I love how this is a tongue-in-cheek reference to the "hackers on steroids" piece from 2007 https://www.youtube.com/watch?v=DNO6G4ApJQY
Google around for their very colorful history. These are bad hombres.
As far as I can tell, Epik focused on hosting and DNS management for marginalized/excluded groups on the internet, so naturally they attract a lot of groups. Not sure why that'd be bad though.
Things like this also makes me actually like the company more:
> Pharmaceutical watchdog website LegitScript reported in 2018 that they had alerted Epik to the sale of illegal drugs and counterfeit medications on websites registered by Epik, and that Epik had refused to act upon the information without a court order
That's exactly how I want my hosting company to act, and any that don't are actively fragile.
Rob Monster for instance has expressed support for the KKK and claimed that the Christchurch shooting was a hoax.
I’ll defend with my life his right to say abhorrent things. But that also means I get to express myself and call him a bad dude.
Does this mean we need — actually, needed — to do research on the political standings of every founder, CEO, CXO of every service we use? And somehow predict they won’t do abhorrent things in the future even if they appeared harmless at the time? Otherwise we deserve it when we get doxxed for being a customer of a disgraced person?
I believe the answer is no, that’s unreasonable. These hackers are just criminals illegally doxxing a huge number of people. They don’t deserve cheers. I hope everyone of them gets arrested, which is highly unlikely.
(This is really not a direct response to your comment; not saying you were cheering them on.)
Fully agree. First and foremost the rule of law must be blind. However, spectators need not be similarly blind.
I am not cheering on the hackers. I am merely accepting the Newtonian forces at work here. I doubt that there are many (any?) Epik customers who I would consider good people (there’s simply no logical reason to host with them otherwise). That doesn’t mean they aren’t entitled to their rights, under the law.
But it does mean that I definitely don’t sympathize with them like I might someone else. Much like I wouldn’t sympathize with a drug lord who gets robbed by a rival drug lord. A crime is a crime, and the law should be applied accordingly.
Buuut I am only human. And I only have so much sympathy.
For example, I inherited a domain 12 years ago using it. At one point I tried to move to my personal host, but my personal host has bad DNS features and I couldn’t get my site configured. I was able to move it back (panicked I just went back to the service that I knew worked). And then I was stuck in a six month period where I couldn’t transfer it again. And then life happened and it’s three years later.
That might not fit into your logical conceptions of how people make choices. But I think it’s very very safe to assume that many customers are upstanding people.
This is an incredibly shortsighted / insular perspective. We live in a world where conservative orthodox Jews (e.g. Ben Shapiro) are called Nazi's and conservative Black folks (Larry Elder) are being called white supremacists, simply for being conservative. Likewise, progressives and other left leaning individuals that dare utter criticism of the left are met with the milder insult of being called conservative (e.g. Tim Pool, Glenn Greenwald, Bill Maher). People are deliberately shifting the overton window to a ridiculous degree and the scary thing is that they are getting away with it.
I can imagine a lot of regular conservatives worry about censorship and may find Epik to be a safer bet than, say, Google who blocks pro-life ads . I can understand that maybe from your perspective (assuming you're left leaning) you are not aware of how hostile society has become to mainstream conservatism, but you should try to see things from the perspective of a regular conservative who sees prominent mainstream conservatives being slandered, lied about, and cancelled all around them.
Aside from that, Epik did have a few differentiating features like offering single purchase lifetime Domain ownership that I haven't seen elsewhere, which by itself could be sufficient motivation for people to host with them, without the necessarily knowing anything about potential controversy surrounding the business.
The hero of hate speech is not exactly a sterling reputation to have.
Rob Monster and crew are bad people because they actually believe this rhetoric, that’s why they defend it. They aren’t taking on a noble cause of defending free speech. They are defending speech with which they agree, and tends to be pretty shitty…that’s why they’re bad.
I don’t think they should be forced to stop, in fact I really hope the 1A is never diluted to that level. But the 1A cuts both ways: we get to sit back and talk about how awful Rob Monster is.
They are public. A simple torrent away.
