Hacker News new | past | comments | ask | show | jobs | submit login
Epik Registrar Hacked (ddosecrets.com)
69 points by kristjank 7 days ago | hide | past | favorite | 123 comments





The initial comments here are pretty odd. I think it's the first time I've stepped into a HN thread where people are mad at the hackers because the target company decided to hash their passwords in unsalted md5.

Normally the hackers post the leak because they weren't paid off. In this case they just plain doxxed people for harassment purposes (however benevolent the purposes are perceived) and had the gumption to list "harassment and doxing websites" as part of the reasoning. It's not the typical hack scenario.

Not that Epik is a great host. It's god awful and used by many horrible sites (but probably mostly clueless and harmless ones by absolute numbers which is part of the problem). Just normally the hackers are aware they are black hat hacking for profit not posting how they are self proclaimed white hat hacking for free.


Not typical? What makes this hack different from the Sony leak by lulzsec and the other high profile hacks by the various lulz copycats 5 - 10 years ago? The dump is completely reminiscent of 4chan/Anonymous hacktivists as well.

I don’t know anything of Epik before this hack, but to me it’s clear that it was only a matter of time for Epik, and people should be mad at Epik. Unsalted md5 in 2021 is just inexcusable at this point and I’m doubtful this kind of hack took any skill at all given the complete lack of security they employed.


> What makes this hack different from the Sony leak by lulzsec and the other high profile hacks by the various lulz copycats 5 - 10 years ago?

That the first thing that came to mind is a hacking group which disbanded a decade ago is a hint what you're describing is atypical considering these kinds of hacks are constant. Check the incident list on haveibeenpwned for example most of these are self admitted black hatters or criminal gangs, not hacktivist groups.

That's not to say there isn't also a lot of meme refencing and lulz involved as well just the hactivism "we're the good guys" isn't typical even when filtering to just the 4chan/Anonymous style hacks.

> The dump is completely reminiscent of 4chan/Anonymous hacktivists as well.

4chan/Anonymous weren't normally "hacktivists". E.g. lulzec... did it for the lulz. They didn't do it claiming to be white nights they actually called out white hat hackers as corrupt. They knew what they were doing was wrong they just found it funny - there is no need comment how the hackers are bad when they go around saying they are in the leak.

The hackers here explicitly think what they were doing is good hence the extra reaction saying wait, this is certainly not white hat hacking.

> I don’t know anything of Epik before this hack, but to me it’s clear that it was only a matter of time for Epik, and people should be mad at Epik. Unsalted md5 in 2021 is just inexcusable at this point and I’m doubtful this kind of hack took any skill at all given the complete lack of security they employed.

Largely agreed however it's possible to be angry at 2 parties at the same time and it's typical that every site at the butt end of a hack is found to have bad security (hence the hack) so it's not going to get the same reaction boost for commenting as hackers leaking some of HN's non-fascist members private info out of "altruism".


Not sure how one could conceivably say this is a black hat leak for profit. It's very clearly politically motivated and intended to target the customers who use the registrar for right wing political purposes.

I don't really care if a company run by a notorious antisemite [0] gets its less savoury customers doxxed and harassed.

[0] https://www.huffpost.com/entry/rob-monster-epik-gab-neo-nazi...


> Not sure how one could conceivably say this is a black hat leak for profit. It's very clearly politically motivated and intended to target the customers who use the registrar for right wing political purposes.

Agreed, this is what I explained before I said "It's not the typical hack scenario."

> I don't really care if a company run by a notorious antisemite [0] gets its less savoury customers doxxed and harassed.

Then you'd be in good company with most of the referenced comments complaining about the more savory customers being doxxed by this as well.


Are there are unsalted passwords in the leak though? I haven't downloaded any of it and the description doesn't mention this.


[flagged]


I’m pretty left leaning but I don’t think it’s right to leak all of their customers simply because some subset of the domains were used for unsavory purposes.

That’s not a fascist ideology, I think people should have their privacy respected and this will harm innocent individuals.


And how often you see on HN how people should vet who they do business with... but now are saying they're mad at hackers for going after someone who "happens to host some bad websites and not someone like Youtube instead cause they have [this] video, too!"

Epik is notorious for being a safe haven to the most extreme of right wing sites. There's simply no way you could not know what their business model is.

Guilt by association might suck, but they still willingly associated.


Well this is shitty. I have several domains registered through Epik. I think it’s bullshit all of my personal information is now being shared in a torrent because there were other unsavory customers. I, and likely countless others, have nothing to do with any of these domains/people this site claims Epik is hosting.

You're right, you don't deserve your information to be out there.

