[liberationtech] Secure Your Domain - Where Is Safe to Register a Domain Name? - Gun.io

Yosem Companys companys at stanford.edu
Mon May 7 23:01:36 PDT 2012 

https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/

Secure Your Domain - Where Is Safe to Register a Domain Name?

By Rich Jones, Mar 7, 2012.

Across the globe, governments have adopted policies of seizing domain names
as a way to shut down content they find objectionable. This has become a
primary censorship tactic of the United States government (through the
Secret Service, Immigrations and Custom Enforcement, DHS, and the
Department of Justice, via the FBI and the DEA), and it seems that we have
set an example, as the domain seizure tactic has been used by other
oppressive countries, such as inthe Libyan seizure of
vb.ly<http://techyum.com/2010/10/official-vb-ly-link-shortener-seized-by-libyan-government/>
.

[image: secure your domain name]
*Get used to seeing this.*

Even more worryingly, we've recently seen the United States Secret Service
seize a domain of a startup company, *JotForm*, entirely because of user
generated content<http://www.geek.com/articles/news/form-creation-site-jotform-seized-by-us-government-due-to-user-content-20120216/>.
If this trend continues, it could mean very bad news for young
entrepreneurs looking to build the next YouTube, Facebook, or Google. *So,
where in the world is safe to purchase a domain name from?*

[image: secure your domain name bill woodcock]
*Bill!*

To find out, I talked to Bill
Woodcock<http://en.wikipedia.org/wiki/Bill_Woodcock>,
director of Packet Clearing House <http://www.pch.net/home/index.php>, a
non-profit research institute that supports operations and analysis in the
areas of Internet traffic exchange, routing economics, and global network
development. Basically, they make the internet go.

This is what we discussed.
Criteria

Before we make our list, we need to define some criteria for what we're
after. We aren't just interested in a finding a country to host our domain
for our user generated content (which could mean anything from cat pictures
to pirated sports streams), gambling website or porn site, but also one
which will also stand resistance against political attacks, as well as
logistical ones. So, let's get started.
The Real Issue

[image: secure your domain name avoid verisgn]
*Yeah, right.*

Before we get really nitpicky, here's the one-line take away message: *Avoid
VeriSign.* Almost all of the domain seizures so far have come with the
involvement
of VeriSign<http://www.wired.com/threatlevel/2012/03/feds-seize-foreign-sites/>.
Verisign is the authoritative registry operator for two of the most
important top-level domains, .com and .net. It is also the contracted
registry operator for the .name and *.gov* top-level domains as well as the
country code top-level domains .cc (Cocos Islands) and .tv (Tuvalu) (
Wikipedia <http://en.wikipedia.org/wiki/Verisign> citation).

VeriSign is a Washington DC-based company with a lot of government
contracts and government friends, and so they basically do whatever the US
government asks them to do, without asking any questions.

So, we can rule out *.com, .net, .name, .gov, .cc, *and* .tv*. Which is a
shame, because *.tv* looks great for video websites.

Since Wikileaks also had their .org domain temporarily suspended, we should
also rule out domains administered by Afilias, so we can rule out *.info,
.mobi, .org, .asia, .aero, .ag, .bz, .gi, .hn, .in, .lc, .me, .mn, .sc* and
*.vc*.
What We Don't Want, What We Do

So, now that we've ruled those out, what else should we be looking for?
Here are some bullet points.

Avoid:

   - Small countries.
   - Countries with military mutual defense agreements (NATO, etc).
   - Countries with high levels of corruption.
   - Members of the
ECHELON<http://en.wikipedia.org/wiki/Echelon_(signals_intelligence)>
signals
   interception/monitoring pact (AUS/CAN/NZ/UK/US).
   - Countries with large amounts of debt.

Look for:

   - Countries without debt.
   - Countries of medium size.
   - Militarily neutral countries.
   - Liberal countries with a high freedom index.
   - Countries with high levels law and order.

