[liberationtech] Secure Your Domain - Where Is Safe to Register a Domain Name? - Gun.io

Tue May 8 01:16:58 PDT 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would also add the suggestion of keeping out of the DNS space entirely and using the basic IP addressing of your server/hosting for your service/website. Then the issue becomes finding just a reliable and secure hosting provider, instead of reliable hosting AND
domain registrar. If you want people to find it, they will.

I'd agree with this article about Gandi. I use them for domain registration for a number of projects and they are very good, I would recommend them. They are based in France, with hosting environments in both France and the US (possibly other locations now also) Not cheap, but the quality of their service is worth it. For hosting however, I would not recommend them.

regards,
Bernard

> On 8 May 2012, at 07:01, Yosem Companys wrote:
> 
>> https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/
>> 
>> Secure Your Domain - Where Is Safe to Register a Domain Name?
>> 
>> By Rich Jones, Mar 7, 2012. 
>> 
>> 
>> 
>> Across the globe, governments have adopted policies of seizing domain names as a way to shut down content they find objectionable. This has become a primary censorship tactic of the United States government (through the Secret Service, Immigrations and Custom Enforcement, DHS, and the Department of Justice, via the FBI and the DEA), and it seems that we have set an example, as the domain seizure tactic has been used by other oppressive countries, such as inthe Libyan seizure of vb.ly.
>> 
>> 
>> 
>> Get used to seeing this.
>> 
>> Even more worryingly, we've recently seen the United States Secret Service seize a domain of a startup company, JotForm, entirely because of user generated content. If this trend continues, it could mean very bad news for young entrepreneurs looking to build the next YouTube, Facebook, or Google. So, where in the world is safe to purchase a domain name from?
>> 
>> 
>> 
>> Bill!
>> 
>> To find out, I talked to Bill Woodcock, director of Packet Clearing House, a non-profit research institute that supports operations and analysis in the areas of Internet traffic exchange, routing economics, and global network development. Basically, they make the internet go.
>> 
>> This is what we discussed.
>> 
>> Criteria
>> 
>> Before we make our list, we need to define some criteria for what we're after. We aren't just interested in a finding a country to host our domain for our user generated content (which could mean anything from cat pictures to pirated sports streams), gambling website or porn site, but also one which will also stand resistance against political attacks, as well as logistical ones. So, let's get started.
>> 
>> The Real Issue
>> 
>> 
>> 
>> Yeah, right.
>> 
>> Before we get really nitpicky, here's the one-line take away message: Avoid VeriSign. Almost all of the domain seizures so far have come with the involvement of VeriSign. Verisign is the authoritative registry operator for two of the most important top-level domains, .com and .net. It is also the contracted registry operator for the .name and .gov top-level domains as well as the country code top-level domains .cc (Cocos Islands) and .tv (Tuvalu) (Wikipedia citation).
>> 
>> VeriSign is a Washington DC-based company with a lot of government contracts and government friends, and so they basically do whatever the US government asks them to do, without asking any questions.
>> 
>> So, we can rule out .com, .net, .name, .gov, .cc, and .tv. Which is a shame, because .tv looks great for video websites.
>> 
>> Since Wikileaks also had their .org domain temporarily suspended, we should also rule out domains administered by Afilias, so we can rule out .info, .mobi, .org, .asia, .aero, .ag, .bz, .gi, .hn, .in, .lc, .me, .mn, .sc and .vc.
>> 
>> What We Don't Want, What We Do
>> 
>> So, now that we've ruled those out, what else should we be looking for? Here are some bullet points.
>> 
>> Avoid:
>> 
>> 	• Small countries.
>> 	• Countries with military mutual defense agreements (NATO, etc).
>> 	• Countries with high levels of corruption.
>> 	• Members of the ECHELON signals interception/monitoring pact (AUS/CAN/NZ/UK/US).
>> 	• Countries with large amounts of debt.
>> Look for:
>> 
>> 	• Countries without debt.
>> 	• Countries of medium size.
>> 	• Militarily neutral countries.
>> 	• Liberal countries with a high freedom index.
>> 	• Countries with high levels law and order.
>> Basically, look for countries that have low levels outside influence, financially and militarily. Greece and Estonia, for instance, are probably some lousy choices for obvious reasons in this regard. Unfortunately, we're also forced to rule out Iceland's .is, as although they're trying very hard to position themselves as a pro-transparency, pro-press-freedom and generally hacker-friendly nation, their economic collapse has left them extremely vulnerable to outside influence (even with their rejection of the austerity package.)
>> 
>> So what does that leave us with?
>> 
>> The Short List
>> 
>> 
>> 
>> Illustrating the internet requires boring graphs
>> or nonsensical pictures like this one. I'll take the latter.
>> 
>> This is by no means meant to be an exhaustive or authoritative list, but here are some candidates which meet all or most of the criteria which we have laid out.
>> 
>> Switzerland: .ch
>> 
>> The most neutral country in the world, Switzerland seems like an obvious choice. .ch is administered by SWITCH Information Technology Services, who mostly deal with university networks and provide services to open source projects, which is a big +1 in my book. They also manage the .li (Liechtenstein), which could serve as a better alternative than .ly for those who want web 2.0 domains that sound like adverbs.
>> 