Why? This was Epik being hacked not AWS or Azure. It’s just a domain registrar. And a shady one at that. Their lack of security is not indicative of the rest of the cloud.
Microsoft bundling a super-insecure root daemon in all their Linux VMs. They developed it, published it on Github, embedded it everywhere, but when it turned out to be a security nightmare blamed "open source supply chain".
For example, some people consider radical servers from the anarchist scene to be hosting violent/extremist material, while i personally consider governments and big corporations to be pretty violent and extremist themselves in how they ruthlessly dominate the world.
Actions and speech are not neutral. It's all a matter of (political) perspective.
Their infra, peering and prices are way worse than pretty much everyone else.
False. Even if your present day content is not currently censorable but you expect it will be censorable one day as cultural norms shift or speech authoritarians gain power, it is wise to put it somewhere that is censorship resistant, Epik or otherwise.
That there are people on this forum advocating for vigilantism is frightening. We are quickly approaching the point of lawlessness as a society.
That activity seems very extreme doesn't it over just reporting directly to the authorities.
This is best left to the authorities to deal with such issues rather than resorting to such extreme and illegal activities, no matter the cost or innocents affected.
- Register.com is an annoying cesspool of value-add upsells and is extremely expensive in the process, with added cost to not have your personal info attached directly to your domain whois.
- GoDaddy, other than the creepy ads, has shown plenty of willingness to remove domains hosting content that they don't like, even if it's legal.
- I think Google is a registrar, but I'm not at all comfortable with how easy it might be to move my domain out of their grasp if I care to host my content somewhere else. I'm sure it's possible, I'm sure it has weird issues, and I'm certain there's zero support to talk to.
- Epik has, at least as far as I can tell, a reputation for simply hosting domain registrations, not asking questions, and ignoring just about every request for information.
Of those options, I'm fine with the last. I tend pretty hard towards the "free speech" side of the spectrum, and a registrar that will ignore anything short of a legitimate legal request from the authorities of the nation(s) they operate in is perfectly fine with me. Even if they host domains I consider distasteful, I'd rather support that than someone who will bow to public outrage and go snooping around domains looking for reasons to remove their registration (GoDaddy and Arfcom come to mind here).
There are probably other options, but those are the ones I know of, and why I'm intending to register future domains with Epik. I don't particularly care if a founder of a service is a scumbag in their personal life, as long as they reliably do what they promise to do.
I honestly haven't delved deeply into the list of domains each registrar has removed, decided if I agree or disagree with it, sat down to evaluate the severity of each violation, etc. And I fundamentally don't want to, either.
If you've got a better domain registrar suggestion that isn't full on "bulletproof hosting Bitcoin only" stuff ending in .ru, I'm open to it, but... otherwise, at the end of the day, my goal is to register a domain.
Though, don't get me wrong, I'm seriously considering ending my entire involvement in modern consumer tech and going back to a 1900s tech level once I retire...
High value domains use Mark Monitor. It is their entire businesss and most importantly they’re US based.
I've been all up and down the contact chain with Namecheap and quite frankly every time I make a stink about it in a public forum it's always the same playbook. "Yes a mistake was made, no we can't compensate you." Here is the reply from your support where you admit a fundamental systems flaw resulted in my domain being dropped:
"My name is Oksana and I am the Shift Leader of Domains Department.
I would like to follow-up with you with regard to the issue you have faced with your domain name.
We are very sorry that such unpleasant situation happened. We have reported it to our Technical team and they are doing their best to fix the issue that affected your domain renewal so that similar situations would not occur again. While we cannot change what has happened, we are planning to take steps to ensure that similar incidents and misunderstandings will not occur in the future. Unfortunately, we do not have any ETA on the fix implementation.
Rest assured that as soon as there are any updates on this improvement, we will inform you via the ticket.
Regretfully, we will not be able to recover your domain name, as it expired and later was re-registered by another Registrant.
As a compensation for this negative experience you have faced, we can offer you the XXXX coupon code. You can use it to receive a 20% discount for registration, renewal, and transfer of domains."
Also, every registrar sends you scary emails before and after a domain expires and enter the redemption period .