Basically, look for countries that have low levels outside influence,
financially and militarily. Greece and Estonia, for instance, are probably
some lousy choices for obvious reasons in this regard. Unfortunately, we're
also forced to rule out Iceland's *.is*, as although they're trying very
hard to position themselves as a pro-transparency, pro-press-freedom and
generally hacker-friendly nation, their economic collapse has left them
extremely vulnerable to outside influence (even with their rejection of the
austerity package.)

So what does that leave us with?
The Short List

[image: secure your domain name internet]
*Illustrating the internet requires boring graphs
or nonsensical pictures like this one. I'll take the latter.*

This is by no means meant to be an exhaustive or authoritative list, but
here are some candidates which meet all or most of the criteria which we
have laid out.
Switzerland: .ch

The most neutral country in the world, Switzerland seems like an obvious
choice. *.ch* is administered by SWITCH Information Technology Services,
who mostly deal with university networks and provide services to open
source projects, which is a big +1 in my book. They also manage the
*.li* (Liechtenstein),
which could serve as a better alternative than .ly for those who want web
2.0 domains that sound like adverbs.

If you want further endorsement, Wikileaks keep their primary mirror on a
.ch domain now. Their list of mirrors <http://wikileaks.info/> might give
you some ideas for other safe countries as well. Encyclopedia Dramatica
have also moved their operation to a Swiss domain.
Norway: .no

Financially independent and socially liberal with a high index of law and
order, Norway is a good choice. Unfortunately, technically registration is
only open to organisations and companies registered in the Brønnøysund
Register Centre, which is another hurdle to jump through.

Beautiful fjords, as well.
Sweden: .se

This is a pretty obvious one as well. They're an independent country with
low debt, high stability and they're the birthplace of the political pirate
movement.

It's also worth noting that even though the founding members of the Pirate
Bay were tried and convicted in Sweden, ThePirateBay.se is still alive and
kicking, showing just how resilient a Swedish domain can be.
United Arab Emerates: .ae

Probably the best choice for those seeking a domain in the Arab world, the
UAE is a rich country with progressive values by middle eastern standards.
Their oil power gives them a high degree of autonomy and resilience to
external pressure, and I can't imagine they care all too much about Western
politics and copyright law. Palestine's *.ps* domain may also be a decent
runner up.
Mauritius: .mu

The island nation of Mauritius off of the coast of Africa is an independent
nation with a European history and may be a great choice for those seeking
an African domain name. It's also gaining popularity for music startups, so
this might make it attractive for music sites with user-generated content.
Singapore: .sg

Singapore is a strange country. They're one of the most advanced and
socially progressive Asian countries with financial autonomy, but they also
have an extremely harsh penal
system<http://en.wikipedia.org/wiki/Criminal_law_of_Singapore>.
Still, they meet all of our other criteria. However, they do technically
require a presence in Singapore.

I have not found an Asian domain name which meets our criteria without
requiring a presence inside the country, unfortunately. (If you know of
one, please post it in the comments below!)
Nowhere/Everywhere: .onion

None of these options suit your needs so far? For those seeking complete
anonymity and autonomy in their domain name of choice, there is the
'.onion' domain name, for sites which are only accessible on the Tor
anonymity network <http://torproject.org/>. These websites are very, very
difficult to locate and knock off-line, and anybody can set one up for
free, but they're also only available to users who have Tor installed and
running. Perhaps not the best choice for your hot new startup (unless,
maybe, you want to start a casino), but a good choice if you want to
publish information under the veil of anonymity.
Choosing a Registrar

[image: secure your domain name gandi]
*"No Bullshit."*

Who you register your domain with also matters. Since VeriSign are in the
pockets of the US Government and GoDaddy are a bunch of
elephant-murdering<http://edition.cnn.com/2011/BUSINESS/04/01/godaddy.peta.protest/index.html>
, SOPA-supporting<http://betanews.com/2011/12/26/december-29-is-dump-go-daddy-day/>
bastards,
I'd strongly suggest avoiding them.

