New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Sorry that happened to you. Hopefully you don't get any law enforcement questioning about it, altough if it does happen you should probably be in the clear. As for your PSA about hosting public services, yeah, gotta be careful a little bit. At least you "only" lost 3.5£ and a decent deal for lifetime, but, could be worse...
I'd just self-host for private usage or at most a select few who will then get credentials to access stuff.
And the reasoning they give is false. They should have just said "we choose not to let you appeal" and not framed it as if their hands were tied. Cheap is fine. Unforgiving is fine. But dishonest gets under my skin.
I think you can as long as it's not intentional. You have to remove it as soon as you can, and "as soon as you can" must be 48 hours or less. So you can't say "I'll leave it up here until the last hour" if you already know it's there and are in a position to remove it.
Wow. I can see why everyone is up-in-arms about the new "safety" act. That's insane.
It seems that it wasn't an error though. An appeal is "the report said this URL is CSAM but it's just a photo of some cute puppies, take a look at it yourself". And when they check, sure enough the report was wrong.
Unfortunately, whether intentionally or not, there was material hosted that violated the TOS and so the provider's actions are justified.
It happened more often than you think
Yep, that's what I was trying to say, but you worded it better.
On the contrary, the fact that it is so common is exactly why I disagree with xHost's actions (even if I recognize that they are in their legal right). I don't like when hosts continue to make it trivial for just anyone to take down any content for any reason. It rewards people who are willing to attack others by using illegal shit.
it wasn't, in literal sense, yeah. someone posted a paste with presumably an "image", reported the URL under CSAM, and got my site taken down.
The error itself was thinking it was my doing. but of course, the rules don't see it that way
This does apply though, if admins are responsible and remove content when asked within a reasonable time? If this wasn't the case many file hosts could easily be taken down, no?
Exactly. And even then, many hosts, forums, blogs, etc. have been taken down by trolls who post illegal images and then immediately report the images, knowing that there are some hosts that don't care who is responsible and will just terminate the account blindly. It's a favorite technique of KiwiFarms and has been used to attack and censor many LGBT sites.
It's entirely up to the provider how much shit they want to tolerate for the money you're paying them. In this case, their TOS says that they can terminate on any violations. So the onus is on the customer to make damn sure they don't violate the TOS if they want to stay hosted.
If the provider terminates on a false report, that's on them, and they absolutely should respond to an appeal if the report is wrong. But if the report is right, why should they disregard their TOS?
And also a provider getting hit with a lot of false negatives might decide that it's still not worth it to let the customer renew if it's consuming a lot of their time to process these requests.
But there exist the DMCA-ignore and privacy hardened providers for a reason. If you're hosting stuff that's going to get non-stop complaints about it, you should expect a regular provider to kick you to the kerb when a DMCA-ignore provider might not. But even sometimes they might decide it's just not worth the hassle if you're causing them other issues.
But no serious provider will shut down on the first report, otherwise it would be impossible to host any sort of community website. The SOP is to require the customer remove the content, or to give the provider an API to remove it themselves, and only terminate the customer if they are either responsible for the content or end up attracting an unusually-large amount.
It's their right to terminate for any reason, sure, but it increases abuse by rewarding those who use it as a weapon and it prevents the host from scaling up to host serious projects (unless they treat higher-paying plans differently, of course).
You shouldn't need to find a bulletproof host that's willing to run a Wikileaks clone or the next pirate bay just to be able to host a small phpBB forum or accept comments on a small, personal blog.
Yes. Imagine having your business site shutdown because your competitor supposedly submitted url linking to illegal content. What a nightmare!
It's just another attack on the individual/organization's reputation
Or the even more common situation: Being afraid to ban your community's troll because you know he could shut down your site single-handedly, even when you follow the law yourself.
Yes, in theory. However, all that human rights equality bs is not working. It is interesting situation because as VPS client you are responsible for the traffic, even if somebody else did it. On the other hand, the host can investigate but for £3.5 is it easier to just terminate, which is also understandable. We have got conflict of interests here.