That means you failed to:
- register for 10 years in advance
- pay attention to your email for at least 60 days (including your redemption period)
- enable auto-pay
If you had done any one of those very normal measures for a high-value domain, you would have kept your domain.
Give https://www.nearlyfreespeech.net/services/domains a shot.
I'm not affiliated aside from being a happy customer for over a decade. You can read their abuse-handling terms here: https://www.nearlyfreespeech.net/help/abuse
They will "*not* lift one finger to help you [host your site here]" (emphasis theirs)
If you are not politically to their taste, they will look for a reason to kick you off as opposed to their other customers, "we *will* kick you off the instant you give us a reason".
In that same post, they revealed they will cooperate with police requests without any court documents or warrants being provided, putting them in the 'fragile' class of hosting providers.
All my ICANN addresses are fake though so that's never been a concern for me.
If you are concerned about getting your name off google because their systems are wierd, why wouldn't you be concerned with someone just stealing your domain from the insecure site by (e.g.) just logging in as you and initiating the transfer?
Why be concerned with domain providers giving personal information to authorities when Epik has already given it to the entire internet?
...but that decision was made without knowing much about Epik. Ignoring the fact that they've potentially shielded some, uh, unsavory individuals (doxers, DDoSers, etc), the absolute stupidity in the design of their system, insecurity, and the fact that it looks now that Rob Monster tried to negotiate with the hackers to not release unhashed CC#s assuming they'd be happy with him removing the people they wanted removed...
Yeah, no. I'm moving my domains at this point. I don't want to be associated with that anymore than I already am at this point. The system "security" itself was bad enough, but having a CEO try to negotiate with the attackers? This is almost funny if it weren't so idiotic.
In general there are a dozen registrars that are better than GoDaddy or Google without having to choose a right wing nutjob with bad security.
> When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party.
The ownership is a hack to workaround for some legal issues (e.g. for .es domains you're not allowed WHOIS privacy). Although post-GDPR most whois servers dramatically restricted public access, so maybe it's less important now.
When they banned me, I simply lost access to the entire domains.google.com page. As such, I was unable to transfer any of my domains out. The only thing I could do was let them lapse, wait for them to become available to the general public again, and re-buy them on a different registrar.
Their UI works great, most of the time, but I would not recommend Google Domains to anybody, ever, under any circumstances.
As part of my job, I perform (authorized) phishing simulations for employees of my employer. Typically this involves registering domains that look like my employer's domain (with permission), or domains that look like those of our vendors (again, with permission). I suspect one too many people clicked Gmail's "report phishing" button and their automated system took it from there. So I wasn't at all surprised that the account eventually got suspended, but I was surprised that my appeal was rejected, and closed with zero investigation. Perhaps I shouldn't have been.
Thankfully the only domains I lost were domains used for that purpose. At the time, I did use Google Domains for my personal domains as well, but thankfully I had those associated with my personal Gmail address and not my work account so I could still control them. Needless to say, though, I moved them off onto another registrar immediately.
The experience has also led me to slowly move off of Google products as a whole, with the notable current exceptions of Android and Google Fi.
* before the inevitable "phishing is a violation of their terms of service", it actually isn't. The related section forbids use that violates any laws or regulations, and lists phishing as an example. Authorized phishing simulations do not violate any laws or regulations. Unfortunately, Google failed to follow up with any of the individuals or evidence showing that it was authorized, and just rejected the appeal.
I would also like to hear more about it because that's scary.
Overall it was a net positive experience, really. It led me to perform a personal Disaster Recovery exercise where I modeled losing my Google account, which was very interesting and informed a significant shift in my online behavior. If it ever happens, it'll be a bother, but not much more than that.
I wonder in the end who's more powerful though: ICANN or Google.
I receive email on my domain, which means that it is the root of all of my security. If you steal my domain or tweak my DNS, you can get my email, and you can reset my passwords.
I have some domains at Namecheap still. I have a FIDO2 key set up for their website, which is good, but I’m not sure that I trust their security. I trust Google more.
