🆕 Software Suggestion | 1984 hosting #673

New Issue

Closed

opened 2018-12-20 21:13:04 +00:00 by ghost · 5 comments

ghost commented 2018-12-20 21:13:04 +00:00 (Migrated from github.com)

Copy Link

Basic Information

Name: 1984
Category: 1) Hosting 2) Domain Registration 3) DNS
URL: 1984.is (or) 1984hosting.com

Description

1984 is an Hosting Provider, DNS provider and Domain Registrar. Based in Iceland. Has three core values: 1) Free Software 2) Security, Privacy and Anonymity 3) Freedom of Speech and Freedom of Expression. Absolutely no personal information required for registration. Hosting services include Shared, Managed and VPS. Domain registration comes with WHOIS Privacy by default. DNS service can either be used as primary or secondary server.

PLEASE CONSIDER AND APPLY IN ALL 3 CATAGORIES.

## Basic Information **Name:** 1984 **Category:** 1) Hosting 2) Domain Registration 3) DNS **URL:** 1984.is (or) 1984hosting.com ## Description 1984 is an Hosting Provider, DNS provider and Domain Registrar. Based in Iceland. Has three core values: 1) Free Software 2) Security, Privacy and Anonymity 3) Freedom of Speech and Freedom of Expression. Absolutely no personal information required for registration. Hosting services include Shared, Managed and VPS. Domain registration comes with WHOIS Privacy by default. DNS service can either be used as primary or secondary server. PLEASE CONSIDER AND APPLY IN ALL 3 CATAGORIES.

👎 2

c0rdis commented 2018-12-28 19:04:55 +00:00 (Migrated from github.com)

Copy Link

I find the provided privacy policy (https://1984hosting.com/GDPR/) ... interesting:

On tracking:

1984 uses web beacons to count the number of times that its advertisements and web-based e-mail content are viewed. 1984 combines web beacon information with cookies to track activity on its website originating from advertisements and web-based e-mail content [...] 1984 also uses cookies to tailor content or advertisements to match your preferred interest.

On disclosure:

1984 may release the information it collects to third parties when 1984 believes that it is appropriate to comply with the law, to enforce its' legal rights, to protect the rights and safety of others, or to assist with industry efforts to control fraud, spam or other undesirable conduct [...] 1984 may release the information it collects to third parties, where the information is provided to enable such third party to provide services to 1984

I find the provided privacy policy (https://1984hosting.com/GDPR/) ... interesting: **On tracking:** > 1984 uses web beacons to count the number of times that its advertisements and web-based e-mail content are viewed. 1984 combines web beacon information with cookies to track activity on its website originating from advertisements and web-based e-mail content [...] 1984 also uses cookies to tailor content or advertisements to match your preferred interest. **On disclosure:** > 1984 may release the information it collects to third parties when 1984 believes that it is appropriate to comply with the law, to enforce its' legal rights, to protect the rights and safety of others, or to assist with industry efforts to control fraud, spam or other undesirable conduct [...] 1984 may release the information it collects to third parties, where the information is provided to enable such third party to provide services to 1984

👍 3

quantumpacket commented 2018-12-28 20:57:25 +00:00 (Migrated from github.com)

Copy Link

I recently used their hosting. Upon registration they email in plaintext all the login details for FTP, email, database, ssh, etc. However, you create a login for the dashboard, which should be the proper place to access those logon details instead of via an insecure email. They also recently had a massive data loss, which was a PR nightmare for them since they didn't do proper backups. I'd be wary of adding them without further review.

I recently used their hosting. Upon registration they email in plaintext all the login details for FTP, email, database, ssh, etc. However, you create a login for the dashboard, which should be the proper place to access those logon details instead of via an insecure email. They also recently had a massive data loss, which was a PR nightmare for them since they didn't do proper backups. I'd be wary of adding them without further review.

❤️ 1

ghost commented 2019-01-10 17:32:05 +00:00 (Migrated from github.com)

Copy Link

Yes, they even sent me passwords in email. I have no idea why they still doing it. But they do have dashboard where you can change the password. Also the current status regarding 2FA is via Yubikeys.

Anyway, they mentioned in privacy policy that their method of site analytics doesn't try to identify anyone. That combined with paying in bitcoin, they will have no clue who the user is.

