New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
I Found this secret list about offshore domains, vpns and hostings is that even true?
GeorgeMarian
Member
in General
Hello,
I find this list, this have a lot of information, is all correct or are something that isn't correct? I'm surprised about VPNs and Domains never heard about those before!
https://docs.google.com/spreadsheets/d/1LJgDP-WfNxn604QfHU2MumdV7FvUQrDb5Ui7zgTYw9U/htmlview#
How accurate is this list?
Comments
It's absolutely not true. A lot of them are Novogara resellers, some are running their own ASN out of Dutch DC's like Serverius, a few are affiliated with the TPB crew and operate out of the same DC, and they quite simply aren't "bulletproof" (a lot of them are good for warez, though).
Quite frankly, I wouldn't entrust any type of data to 90% of those providers, and as it happens, I know them all. Lots of resellers, and lots of noobs, so you should be super careful, and make sure you research the provider thoroughly (if you can't find any type of corporate information, or if they're using obviously fake information in their IP blocks, just avoid them like the plague).
I looked at the one marked as Canada, wasn't Canadian at all..
It's absolutely not true.
How could an offshore hosting list not include our Antarctica IPv9 VPS?
If this is your list that you're promoting, please update our information. We're DMCA ignored in Amsterdam, and likely one of the most privacy friendly options available.
It has us listed as, "Maybe" for "Privacy" when we literally require zero PII. I checked two random "Yes" privacy hosts, and both required name/address/phone, etc. One even included this disclaimer, "Important Information: Orders placed via Proxy/VPN/Anonymizer services must pass a manual review."
At a first glance it's basically a stripped version of this infographic
Most of these just list random providers without checking anything - e.g. CRServers is advertised on both of those lists but requires passport number to buy their "private" VPS. LOL.
Shinjiru is from Malaysia and not Netherlands.
They take down domains/site when Malaysian authorities ask them to do so.
Like every hosting does. They need to obey to local laws.
as is every hosting provider with no operations in the USA. DMCA is only a US law and has no jurisdiction outside the USA.
There is hostsolutions.ro on the list. It makes me think, what really happened to @cociu ?
A copyright notice is valid whether it is formatted and sent as a DMCA notice, EUCD notice, or rather, as a "copyright notice". When something is sent in good faith (like a copyright notice will be), you, as a provider, are bound to act upon it, by default. That's pretty much how it is, and should you ever be audited, for whatever reason... Well, it would show something interesting: that you are willing to act confused when you're really not.
Some people don't quite understand whether it's called a DMCA notice in the whole wide world, or just in the US. But that doesn't make the notification of the infringement taking place any less valid.
I can bet (and will) $100 USD that anyone who says "DMCA ignored" hasn't hired legal counsel.
Any clauses about the DMCA are not applicable outside of the USA. If the notice only mentions the DMCA and associated infractions and remedies, then I'm not sure it's a legally-binding notice in other jurisdictions. Sure, the provider will likely remove the content anyways (if it's copyrighted in their jurisdiction), but the DMCA notice itself isn't a legally binding document outside the USA.
In your humble opinion, do you believe that whether or not you would be advised to act upon it based on the fact that:
a) It is a notification of alleged copyright infringement taking place on your network
b) It was sent in good faith
c) You are a network operator, and not the interpreter of the law, or rather, not there to nitpick whether or not someone has covered all of their bases, but you're there to provide network related services and police your network.
I'm not trying to be difficult, I'm just saying that that argument wouldn't fly.
You are in charge of your network, and how well you police day to day is pretty much what's going to decide your faith in any legal proceedings. Personally, it's asinine to think that you wouldn't have any legal consequences if you said: "I will reject DMCA's", and what it basically means is that if you re-send the same notice, but if you format it differently, we're going to accept it. Even though the non-action may have caused further damages to their intellectual property.
Put simply, someone could use the lack of action against you, and make it seem like you're willfully letting copyright infringers use your network, and that you're profiting off of the backs of the US copyright holders (because while it is no the biggest producer of entertainment content in the world today, it still does produce the most popular/pirated content).