However, Epik is a badly run registrar (as evident by the leaks), and the only reason any of us know about them is because they've worked so hard to attract unsavory customers. Registrars mostly offer the same service at the same price, and catering to unsavory clients is their only differentiating feature.

It's their entire marketing scheme (take on customers that legitimate registrars won't), so it's not surprising that they're actually pretty illegitimate.

I'm sorry your data was leaked, and I'd take this as a sign to move.


How is that any different than a well lauded service like nearlyfreespeach.net? Just because you believe in the first amendment doesn't mean you should be the target of harassment.

Every single registrar is targeted by hackers daily. I'm not convinced this is a sign of targeted harassment as much as just shoddy security practices.

The hackers in this case released a statement giving their exact reasons for doing this, though, and it was hacked precisely because it hosts badspeech. So it's not a random hack, they did this specifically to give information out to activists.

I wonder if the media outlets will continue with their policies of not reporting on hacked info or not?


No media outlet in the world has ever had a policy of not reporting on hacks. Sure, they won't show the data or how to get it yourself, but that's crazy to say that media outlets don't report on hacks.

Many were advocating exactly that, though:

https://securingdemocracy.gmfus.org/responsible-reporting-in...

Then at least some places put into place policies like that, though some were then modified later:

https://techcrunch.com/2020/10/16/twitter-changes-its-hacked...


Twitter is not a "media outlet". That kind of mentality is the one that encouraged thousands to microwave their iPhone to charge it.

I agree that Twitter is not something generally trustworthy, but that ignores Twitter's role in breaking news. The many places that generally are called "media outlets" that have reported news with tweets as their primary sources to the point where I think you would have trouble finding a media outlet that is an exception.


I hadn’t heard any claims about unsavory customers until I was already a customer myself. I joined them because their Whois privacy was free while I had to pay for it on GoDaddy, nothing else.

Namecheap offers it for free as well if you’re looking for a place to move.

I use namecheap as my registrar and cloudflare for dns. Though the free namecheap dns worked completely fine for the years I used it too.


Thanks, it looks like I’m going this route. It’s a bit pricey to transfer all domains at once so I have to pick and choose. For anyone else in the same boat, they offer a promo code “TLD21TS8” which reduces the transfer costs by 64%.

> and the only reason any of us know about them is because they've worked so hard to attract unsavory customers

No. Epik is (also) known for providing good prices for (medium sized) domain owners (and everybody else who just wanted to transfer their domains for a fair price.): https://www.namepros.com/threads/epik-com-promo-deals-and-ha...


That linked forum discussion does not exactly make Epik look good.

The first post from someone not employed by Epik is someone from Nigeria asking if they can buy a .US domain.

An Epik staff member tells them that .US are restricted to those with US contact information (which is almost correct--you need to be a US citizen, resident, organization, or a foreign entity with a bona fide presence in the US).

Then the Epik CEO answers that post suggesting how to circumvent the .US rules:

> However, just use the free WHOIS privacy proxy. Problem solved. You will need to keep the privacy on in this case.

That won't actually work because (as the Epik staff member points out in another reply to the Nigerian post) .US does not allow WHOIS privacy proxies.


I didn't link it to make Epik look good. Don't like Epik, don't like its CEO.

But Epik is absolutely one if not the registrar you stumbled upon the last couple of years if you looked for good transfer prices.

I just think users should give other users in this thread the benefit of the doubt that they weren't Epik customers to support a fascist, hardcore libertarian Christian, Nazi, ... CEO and his company in any form.

They might just have googled for fair .com transfers and transferred a couple of domains in.


I don't bite. There's a whole diaspora of name registrars, but only one of them marketed themselves as the right-leaning choice (Rob Monster made damn sure of that). Hacks like this are the price of doing business with egomaniacs.

Can you show me where Epik.com marketed it self as "the right-leaning choice" 12+ months ago? (So pre parler, gab, etc.)

Even the threads here on HN from back then where epik gets mentioned don't mention that stuff.


Epik started hosting Gab in 2018 (introducing "free speech" as a part of their marketing allegedly following the Gab move [1][2]) and BitChute and 8chan in 2019 [3] (although they stopped hosting 8chan [4] after some of their own upstream providers cut them off or threatened to do so; they may have continued to provide DNS, but I haven't tried to verify this since providing services to the far right on the down low wouldn't count as part of their marketing).

External criticism from prominent publications and organizations of Epik for its hosting of far-right sites also dates back at least as far as early 2019 [5][6].

HN search provides a story about Epik hosting Gab [7] as the highest popularity story result for "Epik" in the date range Jan 8th 2018 to Dec 30th 2019 (HN search is weird about date ranges and wouldn't let me do 1st to 31st) [8]. The front page of that search result has 5 other stories that are not just incorrectly matching on the word "Epic" or companies named "Epic", one of which is about Epik's "forever domains" service and got 3 points and 2 comments. One is about 8chan getting kicked off its previous provider and mentions them moving to Epik (it appears to be the same article as my [3]), but the comments mostly does not talk about Epik. The other articles are all about Epik hosting Gab or far-right sites but received few upvotes and comments.