Exactly my point. They should be, but they aren't. People who pay more will naturally be given more leniency.
self-hosting is a good idea depending on person who does it, however as you can see when it comes down to self hosting is always more responsibility, more time spent to handle the service yourself, more time to manage its content, more technically involved etc
if you simply ran a command to get pastebin on your server and allow public usage without caring about anything then you deserve to get terminated sorry hard truth.
So if you hosted a forum do you deserve to get terminated? Should people need to use bulletproof hosts for something as simple as that?
OP had stated that he was completely willing to remove the content when it was reported. That's a far cry from neglectfully keeping something up with zero moderation or oversight. You're painting this as if OP set up some service that's infamous for attracting the wrong kind of people and then sat back. A pastebin site is not that.
what do you mean, you create online forums and you leave people post whatever they want without any review or mods? here we are on LET for example, post something weird lets see what happens and how is handled. Like that everything needs to be maintained properly and actively if is for public usage.
I suspect you have misunderstood what happened. This isn't a case of an unmoderated platform with an AWOL admin letting things slip through the crack. Even the best moderators will not be able to moderate content with a zero nanosecond delay.
Just to play devil's advocate for a second, he kind of was AWOL.
He set up a service, which he says was intended only for his own personal use, then listed it as a publicly available pastebin service, and then paid no attention at all to what was being posted.
This is a far cry from just being someone's blog that was unfortunately caught up in someone's malice. This was knowingly setting up and publicising a service, without any attempt to make sure it was compliant with the TOS.
If he had just stuck to hosting his own personal blog, it'd have been fine.
Didn't he say he was there and ready to immediately remove the content when reported, but was not given the chance?
Imagine, hypothetically, that he could remove the content not just in 48 hours, but in five seconds. Literally sitting there 24/7, not sleeping, just waiting with his finger on "delete" and his eyes always on his inbox. Would you call that AWOL and paying no attention? Because that would not have changed the outcome. His service would still be terminated because the host gives him not 48 hours, not one hour, not five seconds, but no time to resolve the issue.
In other words, do you consider everything that is not pre-moderated and pre-reviewed to be neglect?
all of these are true, except (like i said before) i can't know anything that was posted because everything is encrypted. now if only i got the chance to delete it (which is taking down the website entirely), i would.
also no, i did pay attention. i offered to fix the issue, literally the moment they sent me that termination notice
I don't disagree that the OP made a mistake (PrivateBin with file upload isn't a good idea on a shared web hosting service that costs peanuts to begin with), but PrivateBin doesn't allow the admin to see the contents of a paste without the decryption key (which is part of the URL hash, something that isn't sent to the server). "Paying attention" to what was being posted in this case is practically impossible unless you either modify PrivateBin (making the use of PrivateBin pointless), or get some kind of abuse report.
Not always. The same host that terminated him also allows hosting Tor exits (in some of their locations, at least) which pass traffic that the operator cannot control yet, even in the UK, they are not legally responsible for.
The issue is that he did get an abuse report, but he wasn't given any time to handle it. He was then terminated after the provider confused a notice from INHOPE (which is a non-profit hotline) with a law enforcement-issued court order.
i think i understood it very well, he's saying from admin panel content is encrypted, and he still alowed it for public usage, that's like 0 fks given keep abuses coming until someone starts complaining.
I wouldn't call rapid, on-call moderation ready to remove offending content at the very first notice "0 fks given". OP was following the industry standard best practice for a site of his size: Paying attention to abuse reports and acting promptly.
it's not that i allowed it, it's the fact that i didn't know such vulnerability exists. had i known it, i obviously wouldn't have it public, i would just take it down entirely
The vulnerability being that file uploads were enabled?
no, that one can be enabled in the config, i don't argue that this is my fault. the vulnerability lies in the reporting process. the fact that someone can post something in it, report it and then have the "authority" knocking on the hosting's door, which leads to the impromptu suspension of my website (or service)