I will say, however, that there is a big difference between saying: "I will reject DMCA's" and silently trashing them. As long as the carriers haven't been CC'd, and it hasn't been sent as a fax or by certified mail as well, you can basically act dumb and claim you never received it (as long as your logs aren't audited, obviously) but you get the point.
Oh yeah, the list is not really recent. Cociu was raided several times for hosting CP, which probably contributed a bit to his demise.
Audited by whom?
"Important Information: Orders placed via Proxy/VPN/Anonymizer services must pass a manual review"
That is default text from WHMCS. Same for the address, they probably don't check.
That's a good question.
Generally, only the government or the potential acquirer of your business. (But your bank also has the right to request additional documents, you can obviously refuse, but your account may be closed in that case).
However, it is entirely plausible that a simple tax audit of your IRS equivalent can trigger additional checks, which means that the government can actually check your whole operation, which includes checking your clients, how you interact with them (in case there is a belief that you're doing something wrong, e.g. aiding and abetting).
As far as the potential acquirer of your business thing goes... it could drive the price down if the acquisition seems too much of a high risk, and there ain't nothing you can really do about it if you dug your own grave.
Also, sometimes, in court proceedings, a judge can order a forensic audit based on not much else than the plaintiff illustrating that the company took different action in two identical situations simply based on profit, and not legality. So imagine that someone can prove, forensically, that you acted on a random notice that wouldn't hurt you and make you lose the customer, and that you claimed that you didn't receive other multiple notices where acting upon them would make you lose that customer's business because of them being forced to comply with the said notices of alleged copyright infringement. Think of it like this... you claim you never got them, and you swear to it, but the other side has forensic evidence that you did in fact open one of the emails, and that the emails haven't been rejected by the server, or that you replied to a sales question that was sent from the same IP address, thereby showing that you either willfully ignored the said notices, or that you have a system in place that trashes copyright notices automatically. A forensic audit would be necessary in that case, at least so that it can be seen whether or not you had acted with intent to protect a customer and/or customers that infringe on others' intellectual property.
Indeed it is, but on the surface at least your answer heavily conflates "possible" with "probable", which for a business owner ultimately boils down to the owners risk appetite.
The parties behind DCMA are very active. Care to back up your arguments above by providing case law of otherwise well run IT service provider businesses falling foul of DCMA (specifically DCMA, not copyright infringement in general) by declaring they would not enforce it outside the US?
In your opinion, which hosts comes closest to bulletproof?
What do you feel is the weakness with Serverius? Which Dutch DC is closer to Bulletproof & how do you feel about Ecatel/DataOne Datacenter?
I'm not 100% sure where ultra.cc has their network in NL (it was Novoserve) but they discard any DMCA notices.
Risk management is very much important in a high-risk industry like this, and not just in case because you want to be successful, or be able to sell it off later on, but also because it can impact your life negatively in case you go in half-cocked, not knowing that it's not as simple as selling servers (whether through reselling, or colo'ing) because you work in multiple jurisdictions, and you have to make sure you follow the different jurisdictions' laws, make sure you aren't harboring criminals (knowingly or unknowingly), people from sanctioned countries, spammers, etc.
Legally speaking, it's a very complicated business. If you're a serious businessman, and if you operate in multiple jurisdictions, you will likely have retained a legal professional to draft your legal documents (ToS, AUP, etc) according to your own needs, and you will have also likely retained someone's services to make sure you're following the laws of every country you operate in, or are closely affiliated with.
It's not a matter of "how likely is it that something bad can happen to me", it's a matter of whether or not you have all of your shit together, and any legal counsel worth their salt would tell you to eer on the side of caution, and not act out, or do anything that could endanger your business.
Find any big business that operates in multiple jurisdictions telling you that they will ignore DMCA notices, or that they differentiate them, even.
For example, LeaseWeb operates in multiple jurisdictions, and they will process notices based on provided information altogether, not based on whether or not the sender called it a DMCA or EUCD. It really doesn't matter one bit if you operate in multiple jurisdictions, or if you make use of any type of services from the said countries.
