Category Archives: News

Censorship in Ecuador

After we received a request from the Australian Police in May this year (see more here), in which they wanted to censor one of our customers for leaking important data about the abuse happening in the Island of Nauru, we received another request from law enforcement in Ecuador.

Spanish original:

“Buenas tardes señores, Flokinet

Les saludamos de Ecuador para reportar que la Ip 185.165.170.80 alojado en su hosting se encuentra publicando información que afecta a la integridad de la Empresa Pública del Estado Ecuatoriano, por lo consiguiente solicito a ustedes como provedores de servicio de internet, tengan a bien dar de baja mencionado foro.

https://enlacehacktivista.org/index.php/Extractivist_Leaks/es#ENAMI_EP

Saludos cordiales,


Dirección de Ciberinteligencia”

English translation:

Good afternoon gentlemen, Flokinet

We greet you from Ecuador to report that the Ip 185.165.170.80 hosted on your hosting is publishing information that affects the integrity of the Public Company of the Ecuadorian State, therefore I request you as internet service providers, please remove the above mentioned forum.

https://enlacehacktivista.org/index.php/Extractivist_Leaks/es#ENAMI_EP

Kind regards,


Directorate of Cyber Intelligence

This time, Ecuadorian law enforcement is focused on shutting down the hacktivist group Guacamaya which leaked 400000 e-mails uncovering the cyber vulnerability of the military corps.

As a reply, we remain committed to our fight for a free press so our answer remains clear: We will not take down whistleblowers’ websites.

Keep Iran connected

In the light of recent events happening in Iran:
You can use the secure Signal app to stay in touch with friends and family.

For Android users:
Playstore is blocked in Iran so you have to download the Signal APK file if you dont have Signal yet installed:
https://signal.org/android/apk/

Optional: you can download the file from our website: https://flokinet.is/signal/

For iPhone users: You have to get a VPN to download Signal from the app store as a manual setup for Android is impossible.

After the setup, you will have to set in the settings the proxy domain you can request from us by Twitter or email (info@flokinet.is).


A detailed how-to can be found here:
https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support

Also in Persian available:

https://support.signal.org/hc/fa/articles/360056052052-%D9%BE%D8%B4%D8%AA%DB%8C%D8%A8%D8%A7%D9%86%DB%8C-%D8%A7%D8%B2-%D9%BE%D8%B1%D9%88%DA%A9%D8%B3%DB%8C

If you have any questions, please contact us at info@flokinet.is.

Why The Netherlands?

Why did we open a data center in the Netherlands?

We made this decision in order to have a footprint in Western Europe for low latency and high bandwidth options. Additionally, the freedom of speech and press laws are great, something that comes to our advantage in protecting the values that we believe in.

What does the Netherlands have to offer in terms of hosting advantages?    

Excellent connections within Europe, low bandwidth prices, DDoS protection and withal all products are wind energy powered, having a low carbon footprint.

Where is the following location of a FlokiNET data center?

We are perpetually probing, for now, various locations. The next one will be most likely outside Europe. As soon as we have details, we will publish them and let the world know our next move.

What products does FlokiNET offer in the Netherlands?

We already offer all products that are available in other locations like shared hosting, VPS, dedicated servers and colocation. You can check out our products here and see which one fits best to your hosting needs.

Have any questions or suggestions for us? Contact us at info@flokinet.is.

Fight surveillance law in Romania

How does it influence the hosting and cybersecurity industry in Romania?


The law will require:

– Hosting provider to intercept communications, provide customer data and decrypt data if necessary, also at their own expense.

– IP resource hosting providers and electronic communication providers “to grant, at the request of authorized bodies, under the conditions of this law, the decrypted content of communications transited in their networks”


But what would this cause for customers in reality?

– decrypt encrypted content. So for example SSL/TLS based data has to be decrypted on request. In case the provider has access towards your key (for shared and managed hosting this is always the case, the same for most DDOS filter)

– provide details about website visitor (IP log)


How will be FlokiNET affected?


The law does include also foreign provider operating IP / network in Romania. However we and our legal team does clearly sees the proposed law as illegal under Romanian constition as well as under EU law. All passwords, decryption keys, SSL keys etc are managed by FlokiNET ehf Iceland and handing them over would violate Icelandic law. We are more then willing to discuss this in court and will not cooperate in any matter that would break Icelandic law.


Customer data remains safe?

Yes, it does! All our server are encrypted, without the keys stored safely in iceland no data can be decrypted.


Should i move my hosting / server towards a different location?