Instead, use Gandi.net <http://gandi.net/>, who have a stated policy of "no
bullshit <https://www.gandi.net/no-bullshit>," or the official NIC of the
domain you're trying to register under.
Wrapping Up

Hopefully, you've now got a better idea of where is a safe(r) place to
register your domain. I'm not making any promises about security here, but
hopefully now you can avoid some of the most obvious mistakes and have a
good idea about the things which you should be considering.

It's also worth pointing out that I'm *only* talking about domain names and
their political resilience here, not technical domain name security
(DNSSEC), or legal implications about where a service is hosted and
operated. Those issues vary wildly from country to country, and I'll
explore them later if there is interest in this article. Special thanks to
Bill Woodcock for allowing me to interview him for this article, buying me
tacos and for keeping the internet going.

Are there any other countries which meet the our criteria which I've left
out? Am I wrong about some of the countries listed above? Please leave your
comments below!

Share on twitter<https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/#>Share
on reddit<https://www.addthis.com/bookmark.php?v=250&winname=addthis&pub=ra-4e4de49d414ecc8&source=tbx32-250&lng=en-US&s=reddit&url=http%3A%2F%2Fgun.io%2Fblog%2Fsecure-your-domain-where-is-safe-to-register-a-domain-name%2F&title=Secure%20Your%20Domain%20-%20Where%20Is%20Safe%20to%20Register%20a%20Domain%20Name%3F%20-%20Gun.io&ate=AT-ra-4e4de49d414ecc8/-/-/4fa8b60d47375a70/1&frommenu=1&uid=4fa8b60d54cd0bd0&ct=1&pre=https%3A%2F%2Fhootsuite.com%2Fdashboard&tt=0>Share
on linkedin<https://www.addthis.com/bookmark.php?v=250&winname=addthis&pub=ra-4e4de49d414ecc8&source=tbx32-250&lng=en-US&s=linkedin&url=http%3A%2F%2Fgun.io%2Fblog%2Fsecure-your-domain-where-is-safe-to-register-a-domain-name%2F&title=Secure%20Your%20Domain%20-%20Where%20Is%20Safe%20to%20Register%20a%20Domain%20Name%3F%20-%20Gun.io&ate=AT-ra-4e4de49d414ecc8/-/-/4fa8b60d47375a70/2&frommenu=1&uid=4fa8b60d1b8da4aa&ct=1&pre=https%3A%2F%2Fhootsuite.com%2Fdashboard&tt=0>Share
on hackernews<https://www.addthis.com/bookmark.php?v=250&winname=addthis&pub=ra-4e4de49d414ecc8&source=tbx32-250&lng=en-US&s=hackernews&url=http%3A%2F%2Fgun.io%2Fblog%2Fsecure-your-domain-where-is-safe-to-register-a-domain-name%2F&title=Secure%20Your%20Domain%20-%20Where%20Is%20Safe%20to%20Register%20a%20Domain%20Name%3F%20-%20Gun.io&ate=AT-ra-4e4de49d414ecc8/-/-/4fa8b60d47375a70/3&frommenu=1&uid=4fa8b60df0a07898&ct=1&pre=https%3A%2F%2Fhootsuite.com%2Fdashboard&tt=0>
More Sharing Services<https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/#><https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/#>
33<https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/#>

About Gun.io

*Gun.io <https://gun.io/> is a place to hire hackers! Want to grow your
startup, develop a new app idea or finash a project you can't complete on
your own? You'll receive leads from many of the top
programmers<http://gun.io/careers/new/> from
the open source community when you post a gig <http://gun.io/contracts/new/>
 or post a career <http://gun.io/careers/new/>. Oh, and it's free for open
source projects! Find a hired gun today!*

*Are you a hacker looking to earn more money? Already have a GitHub account?
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120507/d890fe12/attachment.html>

More information about the liberationtech mailing list