

Ask HN: Protecting your identity with domain registration? - bravura

I am considering starting a controversial (but legal) website that might annoy some powerful people.<p>I would like to register a domain name and keep my identity private. I would also like a registrar who will protect my identity and domain in case they receive a threatening but baseless take-down notice. (Hence, not GoDaddy.)<p>Does anyone have any recommendations?<p>Declan McCullagh on CNet recommends gandi and directnic (http://bit.ly/qCoDX). Gandi, however, reveals your full name for .com registrations.<p>DirectNic looks good. They say they will only reveal your information in the case of a court order. Except, a) people have complained about their domain sniping (http://news.ycombinator.com/item?id=150592) and b) DirectNic writes "(Contact records are modified to directPRIVACY within an hour after successful registration)". Doesn't that mean there is an hour where my full name is available on DNS? In that case, can't people determine my name using historical DNS records?<p>Do people have other recommendations for registrars that are good at protecting your privacy?
======
soundsop
You may want to consider <http://nearlyfreespeech.net>. Their domain privacy
product is called RespectMyPrivacy:
<https://www.nearlyfreespeech.net/services/respect.php>

~~~
xsc
Any news regarding NFS revealing details?

~~~
mdasen
_We will cooperate with all investigations conducted by law enforcement
authorities of the United States of America when legally required to do so.
Cooperation with law enforcement authorities from other countries and
cooperation when it is not legally required are at our sole discretion. Our
discretion looks favorably on freedom and justice, and unfavorably on
oppression and violence. Unless legally prohibited, we will inform you of any
cooperation we provide to any law enforcement authorities._

NFS is probably your best choice, but it really depends on how "legal" your
service is. If you're going to get a judge serving a search warrant against
you, you won't be protected by any registrar. If you're being sued for libel
and the judge thinks there's a good chance you'll lose, I'm guessing that
anonymity will be gone.

And there are some things that people like to say are legal which are of
questionable legality. Sure, we can have a long debate about whether the
Pirate Bay is legal or not under different interpretations of the law, but I
think it's reasonable to say that such a site is of questionable legality if
for no other reason than it being a somewhat new phenomenon that, until the
recent case, really hadn't seen a lot of law spelling out exactly what was and
wasn't ok.

NFS hasn't been at the center of any big controversy and they're more
motivated by ideals than by profits. At the same time, they can be legally
required to do things or face contempt of court charges.

As a curiosity, what do you hope anonymity to accomplish? It can help you keep
your private life private should people not like what you're doing, but you're
perfectly entitled to do it. However, if you're doing something like the
Pirate Bay, you're likely to be named, even if found innocent. Might be
unfortunate, but it's kinda the price one pays for living on that edge (vs.
doing something like porn where there's no questionable legality involved, but
you still might not want anyone to know).

NearlyFreeSpeech has a good reputation and they believe in what they're doing,
but there's no magic bullet. No registrar's officers will go to jail for you,
no registrar is going to be able to shield you from the NSA, etc. If you're
just looking to remain anonymous and not operating at a murky legal boundary,
NFS is a good choice. If you're plotting to overthrow the government, no
registrar will be able to help you.

/sorry for saying "you" all the time. I realised half-way through that the
person I'm responding to isn't the "you" I'm referring to.

~~~
xsc
Perfect. Nailed on the head of what I was looking for: Anonymity.

My only hesitation is that I see nothing regarding USPS form 1583 (Application
for Delivery of Mail Through Agent).
<http://www.usps.com/forms/_pdf/ps1583.pdf>

What are thoughts on this?

------
felixmar
You can use fake whois data for a few days. It doesn't matter. Some time ago i
reported a domain to ICANN that did not have a single valid looking whois
field. The registrar (Melboure IT) did nothing and after a year or so the same
data was still present.

------
motoko
I've had success with NearyFreeSpeech.net, but I've had GoDaddy lock domains
due to dubious legal complaints.

I recommend trying NearlyFreeSpeech.net and reporting in the registration that
you chose them from recommendations at Hacker News.

If you do ever have a problem with a registrar, report the story here at
news.ycombinator so that it can be archived.

Note: do NOT respond to legal threats. They are like spam ---you respond, now
it's known that you respond to threats, and now will be sued. Never assume
good faith. If somebody sends you a letter about their trademark, for example,
and you call their office to ask about it in good faith, that other company
can claim that you said anything over the phone, and you will have to defend
yourself in court otherwise.

Winning a lawsuit is very expensive for a small business. You do not want to
win.

------
icey
I am not in a position to offer advice on what is safe for you specifically.
However, Wikileaks uses GoDaddy as their registrar, and they're still around.

~~~
chris11
I also am not in a position to offer much advice. But in regards to GoDaddy,
they have been accused of censorship. So I would suggest reading up on them to
see if you trust them. <http://en.wikipedia.org/wiki/Godaddy#Controversies>

Another thing, GoDaddy has canceled domains for having false whois
information. And they have been accused of canceling domains with little to no
warning.

While hosting wikileaks is a plus, I'm not quite sure that Wikileaks actually
uses GoDaddy. I got the idea that Wikileaks uses domain sponsors to register
domains.
[http://wikileaks.org/wiki/Interview_with_WikiLeaks.de_domain...](http://wikileaks.org/wiki/Interview_with_WikiLeaks.de_domain_sponsor_Theodor_Reppe)
So it may not have been a decision made by the organization or board.

------
brk
Not sure how much effort it is worth, but you might be able to start a shell
corp (potentially even offshore) and register through that, and then privatize
the whois data as well.

When/if there was ever a breach of the whois data, the shell corp registration
could provide an extra layer of useful obfuscation and warning.

~~~
bravura
True, but the technical and admin contacts must be humans.

~~~
brk
In theory, yes, but I can tell you that data is really never validated or
verified.