In the first page of results for the corresponding search for comments [9] I can find 1 comment from 'sadris talking about Epik's low pricing, 1 comment from 'boultonmark on a non-Gab story describing Epik as seeming to be "the go to company for criminals online", 2 hiring posts from somebody who happens to have epik in their username near the bottom, and two comments using the word "epic" at the bottom. The 14 by my count other comments are all about Epik hosting Gab and/or either hosting or not hosting 8chan.

[1]: The SPLC article below [5] says this is the timing, but the Wayback machine[2] doesn't have frequent enough captures of their twitter account for me to verify the timing to more precisely than between

[2]: https://web.archive.org/web/20190119014600/https://twitter.c... has "Protector of responsible Free Speech." in their bio, tweets calling for popular Youtube channels (including Jordan Peterson) to move to BitChute, and referring to itself as "Alt-tech", which afaict is a term coined to refer specifically to technology providers that alt-right sites & people have moved to as a result of bans or moderation policies on more mainstream providers.

[3]: https://www.theverge.com/2019/8/5/20754943/8chan-epik-offlin...

[4]: https://www.epik.com/blog/epik-draws-line-on-acceptable-use....

[5]: https://www.splcenter.org/hatewatch/2019/01/11/problem-epik-...

[6]: https://www.vice.com/en/article/gy4yg9/the-far-right-has-fou...

[7]: https://news.ycombinator.com/item?id=18383947

[8]: https://hn.algolia.com/?dateEnd=1577750400&dateRange=custom&...

[9]: https://hn.algolia.com/?dateEnd=1577750400&dateRange=custom&...


Thanks for substantiating my point and doing the research.

The HN community - or even just small parts of it - did not go hard on Epik nor Rob Monster >12 months ago and mention all the horrible things about them, and it was not as commonly known as some currently make it out to be - not even in the thread about them welcoming Gab, nor the one about them not hosting 8chan.


You're welcome, but I don't think the information/citations I provided do substantiate your point at all. They show that Epik did market itself to right wing sites and individuals (and specifically the alt-right) as early as January 2019 (around 32 months ago),

Your claim upthread was:

> Even the threads here on HN from back then where epik gets mentioned don't mention that stuff.

but the HN search links demonstrate that the threads here on HN from back then where Epik gets mentioned are almost all specifically about that stuff! Not all of that discussion was opposed to Epik, but that wasn't the claim you took issue with.

As to your Google Trends link, yes, Gab has never been an especially popular website, and it was not as frequently searched for then as in the period immediately after Donald Trump's twitter account was suspended, but your trends link shows that the Epik coverage (and the only HN thread about Epik to get any traction in 2018 or 2019) coincided with the most searches Gab ever got (as a result of coverage related to the Tree of Life synagogue shooting) prior to Trump's twitter suspension, and was about three times as much as it gets nowadays. It was only exceeded during the week of January 10th through 16th of this year. Epik itself, of course, has never been as frequently searched for as even Gab ( https://trends.google.com/trends/explore?date=today%205-y&q=... ).


> but the HN search links demonstrate that the threads here on HN from back then where Epik gets mentioned are almost all specifically about that stuff! Not all of that discussion was opposed to Epik, but that wasn't the claim you took issue with.

Yes it was? That's why I said threads - not posts. Threads include the discussion, not just the articles. And like you showed, even the big discussions did not have people mention how bad of a person Rob Monster is or that Epik is that right-leaning instead of just really free-speech.

In every second about a (big) company on HN, folk here mention how bad that company or some execs are - because it is common knowledge / opinion. And it's always one of the top comment threads in the thread.

Rob Monster and Epik being that right-leaning and not just "really free-speech", and also (Christian) nut jobs - was not common knowledge at that point. Which was my initial point "upthread upthread", that Epik had 100% a boat load of users that were just there for cheap domain prices and that did not know about it and were not there to support any of this. And thus are not guilty by association (and even deserve to be in that leak), like some in this thread claim.


I have to ask: If it wasn't for the freedom to share information, as is given by the Constitution, why'd you pick Epik? Their prices aren't particularly good, they don't really advertise themselves as having any features other registrars don't have, and don't really seem to have a lot going for them. They aren't even acknowledging the fact that they got hacked:

https://twitter.com/robmonster/status/1437543353357328389

It sucks what happened to you, but the only thing Epik sold themselves with is the same freedom that these people are utilizing.