There is no need for this, in case our legal opinion changes or the law becomes permanent we will adress our customers.
What action will take FlokiNET to ensure customer data safety?Since FlokiNET was founded in 2012 customer data protection is our DNA.

This includes the encryption of all data and several technical and legal measurements to make sure this data remains safe. However in the case the law will become active in Romania we will immidiate challenge this in court and are confident to appeal the law.


Conclusion for our customers:

No changes or worries required for now. In case the situation changes we will let you know.

What can i do?

In our previous blog post we mentioned that the Romanian Senate is due to vote on a piece of legislation that severely crippled the ability that hosting companies have to provide secure services to you, the customers. If you want to take a stand against this, we urge you to send a letter to the Commissions inside the Romania Senate, as well as the representatives of Romanian political parties.

You can use the letter below as a template, add your own position to it, and send it. We recommend you act sooner rather than later, since the vote on this piece of legislation is scheduled, most probably, for Monday, February 14th.

Think of it as sending a Valentine’s Day letter to a secure Internet. 😉

The blog entry with the background:

ANTI-SURVEILLANCE OPEN LETTER

A new proposal to extend communication surveillance and to intercept encrypted communications is about to be voted in the Romanian Senate.

This law proposal is designed to increase surveillance by crippling hosting security. Below you can find an open letter that we and other hosting companies have send to prevent this from happening and the letter that will go to the Romanian Senate.

In our second blogpost you can find further details how it influence your services with us.


Greetings,


There is a piece of legislation, most likely due to receive the Senate’s vote on Monday, February 14th, in Romania, that introduces a number of obligations that amount to increased surveillance and a decrease in the secure services we can offer. 
The piece of legislation is an amendment introduced, without any public debate, inside the Code for Communications (which implements a European directive). The amendment has nothing to do with the surrounding legislation – it was introduced strictly in order to increase state surveillance. 
I’ve composed an open letter, which I invite you to read and if you are in agreement with what is expressed, sign. The English version of this letter is appended at the end of the e-mail, and the Romanian version is attached. Your signature will appear on both. 
I urge you to respond to this as soon as you can – we need to send the open letter, in order for it to be received and read by all those we will contact:- the Communications, Economic and Juridic Committees inside the Senate;- the president of the Senate;- leaders of Romanian political parties.
The exact same open letter that I have attached to this e-mail will be sent to all of the above. 
Please respond, if you are willing to sign, by 5pm this Friday, February 11th. Let me know how your want your signature to appear (I suggest a format such as “Ion Popescu representing XYZ hosting company”).
For more context around this matter, you can consult the following:- the open letter of the civic society https://www.stareademocratiei.ro/2022/02/10/senatori-interceptarea-comunicatiilor-trebuie-facuta-legal-si-constitutional-nu-acceptati-calul-troian-din-codul-comunicatiilor/– the initial form of this amendment https://apti.ro/largirea-interceptarii-comunicatiilor-electronice-impusa-pe-sest– the aftermath of the amendment going through the Senate Committees https://apti.ro/furnizori-gazduire-calul-troian


Senator,


With this open letter, the signatory entities, providers of storage (hosting), instant messaging, and other online services express their common position of rejection of the Bill to amend and supplement certain regulatory acts in the field of electronic communications and to establish measures to facilitate the development of electronic communications networks (L532/2021, Communications Code) [1]. 
The signatory entities appeal directly to you to reject Article 10 index 2, in its current form and, possibly if still necessary, to send it to the Special Committees for rethinking and appropriate discussion.


In particular, the new obligation for IP resource hosting providers and electronic communication providers “to grant, at the request of authorized bodies, under the conditions of this law, the decrypted content of communications transited in their networks” puts us in the position of violating the confidentiality of communications transited in our networks, which is an express legal obligation provided by Art 4 Law 506/2004 (as the implementation of EU Directive 2002/58/EC Eprivacy) and Art 28 of the Constitution on the secrecy of correspondence.
Technically, this would be almost impossible if content served by one entity was encrypted by another entity unless we equipped ourselves with a series of highly sophisticated tools and turned into cyber criminals for a man-in-the-middle attack. Even then we don’t think we’d succeed.
Also, the concept of transit itself is vague and cannot be directly translated into a technical solution. In any web application, the term “communications content” refers both to messages exchanged between human users, who are communicating, but also messages exchanged between automated entities, which are part of the smooth functioning of the application. It is incorrect to treat any form of information exchange as homogeneous.  We remind you that most web communications are encrypted (https) nowadays.


