Hacker News new | comments | show | ask | jobs | submit login
Ask HN: How would you make a site resistant to government takedown?
147 points by icey 1964 days ago | hide | past | web | 57 comments | favorite
Which TLD would you use to make a site takedown resistant?

Where would you host it?

For categorization, let's say it's for a niche that is legal in 50% of the world. Which 50 doesn't matter with the exception of the fact that it's illegal in the United States.

(This is purely a thought experiment; I'd be screwed if I actually wanted to do something like this by merit of being an American citizen who still wants to live in the US.)

TLD: .is (pricey, but not expensive). Registration at inwx (seems competent, nice interface). DNS at either inwx or ______ (I haven't been able to find an EEA/Switzerland DNS provider). Hosting at OVH (cheap, IP failover, often used for torrents) or Leaseweb (used by some torrent sites, not quite as cheap as OVH).

This assumes that your content is only somewhat controversial. For worse: TLD .is, Hosting at PRQ (hosts NAMBLA, AnonTalk, …), no idea which registrar I'd use.

If people are actively trying to kill you because of what you want to publish, your only options are PRQ or NearlyFreeSpeech. Both can be fully anonymous, i.e. they will host your content without knowing who you are. Payment would be somewhat hard (I wonder whether they would accept mailed-in, sterile bills (though these could be traced)).

I was thinking, one could use switch.ch as a DNS. They claim to be based in Zurich, but seem to have an emphasis on educational sites.

They are actually based in Zürich (I take the tram past their building each day). I don't think they do DNS though. They don't just do educational domains, though they do focus on that domain (no pun intended).

switch.ch registers domains, but I couldn't find a reference to them offering DNS. They also have steep prices and a very limited selection of TLDs.

Steep prices shouldn't deter anyone who's looking to build a takedown-proof site.

|no idea which registrar I'd use

http://www.silentregister.com/ is a viable option.

NearlyFreeSpeech tos state that you can not host content that is illegal in US.

Very interesting options, thanks!

The easiest way is to not make a "site" but a collection of files which can be distributed by others. You could possibly include offline-executable content, or if you must have it be online (some kind of transactional thing), make it easy to set up mirrors, especially for people to set up mirrors without your cooperation or awareness.

The hierarchy of resilience:

It's trivial to censor an (average wealth, average risk tolerance) individual -- just harass and prosecute for unrelated things. Everyone is a criminal, once you have enough laws...

It is fairly easy to censor a commercial organization (just cut off their payments and banking...)

It's harder to censor a free site (it can do what everyone is suggesting here; hosting offshore, non-US domain name, etc.)

It is much harder to censor something which can be readily mirrored by others.

It is very hard to censor distribution of a dataset. Even harder if the dataset is very small (sony keys, dvd-css, etc.)

It's almost impossible to censor an idea.

How about introducing viral replication qualities to the content. Instead of malicious intent, snippets of content can be deployed all over the web with some mechanism for a simple retrieve/compile. Ideally, the content packets would not even be stored anywhere but would just constantly travel the "wires".

I'm not sure about that in the long run (it's easy to make the argument that hosting pieces of this data is the same as hosting all of it), but one thing which does work really well is time shifting -- basically, encrypt your data so it is innocuous seeming and get it widely distributed, then leak the key (much smaller amount of information, much easier to distribute) which then retroactively makes all the previously distributed innocuous data awesome.

Another trick is to make the data you want to distribute "viral" in the social media sense -- make it catchy and funny, or at least easily understood, so people want to distribute it on its own merits. Or, attach the boring thing you want to distribute to something catchy and funny (stego, or just make it an element of it somehow -- like make a cool t-shirt with the secret key on it).

rdl is exactly on the nose here. No place is as hard to attack as everywhere.


The Magnet URN scheme is helpful here — no tracker needed

> collection of files which can be distributed by others.

You mean like the Anarchist's Cookbook that was passed around on BBS' in the late 80's/early 90's? I was 12 when I first had it emailed to me on AOL in the early 90's. Pretty sure it's still floating around all over the place too.