Yes, they even sent me passwords in email. I have no idea why they still doing it. But they do have dashboard where you can change the password. Also the current status regarding 2FA is via Yubikeys. Anyway, they mentioned in privacy policy that their method of site analytics doesn't try to identify anyone. That combined with paying in bitcoin, they will have no clue who the user is.

quantumpacket commented 2019-01-10 17:53:35 +00:00 (Migrated from github.com)

Copy Link

It's good to hear they are using Yubikeys for 2FA, but that is kinda pointless when the first thing they do is compromise the account by sending passwords in clear-text, which includes SFTP and MySQL credentials. This was reported to them back in March 2017 and seems it is still not fixed. I had also told them about some other issues, which I am not sure if they fixed yet. They included:

• Having a 30-char password limit on their mailboxes. If they are properly hashing such a limit should not be needed. Which makes me assume they are storing the passwords in clear-text.
• Their control panel forms had no CSRF protection
• They didn't use a CSP for the control panel

It's good to hear they are using Yubikeys for 2FA, but that is kinda pointless when the first thing they do is compromise the account by sending passwords in clear-text, which includes SFTP and MySQL credentials. This was reported to them back in March 2017 and seems it is still not fixed. I had also told them about some other issues, which I am not sure if they fixed yet. They included: - Having a 30-char password limit on their mailboxes. If they are properly hashing such a limit should not be needed. Which makes me _assume_ they are storing the passwords in clear-text. - Their control panel forms had no CSRF protection - They didn't use a CSP for the control panel

👍 1

ghost commented 2019-01-13 19:27:13 +00:00 (Migrated from github.com)

Copy Link

Agreed. Thanks!

Agreed. Thanks!

👍 2

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

master

dependabot/bundler/nokogiri-1.13.6

dependabot/bundler/addressable-2.8.0

freddy-m-patch-3

pr-add_RemoveMyPhone_sponsor

pr-browser_cleanup_1257_1328_1430

freddy-m-patch-2

freddy-m-patch-1

pr-vpn_hated_one_video

cdn

update-nitrohorse-image

promote-metager-to-card

hardware

pr-add_azirevpn

pr-add_mailfence

shop

1673

pr/1658

i18n-simple

sponsorship-edits-nov2019

i18n

ipfs

blacklight447-ptio-patch-3

blog

remove-windows-icons

pr/1147

i18n-testing

add-beautify

Labels

Clear labels   

🔍🤖 Search Engines

  

approved

approved, waiting for a PR

  

dependencies

Pull requests that update a dependency file

  

duplicate

  

feedback wanted

  

high priority

  

I2P

The Invisible Internet Project (I2P)

  

iOS

  

low priority

  

OS

Operating Systems

  

Self-contained networks

  

Social media

  

stale

A label for stalebot if it gets added

  

streaming

Anything related to media streaming.

  

todo

  

Tor

Anything covering the Tor network

  

WIP

active work in progress, do not merge or PR (yet)!

  

wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  

XMPP

Extensible Messaging and Presence Protocol

  

[m]

Matrix protocol

  

₿ cryptocurrency

  

ℹ️ help wanted

  

↔️ file sharing

  

⚙️ web extensions

Browser Extension related issues

  

✨ enhancement

  

❌ software removal

  

💬 discussion

  

🤖 Android

  

🐛 bug

  

💢 conflicting

  

📝 correction

Correction of content on the website

  

🆘 critical

  

📧 email

  

🔒 file encryption

  

📁 file storage

  

🦊 Firefox

Firefox & forks, about:config etc.

  

💻 hardware

  

🌐 hosting

  

🏠 housekeeping

Anything primarily related to site cleanup.

  

🔐 password managers

  

🧰 productivity tools

  

🔎 research required

  

🌐 Social News Aggregators

  

🆕 software suggestion

  

👥 team chat

  

🔒 VPN

Virtual Private Network

  

🌐 website issue

*Technical* issues with the website.

  

🚫 Windows

  

👁️ browsers

  

🖊️ digital notebooks

  

🗄️ DNS

Domain Name System

  

🗨️ instant messaging (im)

  

🇦🇶 translations

Anything covering a translated version of the site

No Label

🔍🤖 Search Engines

approved

dependencies

duplicate

feedback wanted

high priority

I2P

iOS

low priority

OS

Self-contained networks

Social media

stale

streaming

todo

Tor

WIP

wontfix

XMPP

[m]

₿ cryptocurrency

ℹ️ help wanted

↔️ file sharing

⚙️ web extensions

✨ enhancement

❌ software removal

💬 discussion

🤖 Android

🐛 bug

💢 conflicting

📝 correction

🆘 critical

📧 email

🔒 file encryption

📁 file storage

🦊 Firefox

💻 hardware

🌐 hosting

🏠 housekeeping

🔐 password managers

🧰 productivity tools

🔎 research required

🌐 Social News Aggregators

🆕 software suggestion

👥 team chat

🔒 VPN

🌐 website issue

🚫 Windows

👁️ browsers

🖊️ digital notebooks

🗄️ DNS

🗨️ instant messaging (im)

🇦🇶 translations

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#673

No description provided.