The signatory entities are brought together by a common interest in providing customers with quality hosting, storage and messaging services to the same standards as other entities operating in the same field. The signatories carry out commercial activity on the territory of Romania, an activity which is directly targeted by the provisions of the draft law through the following wording:
“provider of electronic hosting services with IP resources – a person who, on the territory of Romania, provides services for storing, distributing content and ensuring access to it, on owned or rented servers, by managing a set of IP addresses on the Internet”.
We would also point out that providers of this type are already regulated by Law 365/2002 on electronic commerce, and an obligation to notify ANCOM (unique in the European Union) would violate the principle of Art 4 (1) of this law.


The Romanian civil society has addressed an open letter to you [1] whose arguments we support:
1. The Communications Code should not be extended with amendments that legislate the interception of communications. The European Directive, which is transposed by the present Communications Code, does not specify such obligations. Moreover, the amendment introduced in the Communications Code is contrary to the existing E-Commerce Directive and the proposed Digital Services Act Directive; 
2. The wording in the amendment is vague: both the wording describing the entities covered by the amendment and the wording describing the obligations incumbent on the entities. From the present wording, the obligation is imposed on any entity hosting content or providing messaging services on the territory of Romania, regardless of the legal entity, the location of the infrastructure, the purpose of the activity. Moreover, this wording is directly contrary to the proper functioning of some hosting and messaging services – from a technical point of view, encryption is necessary and critical for the security of these systems. The obligations of the amendment translate directly into a degradation of the quality of services, which will be suffered by all persons accessing content on Romanian territory;
3. The Constitutional Court of Romania has ruled that vague formulations cannot be considered constitutional.  
Thus, the signatory entities recommend:
1. Rejection of art 10^2 or referral to discussion in the Senate Committees.
2. Transparency in the drafting of legislation on hosting and messaging services, as well as public debates in which the actors concerned offer their support for the drafting of laws that are beneficial to all. 
[1] – https://www.stareademocratiei.ro/2022/02/10/senatori-interceptarea-comunicatiilor-trebuie-facuta-legal-si-constitutional-nu-acceptati-calul-troian-din-codul-comunicatiilor/

 

Flokinet DNS Resolver

An open DNS recursive service for free with high security and high privacy in mind.

No data containing your IP address is ever logged in our service. Connections can use encryption if your system supports it and unlike a growing number of resolvers we do not censor your DNS.

We support DNS over HTTPS and DNS over TLS to allow you to encrypt your DNS traffic so untrusted networks can no longer see or tamper with the websites you look up.

All websites are encrypted today and so should your DNS traffic be.

Our anycast DNS can be reached at:

resolv.flokinet.net
IPv4: 37.156.68.20
IPv6: 2a06:1700:100:20::1

Our DNS in Romania is reachable at

ro.resolv.flokinet.net

IPv4: 185.247.225.17

IPv6: 2a06:1700:0:36::1

Our Netherlands resolver is reachable at

nl.resolv.flokinet.net

IPv4: 185.246.188.51
IPv6: 2a06:1700:3:11::1

Freedom Of Speech


Freedom of Speech

One of FlokiNET’s core values is freedom of speech. We promote this through our products and services.

However, in the context of the latest global health crisis, it has become more clear that the line must be drawn between what’s acceptable for FlokiNET and what’s not.

Where are the limits? The legal framework surrounding freedom of speech differs by country. While one might have fewer limitations, like the United States, through the First Amendment, other countries might be more restrictive about the expression of speech in certain ways.

Even under the protection of the First Amendment, there are certain categories that are not considered free speech: obscenity, fighting words, defamation (including libel and slander), child pornography, perjury, blackmail, incitement to imminent lawless action, true threats, and solicitations to commit crimes. So certain speech would be illegal under most speech laws.

For us, the guidelines we use when it comes to freedom of speech are dictated by law. More specifically, Icelandic law and the law our server are located in. The Icelandic constitution protects and aims to be a haven for freedom of speech; however, there are certain limits (for example, hate speech. See the case of Lilliendahl V. Iceland )

Covid and the worldwide pandemic

Since the start of the pandemic, we have often received requests to host websites that spread false information and make unsupported claims such as COVID-19 being a hoax, vaccines not working or endangering people, and so on. As a result, we refused all similar offers or suspended any websites that tried to proceed to create such content without our consent.

As much as we do love free speech, we have the responsibility to host content that doesn’t violate the EU’s best practices in the context of a global pandemic. Every client who signs up with FlokiNET should carefully read our terms and conditions regarding disinformation in order to avoid any misunderstandings and issues.

As the European Union Council cites: “Disinformation is hazardous to your health. While disinformation is always used with destructive or divisive intent, it can turn into a lethal weapon when it concerns public health.” Having this in mind, we have not and will not support any type of content that uses disinformation regarding the global pandemic.