They offered free Whois privacy. I was paying for it annually with GoDaddy so I moved.

Pretty much every company has been offering it for free for the past six years because of the GDPR. Worth keeping in mind in the future; never use a registrar that's more sketchy than normal.

> Their prices aren't particularly good

They have the biggest "real" (as in for existing customers and without other limitations) promo / "happy hour" thread on the biggest domain name board: https://www.namepros.com/threads/epik-com-promo-deals-and-ha... - where they regularly had pretty good transfer in prices.


[flagged]


Just because someone does not censor other does not make them a neo-nazi or white supremacist. This is an ideological difference.

Wikipedia has a solid article on him if you're interested in documentation of the things he says and supports.

https://en.wikipedia.org/wiki/Rob_Monster#Views


Sure. But Rob Monster is an openly anti-Semitic neo-Nazi.

I googled this and I literally can not find anything he's done or said that is openly anti-semitic other than allowing anyone on his platform. Would he be a terrorist sympathizer for allowing ISIS or Alqueda on his platform?

Did he allow them on?

Because I don't think he would, because they are muslims, and he is a white supremacist.


I do not know if he did but we do know that cloudflare for example did, along with harassment groups like kiwifarms. Are they terrorist and harasser sympathizers?

It's funny because both Epik and Cloudflare used to host 8chan and the dailystormer. They are more similar than people think.


Not in general.

But in this specific case? They are neo-nazis and white supremacists.


That doesn't make it any right to involve leaking the personal information of innocent users using the platform because they found that Epik was offering WHOIS privacy cheaper than another registrar. (GoDaddy)

The ones who hacked Epik are just as bad as the 'neo-nazis' and 'white supremacists' you speak of.


> The ones who hacked Epik are just as bad as the 'neo-nazis' and 'white supremacists' you speak of.

You don’t see a moral difference between people who hacked a company’s customer list, and people who want to very literally murder my family and me? Those sound the same to you?


You can just report whatever 'illegal' content you find that is hosted on a private company's website and they will take it down such illegal content since if they are found to hosting it, they're whole service can be taken down.

Assuming you have this evidence, did you just leave them online and then complain here and did nothing?

Maybe being obsessed around chasing Nazis everywhere and directly approaching them yourself comes with such risks and consequences which you should leave all to the authorities to deal with rather than using extreme illegal methods to attack any sort of service in the name of this so-called 'fascism' which at this point has become meaningless.


[flagged]


Why are you so obsessed with accusing everyone in this thread as a nazi or a white supremacist? So 'notadev' is a nazi because they chose Epik? With what evidence suggests that?

> Oh no! Why won't somebody think about the poor neo nazis and white supremacists posting violent content and murder lists?!

I assume you have evidence of this given your long obsession with Nazis in this thread. Did you forget to report these 'specific neo nazis' that posted this or did you just leave them online?


Why would you be inclined to believe the latter? I don’t host anything on Epik, just use them as a registrar because they offered free Whois privacy. None of the domains I have are anything political or offensive in any way. I’m innocent collateral damage as are many others I’m sure.

Many registrars offer free Whois Privacy by default. Even Google Domains.

Your information is being shared in a torrent because Epik has bad security.

That can be true of any website or service part of the haveibeenpwned.com database.

Why didn't you use a trustworthy host? You know the right can't netsec.

Epik is owned by Rob Monster, who is a open and proud Neo Nazi and antisemite. You chose to do business with him despite of who he was and what he enables. That you didn't understand these facts before hand was your failure.

This should be a lesson in exercising moral and ethical restraint, and being conscious of who you do business with. Guilt by association sucks, but I am very skeptical about anyone who says that they run a website on Epik, simply because it is the go-to webhost for extremist and violent content.


> Epik is owned by Rob Monster, who is a open and proud Neo Nazi and antisemite. You chose to do business with him despite of who he was and what he enables

When I first heard of Epik, it was due to the kinds of sites/domains he handled that were being kicked off other services for egregious reasons (including and not limited to: hosting white supremacist shooter manifestos, doxxing for murder). That in of itself told me to stay far, far away from Epik.

Advocating for free speech doesn't mean moral abandonment, either. There's a reason things like fighting words, threats of harm aren't considered protected speech... and there's (sadly) quite a few on here who still have yet to learn that part of the lesson when it comes to speech online.

