Thanks Si, interesting stuff.<br><br><div class="gmail_quote">On 7 December 2010 18:00, Simon Yuill <span dir="ltr"><<a href="mailto:simon@lipparosa.org">simon@lipparosa.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi,<br>
<br>
Got this rather topical email from my hosting provider today which casts<br>
some light on the practical-legal-political life of web servers. It's a<br>
bit long so if you just want the 'interesting' bits scroll down to the<br>
"Risks to your domain name" section near the bottom.<br>
<br>
best wishes<br>
Si<br>
<br>
<br>
<br>
*** START ***<br>
<br>
Hi,<br>
<br>
I've had a few people ask about hosting WikiLeaks mirrors at BitFolk<br>
and whether it is allowed.<br>
<br>
These are my thoughts on the subject at the moment. Depending on how<br>
things go they may have to change.<br>
<br>
- TLDR version<br>
<br>
This is very risky; we recommend you do not do it. Also if you did<br>
do it, UK is not a very good place to do it from. If you feel you<br>
must do it, please read the rest of this email.<br>
<br>
- Risk of DDoS<br>
<br>
Hosting contentious material such as a WikiLeaks mirror can (and<br>
has) drawn denial of service attacks. If you are the subject of a<br>
denial of service attack then our policy is described here:<br>
<br>
<a href="http://bitfolk.com/policy/netabuse.html" target="_blank">http://bitfolk.com/policy/netabuse.html</a><br>
<br>
Should such a mirror hosted at BitFolk become subject of a large<br>
denial of service we would need to ask our upstream to ask their<br>
upstreams to blackhole the IP address of the mirror. This would not<br>
be instant and the traffic received in the meantime would be<br>
chargeable. We would also require you not to put your mirror back up<br>
after the attack stops.<br>
<br>
This could result in a bill of thousands of pounds to you.<br>
<br>
- Risk of UK government intervention<br>
<br>
This is not legal advice, but it is my experience that should UK<br>
government find an interest in knowing who you are and/or stopping<br>
you from doing it then all they have to do is get a court order or<br>
section 22 notice under the Regulation of Investigatory Powers Act.<br>
As a UK company we are legally obliged to act on these and may not<br>
be able to tell you that one has been received.<br>
<br>
- Risk of libel action<br>
<br>
This is not legal advice, but it is well known that UK has an<br>
extremely harsh libel system that makes it very difficult to publish<br>
information about people that those people do not like. Should you<br>
publish something (say, in a WikiLeaks mirror) that says something<br>
about an individual or company that they do not appreciate being<br>
published, then they may decide to sue you.<br>
<br>
If that were to happen, we would ask you to remove the information.<br>
Even if you believe that the information is true, we would ask you<br>
to provide a large (tens of thousands of £) deposit to cover our<br>
possible legal costs should you decide you want to prove the truth<br>
of the statements in court.<br>
<br>
Does this mean that anyone with enough money can stop you<br>
publishing, via a cheap UK hosting account, things they don't like?<br>
Yes unfortunately it does, but that is how UK libel laws work, and<br>
there is no UK hosting company that will let you continue to publish<br>
such things once they have received a notice of action for libel,<br>
unless you indemnify them.<br>
<br>
- Risks to your domain name<br>
<br>
Top level domains in com/net/org are operated by Verisign, a US<br>
corporation. As such they are required to obey US law. As a<br>
consequence of the PATRIOT Act it is possible for the US government<br>
to hand Verisign a sealed, secret court order requiring them to<br>
suspend services. This has been done before for sites that are<br>
alleged to assist in the sale of counterfeit goods and illegal<br>
distribution of copyright material.<br>
<br>
The effect of the above happening would be that your domain name<br>
stops resolving and you can't work out why, and neither can your<br>
registrar.<br>
<br>
They may not even need to go that far as Verisign may choose to<br>
react on a mere *request* from their government, and if they don't<br>
then your registrar may decide to act upon a *request* also.<br>
<br>
- In summary<br>
<br>
Given all of the above, I believe that hosting a WikiLeaks mirror on<br>
a BitFolk VPS is one of the more risky things you could do. I<br>
personally would not do it and would not recommend doing it. I also<br>
think that any UK host is a poor choice for such a mirror and the<br>
resources would be better sent elsewhere. If despite all of the<br>
above you still want to do it, so be it.<br>
<br>
Should the risks get worse, for example if the encrypted file that<br>
WikiLeaks have been distributing as insurance has its key released<br>
and mirrors start getting overloaded or attacked, we might need to<br>
change our policy on this to "absolutely do not do this".<br>
<br>
Cheers,<br>
Andy<br>
<br>
*** END ***<br>
<br>
<br>
_______________________________________________<br>
members mailing list<br>
<a href="mailto:members@electronclub.org">members@electronclub.org</a><br>
<a href="http://lists.electronclub.org/cgi-bin/mailman/listinfo/members" target="_blank">http://lists.electronclub.org/cgi-bin/mailman/listinfo/members</a><br>
<br>
Instructions for changing your mailing list settings:<br>
<a href="http://lists.electronclub.org/emailhowto.html" target="_blank">http://lists.electronclub.org/emailhowto.html</a><br>
</blockquote></div><br>