all 18 comments

[–]JasonCarswell 6 insightful - 3 fun6 insightful - 2 fun7 insightful - 3 fun -  (1 child)

Happy Canada Day, July 1st.

[–]OmegaUser296 1 insightful - 5 fun1 insightful - 4 fun2 insightful - 5 fun -  (0 children)

Eh?

[–]go1dfish 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (8 children)

Congrats on the move, I have some questions though.

What specific improvements does Switzerland have over US hosting, is it the DMCA stuff?

Also, are you also based in Switzerland? If not, I’m not sure this will help you. US law is increasingly trying to make the location of hosted data less important than the location of the operating entity. I’m not a lawyer though, this is just me read of things and it could be horribly off base.

I’m a us citizen in the us, the free speech laws here are pretty decent, so I figured the best bet for me was to stick with a single jurisdiction covering both me and my server.

[–]magnora7[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (7 children)

Yes Switzerland offers a variety of protections, including no dragnet searches, no NSA/5-eyes. Just more server privacy in general. And group-searches are illegal, so they must get a warrant from a judge specifically for us, to even begin to search. And they have to notify us of that.

We're unsure if it'll actually help with the DMCA in particular, but it's an experiment.

Also, are you also based in Switzerland? If not, I’m not sure this will help you. US law is increasingly trying to make the location of hosted data less important than the location of the operating entity.

My understanding is that as of now, it's still very much about the location of the data. They search the server, not me.

We've been pretty happy with Dallas, but based on our research switzerland will be even better for us. And as a last resort if things go bad in Switzerland we can move back to Dallas. If things go bad in Dallas, we are potentially trapped/liable.

So it gives saidit a lot of layers of extra protection. That's the plan, anyway. Proton mail is hosted in switzerland, they're one of the sites we looked to as a security example.

[–]go1dfish 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (6 children)

Cool, thanks for answering, and that makes sense and sounds like a good plan. Having the data server in a not totally cooperative country makes it at least somewhat harder to search it without your consent/knowledge

For comparison here is how I’ve addressed the same problems with notabug.

None of the data in notabug’s database is private. The only private data on my servers is the password for the indexer, and losing that would not allow a breach of privacy, only a compromise of listing integrity from my indexer.

The db being public is necessary for the p2p replication model anyway so it’s a good fit, anything that is to be private will be encrypted. Currently this is only private keys for user accounts but in the future may include messaging and private groups.

I don’t log IPs, and currently run Cloudflare in front (so dont even see real IPs).

[–]magnora7[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (5 children)

Thanks for the comparative analysis with notabug, that's interesting.

We are considering putting our database in a torrent file and updating it monthly, as a cheap way to backup and store things publicly. But all the PMs and private subs are unencrypted, and some users may not like having those made public, so we may try to encrypt those before making the database public with a torrent system.

I don’t log IPs, and currently run Cloudflare in front (so dont even see real IPs).

We also run cloudflare in front. But we figured out a way to gather the original IPs, which are stored in the packet headers. D3rr wrote a little program to track those, so we can actually block specific IPs in cloudflare with their free software.

I like your p2p replication model, it's cool. Hearing the details about notabug is very interesting, as we've been kind of operating in the dark in some aspects, as not many people are building this type of website.

[–]go1dfish 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (4 children)

The more paranoid would mention that using Cloudflare may negate the benefits of Swiss hosting.

They see all the traffic and could presumably store it. The use of Cloudflare is a commonly complaint among my privacy conscious users but the development/ops convenience it provides is hard to pass up.

[–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Well if you ever come across an open source CloudFlare implementation, please pass it along. We have also gotten complaints about using it.

Edit: we also found out the hard way that CF does not give you rate limiting for free. So how much DDOS they really prevent is a big question mark for me.

[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Yeah it negates some of the potential benefits, but there are other benefits that will be realized when it comes to avoiding potential legal problems.

We're acting more from a legal protection angle, than a privacy angle, per se.

I agree cloudflare is just too dang convenient and good for what it is. We looked in to alternatives, and it's just not worth it as far as I could tell.

[–]burtzev 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Cloudflare is protecting the site from DDOSes, honestly it's suspect as hell that you'd try to talk mag out of using it... I'm sure you've noticed saidit has completely trounced nab in the Alexa ratings.

[–]go1dfish 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Not trying to talk anyone out of using anything. As I said, I still use it myself; just pointing out the ups and downs of different approaches.

Don't really care about Alexa rankings, I'm not out to sell ads or anything else on nab, I just want to build shit; ideally shit that doesn't require my continued involvement to sustain itself.

[–][deleted]  (4 children)

[deleted]

    [–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (2 children)

    There will be a short period where new stuff will be lost. A notice will go up first.

    [–]hennaojisan 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (1 child)

    Thank you for your service d3rr.

    [–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

    You're welcome man. Thanks for giving us a shot and for all of your nice posts.

    [–]magnora7[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

    Yes it will, everything will transfer. The only thing that won't transfer is that 30-60 min window, which we will announce.

    [–]m68k 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

    Nice, glad to see the ball rolling.

    [–]Mnemonic 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

    Sagte.es (sagte es)

    Or in some situations, Latin is used, particularly as a single language to denote the country.

    Dix.it (dixit)

    [–]bobbobbybob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

    let me know when you are hiring remote sysadmins