Epik's business model is to specifically cater to Neo Nazis.

https://www.vice.com/en/article/gy4yg9/the-far-right-has-fou...

https://www.splcenter.org/hatewatch/2019/01/11/problem-epik-...

https://en.wikipedia.org/wiki/Epik_(company)

> Epik is known for providing services to websites with far-right content, such as the social network Gab, video hosting service BitChute, conspiracy theory website InfoWars, and neo-Nazi message board website The Daily Stormer.[1][6][28] It was described in 2019 by Vice as "a safehaven for the extreme right" and in 2021 by The Seattle Times as "a home for far-right websites" because of its willingness to host far-right websites that have been denied service by other Internet service providers.[1][29][30] In 2021, The Daily Telegraph wrote that Epik was "a safe harbour for websites said to be enabling the spread far-right extremism and carrying Neo-Nazi content";[25] the same year, Fortune called the company the "right wing’s best friend online".[9] NPR reported in February 2021 that "when websites flooded with hate speech or harmful disinformation become too radioactive for the Internet, the sites often turn to [Epik] for a lifeline."[13]


I realize this portion isn't the focus but it caught me a bit off guard:

"Due to its size, it's incompatible with most torrent clients and many users will have difficulty downloading the data. When we're able, we'll release a more accessible version of the data."

As someone who downloads a lot of 4k HDR... Linux ISOs... (I have the highest level subscriptions to Disney+, Netflix, Hulu, HBO, Spotify, Amazon, Crunchyroll, and probably more I'm forgetting but not all of my devices will get the 4k stream due to DRM requirements so depending where I want to watch it I'll just download it instead) I've tried about every popular torrent client I've heard of and none have had problems with 100 GB+ sized torrents (or even much larger). Is this really a thing or are a lot of people just using a 10 year outdated version of uTorrent or something?


It might be the number of files and subdirectories rather than the total file size of the torrent.

the actual .torrent file, itself, is 32mb, this is massively bigger then your 2tb 40 files 4k movie superpack, because this includes large directories and file paths as well as a larger number of files, each requiring the full file path be specified.

Thats the size of the actual .torrent file, all the metadata. Not the size of the data the torrent is pointing to.

Apart from the hilarity of the idea there are multiple petabytes of data in this leak - no, the torrent file was actually pretty small. About the size you'd expect for 180 GB of payload with a decent number of files.

The torrent file is 32Mb. That's really big for a torrent file, and it made my deluge client choke.

tried deluge and qbit qbit loaded it instantly while deluge froze for like 15 minutes

I own several domains with Epik. I bought them through Epik for no other reason than my friend having an affiliate link. I don't host political content. I don't even know anything about them as a company. I am actually very angry as I type this. I don't care who else they let purchase domains from them, I didn't deserve this. I hope whoever did this is caught and jailed.

They used md5 as a password hash with no salt. The only ones that deserve jail time is those developers.

If you go into house with no locks and steal something, you should still be liable for your actions.

Yea but if your cleaners left the house unlocked they're liable for the damage.

But anyway, I wasn't talking about who's liable, I was simply stating the fact that those developers were criminally negligent.


There are only two parties involved in your analogy: the first-party target and the actor. There are no third-party victims.

(Granted, that doesn't dispute the fact that the actor is still deserving of a lot of that liability. :) )


Exactly.

Better analogy- if I put some items up for sale in a consignment shop, and the shop owner doesn't lock the door overnight and someone runs off with all my stuff, I'm likely to be more upset with the shop owner than the actual thief.


¿Por qué no los dos?

In the future, do some research into whose service you employ beforehand.

You should not be surprised that you might get in trouble one way or another for employing the services of neo-nazis.


That allegation is made so often a lot of people just tune it out. How am I supposed to know who's actually a neo nazi and who just annoyed the wrong liar?

That's the goal of disinformation. You don't have to be convinced of the face value of a claim to fall to it you just have to be convinced it's too much work to figure out or too uncertain to call one way or the other. In the case of Epik it's not exactly a mystery "is this one guy a liar" case though. Here are the opening paragraphs of Wikipedia (prior to this hack):

> Epik is an American domain registrar and web hosting company known for providing services to websites that host far-right, neo-Nazi, and other extremist content. It has been described as a haven for the far-right because of its willingness to provide services to far-right websites that have been denied service by other Internet service providers.[1][7]

> Some of Epik's notable clients have included social network Gab, neo-Nazi website The Daily Stormer, and the imageboard website 8chan.[8] In 2021, the Parler social network moved its domain registration to Epik when it was denied hosting and other web services after it was used to help plan the 2021 storming of the U.S. Capitol.[9] Epik has also provided hosting and registrar services to Patriots.win, formerly TheDonald.win, an independent far-right forum that has served as the successor for the r/The_Donald subreddit that was banned in June 2020.[10][11][12]"

The rest of the article goes on with details about each of those and more, including many other companies terminating services to Epik as a result. Particularly after the El Paso shooting.


Maybe that is a problem with you, and not with anyone else. If you are uninterested in listening, that is on you.

And then you move to a service that does not accept nazis that gets hacked by nazis and then you end up being harassed...