TorrentFreak had some recommendations a couple months ago: http://torrentfreak.com/how-to-stop-domain-names-being-seize...

Build it on i2p: http://www.i2p2.de/

I'm a huge fan of (and advocate for) i2p. As cases like today's FBI seizure of domain names continues to spread, I think i2p will gain even more traction as a viable alternative to the "old" internet.

It is multipath, encrypted, and completely decentralized.

All it needs now is a "killer site".

Also look at the Freenet project. It's basically designed to make censor-proof sites.

Which TLD? All of them. Or at least several TLDs and registrars that all have different legal jurisdictions. (online-hunting.ly, online-hunting.ch, online-hunting.cn)

Where would I host it? Everywhere. Or at least in multiple physical locations in different countries that all have different legal jurisdictions. Either synchronized up or sharded out depending on how the app works.

I mentioned this in the Poker thread. (If I had time right now, I'd consider implementing it.) I would like and would use a DNS service that 1) did not keep any record of my queries and 2) would not propagate government takedowns (e.g. by ignoring updates with NS:ns2.cirfu.net.

I'm writing a DNS service at the moment.

Care to elaborate?

1) Explicit privacy policy that never stores DNS requests on a per-client basis. I haven't followed the ISP retention laws but they seemed to be getting more and more ominous.

2) While caching DNS record, when freshing up a stale record,

  if(isknownSeizureDomain(record)) ignore();

Ah I understand, you're talking about a non-authoritative DNS server. I'm working on a DNS hosting service.

To solve your first requirement, check out http://www.opennicproject.org/publictier2servers

I was. Thanks for the great link!

It wouldn't really be part of the WWW proper, but you could run a web server as a TOR hidden service which would (assuming TOR doesn't disappear) be totally anonymous and impossible to take down.


Obviously .ch which is Switzerland and Switch.ch as the register. They are the original neutral nation.

Unless it's illegal in Switzerland...

> They are the original neutral nation.

Read up on Swiss history, please.

Belgium, Norway, Sweden and Austria were also neutral at some points. (Or are still.) And those are just the nations that I can name at the top of my head.

Wikipedia says "Sweden (now EU): has not fought a war since ending its involvement in the Napoleonic Wars in 1814 with a short war with Norway, making it the oldest neutral country in the world."

Switzerland has been seizing assets lately though. For example, they recently seized Gaddafi's assets there.

Cool idea, but I imagine adoption would be pretty tough.

Tough at the moment, but if domains keep being seized under questionable circumstances it might be the way to go. At the very least it is interesting reading. I read an article that I can't find at the moment that made a convincing argument that this would be the direction things would head to maintain a truly neutral Internet.

For the very hardcore/paranoid, you could serve it through TOR as a hidden service. You get DoS protection, server and client anonymity, you don't even need to disclose your IP address. Of course, you can only connect to it through TOR.


Convince someone with diplomatic immunity or a member of parliament or other government entity. It will become an international battle of words and strong-arm diplomacy, but one country's government is quite unlikely to shut down another's. (Well, except perhaps the US.)

But truth be told, I don't think you can safeguard data on just one site. There's (D)DoS, ip routing, domain registration system, physically cutting backbones, etc. I'm sure no registrar wants to risk losing 50% of their customers ("50% of the world", assuming even spread), especially everyone in the US market, so as a profit-based organisation they will have to give in to threats of litigation or plain IP null-routing.

Mass distribution seems the way to go then. P2P or just lots of willing people putting the content on their own websites. Once it's out there, I guess it's nearly impossible to get Jack back in the box.

Keep spare domains around and keep mirrors of your content. Make sure to keep a static copy around as it can be a pain in the ass to setup a database server and other apps quickly. Toss the mirror on BitTorrent and get friends, family, strangers to download it and host it. Host it on free website hosts. Host it on Freenet!

Take over forums, pastebins, and other websites to keep the message alive.

Basically, you'll want to have as many avenues as possible in order to send the content across them. As soon as one domain goes down, a bunch of mirrors should pop up.