If an Iranian company, without any ties to US/EU ignored DMCA notices and says that they will only obey with notices for locally protected intellectual property, then that is their right, and if you want to, or feel like it. You can sue them in their own jurisdiction, otherwise... you can sue them right there in the US or EU if they have provable links/ties to either of them. They're not providing any services to your countrymen, and they don't have any ties with your country, so there is no point in doing anything about it. It would be a different story if that Iranian company actively solicited English speaking clients, and marketed it as a way to profit off of US/EU intellectual property, though. But that's precisely the reason why it's always going to be hosted in Iran, locally and not in some random US/EU datacenter.
And that's kinda what's at issue here: you can claim anything you want. Same like what Sven from CyberBunker did initially, how it's its own jurisdiction, etc. Truth is, it was never, and couldn't have been truly bulletproof due to the fact that the carrier was Dutch, and that no one would take it seriously to begin with.
I don't know what you mean by well-run, because they can't be well-run by definition if they don't understand that words have consequences, and that they can be used against you, and have everything taken from you.
Put simply, you need to be worried if a provider openly says that they will ignore DMCA's. Whether or not any of them got into any immediate legal trouble for doing so is something we can only speculate on.
But more often than not, external pressure is applied to ensure swift compliance, and they simply go after the datacenter, carrier or their most important peering partners along with the payment processors.
And guess what? It always works.
If someone wishes you well, however... they would tell you about the associated risks, and they would tell you that you need to seek legal counsel if you want to operate legally (a lot don't), and without any issues later on.
Disregarding normal KYC practices in today's world, claiming that certain types of notices are ignored, etc... it makes it really easy for anyone to go after you.
It really depends on what you want to do, though.
If you're interested in hosting politically sensitive content, then you should always go with the US, period. You obviously need to find a friendly datacenter that you can work with, and be sure that they won't pull the plug because of some extra heat, and if you have extra funds, then getting yourself an ARIN membership acts as an additional layer of protection. So, any friendly US datacenter will be bulletproof when it comes to politically sensitive content, because you would find it impossible to stay online in EU, even with someone like Ecatel/DataOne.
Copyright infringement is easy, especially if you don't go after English speaking countries, and if you do go after English speaking countries, then as it was said before: DDoS-Guard as a reverse proxy, or Ihor/Marosnet. Fully Russia based datacenters will probably start ignoring all copyright related notices now, so it would make them pretty much bulletproof. Although, one thing that's important to note is that DDoS-Guard operates in RU, UK, NL, EC... so it's a bit more complicated, since they have to keep those relationships and the bandwidth... but so far; I've yet to see them do anything to Alexa 500 sites that have been subpoena'd to oblivion on CloudFlare in the past.
Serverius is fine, but they will force you to comply, regardless... there are a lot of companies operating out of Serverius, and one of the better known ones is Inferno.name, they're Belarusian and they pretty much hold the market when it comes to illegal porn sites.
That was previously held by the well-known Ecatel/DataOne, and whether it was a fortunate event for some or not, they were pretty much destroyed.
While it does appear that nothing changed on the outside, they do KYC and they respond to complaints now, regardless of the format.
It's important to note that DataOne is a separate entity (the datacenter that's owned by them) and friendly/associated companies like SpectraIP operate out of it, but Ecatel/Novogara have their servers elsewhere (for most of the clients).
Interesting & thank you. I indirectly use DataOne now & didn't know they had been so badly damaged. So DataOne has partly caved to all the media heat they received in the Dutch press? I've been waiting for DataOne's new DDOS protection package slated to be out soon.
And what datacenter is closest to bulletproof in Iceland for politically sensitive speech? Perhaps Thor who used to host Pirate Bay & who seem to be hated by the anti-freespeech type?
Does even Thor not approach the political protection of Novogara? Initially, I've chosen Thor for political speech but it sounds like Novogara may be better for that?
I suggested you offer up some credible examples to back up your strongly held legal views. Instead, you breezed past that and offered up further opinions and explanations. Fair enough, this is a forum after all and lots of people like to play lawyers on the Internet.
And what datacenter is closest to bulletproof in Iceland for politically sensitive speech? Perhaps Thor who used to host Pirate Bay & who seem to be hated by the anti-freespeech type?
Does even Thor not approach the political protection of Novogara? Initially, I've chosen Thor for political speech but it sounds like Novogara may be better for that?
They were raided, and had to start performing KYC retroactively, and they were forced to remove the Bitcoin option.