> You should not be surprised that you might get in trouble one way or another for employing the services of neo-nazis.

Would you say the same if someone poisoned (does not need to be fatal) cokecola bottles for their anti-union policies? https://en.wikipedia.org/wiki/Criticism_of_Coca-Cola https://en.wikipedia.org/wiki/Sinaltrainal_v._Coca-Cola_Co.

Or if IBM employees were doxxed? https://en.wikipedia.org/wiki/IBM_and_the_Holocaust

Or if github users/employees were doxxed? https://en.wikipedia.org/wiki/GitHub#ICE_contract


You still have some cleaning to-do on YouTube, since they are still hosting neo-nazi rock band videos on there.

Does that mean everyone deserves to get their YouTube accounts hacked because of some bad videos on someones platform?


I think it's different when a service offers their services to these groups with open arms, v.s. a company like Google who actively tries to take down that kind of content

Big fash, ok, little fash bad. Gotcha.

Yes, Youtube specifically is a big problem.

Wow - a lot of unsavory folks on that platform. Dump includes

All domain purchases All domain transfers in/out All whois history All DNS changes All email forwards, catch-alls, etc Payment history (no credit card data) Account credentials Over 500,000 private keys

Not a good look for these "privacy" focused players.

I use AWS Route53 and Google for domain registration. Despite being "invaders" of privacy supposedly, so far they've done a pretty good job keeping my data from leaking - nothing too interesting anyways but.

One worry would be employers or others taking lists like this and doing some screening of candidates etc through it.


To be fair, if I found that a job applicant was also actively participating in a Neo-Nazi website, I would absolutely never hire them, whether they intended for me to know about it or not. If I had already hired them and found out, they would unemployed quite quickly.

I would never expose the people who work for me to that kind of toxicity, nor would I expose myself and my organization to that kind of liability.

I am all for freedom of speech, insofar that people don't get charged with crimes for participating in protected of speech, but I have absolutely no reason at all to tolerate those people, and feel as though I have a moral obligation to keep them away from the people I care about.


What on earth are you talking about? Epik is not a 'neo-nazi' website (whatever you think a 'neo-nazi' is), it's a domain registrar. So please spare us your oh so righteous indignation.

Their business model is to specifically cater towards neo nazis.

https://www.vice.com/en/article/gy4yg9/the-far-right-has-fou...

https://www.splcenter.org/hatewatch/2019/01/11/problem-epik-...

https://en.wikipedia.org/wiki/Epik_(company)

> Epik is known for providing services to websites with far-right content, such as the social network Gab, video hosting service BitChute, conspiracy theory website InfoWars, and neo-Nazi message board website The Daily Stormer.[1][6][28] It was described in 2019 by Vice as "a safehaven for the extreme right" and in 2021 by The Seattle Times as "a home for far-right websites" because of its willingness to host far-right websites that have been denied service by other Internet service providers.[1][29][30] In 2021, The Daily Telegraph wrote that Epik was "a safe harbour for websites said to be enabling the spread far-right extremism and carrying Neo-Nazi content";[25] the same year, Fortune called the company the "right wing’s best friend online".[9] NPR reported in February 2021 that "when websites flooded with hate speech or harmful disinformation become too radioactive for the Internet, the sites often turn to [Epik] for a lifeline."[13]


I've never heard of the controversy behind Epik before this, and looking at their website doesn't give any indication whatsoever that they're politically aligned in any particular direction. I almost transferred some domains to this registrar a while back, but man did I dodge a bullet.

If this was leaked for political reasons, the person who did it should have known that thousands of innocent people would be affected. I wonder how many bystanders are going to lose their jobs or be cancelled because they just happened to come across epik.com when shopping around for a domain registrar?

If you're the type of person who has strong political opinions and you happen to be a recruiter at a company, wouldn't you be tempted to do a quick CTRL+F through this dump for the names on the resumes you're screening? No one will know, and even if you know not everyone on that list is a nazi, it's better to be safe than sorry right?

Branded for life and informally blacklisted just for buying a domain name. That sucks.


As someone with quite strong political opinions on this topic I can assure you that disliking Rob Monster and many of the people he does business with doesn't automatically extend to all customers of Epik.

>Branded for life and informally blacklisted just for buying a domain name.

Only for the "bad guys"™


cant wait to get bricked over the head by some thug for using the wrong registrar

Epik literally runs neo-nazi websites. They court them when they get booted from other platforms.

There's a german saying that goes "There are 10 people at the table with a Nazi. There are 11 Nazis at the table".

If you do business with Epik, a service owned and operated by Rob Monster, who is also a virulent Gab user and proud Neo Nazi and Antisemite, then you earn some guilt by association.

