amuck-landowner

Seeking servers sponsorship for project

William

William

pr0
Verified Provider
US based company? Is the owner in the US or US citizen? UK Citizen? EU citizen?

If you answer *ANY* of the above questions with yes your project is damned and will simply get a permanent tap from the US (see Hushmail) or UK government or a local agency on request of the UK (which *HAS* to be fulfilled inside the EU if you are EU or UK citizen) .

If you don't comply you go to jail (coercive detention, if not more) closed down (see Lavabit) or bankrupt (Frozen bank accounts and alike).

For a project like this the owner best stays anonymous, pay servers with bitcoin, rent anonymous domains and host somewhere where nobody cares AND block ALL local IPs of this country - Russian police and FSB only care much about sites that work in Russia at all, for example (which is why many (mostly german) warez sites block all RU traffic).
 
Last edited by a moderator:
R

RTGHM

New Member
William said:
US based company? Is the owner in the US or US citizen? UK Citizen? EU citizen?

If you answer *ANY* of the above questions with yes your project is damned and will simply get a permanent tap from the US (see Hushmail) or UK government or a local agency on request of the UK (which *HAS* to be fulfilled inside the EU if you are EU or UK citizen) .

If you don't comply you go to jail (coercive detention, if not more) closed down (see Lavabit) or bankrupt (Frozen bank accounts and alike).

For a project like this the owner best stays anonymous, pay servers with bitcoin, rent anonymous domains and host somewhere where nobody cares AND block ALL local IPs of this country - Russian police and FSB only care much about sites that work in Russia at all, for example (which is why many (mostly german) warez sites block all RU traffic).
Click to expand...
Officially the owner is a man based in the Bahamas. I'm the lead developer, and the domain is registered in Czech Republic (we were going to go with Bahamas for domain also, but it was 17,345.85 CKZ / year).
 
William

William

pr0
Verified Provider
Then forget it - Bahamas are entirely owned by the US. See FULL TAP or EVERY phone in the Bahamas by the NSA (leaked by Edward Snowden).

CZ will also comply with US orders, like 95% of the EU and 50%+ of any other country.
 
R

RTGHM

New Member
William said:
Then forget it - Bahamas are entirely owned by the US. See FULL TAP or EVERY phone in the Bahamas by the NSA (leaked by Edward Snowden).

CZ will also comply with US orders, like 95% of the EU and 50%+ of any other country.
Click to expand...
Bahamas is tapped by NSA, sure, however we are not talking about "classified" information - so it's fine.

Also, CZ will comply with US orders, sure, I am not worried if the Americans would like to know something - they can more than happily request information about something, however it must be signed off by a local judge in the area the server is hosted in, on top of that we'll have a lawyer vet the document in order to ensure it's valid. Additionally - we store no sensitive information - our database server will be in a different country than front-end servers, the only "important" thing we store that doesn't get destroyed after 5 days is usernames, even at that - they're encrypted using one-way encryption.

Also, we have 5 extra backup domains registered, so if one gets seized we're up within 12 hours again on a new domain. Each domain is paid off for a minimum of 2 years.
 
William

William

pr0
Verified Provider
however it must be signed off by a local judge in the area the server is hosted in
Click to expand...
If you, the company or the server is based in the USA... not really.

A subpoena from the US to your DCs will simply override your own company and jurisdiction. (Yes, this happens daily - I implemented more than one wiretap on DC level without customer knowledge (prohibited by court order)) - Most EU countries further do NOT need a judge to sign orders for wiretaps and hardware confiscation, only the public attorney is required to sign (happened to me personally in Austria (Austrian police), Bulgaria (Europol) and Poland (Europol/NATO)).

I did not look into your system yet but if the encryption key is stored *somewhere* at all it can be confiscated by US authority.

(Yes, i am 'overly' paranoid, but after both Hushmail (CA based) and Lavabit (US based) cases this is expected)
 
Last edited by a moderator:
Aldryic C'boas

Aldryic C'boas

The Pony
RTGHM said:
Also, CZ will comply with US orders, sure, I am not worried if the Americans would like to know something - they can more than happily request information about something, however it must be signed off by a local judge in the area the server is hosted in, on top of that we'll have a lawyer vet the document in order to ensure it's valid.
Click to expand...
You've never actually be in a position to experience what happens when the Feds come knocking, have you?  You sound far too optimistic and "of course they'll follow their own laws".
 
R

RTGHM

New Member
Aldryic C said:
You've never actually be in a position to experience what happens when the Feds come knocking, have you?  You sound far too optimistic and "of course they'll follow their own laws".
Click to expand...
This will not be my first time having feds come knocking, and I doubt it will be the last. I've had them come knocking 2-3 times already for other, un-related items.
 
Aldryic C'boas

Aldryic C'boas

The Pony
You've been lucky.  We've seen neighbouring racks at old DCs have gear pulled without the owner even being informed simply because the Feds walked in and the DC was too scared to tell them 'no'.  We almost had the same happen to us, but Rob doesn't tolerate that kind of power abuse, and bought us time to get in and placate the suits before they ripped our nodes offline.

I'm prior gov myself (Army and DOD), and I can pretty much promise you that very, very few suits would even pretend to keep your interests or rights in mind when they have a job to do.  Just sayin', be careful, and don't trust the law to protect you.
 
R

RTGHM

New Member
Aldryic C said:
You've been lucky.  We've seen neighbouring racks at old DCs have gear pulled without the owner even being informed simply because the Feds walked in and the DC was too scared to tell them 'no'.  We almost had the same happen to us, but Rob doesn't tolerate that kind of power abuse, and bought us time to get in and placate the suits before they ripped our nodes offline.

I'm prior gov myself (Army and DOD), and I can pretty much promise you that very, very few suits would even pretend to keep your interests or rights in mind when they have a job to do.  Just sayin', be careful, and don't trust the law to protect you.
Click to expand...
Yes, well, if only we taught those datacenter staff to have balls to say "no, come back with warrants" - we'd make their life harder, and give us time to correct something that might of went wrong. DOD, department of defense?
 
You must log in or register to reply here.
Top
amuck-landowner