You have to give props to them for being able to save the companies, at least.
If it were still possible to do no-KYC and still be legal, Ecatel would be doing it. They were at it for years, and they made their money.
They will do their best to keep you online, if they can, but it also depends on what kind of political content we're talking about, though... if it's something like The Daily Stormer, you would struggle keeping domains (they recently lost all of their Chinese-held domains, along with the Russian ones too) and it would be difficult to keep hoster relationships short of relying on reverse proxies, but if it was something along the lines of Stormfront (which you can condemn, but is 100% legal) you'd be absolutely fine in the US.
Stormfront hosts with the Texas-based Limestone Networks.
To be perfectly honest, I would avoid Advania (Thor) because of, from what I can remember, some shadiness in regards to SilkRoad's servers getting tapped and the fact that they are seen as a target, because ever since Assange set up WikiLeaks there, Iceland has been enjoying some pretty good reputation when it comes to free speech, even though we really have no idea how many times Advania received requests from the US government, etc. What they wouldn't be able to do in the US, they were somehow able to do in Iceland, because if I am remember this right, one of the agents went to Iceland and was allowed access into the dc during the SilkRoad investigation.
It's pretty expensive, over-hyped, and probably seen as a hotspot when it comes to people wanting to run darknet markets (thinking that they're safe), and libertarian projects (a la f the government), so imagine you did something like Jim Watkins did with 8chan (as in, if you made a site that big and had a guy post a terrorist manifesto), there's no way the site would have stayed hosted in Iceland. He would have been labeled a nazi and thrown out. Whereas even though it obviously would have some issues in the US, it wouldn't have them to the extent of being thrown out.
Jim runs his own network in the US, but it's very old, and it was getting constantly DDoS'd and he very likely didn't want to jeopardize his other businesses which he hosts there, and he simply made the choice to move the site to the Netherlands, and he found home with the Russian company called VDSina, and they, by coincidence or not, colocate their servers with Serverius, which has a very high popularity with Russian companies, and customers. (Fun fact: King-Servers, Russian company closely involved with the now-arrested Pavel Vrublevsky of ChronoPay colo's at Serverius, and 6 of their servers were alleged to have been used to hack into the Arizona and Illinois voter databases in 2016).
I thought that you would understand that no legal counsel would let you write anything of that sort on the website (DMCA ignore, no KYC, etc). Tbh, maybe ask the hosters that do that if they actually consulted a legal professional if it was OK to do so? I'm just interested in what they would tell you. If they will be honest and tell you that it's out of their budget, and that no one vetted anything they wrote (or write on public forums) or if they would lie to you and say everything is fine.
P.S. You can look up and read the bit about Ecatel, they never cared about KYC and it was fine because no one was checking up on them and they didn't do it in a blatant way (they had information on every client, but it was dummy information -- unverified) and a little while ago, they were raided and had their Bitcoin wallet seized, and they had to force all their customers to do KYC (with a valid phone number). If they, in spite of actually having some client information (dummy or not) got raided and forced to do KYC just because they got too big, imagine what can happen to someone smaller? And no, it's not that easy to find verifiable cases of hosters getting into trouble other than having to change datacenters or payment methods. Which is still quite a big deal in my opinion, because you should never burn any bridges, especially in business.
It's just words at the end of the day.
Sir, it heartens me to see the effort and time you put into delivering your missives. I do fear however, that given the attention-span of most members of this fine community, you may be spending your time in vain.
Fucking hell mate, you don’t half go on about fuck all.
@Nekki I read everything
ipv9 vms there great @yoursunny
His point was that half was useless blather and really needs to shorten the shit up. TWC also needs to be friends with periods (".").
Agreed, you can tell he probably does journalism work and is great at it... but is putting way too much effort in for the given audience lol.
Thank you, Nekki. I don't mind if it helps someone.
I'm not telling anyone that they shouldn't be making money off of the whole offshore hosting shtick, but at least try to be sneaky about it, so you don't lose locations, payment processing, or worse, get yourself in legal trouble... I sleep better at night knowing I said it, now whether or not someone took me seriously is a different thing, but if you end up running things by legal counsel, you would soon learn how many things don't fly. Whereas if you just do things on your own, without checking anything, well... anything can happen.