
Ask HN: How would you make a site resistant to government takedown? - icey
Which TLD would you use to make a site takedown resistant?<p>Where would you host it?<p>For categorization, let's say it's for a niche that is legal in 50% of the world. Which 50 doesn't matter with the exception of the fact that it's illegal in the United States.<p>(This is purely a thought experiment; I'd be screwed if I actually wanted to do something like this by merit of being an American citizen who still wants to live in the US.)
======
die_sekte
TLD: .is (pricey, but not expensive). Registration at inwx (seems competent,
nice interface). DNS at either inwx or ______ (I haven't been able to find an
EEA/Switzerland DNS provider). Hosting at OVH (cheap, IP failover, often used
for torrents) or Leaseweb (used by some torrent sites, not quite as cheap as
OVH).

This assumes that your content is only somewhat controversial. For worse: TLD
.is, Hosting at PRQ (hosts NAMBLA, AnonTalk, …), no idea which registrar I'd
use.

If people are actively trying to kill you because of what you want to publish,
your only options are PRQ or NearlyFreeSpeech. Both can be fully anonymous,
i.e. they will host your content without knowing who you are. Payment would be
somewhat hard (I wonder whether they would accept mailed-in, sterile bills
(though these could be traced)).

~~~
Calabane
I was thinking, one could use switch.ch as a DNS. They claim to be based in
Zurich, but seem to have an emphasis on educational sites.

~~~
die_sekte
switch.ch registers domains, but I couldn't find a reference to them offering
DNS. They also have steep prices and a very limited selection of TLDs.

~~~
pavel_lishin
Steep prices shouldn't deter anyone who's looking to build a takedown-proof
site.

------
rdl
The easiest way is to not make a "site" but a collection of files which can be
distributed by others. You could possibly include offline-executable content,
or if you must have it be online (some kind of transactional thing), make it
easy to set up mirrors, especially for people to set up mirrors without your
cooperation or awareness.

The hierarchy of resilience:

It's trivial to censor an (average wealth, average risk tolerance) individual
-- just harass and prosecute for unrelated things. Everyone is a criminal,
once you have enough laws...

It is fairly easy to censor a commercial organization (just cut off their
payments and banking...)

It's harder to censor a free site (it can do what everyone is suggesting here;
hosting offshore, non-US domain name, etc.)

It is much harder to censor something which can be readily mirrored by others.

It is very hard to censor distribution of a dataset. Even harder if the
dataset is very small (sony keys, dvd-css, etc.)

It's almost impossible to censor an idea.

~~~
pdaviesa
How about introducing viral replication qualities to the content. Instead of
malicious intent, snippets of content can be deployed all over the web with
some mechanism for a simple retrieve/compile. Ideally, the content packets
would not even be stored anywhere but would just constantly travel the
"wires".

~~~
rdl
I'm not sure about that in the long run (it's easy to make the argument that
hosting pieces of this data is the same as hosting all of it), but one thing
which does work really well is time shifting -- basically, encrypt your data
so it is innocuous seeming and get it widely distributed, then leak the key
(much smaller amount of information, much easier to distribute) which then
retroactively makes all the previously distributed innocuous data awesome.

Another trick is to make the data you want to distribute "viral" in the social
media sense -- make it catchy and funny, or at least easily understood, so
people want to distribute it on its own merits. Or, attach the boring thing
you want to distribute to something catchy and funny (stego, or just make it
an element of it somehow -- like make a cool t-shirt with the secret key on
it).

------
jdp23
TorrentFreak had some recommendations a couple months ago:
[http://torrentfreak.com/how-to-stop-domain-names-being-
seize...](http://torrentfreak.com/how-to-stop-domain-names-being-seized-by-
the-us-government-110205/)

------
thaumaturgy
Build it on i2p: <http://www.i2p2.de/>

I'm a _huge_ fan of (and advocate for) i2p. As cases like today's FBI seizure
of domain names continues to spread, I think i2p will gain even more traction
as a viable alternative to the "old" internet.

It is multipath, encrypted, and completely decentralized.

All it needs now is a "killer site".