And nobody chooses Epik for the price or the service. They choose Epik because their website would be terminated from most other mainstream providers for violating rules against violence and hate speech.


It is a domain registrar that makes a point of specifically, with full knowledge, and proudly hosting neo-nazi sites.

They are not neutral in this. They are specifically creating a service for neo-nazis and the far right.


If there is one domain registrar that nearly all neo-nazi websites use because no one else will do business with them, and the owner of said registrar also is a self-proclaimed neo-nazi - it seems pretty reasonable to claim epik primarily exists to further neo-nazi causes.

A lot of people used epik because they seo'ed for lower transfer fees for a while and have been around for longer then it was known that they protect neo-nazis who register domains with them.

Not all of them knew about the parler and 8chan controversies, and even if they left when this all came out, it wouldn't stop them from appearing in this list, since it includes historical data.

So maybe leave judgements and punishments to the courts, and stop using your company to be a vigilant.


Putting politics aside (I know, it's difficult), I can't help but wonder why is it that even with companies like these, marketing comes first?

Looking at Gab, Parler and now Epik, it confuses my you'd paint a giant target on your back before making sure that everything's as secure as can be.

Parler was basically a Wordpress instance hacked through one of the plugins they ran. (And since it was a WP instance the also had the whole thing scraped because of the sequential nature of the IDs Wordpress uses.)

Gab rolled their own SQL injection mitigation and failed at it, published the source code themselves since they moved to the Mastodon network and then tried to cover up the whole thing --- and got hacked again because they never reset the user tokens.

And now this with Epik.

I understand the need to attract a clientele and free speech in itself can be attractive because there's so many issues stemming from automated content removal that people often have issues with the current providers but it simply makes no sense to set yourself up for a politically motivated hack and do nothing to prevent it... it's pretty crazy.


Because if these people were competent, they would not be neo-nazis. This is not an ideology for thoughtful, intelligent people.

So no, we can't really put politics aside. It is all part of the same whole.


Epik is one of several registrars I've used. They were the first search result many years ago for a particular TLD. This was before any drama regarding them being a haven for unsavory sites. I stayed because I thought I would be incrementally safer against social engineering attacks.

All of my sites are things you might see submitted here.


"I stayed because I thought I would be incrementally safer against social engineering attacks."

In what ways?


Lesson learned, then: Don't do business with neo-nazis in the future. There are many reasons why following that simple principle is a good idea, and you have now discovered one of them.

I never heard about Epik before. Yet, my personal email (that I don't even use for web login) is there. How?

It frustrates and disappoints me to see hacks like this happen out of some sense of moral superiority.

For whatever "fascists" this harms, it will harm significantly more innocent people.

Two wrongs do not make a right.


Why did you quote fascists? That’s how many of Epik’s customers self-describe.

I have been called a fascist for voting for Biden and disagreeing with extremist beliefs. The term has been so diluted as to have no meaning which is a shame, because the fascists were a terrible blight upon the 20th century.

Even if someone was a self declared fascist, that is still not justification.


Epik's business model is to specifically cater to fascists.

> Epik is known for providing services to websites with far-right content, such as the social network Gab, video hosting service BitChute, conspiracy theory website InfoWars, and neo-Nazi message board website The Daily Stormer.[1][6][28] It was described in 2019 by Vice as "a safehaven for the extreme right" and in 2021 by The Seattle Times as "a home for far-right websites" because of its willingness to host far-right websites that have been denied service by other Internet service providers.[1][29][30] In 2021, The Daily Telegraph wrote that Epik was "a safe harbour for websites said to be enabling the spread far-right extremism and carrying Neo-Nazi content";[25] the same year, Fortune called the company the "right wing’s best friend online".[9] NPR reported in February 2021 that "when websites flooded with hate speech or harmful disinformation become too radioactive for the Internet, the sites often turn to [Epik] for a lifeline."[13]

https://en.wikipedia.org/wiki/Epik_(company)

No need for quotes, bruh.


Freedom of speech isn't just a part of the US constitution - it's also a human right and ethical value.

You can disagree with someone and still think they have rights.


Ah yes, the mythical "rights of the might" that overrule peoples' rights depending on who feels their rights are more important.

Why should anyone should suffer consequences for threats of harm online? You agree that someone should be allowed to threaten, harass, intimidate and harm someone else through speech online?

Freedom of speech has never meant freedom from consequences of said speech.

As far as I see it, Epik's hack is a consequence of the speech they allow. No need for government, constitution and laws to see the cause and effect here.


Harassment and threats of violence are illegal. You can pursue criminal charges. You can't go burn down someone's house or kick them.

> As far as I see it, Epik's hack is a consequence of the speech they allow.

That's a scary logic and it's the kind of logic that harms societies. Most violent leaders have used this style of justification for their actions.

