell our kids about, but the party's basically over.
Where you want to go depends on the specifics of what you're doing. Political speech, particularly political speech directed at other countries, is relatively well-protected both in the U.S. and the E.U. Although I'm pretty unhappy with the current security paranoia here in the U.S., I think it's unlikely that you'll get in trouble unless you actually start advocating 'direct action' (terrorism) or have a cozy relationship with people that do. In terms of formal legislative safeguards on political speech, the U.S. has a more absolute freedom-of-speech doctrine than many European countries and Canada.* Where you will run into trouble in the U.S. (viz political speech) is when you are saying things that can be construed not as speech but as 'action' or as appeals to action. Saying things that are highly politically unpopular in the U.S. may get you put under surveillance or monitoring, but probably won't land you in a lot of legal trouble or get you locked up. Bottom line: if you're looking to deny the Holocaust or write nasty-but-true things about just about anyone, the U.S. is the place to do it.
Where the E.U. becomes the superior venue is if you're doing things that would be a crime under certain U.S. intellectual-property laws drawn up by the megacorporations that essentially own large chunks of Congress. Hollywood is a double-edged sword: it likes freedom for political speech, but really hates freedom if it might negatively impact this quarter's bottom line. Thus while you can advocate genocide in the U.S., linking to copyrighted material may land you in prison. For that sort of thing, you're better off in Europe, probably as far north as you can get. (E.g., Sweden.) You're also probably better off in Europe if you're looking to do something that's edgy and involves sex; I'm not sure that the laws per se are a whole lot better, but overall attitudes may result in those laws not being used as aggressively to bludgeon you.
There are more minor specialty venues that you might want to consider if what you're doing involves money changing hands. Antigua in particular seems to be a popular choice for shady financial-transaction sites (cf. 1MDC) as well as gambling. Exactly how tolerant they'll be of (U.S) copyright-violating material, as a result of the recent trade decisions, remains to be seen. I wouldn't hold your breath for a Bittorrent Free Zone, though.
I admit to not knowing a whole lot about privacy laws in Asian countries but I get the impression that they're more restrictive than the U.S. in many cases. One datapoint: 2chan, the popular Japanese imageboard, is run out of the U.S. to shield it from Japanese authorities and law.
Really, I don't think there's any place you can go where you'll get 'total freedom,' except maybe Freenet (and it's really slow and impractical to use). You need to think hard about what type of content is going to be the most problematic, and then choose a hosting location that's going to be least hostile to it.
* To wit: Many European countries prohibit certain types of political speech under the guise of 'hate speech' laws and anti-Nazism/fascism policies. Although Canada isn't nearly as bad, their Bill of Rights-equivalent document, the Charter of Rights and Freedoms, "guarantees the rights and freedoms set out in it subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society," a cave
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
And you might consider consulting one (if you have the money). You might also consider exactly what sorts of liability you'll be exposed to and search for jurisdictions with the most lax regulations in that area. You say that your site is going to be driven by user submissions . . . are you worried about copyright? You say you're worried about the FBI requesting user data, is there any particular reason you think the FBI will ask for your user data (that is, will you be requesting submissions on political/revolutionary/Islam topic areas? I suppose one could even piece together a user submission website dedicated to the discussion of criminal activity and how one might go about practicing crime . . . clearly an exposed place to be).
Also remember it isn't only the FBI that can compel disclosure of user identities. The Think Secret/Apple, Inc. lawsuit proved that. A foreign jurisdiction might make it really hard for the government to get at user data, but make it really easy for private parties to do so in a lawsuit. Also consider, however, that if your servers are in a foreign jurisdiction then U.S. constitutional guarantees may not apply (you might say that they don't apply here anymore, but I would submit that they protect you at least a little bit). That could mean that if the government wants your user data, and the servers are outside the U.S., they could tap/hack/physically break in and get the data they want w/o even the pretense of judicial sanction, and w/o even the possibility of court action for you.
My point here is that jurisdictions treat privacy differently across subject areas and differently depending on who's asking or taking the data. Find the subject area that your website most squarely fits under, and then find a jurisdiction with the most protective privacy laws, on the whole and against everyone you're scared of, for that subject.
Nazi Germany 1933-1945. Thanks for playing!
Singapore?! The you-must-register-to-buy-chewing-gum country? I don't think so.
The masses are the crack whores of religion.
riseup.net
From their Privacy Policy:
Please delete your user data (No contact info means that they can't be forced to give something which isn't there. Drawback: forget your password, you're screwed)
We keep minimal logs
We do not share data with anyone
We will defend your data
We will not monitor your communications
Your data is encrypted
(No, I am not affiliated with them, just found out about them this week myself)
You might want to consider the Scandinavian/Baltic region.