We believe in free speech. We believe in science.

For any questions or suggestions please contact us at info@flokinet.is.

Webhosting 101 – Reseller Hosting

Have you heard about reseller hosting? It is an easy and efficient method of expanding your hosting business.

What is reseller hosting?

Reseller hosting is the process of buying hosting services from a provider and then reselling them to others.

You sell our products under your own brand and prices while counting on us to give professional support, manage the operation’s technical back-end, and lower costs as you grow.

When is reseller hosting a good option?

It’s the perfect kick-start for companies that are just beginning their hosting business venture as it requires no time to create products from scratch. Reseller hosting implies low investment, fixed costs, easy planning, and a variety of features.

This option also offers a wider range of products in different regions and networks, reaching a broader market.

What do you need for it?

  • A website
  • A web hosting management platform
  • A billing system ( for example WHMCS)
  • A payment system (for example coinpayments.net)
  • A customer support system

Optional: a registered company, if you don’t want to trade as a private person.

Plus points

  • Cost-effective
  • A way of earning extra income
  • A way to expand your hosting business
  • Low investment
  • Customer support offered by the owner company

Minus points

  • Availability for customer support in case it is not offered by the renting company
  • Reliance on third parties  
  • Products flexibility

Is reseller hosting a good option for your hosting business?

For any questions or suggestions please contact us at info@flokinet.is.

Webhosting 101 – Dedicated Servers

Fast, secure and resourceful! This week’s all about dedicated servers! Let’s see if a dedicated server is the right option for you.

What is a dedicated server?

Unlike other services such as Cloud, VPS and shared hosting, a dedicated server is a physically isolated service that does not share computing resources. It is placed in a data center designed for optimal operating conditions and is available to be rented.

In the vast majority of cases, dedicated servers are faster, but that will mostly depend on the specifications of the dedicated server.

When is a dedicated server a good option?

  • High traffic/bandwidth usage is expected.
  • Security is very important to you.
  • You value flexibility (when you need or want higher requirements).
  • You care about stable performance.

What are the advantages of a dedicated server?

  • Complete control of the server (including Remote Console through iLO).
  • The client can choose their own operating system.
  • All server resources are used for the client’s own purposes.
  • Improved performance (compared with shared environment).
  • Faster than other hosting services.

What are the disadvantages of a dedicated server?

  • Increased costs.
  • Technical skills are required in order to control or monitor the server.
  • Not recommended to applications that do not require  resources.
  • Recommended mostly to applications that need more stable and larger resources.

Still not sure if dedicated servers are a good choice for you? E-mail us at info@flokinet.is.

CloudLinux – Shared Hosting Done Safe

Heard about CloudLinux?

Our shared hosting servers are equipped with a Linux distribution named CloudLinux, that improves server stability, density, and security by isolating each tenant and giving them allocated server resources. Some of its main features are:

  • Security (SecureLinks)

SecureLinks is a kernel-level technology that prevents all known symbolic link attacks and enhances the security level of the servers even further, preventing malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user’s PHP config files).

Source

  • CageFS

CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. What CageFS does is that it prevents a large number of attacks, including most privilege escalation and information disclosure attacks. With the help of CageFS, users have the following benefits:

  • they only have access to safe files.
  • they cannot see other users and have no way to detect the presence of other users or user names on the server.
  • they cannot see server configuration files, like Apache config files.
  • they have a limited view of their own processing file system, and cannot see other users’ processes.

Source

  • HardenedPHP

Several highly popular versions of PHP, used in nearly 85% of all PHP sites, are unsupported by the PHP.net community. HardenedPHP secures old and unsupported versions of PHP – 4.4.9, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0, 7.1, 7.2.

HardenedPHP secures old and unsupported versions of PHP. In those old versions, including the widely used 7.2, 7.1, 7.0, and 5.6, vulnerabilities, even if discovered, are not patched by the PHP.net community. HardenedPHP takes care of all this.

Source

  • Python Selector

The Python Selector allows end-users to select the specific version of Python they need.

Each customer is different, and each has different needs. The Python Selector allows end users to choose the Python version as an application and install additional modules. Python Selector uses mod_passenger to get the best performance from Python applications.

Source

  • Ruby selector

The Ruby Selector allows end-users to select the specific version of Ruby they need.

Each of your customers is different, and each has different needs. The Ruby Selector allows end-users to choose the Ruby version for applications and install additional modules (gems) to the application environment. Ruby Selector uses mod_passenger for optimum performance.

Source

Have any questions about CloudLinux? E-mail us at info@flokinet.is.