A site takedown starts with a request from some government agency, so the first thing that come to mind is to host it in a place where every request will need to go through a tick barrier of language issues/misunderstanding/bureaucracy. But considering that you'll also need a good network infrastructure there aren't many places that meet these requirements. What about China?

> a place where every request will need to go through a tick barrier of language issues/misunderstanding/bureaucracy

The problem is that those types of places are very susceptible to bribery. So maybe you'd be immune from the U.S. government, but someone's cousin who's angry at you and has $200 to spare could very well tank your site.

China is not known for its liberal Internet policies.

China requires ID to register a domain now, so there's also a complete lack of anonymity too.


Popular Internet websites are under censure and I do not see this changing fast.

Iceland is trying to attract this kind of clients.

The relevant link would be http://www.immi.is/ and the caveat is that the laws have not yet been passed by parliament. Hopefully they will! :-)

This idea is something that's been really interesting me a lot since the US Govt started doing this and since all of the craziness with the internet in the middle east.

The Pirate Bay is working on a "P2P DNS" network: http://arstechnica.com/tech-policy/news/2010/11/fed-up-with-...

Unhosted is a project that seems to be trying create a decentralized cloud: http://www.unhosted.org/manifesto.html

and what was mentioned before, i2p and tor.

This is all very interesting to me. It's like authority structures of all different kinds are putting their thumb down right in the middle of the web trying to crush it's autonomy. The inevitable backlash will lead to the fragmentation of the web in just as fundamental a way as the walled gardens that cell phone/tablet/game console companies create.

I don't think it's possible. Instead try a social engineering approach where you have enough broad-based support for the concept that there is pressure on the government not to shut it down.

Wikileaks has been very smart lately in the way that it has expanded its own PR reach before delving back into controversial material.

If "poker" doesn't have broad enough support—enjoyed by millions in the US across the political spectrum, large television presence—I don't know what does.

Wikileaks does not continue to operate because the US backed off, it continues to operate because they took the appropriate technical measures.

I guess I disagree. There is a large, religiously derived political interest group which opposes gambling on moral grounds, which has been influential enough to have it banned in most states.

Wikileaks is still teetering on the edge of being declared a terrorist organization. It's small things like mainstream newspapers willingness to collaborate on reporting, mainstream intellectuals speaking out in support, etc., that has prevented the USG from destroying it.

Assange has been clever too and deserves much credit, but I think recent manifestations of that cleverness are sociological rather than technical.

How badly does the USG want your hostname? They control the root zone. And all but three of the organizations that run root servers are based out of the US.

Therefore, if the USG were motivated to block your hostname-- regardless of TLD-- they could make a fairly good go at it.

Interesting. Does anybody here have experience with PRQ or easyDNS, two sites that are often mentioned in connection Wikileaks et. al.?

This is a great question, thanks for asking it!

It depends on whether you're looking to get it in front of lots of eyes or whether you're more concerned about it not being taken down.

For the former, I'd use a .is domain (Iceland) and host it with OVH or Nearly Free Speech.

For the latter I'd host it on Tor as a set of static files, available via a torrent for mirroring, and would encourage mirroring in the name of free speech.

"All rulers in all ages have tried to impose a false view of the world upon their followers." - George Orwell

Instead of trying to outfox your own government, which is something you cannot do, turn your attention to peacefully and openly advocating for whatever it is you want to say. If that doesn't work, or you can't do so, move.

I know that this is a life-threatening proposition in totalitarian states (the Berlin Wall was designed to keep East Germans in), but I don't think that life under dictatorship is very much of a life anyway.

.onion seems good but I don't trust it.

Don't make a site that's illegal.

The government's definition of illegality (rather "suspiciousness") is getting more and more nebulous.

Legal according to whom? Poker websites are a good example: legal in most of the world, but not in the US.

It's not that simple, though: legal sites have had their domains seized as well. These days any site with user-generated content is at risk although thus far they've focused primarily on hip-hop and other music sites.

This is the perfect wrong answer to a thought experiment.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact