alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[timestamp]

You don't have to change your email, but probably you will, when you start to receive spam on daily basis.

 

[April004]

I updated my email address on all my domains and my Epik account, right after the hack. Changing the email through E did not update my email on federated identify. Had to login to FI separately to change it.

thanks for this particular piece of info.
I'll separately update federated account email now. I've forgotten that.

 

[bmugford]

Some more articles on popular websites in the last day -

https://www.dailymail.co.uk/news/ar...words-addresses-far-right-website-admins.html

https://www.thedailybeast.com/anony...any-epik-dumps-data-on-proud-boys-qanon-8chan

https://theweek.com/tech/1005166/hu...provider-epik-could-be-a-rosetta-stone-to-the

https://www.salon.com/2021/09/22/th...boys-qanon-websites-fall-victim-to-anonymous/

"Given Epik's boasts about security, and the scope of its Web hosting, I would think it would be an FTC target, especially if the company was warned but failed to take protective action," David Vladeck, the former director of the FTC's consumer protection bureau, told the Post. "I would add that the FTC wouldn't care about the content — right wing or left wing; the questions would be the possible magnitude and impact of the breach and the representations … the company may have made about security."

 

[jmcc]

There is the Uniform Domain Name Dispute Resolution Policy (UDRP) to deal with domain name disputes so why can't there be something like the Uniform Domain Name Misuse and Abuse Resolution Policy where a panel of judges can take a domain or website down once a complaint is filed against the owner and or operator.

One way or another this responsibility has to be taken out of the hands of Registrars, Registries, and hosting companies and the standards have to be made more uniform.

IMO

The UDRP has a good legal foundation in that it is generally based on provable intellectual property rights (trademarks) being abused. Trademarks are generally commonly respected. The problem with content is that its misuse or abusiveness is often subjective and can vary from country to country. There are some forms of content that will immediately be taken down when the hoster, registrar or registry is notified but when it gets into content that may or may not be abusive, things get a lot more problematic. The danger with advocating for such a panel of judges to decide what should and should not be published on the Internet is that some of the larger gTLDs are based on the US. The First Amendment to the Constitution may have an impact. When you go down the road of approving content, you quickly end up in the Chinese situation where every website has to be approved.

With the DNS Abuse issue, there are those who are pushing a similar line to have Content Abuse included in the definition of DNS Abuse. The Intellectual Property people want abusive registrations included because mainly it would save them from having to use the UDRP and possibly lose. There are others who don't really understand the problems of DNS Abuse and want content that offends their sensibility, which may be perfectly legal, taken down. ICANN doesn't want to get into the content monitoring business because it would lose some of its legal protections and monitoring every website in the gTLDs every day and determining what is "abusive" content would be an expensive and highly complex task. The current thinking (from registries and registrars) is that DNS Abuse would be limited to malware, spam and DDoS/botnets.Those kind of problems can often be dealt with at a domain name level.

Most registrars and hosters have well written terms of service that could be used to deal with problem domain names or hosting. A Uniform Domain Name Misuse and Abuse Resolution Policy that focuses on content would be a charter for censorship.

Regards...jmcc

 

[oldtimer]

The UDRP has a good legal foundation in that it is generally based on provable intellectual property rights (trademarks) being abused. Trademarks are generally commonly respected. The problem with content is that its misuse or abusiveness is often subjective and can vary from country to country. There are some forms of content that will immediately be taken down when the hoster, registrar or registry is notified but when it gets into content that may or may not be abusive, things get a lot more problematic. The danger with advocating for such a panel of judges to decide what should and should not be published on the Internet is that some of the larger gTLDs are based on the US. The First Amendment to the Constitution may have an impact. When you go down the road of approving content, you quickly end up in the Chinese situation where every website has to be approved.

With the DNS Abuse issue, there are those who are pushing a similar line to have Content Abuse included in the definition of DNS Abuse. The Intellectual Property people want abusive registrations included because mainly it would save them from having to use the UDRP and possibly lose. There are others who don't really understand the problems of DNS Abuse and want content that offends their sensibility, which may be perfectly legal, taken down. ICANN doesn't want to get into the content monitoring business because it would lose some of its legal protections and monitoring every website in the gTLDs every day and determining what is "abusive" content would be an expensive and highly complex task. The current thinking (from registries and registrars) is that DNS Abuse would be limited to malware, spam and DDoS/botnets.Those kind of problems can often be dealt with at a domain name level.

Most registrars and hosters have well written terms of service that could be used to deal with problem domain names or hosting. A Uniform Domain Name Misuse and Abuse Resolution Policy that focuses on content would be a charter for censorship.

Regards...jmcc

What you are saying sounds reasonable,

But what if we required the Registrars, Registries, and Hosting Companies to have to present their case to the Uniform Domain Name Misuse and Abuse Resolution Policy panel for approval before they could remove or restrict a domain name or its content.

This way at least there will be some supervision on the situation and hopefully it will bring some uniformity to the process.

IMO

 

[bmugford]

What you are saying sounds reasonable,

But what if we required the Registrars, Registries, and Hosting Companies to have to present their case to the Uniform Domain Name Misuse and Abuse Resolution Policy panel for approval before they could remove or restrict a domain name or it's content.

This way at least there will be some supervision on the situation and hopefully it will bring some uniformity to the process.

IMO

That is not how private companies work. They have similar rights to you.

Unless they are an exception, such as a regulated utility company, they can determine who they do business with just like you can determine who you do business with.

Additionally different states, countries, etc. have different laws. It would be impossible to implement this and it not become instantly biased and corrupted.

The current system works fine. That is the free market at play.

Brad

 

[jmcc]

What you are saying sounds reasonable,

But what if we required the Registrars, Registries, and Hosting Companies to have to present their case to the Uniform Domain Name Misuse and Abuse Resolution Policy panel for approval before they could remove or restrict a domain name or it's content.

That would put them in the position of having to defend their customer's domain name and content, which may be perfectly legal, to a panel of judges and incurring legal costs for doing so. Registries, registrars and hosters can already remove problem domain names or websites that break various laws.

Regards...jmcc

 

[bmugford]

That would put them in the position of having to defend their customer's domain name and content, which may be perfectly legal, to a panel of judges and incurring legal costs for doing so. Registries, registrars and hosters can already remove problem domain names or websites that break various laws.

Regards...jmcc

There is a tiny fraction of a percent having issues finding hosting, usually for very valid reasons.

There are too many practical issues to force people to host content.

You going to force a Jewish owned host to host some Holocaust denial website? Well, while it is morally reprehensible it might be technically legal, in most places. In Germany and other places it might not be.

It just doesn't make sense. The free market is relatively efficient at eliminating bad actors over time.

Brad

 

[oldtimer]

Registries, registrars and hosters can already remove problem domain names or websites that break various laws.

But there seems to be some abuse in the current system in certain cases where the Registrants are subjected to the interests, agendas, and ideologies of the Registrars, Registries, and Hosting Companies.

Once a Registrar, Registry, or Hosting Company determines that someone is in violation of their TOS it would only be fair to have a higher authority that that person can appeal to before losing the website or its content.

Now that we are in the digital era we need to come up with some new methods and systems that can deal with the many problems and challenges that are facing us.

IMO

 

[jmcc]

There is a tiny fraction of a percent having issues finding hosting, usually for very valid reasons.

There are too many practical issues to force people to host content.

You going to force a Jewish owned host to host some Holocaust denial website? Well, while it is morally reprehensible it might be technically legal, in most places. In Germany and other places it might not be.

It just doesn't make sense. The free market is relatively efficient at eliminating bad actors over time.

Brad

These things also tend to spill over borders, Brad,
The GDPR is a good example of the mess that can be created with such an approach. It was created to protect the privacy rights of individuals in the EU but it has spread like Covid and made the Internet less secure.

Holocaust denial is an offence in some EU countries.

With UDRP, trademarks are almost universally recognised and content that is illegal can be removed under existing legislation. With trying to regulate content, a panel based approach would be, in effect, be a censorship panel.

Regards...jmcc

 

[jmcc]

But there seems to be some abuse in the current system in certain cases where the Registrants are subjected to the interests, agendas, and ideologies of the Registrars, Registries, and Hosting Companies.

The registrant or website owner has a choice of many registrars, TLDs and hosting companies.They can move their domain name/website to another registrar or hoster. With registries, it would have to be a major problem for a registry to suspend a domain name. The obvious ones are child sexual abuse material, botnet controllers and ones where they are instructed to do so by the legal authorities (the designated persons or organisation legislation in the US where US citizens and companies cannot trade with designated terrorist individuals or companies).

Regards...jmcc

 

[bmugford]

The registrant or website owner has a choice of many registrars, TLDs and hosting companies.

Regards...jmcc

Exactly.

The example I gave earlier with a regulated utility, acts as a defacto monopoly.

You normally have (1) electric company in your area. In that situation there are limits to denying service.

Outside that type of situation, companies can decide who they want to do business with, just like you can decide who you want to do business with.

Brad

 

[oldtimer]

The registrant or website owner has a choice of many registrars, TLDs and hosting companies.They can move their domain name/website to another registrar or hoster. With registries, it would have to be a major problem for a registry to suspend a domain name. The obvious ones are botnet controllers and ones where they are instructed to do so by the legal authorities.

Regards...jmcc

So you mean that people need to find Registrars, Registries, and Hosting Companies that are aligned with their own ideology.

But that causes more divisions and takes us away from having a fair and uniform system.

Keep in mind that we are not talking about clear cut cases that are in violation of the law, here I am concerned more about the way that the TOS for Registrars, Registries, and Hosting Companies are going to be abused to affect people's freedom of speech based on differences in ideologies.

IMO

 

[bmugford]

Once a Registrar, Registry, or Hosting Company determines that someone is in violation of their TOS it would only be fair to have a higher authority that that person can appeal to before losing the website or its content.

Now that we are in the digital era we need to come up with some new methods and systems that can deal with the many problems and challenges that are facing us.

IMO

It is largely irrelevant though because the companies write their own TOS. TOS always include some type of blanket or vague policies when it comes to their decisions.

The bottom line really is if you are not spreading hate, doxxing, organizing violence, spreading dangerous misinformation, doing illegal stuff, etc. you don't normally have a problem finding a host. The vast majority of people having hosting issues, are having them for very valid reasons.

Brad

 

[jmcc]

Registries also set up sinkholes to target the domain name generation algorithms of malware. Some of these generated domain names are randomly generated 5 or 6 chacter domain names and the domain names of some innocent registrants have been swept up in these sinkhole approaches. I think that there was even a mention of one or two of them on Namepros.

Regards...jmcc

 

[jmcc]

So you mean that people need to find Registrars, Registries, and Hosting Companies that are aligned with their own ideology.

It is a free market. People can make their own choices. Most people, or their web developers, decide where to host and they do so generally based on the best price or most features. The high minded approach based on ideology doesn't really come into things. Even with Epik, most of those using it as a registrar were doing so on pricing and service.

But that causes more divisions and takes us away from having a fair and uniform system.

No. The "fair and uniform system" is just another way of presenting a highly controlled and restrictive system as being user friendly.

Regards...jmcc

 

[carob]

With registries, it would have to be a major problem for a registry to suspend a domain name.

Yes, the .me registry shut down incels.me:

https://mashable.com/article/incels-me-domain-suspended-by-registry

 

[bmugford]

But that causes more divisions and takes us away from having a fair and uniform system.

I don't know, you could argue that providing platforms for hate speech is far more divisive.

Regardless, there is just no world where a web host is going to be required to host content they don't want to host. The are too many moral, practical, and legal issues with that.

Brad

 

[carob]

So you mean that people need to find Registrars, Registries, and Hosting Companies that are aligned with their own ideology.

They need to find ones whose ToS they can comply with.

 

[jmcc]

Yes, the .me registry shut down incels.me:

https://mashable.com/article/incels-me-domain-suspended-by-registry

Yep. Some of the registries have also suspended Covid related domain names.

Regards...jmcc

 

[oldtimer]

Added to my last post:

Keep in mind that we are not talking about clear cut cases that are in violation of the law, here I am concerned more about the way that the TOS for Registrars, Registries, and Hosting Companies are going to be abused to affect people's freedom of speech based on differences in ideologies.

 

[bmugford]

Added to my last post:

Keep in mind that we are not talking about clear cut cases that are in violation of the law, here I am concerned more about the way that the TOS for Registrars, Registries, and Hosting Companies are going to be abused to affect people's freedom of speech based on differences in ideologies.

Should a US based web host be forced to host a white supremacy website or Holocaust denial website?

Both might technically be legal, but the vast majority of people are going to find them disgusting and unacceptable.

Freedom of speech only relates to the government itself, not private groups, organizations, or businesses.

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

I am going to use the BBQ example again. If I have a BBQ on my property and invite you, I set the terms. Your freedom of speech does not exist on my private property. I can ask you to leave at my whim, for any reason. It is no different when it comes to most businesses.

Brad

 

[jmcc]

Added to my last post:

Keep in mind that we are not talking about clear cut cases that are in violation of the law, here I am concerned more about the way that the TOS for Registrars, Registries, and Hosting Companies are going to be abused to affect people's freedom of speech based on differences in ideologies.

The Gab/Parler situations showed how that is not such a serious issue at a registrar/hosting level because it was possible to move the domain name and hosting elsewhere.

Regards...jmcc

 

[carob]

Added to my last post:

Keep in mind that we are not talking about clear cut cases that are in violation of the law, here I am concerned more about the way that the TOS for Registrars, Registries, and Hosting Companies are going to be abused to affect people's freedom of speech based on differences in ideologies.

It's admirable that you want to find a global solution to the issue of free speech, but the world is a patchwork of different societies with different laws and morals.

The .in registry can cancel any adult domain and pretty much any domain found morally offensive - should people outside India try to determine what that means?


And yes internet freedom is decreasing according to an annual report on the subject: https://freedomhouse.org/report/freedom-net/2021/global-drive-control-big-tech - mostly due to government actors, not private companies:

Key Findings
Global internet freedom declined for the 11th consecutive year. The greatest deteriorations were documented in Myanmar, Belarus, and Uganda, where state forces cracked down amid electoral and constitutional crises. Myanmar’s 14-point score decline is the largest registered since the Freedom on the Net project began.

Governments clashed with technology companies on users’ rights. Authorities in at least 48 countries pursued new rules for tech companies on content, data, and competition over the past year. With a few positive exceptions, the push to regulate the tech industry, which stems in some cases from genuine problems like online harassment and manipulative market practices, is being exploited to subdue free expression and gain greater access to private data.

Free expression online is under unprecedented strain. More governments arrested users for nonviolent political, social, or religious speech than ever before. Officials suspended internet access in at least 20 countries, and 21 states blocked access to social media platforms. Authorities in at least 45 countries are suspected of obtaining sophisticated spyware or data-extraction technology from private vendors.

 

[jmcc]

From what I remember, commercial speech has fewer protections under US law.

Regards...jmcc