>> If you want further endorsement, Wikileaks keep their primary mirror on a .ch domain now. Their list of mirrors might give you some ideas for other safe countries as well. Encyclopedia Dramatica have also moved their operation to a Swiss domain.
>> 
>> Norway: .no
>> 
>> Financially independent and socially liberal with a high index of law and order, Norway is a good choice. Unfortunately, technically registration is only open to organisations and companies registered in the Brønnøysund Register Centre, which is another hurdle to jump through.
>> 
>> Beautiful fjords, as well.
>> 
>> Sweden: .se
>> 
>> This is a pretty obvious one as well. They're an independent country with low debt, high stability and they're the birthplace of the political pirate movement.
>> 
>> It's also worth noting that even though the founding members of the Pirate Bay were tried and convicted in Sweden, ThePirateBay.se is still alive and kicking, showing just how resilient a Swedish domain can be.
>> 
>> United Arab Emerates: .ae
>> 
>> Probably the best choice for those seeking a domain in the Arab world, the UAE is a rich country with progressive values by middle eastern standards. Their oil power gives them a high degree of autonomy and resilience to external pressure, and I can't imagine they care all too much about Western politics and copyright law. Palestine's .ps domain may also be a decent runner up.
>> 
>> Mauritius: .mu
>> 
>> The island nation of Mauritius off of the coast of Africa is an independent nation with a European history and may be a great choice for those seeking an African domain name. It's also gaining popularity for music startups, so this might make it attractive for music sites with user-generated content.
>> 
>> Singapore: .sg
>> 
>> Singapore is a strange country. They're one of the most advanced and socially progressive Asian countries with financial autonomy, but they also have an extremely harsh penal system. Still, they meet all of our other criteria. However, they do technically require a presence in Singapore.
>> 
>> I have not found an Asian domain name which meets our criteria without requiring a presence inside the country, unfortunately. (If you know of one, please post it in the comments below!)
>> 
>> Nowhere/Everywhere: .onion
>> 
>> None of these options suit your needs so far? For those seeking complete anonymity and autonomy in their domain name of choice, there is the '.onion' domain name, for sites which are only accessible on the Tor anonymity network. These websites are very, very difficult to locate and knock off-line, and anybody can set one up for free, but they're also only available to users who have Tor installed and running. Perhaps not the best choice for your hot new startup (unless, maybe, you want to start a casino), but a good choice if you want to publish information under the veil of anonymity.
>> 
>> Choosing a Registrar
>> 
>> 
>> 
>> "No Bullshit."
>> 
>> Who you register your domain with also matters. Since VeriSign are in the pockets of the US Government and GoDaddy are a bunch of elephant-murdering, SOPA-supporting bastards, I'd strongly suggest avoiding them.
>> 
>> Instead, use Gandi.net, who have a stated policy of "no bullshit," or the official NIC of the domain you're trying to register under.
>> 
>> Wrapping Up
>> 
>> Hopefully, you've now got a better idea of where is a safe(r) place to register your domain. I'm not making any promises about security here, but hopefully now you can avoid some of the most obvious mistakes and have a good idea about the things which you should be considering.
>> 
>> It's also worth pointing out that I'm only talking about domain names and their political resilience here, not technical domain name security (DNSSEC), or legal implications about where a service is hosted and operated. Those issues vary wildly from country to country, and I'll explore them later if there is interest in this article. Special thanks to Bill Woodcock for allowing me to interview him for this article, buying me tacos and for keeping the internet going.
>> 
>> Are there any other countries which meet the our criteria which I've left out? Am I wrong about some of the countries listed above? Please leave your comments below!
>> 
>> 
>> 
>> Share on twitterShare on redditShare on linkedinShare on hackernewsMore Sharing Services
>> 33
>> 
>> About Gun.io
>> 
>> Gun.io is a place to hire hackers! Want to grow your startup, develop a new app idea or finash a project you can't complete on your own? You'll receive leads from many of the top programmers from the open source community when you post a gig or post a career. Oh, and it's free for open source projects! Find a hired gun today!
>> Are you a hacker looking to earn more money? Already have a GitHub account?
>> 
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>> 
>> Should you need to change your subscription options, please go to:
>> 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>> 
>> You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> Should you need immediate assistance, please contact the list moderator.
>> 
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPqNZ7AAoJEEkGHgzvx3hhIRgP+wUBbtCUdfexPLG9PGI/QkRB
6FbDASE5ugWvo2PLGPW0SeAtZ8qjG36R2rOs4u5/9K6PthLjj+yv2AYGkpIEmPEp
xJ9Uqm0QGZmPtoO/y8fRHMbFF0jueWE7adO4GlGNtS5zbhe5B77GRsq1IF6PPK02
558DbXmkOwd5GQsbvcCZLY+ffPbodCK3N88CiRFjIBC1hSNGr8yttbUPMwfLs7/L
9Gh32jOLk2deemGEoIEtZ2ji+v7ual2X/VUcVuGrYjLJ+UlJNtho8sq96So0BYsA
dxgOspohfAARU0suDV8jLD06Uv8JEbbqfcfOMVfzn5a5Sgc/voaNLQy69KR5ZdXD
E7bmKQzNh8RbWX/v0RrC81hWgSWddTjkTNsqTkPiLH3bPYXjbblLTkq+DjUXttSF
xLP6AE90AK8m78mtNLP8aUssHZsKwcas5gagEUKvZb8EUTeIl2RXL17kHHBUldCv
DHUohpEQvqA9XijWPlSeDpQq8HPWyXHzajvek+2pzqEykVqc3FeWyPTIPVRK2Ilg
pKghxqWhHMLlzlO1bZC9NdpR6Dg2yxnn2U326WgpegrFhyPTO9e2qJLLO1Oy6Ttw
Mm0ihfB0ufPm14PBIwSs3EoE9jXnEMLdUGl7BHScLtM3ZPttM5QnbU/KNxvOSAm5
acJWF80bCjs+oW09wyIp
=aCtX
-----END PGP SIGNATURE-----