✨ Feature Suggestion | Hosting Guidlines #1196

New Issue

2019-08-22T18:21:35Z

ggg27 commented

2019-08-22 18:21:35 +00:00

(Migrated from github.com)

Description: Discussion thread for adding "secure hosting provider" to Software Criteria

Why?: There are a lot of web hosting providers promoting privacy (see #1181), the goal of this issue is to set criteria. Especially for issues like #1043 and #934.

What do you recommend?:
The current VPN criteria is:

Prioritize Products by privacy respecting nationality.
Cannot be based in USA or UK.
Must be acessable via free software (i.e OpenVPN, WireGuard)
Use Encryption
Accept Cryptocurrency
No logging policy

I think this is a good start. Although, I would like to propose expanding "Must be acessable via free software" to include free/libre cPanels like VESTA as well as using privacy respecting OSes (like Debian or OpenBSD/LibertyBSD) and up-to-date free/libre hypervisors.

Plus, free and anonymous sign-ups are fairly common and good thing to consider adding.
Most providers except signup via email.

OpenSSH is standard now, so basically everybody encrypts their connection to a VPS and web-hosting is generally done using HTTPS-client. Certbot should work for everything else.

Note: I did want to expand on the "Cannot be based in USA or UK." should this apply to hosting providers as well?

**Description**: Discussion thread for adding "secure hosting provider" to [Software Criteria](https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/CONTRIBUTING.md#software-criteria) **Why?**: There are a lot of web hosting providers promoting privacy (see [#1181](https://github.com/privacytoolsIO/privacytools.io/issues/1181)), the goal of this issue is to set criteria. Especially for issues like #1043 and #934. **What do you recommend?**: The current VPN criteria is: - [ ] Prioritize Products by privacy respecting nationality. - [ ] Cannot be based in USA or UK. - [ ] Must be acessable via free software (i.e OpenVPN, WireGuard) - [ ] Use Encryption - [ ] Accept Cryptocurrency - [ ] No logging policy I think this is a good start. Although, I would like to propose expanding "Must be acessable via free software" to include free/libre cPanels like [VESTA](https://github.com/serghey-rodin/vesta) as well as using privacy respecting OSes (like Debian or OpenBSD/LibertyBSD) and up-to-date free/libre hypervisors. Plus, free and anonymous sign-ups are fairly common and good thing to consider adding. Most providers except signup via email. OpenSSH is standard now, so basically everybody encrypts their connection to a VPS and web-hosting is generally done using HTTPS-client. [Certbot](https://www.wikipedia.org/wiki/Certbot) should work for everything else. ______________ **Note**: I did want to expand on the "Cannot be based in USA or UK." should this apply to hosting providers as well?

Mikaela commented

2019-09-30 18:22:48 +00:00

(Migrated from github.com)

Some things I would like to see:

eco friendliness (see https://datacenterlight.ch/ for example)
ethical (e.g. I don't want to see PTIO recommending providers that host child porn https://github.com/privacytoolsIO/privacytools.io/issues/1299#issuecomment-536671500)
- This is not a call to delist Tor or other "darknets", as far as I am aware of, their developers have a stance against child porn, but cannot affect what users use them for regardless of whether it's bad. And if there was a backdoor against child abusers, there would be nothing to prevent it from being used against the next whistleblower or similar.
- I am also not supporting that the providers should mass surveill what goes on their servers (I don't know whether the hosts of CyberBunker were aware of the illicit content on their services, but I hope that when someone reports malicious content on a server to the provider, the provider will confirm this claim and then take action).

Some things I would like to see: * eco friendliness (see https://datacenterlight.ch/ for example) * ethical (e.g. I don't want to see PTIO recommending providers that host child porn https://github.com/privacytoolsIO/privacytools.io/issues/1299#issuecomment-536671500) * This is not a call to delist Tor or other "darknets", as far as I am aware of, their developers have a stance against child porn, but cannot affect what users use them for regardless of whether it's bad. And if there was a backdoor against child abusers, there would be nothing to prevent it from being used against the next whistleblower or similar. * I am also not supporting that the providers should mass surveill what goes on their servers (I don't know whether the hosts of CyberBunker were aware of the illicit content on their services, but I hope that when someone reports malicious content on a server to the provider, the provider will confirm this claim and then take action).

👍 1

blacklight447 commented

2019-10-04 11:22:44 +00:00

(Migrated from github.com)

We will be making a solid set of criteria after our email section is finished.

Mikaela commented

2019-10-13 08:36:21 +00:00

(Migrated from github.com)

Comments from Linda at Matrix:

Prioritize Products by privacy respecting nationality.

What does that mean?

Also fyi, I'm not in favor of "no logging". Under the GDPR, with legitimate interests or legal obligation, it is fine for me for any provider to keep logs (of IP-addresses, metadata) for the "safety" of the user.
That only has to happen transparently and communicated to the individual.

If there's something about data protection, it should be in those countries where the EU Commission has given an affirmative adequacy decision.

When the law doesn't say something, and in international markets, I really would like to see clear terms of service which also provide some "protections" for the client for disputes.

Comments from Linda at Matrix: >> Prioritize Products by privacy respecting nationality. > > What does that mean? > Also fyi, I'm not in favor of "no logging". Under the GDPR, with legitimate interests or legal obligation, it is fine for me for any provider to keep logs (of IP-addresses, metadata) for the "safety" of the user. > That only has to happen transparently and communicated to the individual. > If there's something about data protection, it should be in those countries where the EU Commission has given an affirmative adequacy decision. > When the law doesn't say something, and in international markets, I really would like to see clear terms of service which also provide some "protections" for the client for disputes.

This repo is archived. You cannot comment on issues.