~~~
sfgfdhgfdshdhhd
Also look at the Freenet project. It's basically designed to make censor-proof
sites.

------
kgo
Which TLD? All of them. Or at least several TLDs and registrars that all have
different legal jurisdictions. (online-hunting.ly, online-hunting.ch, online-
hunting.cn)

Where would I host it? Everywhere. Or at least in multiple physical locations
in different countries that all have different legal jurisdictions. Either
synchronized up or sharded out depending on how the app works.

------
pumpmylemma
I mentioned this in the Poker thread. (If I had time right now, I'd consider
implementing it.) I would like and _would use_ a DNS service that 1) did not
keep _any_ record of my queries and 2) would not propagate government
takedowns (e.g. by ignoring updates with NS:ns2.cirfu.net.

~~~
ra
I'm writing a DNS service at the moment.

Care to elaborate?

~~~
pumpmylemma
1) Explicit privacy policy that _never_ stores DNS requests on a per-client
basis. I haven't followed the ISP retention laws but they seemed to be getting
more and more ominous.

2) While caching DNS record, when freshing up a stale record,

    
    
      if(isknownSeizureDomain(record)) ignore();

~~~
ra
Ah I understand, you're talking about a non-authoritative DNS server. I'm
working on a DNS hosting service.

To solve your first requirement, check out
<http://www.opennicproject.org/publictier2servers>

~~~
pumpmylemma
I was. Thanks for the great link!

------
jberryman
It wouldn't really be part of the WWW proper, but you could run a web server
as a TOR hidden service which would (assuming TOR doesn't disappear) be
totally anonymous and impossible to take down.

[http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_...](http://en.wikipedia.org/wiki/Tor_\(anonymity_network\)#Hidden_services)

------
Calabane
Obviously .ch which is Switzerland and Switch.ch as the register. They are the
original neutral nation.

~~~
pyre
Unless it's illegal in Switzerland...

------
patrickaljord
This seems to be the only way:

<http://dot-p2p.org/index.php?title=Draft_Discussion_Paper>

<https://github.com/HarryR/ffff-dnsp2p>

~~~
icey
Cool idea, but I imagine adoption would be pretty tough.

~~~
Calabane
Tough at the moment, but if domains keep being seized under questionable
circumstances it might be the way to go. At the very least it is interesting
reading. I read an article that I can't find at the moment that made a
convincing argument that this would be the direction things would head to
maintain a truly neutral Internet.

------
reso
For the very hardcore/paranoid, you could serve it through TOR as a hidden
service. You get DoS protection, server and client anonymity, you don't even
need to disclose your IP address. Of course, you can only connect to it
through TOR.

[http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_...](http://en.wikipedia.org/wiki/Tor_\(anonymity_network\)#Hidden_services)

------
duodecim
Convince someone with diplomatic immunity or a member of parliament or other
government entity. It will become an international battle of words and strong-
arm diplomacy, but one country's government is quite unlikely to shut down
another's. (Well, except perhaps the US.)

But truth be told, I don't think you can safeguard data on just one site.
There's (D)DoS, ip routing, domain registration system, physically cutting
backbones, etc. I'm sure no registrar wants to risk losing 50% of their
customers ("50% of the world", assuming even spread), especially everyone in
the US market, so as a profit-based organisation they will have to give in to
threats of litigation or plain IP null-routing.

Mass distribution seems the way to go then. P2P or just lots of willing people
putting the content on their own websites. Once it's out there, I guess it's
nearly impossible to get Jack back in the box.

------
omouse
Keep spare domains around and keep mirrors of your content. Make sure to keep
a static copy around as it can be a pain in the ass to setup a database server
and other apps quickly. Toss the mirror on BitTorrent and get friends, family,
strangers to download it and host it. Host it on free website hosts. Host it
on Freenet!

Take over forums, pastebins, and other websites to keep the message alive.

Basically, you'll want to have as many avenues as possible in order to send
the content across them. As soon as one domain goes down, a bunch of mirrors
should pop up.

------
drtse4
A site takedown starts with a request from some government agency, so the
first thing that come to mind is to host it in a place where every request
will need to go through a tick barrier of language
issues/misunderstanding/bureaucracy. But considering that you'll also need a
good network infrastructure there aren't many places that meet these
requirements. What about China?