;-)
Sweden, Norway, Denmark, Finland, Greenland are all pretty protective about their citizens privacy. Provided your sites contain only "controversial" (but not illegal) content, you would definitely be in the clear!
Illegal content would be: child pornography, copyrighted material for which you do not have the distribution right, neo-nazi propaganda and holocausts-denial. Pretty much everything else is accepted. Including blasphemies drawings
Germany is also a good bet - but you would have to add "scientology" to the list of illegal content
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
If I were you, I would first recognize that no matter how careful you are, there will always be a chance of someone (the govt, your web host) with the authority to take down the physical server hosting your website. So I would physically host the site in at least 3 different countries. Use DNS to spread the load on the different locations (all are active at any point in time). If one of them get taken down, update the DNS accordingly to redirect traffic to the other locations, and start setting up one more server in another country (have the technical procedure clearly described and easy to follow so multiple people you trust can follow it). Of course you need to have the user content posted to any location automatically replicated to the others. (Notice how this sounds much like NNTP).
If someone succeeds into getting administrative access to your DNS records, register a new domain name and get the word out to communicate it (IRC channel where you guys usually hang out, a post to some other forum, etc). Or just communicate the IP addresses prominently.
Good luck to someone trying to take down something hosted as described above ;-) Choose the right 3 countries and, because of red tape, no governments will ever be able to successfully cooperate to take down the 3 physical servers at the same time.
There are two big things with this.
:)
:) (short story, our customer handed over an exploited server. It was only because it was exploited, it had nothing to do with the content. They had already put a new machine up with restored content, as good exploit protocol suggests.)
:)
First, any provider can and will give in to pressures. Just because they're not "in" the United States doesn't mean that they won't be leaned on by the United States.
Every provider connects to someone else. Otherwise, you being on your residential Cable/DSL/whatever wouldn't be able to reach Rajhed's IndiaPorn.
Being that it is true, the gov't could simply lean on American held companies, or companies with American interests, to find out who you are, find out what's on your servers, or simply get you unplugged. Just because you host at Sealand, in central Siberia, or whereever, you still run the risk of provider A strongly encouraging provider B to do something about it.
Been there. Done that. Got the Federal agent sitting in my office about it. Of course, I played stupid until I found out what the hell he was talking about, and then made some phone calls to find out the rest of the story.
Second, what the hell do you think you're going to say, that will get the feds knocking on your door, on the hosting facility's door, etc, etc?
I run http://freeinternetpress.com/ . If you read what we say, and have said for years, by all the legend of the National Security letters, we quite likely should have our phones tapped, servers confiscated, and been visiting Southeastern Cuba for more than a few days.
In reality though, we've had every (like, EVERY) intelligence agency in the world read our news. That was scary at first, but I made some friends (through other means) who had worked in intelligence, and they broke the bad news to me. The feds aren't watching us because they're interested in getting us. They're watching us because we are a good news source. Even though we've NEVER had a single contact regarding Free Internet Press, we're read every day. Above that, you'd be surprised to find out how many intelligence agencies there are out there. It took us quite a while to decode a lot of the hostnames, even when we ran them up and down a few of our grapevines. My favorite that I still like to brag about is eop.gov . They were monthly visitors.
I haven't bothered to re-check our logs to see what odd hostnames come in any more. It's entertaining, but serves no other purpose.
I'm VERY close with my hosting company. (like, VERY). I'd know the moment they were sniffing around, mostly because I'd be the one to open the cabinet door for them.
If it came down to it though, we'd just dump the hostname off to another server (I have a few spare hosting accounts in my pocket, all under different people's names, at different facilities), and put it right back online with a big notice "WE GOT SHUT DOWN BY THE FEDS, Here's the documents!"
If I didn't do it, there are a dozen or so other people with enough access to do it for me. Like, if I ended up in Southeastern Cuba, with an orange jumpsuit, a blanket, and a copy of the Koran (they issue 'em to everyone, from what I understand).
So, what's going to keep you from landing in hot water?
1) Don't say you're going to kill someone.
2) Don't threaten to blow something up.
3) Don't make claims above and beyond anything you're really willing to do.
For example (EXAMPLE!) if you were to say, "I'm going to blow up the Whitehouse tomorrow", if you're not serious, you're stupid for saying it. If you are serious, you deserve to get beaten down and thrown in jail for a long time. While I'll disagree with
Serious? Seriousness is well above my pay grade.