Google Domains actually has support, too
Their site is one of the buggiest I've ever used (no, really), so this hack doesn't surprise me at all. Now I'm trying to remember how much personal information I would have given them.
 : https://en.wikipedia.org/wiki/Evelyn_Beatrice_Hall
> You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good. Blessings to you all.
People disagree about the definitions of crimes involving publication. For example, almost everyone is against the freedom to disseminate child porn under the excuse of "free speech." Then, some people are against free dissemination of ISIS propaganda, especially when it contains concrete calls for violence. Then again, disseminating Neonazi propaganda with similar calls for violence is not more legal than ISIS propaganda in most countries. Revenge porn and sites dedicated to slander and libel are prohibited in most jurisdictions, too.
The US has lax application of laws against right-wing calls for violence but is well-known to enforce against free speech if other groups like Islamists are involved. In the past, communists and civil rights advocates were also not too welcome. Other countries apply laws more stringently. In various modern and democratic countries content hosted by Stormfront is simply illegal and various posters on their forums commit crimes. Their servers would be raided and shut down by the police if they were under the country's jurisdiction. The US was never governed or occupied by full-blown Nazis, so it is only natural that people tend to be more liberal about these matters there, but that's more of a historical coincidence than an argument.
(House Un-American Activities Committee).
So so happy that I ended up not signing up. I just wanted a domain for my personal site and email, but I would've ended up on a public list next to nazis.
Considering that Epik have been in operation for almost a decade before a pivot to extremist hosting, I would assume that the vast majority of this """noble""" hack concerns innocent people.
I was curious about prepaying for years of my domain in advance, and stumbled upon Erik.
Epik offers a “forever registration” where you get a domain “forever” for something like $500. I was seriously considering it before I heard about all the negative shit associated with them.
I suspect they’ve sold that service to at least a few average Joe’s.
I tried to move off of them a couple years ago, but I moved to lunarpages and they didn’t have enough dns options for my service. So then I had to move back to epik.
Um, can anyone recommend another domain host? EDIT: transfer initiated.
I've nothing but good things to say about Namecheap. Some of their employees post here from time to time and seem responsive to issues.
I liked Epik's offerings because of the option of "forever" domains. So, I moved a bunch over there from GoDaddy; and as a Christian, I felt it wouldn't hurt to support a Christian business owner. Had I known a bit more about Epik, I likely would've picked a more reasonable registrar.
Unfortunately, it looks as though any purchases prior to Feb 21st may infer that your payment info is in a new leak. Contemplating having my card changed at this point.
What really irritates me is that there's been zero communication from Epik. Either they own up to it, or they ruin their business and what's left of their reputation anyway. I'm already bailing, because I don't want to have my domains associated with that degree of stupidity (though, it's probably moot at this point).
Before today the only thing I knew about them was that they were the registrar for a few controversial domains. I didn't realize they were soliciting that market.
There are some Nazis here. If you do not stop posting here you are associating with Nazis. Since you post here you are either a Nazi or Nazi sympathizer.
This is really big news if it's true.
Edit: I looked it up. Rob started Epik . I wonder if that's really his password. Lol.
Edit 2: I wasn't aware of Epik's reputation either. I just knew they're a big (ish) registrar.
It will be interesting to see which media outlets report on it after so many adopted a policy of not reporting on hacked info.
I'm currently trying to download it now, but the torrent file is so large that it's crashing most torrent software (pico, deluge, webtorrent) I throw at it, on 2 machines!
>There don't seem to be any active seeds and just under 0.5% seems to be available ATM, so... we'll see what happens!
Edit: Turns out I didn't give enough attention to Transmission as it handled the file. Very impressive.
As a side note: this has got me pondering about testing edge cases on open source software. Wonder how much of that actually gets done.
Only two left to go?
The founder's name is like from The Onion article.
Apparently NOT Epik's personal army: far from it.
For those that are curious what's in there:
I wouldn't be poking any bears had I been running that setup.
he still hasn't regained control -> https://www.attilahildmann.de/
> strings .whois.sql.swp
I tested on my machine and nano swap files contain the nano version (5.4), the username (anonymous), the hostname (datahound) and the filename (whois.sql).