We can not fight uncivility with uncivility. Doing so only makes the situation worse.


I appreciate that you find it scary but that is to a large extent what it's like where the rubber meets the road. Pejorative political labels do get tossed around too easily, but there are are also honest-to-goodness violent neo-nazis and other fascists that go far beyond shitposting into planning and carrying out violent acts. Sadly, some of those people infiltrate law enforcement or the military. They're not hiding around every corner, but there are quite a lot of them and they are not all like the clowns that get themselves arrested in really obvious ways.

Moral panics cause more harm than good.

https://en.m.wikipedia.org/wiki/Moral_panic


That's a scary logic and it's the kind of logic that harms societies. Most violent leaders have used this style of justification for their actions.

We can not fight uncivility with uncivility. Doing so only makes the situation worse.

Sounds like moral panic to me. Do you not think neo-nazis are real or something? Serious question.


Never thought I'd see the day where calling out a webhost known for giving shelter to white supremacist shooter manifestos and doxxing murder lists for atomwaffen would fall under 'moral panic.'

> We can not fight uncivility with uncivility.

Paradox of Tolerance.

https://i.imgur.com/ve1VDvK_d.webp?maxwidth=760&fidelity=gra...

> Doing so only makes the situation worse.

“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”


> Harassment and threats of violence are illegal.

And Epik continued to host sites that were taken offline specifically for those reasons.

That's your cognitive dissonance.


So you are in defense of cyber-criminals in gaining unauthorised access to breaching someone else's internet business then? Such activity is illegal and those affected can report this and involve the authorities to track them down.

It is now worse since innocent users are involved in this leak.


If you provide service to everybody, then you provide service to unsavory types. That doesn't mean you cater to them. The alternative is 'cancel culture' which many people reject on principle because all it will do is tear the country in two.

>If you provide service to everybody, then you provide service to unsavory types. That doesn't mean you cater to them.

Read what the CEO has to say about jewish people [0]

[0] https://www.huffpost.com/entry/rob-monster-epik-gab-neo-nazi...


> That doesn't mean you cater to them.

Heh.

Pay attention...

They specifically cater, not just host, but CATER to those who are unable to host elsewhere due to their content.

https://en.wikipedia.org/wiki/Epik_(company)

> Epik is known for providing services to websites with far-right content, such as the social network Gab, video hosting service BitChute, conspiracy theory website InfoWars, and neo-Nazi message board website The Daily Stormer.[1][6][28] It was described in 2019 by Vice as "a safehaven for the extreme right" and in 2021 by The Seattle Times as "a home for far-right websites" because of its willingness to host far-right websites that have been denied service by other Internet service providers.[1][29][30] In 2021, The Daily Telegraph wrote that Epik was "a safe harbour for websites said to be enabling the spread far-right extremism and carrying Neo-Nazi content";[25] the same year, Fortune called the company the "right wing’s best friend online".[9] NPR reported in February 2021 that "when websites flooded with hate speech or harmful disinformation become too radioactive for the Internet, the sites often turn to [Epik] for a lifeline."[13]


Whenever the first word used to describe someone other than a belligerent in world war 2 is “fascist” I’m immediately skeptical of the author’s real intention.

I guess if you're really so out of the loop you've never heard of The Daily Stormer or the other fascist sites hosted there you could be skeptical.

The OP doesnt link any examples, and there multiple comments in this thread saying they are affected. If these noble white hats are interested in punishing fascism why dont they dump only fascist websites instead of everyone?

The audience for this dump is people who are willing and able to do that sort of filtering.

Some of the high profile hosted sites are fairly objectively fascist. Yes, the hackers should have filtered their leak to those clients, but the word is being used pretty truthfully.

You seem awfully defensive of fascism, which makes me pretty skeptical of your real intention in expressing this.

It's is all fun and games for these 'hacktivists' and 'vigilantes' trying to hunt so called 'fascists' when their actions have now affected innocent people and their sensitive information is now leaked.

Maybe they themselves are the criminals and the fascists all along.



For those that don't want to open a PDF hyperlink from a 2 day old account on a topic related to hacking this twitter post linked elsewhere in the thread already has a picture of the above content:

https://twitter.com/stevanzetti/status/1437482759241469958


My apology.

Not taking a position on the content of the website(s) (I don't even know who Epik was until i came across this).

However, what i am concerned about is fascism. The wiki entry classifies fascism as such: ". . .characterized by dictatorial power, forcible suppression of opposition, and strong regimentation of society"

How is this suppression of an opposing political voice considered moral, legal or otherwise permissible? And before someone here responds with "Well, their content is violent", we have laws in our society. Period.

Extra judicial anything is simply not on.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: