yan 🐇 is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse.
yan 🐇 @bcrypt

The Pirate Bay founder has launched a new service to register domain names anonymously: njal.la/. You can sign up using XMPP+OTR and pay in BTC. The company buys the domain and then gives you the usage rights.

Seems useful mainly for people worried about content takedowns.

Thoughts?

· Web · 139 · 144

@bcrypt true enough. but this is effectively a giant target saying "hey if you want to hit ALMOST ALL the privacy aware people with low opsec, hit me!". As opposed to someone who takes the opsec care to build up shell contact info etc, and registers with a normal registrar.

@pnathan @bcrypt to properly build such a shell you need a offshore anonymous LLC and this requires time and money

@bcrypt Any service that circumvents ICANN WHOIS stupidity is alright by me.

@me @bcrypt How does this work though? Doesn't ICANN require valid contact information/address for the domain owner/administrator? Do you not really "own" the domains purchased through this service (from the perspective of ICANN)?

@bcrypt @me @cs in the faq : 'When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain.'
So they are the owner, and they allow you to use it/transfert it later ?

@Skunnyk @cs @me @bcrypt Huh... yeah, screw that noise if true 😕

@Skunnyk @me @bcrypt Guess so. Not sure if there is any agreement that guarantees they'll do these things for you. If not, they could just run away with your domain and keep it for themselves.

@bcrypt @me @Skunnyk That's just the price you pay for anonymity, I suppose.

@bcrypt @me @cs yes technically they own the domain so there is no issue because the WHOIS information is accurate

@bcrypt My only concern–it is a small concern–is that this extends a lot of trust to PB, in the sense that many of its clients may not be able to unblind to seek renumeration if PB reneges on its contract.

@bcrypt its nice to have another option available. i think anonymity is underutilized in the majority of the web, there's a lot more services we could develop.

@bcrypt we must get rid of domain names

@bcrypt Seems useful for folks who don't want to get doxxed by assholes, but also might make it easier to anonymize criminal activity (like hosting child porn)

@bcrypt yeah, why do we all use the same DNS again?

@bcrypt If certain content is illegal and a (federal) takedown is requested, then someone somewhere will be responsible for it, imo.

so IF the content is taken down, I wonder how anonymous the owner will stay (depends on severity of content, of course.)

but, the overall concept looks kinda smart..

@bcrypt Interesting, but seems one lawsuit away from shutting down lots of anonymous domains.

@lambadalambda @bcrypt

Well at least they will fight that lawsuit (and do all it takes to evade it in the first place) when many people are deterred just by the threat of a lawsuit...

I guess in the end it is about trusting them to stay strong...

@jz @bcrypt It's hard to stay strong when the state knocks on your door and shuts down your systems.

@lambadalambda @bcrypt Depends on which State are your servers in, what architecture enables a redundancy where some could disappear from a State, reappear in another, etc. TPB people have one of the most extensive experience with this kind of epic shit I say...

@jz @bcrypt yeah, but they don't control dns. the root name servers don't care about the great opsec of tbp.

@lambadalambda @bcrypt Still they're more experienced than most of us in juggling with the technical and judicial struggle to stay online against all censorship... I am not saying it is perfect, (to be fair I didnt even check the link or the company).. I am just bringing that to the level of trust, and the trust in these ppl in particular... <3

@bcrypt btw:

"A njalla is a traditional type of storage hut or cache built on top of a long stump of a tree or pole in order to prevent animals of getting hold of the contents."

😁😁

@bcrypt I don't really see what makes their services different from any other domain anonymizer.

I suppose they could be fighting a bit harder to keep your details from legal pressure, but I mean.. Getting a domain registered not in your own name isn't exactly rocket science as-is.
@pettter @bcrypt But you usually can't do it anonymously to the registrat.
@lambadalambda @bcrypt Not legally, in any case.

In this case, they are explicitly not a registrar, but I don't see why I should trust them more than a trustworthy registrar?
@pettter @bcrypt just because you don't have give them any personal data, no address, no credit card.
@lambadalambda @bcrypt No, the credit card you'll just have to give your BTC exchange or to PayPal.

Aren't there registrars out there accepting Bitcoin already?

Still, I see your point.

It worries me, however, that they are talking about PGP and Bitcoin as if they'd confer anonymity, when both technologies pretty much aim to do the opposite.
@pettter What makes them different is that they're another set of people. Choosing trust etc.
@mmn Sure, that's a valid measure, but lets just say that after heml.is I'm not too sure I trust that particular set of people to do anything useful or even keep their promises in regards to open sourcing etc.
@pettter Absolutely true and I agree. The real question however is why you'd want an anonymous domain name at all in the ICANN namespace when you can have .onion etc.
I bet also that domains such as .tk are pretty easy to register and own anonymously (they're gratis).

@pettter it's not the same set of people. brokep yes, but not the others if I'm not miss-informed. Linus and Leif is still working full time on flattr.

@bcrypt there's legit reasons to use this service, but I expect it'll mostly end up being spoofed phishing pages and illegal porn

@bcrypt Seems like too many eggs being held in one basket.

@bcrypt I suspect some threat intel company will keep an eye out for the placeholder-reg company's acquisitions and apply them to malware blacklists posthaste.

@bcrypt think it's a great idea. Illegal content will still be taken down, so it seems the service is really targeted to non-illegal uses where anonymity is desired (think rogue Whitehouse/disgruntled parks type accounts).

To the extent that domain registration/ownership provides a static identity layer to federated systems (like mastodon), it's a big win.

@bcrypt For many businesses a domain is too precious to let someone else register it for you

@bcrypt singular as in Peter Sunde, reading the references of flattr and pirate bureau on there?

@bcrypt great and timely, orangewebsite seems to be skewing towards a 'no politics' policy so I can see them not allowing anon domain reg's anytime soon

@bcrypt it looks like they're still vulnerable to payment provider attack, and they'd need to have plausible deniability at every level of the interface, but their comment on helping law enforcement in the case of harm would indicate that they keep records of some description, which makes them vulnerable to bring raided.

@bcrypt neat idea, but it seems like patching up wood with duct tape, rather than rebuilding it with steel.

@bcrypt could have a lot of push in political stuff. Like propaganda sites etc

@bcrypt Other replies have made good points, I think it seems relatively solid still, but I'd really like to see at least some altcoins accepted, particularly the more security-oriented ones, just to make it harder for law enforcement to track any transactions

@bcrypt not sure if this possible point was brought up or not, but:

given that you need a XMPP+OTR and bitcoin wallet, and I assume that they need to remain knowledgeable of that info to be able to bill you, a court could come in and order the company to hand over the information for the purposes of investigation, even if that information is not immediately identifiable

and even then, once you have the domain name, what's to stop someone from identifying you via ping? or port enumeration?

@bcrypt a service like this already exists: www.anonymousspeech.com (not that having another is a bad thing, just pointing out that it's not new).

If people really care about anonymity and censorship-resistance they should look into using and supporting blockchain-based DNS like Blockstack (blockstack.org/).

@bcrypt Pirate Bay Founder is giving up the fight for web freedom I heard

@bcrypt we're too deep into the imperial network control era for this to work