~~~
Vivtek
China is not known for its liberal Internet policies.

~~~
SpookyAction
China requires ID to register a domain now, so there's also a complete lack of
anonymity too.

[http://www.quickonlinetips.com/archives/2010/02/buy-cn-
domai...](http://www.quickonlinetips.com/archives/2010/02/buy-cn-domain-names-
show-id-proof/)

------
JoachimSchipper
Iceland is trying to attract this kind of clients.

~~~
HerraBRE
The relevant link would be <http://www.immi.is/> and the caveat is that the
laws have not yet been passed by parliament. Hopefully they will! :-)

------
blendergasket
This idea is something that's been really interesting me a lot since the US
Govt started doing this and since all of the craziness with the internet in
the middle east.

The Pirate Bay is working on a "P2P DNS" network:
[http://arstechnica.com/tech-policy/news/2010/11/fed-up-
with-...](http://arstechnica.com/tech-policy/news/2010/11/fed-up-with-icann-
pirate-bay-cofounder-floats-p2p-dns-system.ars)

Unhosted is a project that seems to be trying create a decentralized cloud:
<http://www.unhosted.org/manifesto.html>

and what was mentioned before, i2p and tor.

This is all very interesting to me. It's like authority structures of all
different kinds are putting their thumb down right in the middle of the web
trying to crush it's autonomy. The inevitable backlash will lead to the
fragmentation of the web in just as fundamental a way as the walled gardens
that cell phone/tablet/game console companies create.

------
grandalf
I don't think it's possible. Instead try a social engineering approach where
you have enough broad-based support for the concept that there is pressure on
the government not to shut it down.

Wikileaks has been very smart lately in the way that it has expanded its own
PR reach before delving back into controversial material.

~~~
marcusbooster
If "poker" doesn't have broad enough support—enjoyed by millions in the US
across the political spectrum, large television presence—I don't know what
does.

Wikileaks does not continue to operate because the US backed off, it continues
to operate because they took the appropriate technical measures.

~~~
grandalf
I guess I disagree. There is a large, religiously derived political interest
group which opposes gambling on moral grounds, which has been influential
enough to have it banned in most states.

Wikileaks is still teetering on the edge of being declared a terrorist
organization. It's small things like mainstream newspapers willingness to
collaborate on reporting, mainstream intellectuals speaking out in support,
etc., that has prevented the USG from destroying it.

Assange has been clever too and deserves much credit, but I think recent
manifestations of that cleverness are sociological rather than technical.

------
quadhome
How badly does the USG want your hostname? They control the root zone. And all
but three of the organizations that run root servers are based out of the US.

Therefore, if the USG were motivated to block your hostname-- regardless of
TLD-- they could make a fairly good go at it.

------
handsomeransoms
Interesting. Does anybody here have experience with PRQ or easyDNS, two sites
that are often mentioned in connection Wikileaks et. al.?

This is a great question, thanks for asking it!

------
iuguy
It depends on whether you're looking to get it in front of lots of eyes or
whether you're more concerned about it not being taken down.

For the former, I'd use a .is domain (Iceland) and host it with OVH or Nearly
Free Speech.

For the latter I'd host it on Tor as a set of static files, available via a
torrent for mirroring, and would encourage mirroring in the name of free
speech.

"All rulers in all ages have tried to impose a false view of the world upon
their followers." - George Orwell

------
maxharris
Instead of trying to outfox your own government, which is something you
_cannot do_ , turn your attention to peacefully and openly advocating for
whatever it is you want to say. If that doesn't work, or you can't do so,
move.

I know that this is a life-threatening proposition in totalitarian states (the
Berlin Wall was designed to keep East Germans _in_ ), but I don't think that
life under dictatorship is very much of a life anyway.

------
known
Host it in Chad <http://doingbusiness.org/rankings>

------
cheez
.onion seems good but I don't trust it.

------
jeffclark
Don't make a site that's illegal.

~~~
kmfrk
The government's definition of illegality (rather "suspiciousness") is getting
more and more nebulous.

