Category Archives: News

Fight surveillance law in Romania

How does it influence the hosting and cybersecurity industry in Romania?


The law will require:

– Hosting provider to intercept communications, provide customer data and decrypt data if necessary, also at their own expense.

– IP resource hosting providers and electronic communication providers “to grant, at the request of authorized bodies, under the conditions of this law, the decrypted content of communications transited in their networks”


But what would this cause for customers in reality?

– decrypt encrypted content. So for example SSL/TLS based data has to be decrypted on request. In case the provider has access towards your key (for shared and managed hosting this is always the case, the same for most DDOS filter)

– provide details about website visitor (IP log)


How will be FlokiNET affected?


The law does include also foreign provider operating IP / network in Romania. However we and our legal team does clearly sees the proposed law as illegal under Romanian constition as well as under EU law. All passwords, decryption keys, SSL keys etc are managed by FlokiNET ehf Iceland and handing them over would violate Icelandic law. We are more then willing to discuss this in court and will not cooperate in any matter that would break Icelandic law.


Customer data remains safe?

Yes, it does! All our server are encrypted, without the keys stored safely in iceland no data can be decrypted.


Should i move my hosting / server towards a different location?

There is no need for this, in case our legal opinion changes or the law becomes permanent we will adress our customers.
What action will take FlokiNET to ensure customer data safety?Since FlokiNET was founded in 2012 customer data protection is our DNA.

This includes the encryption of all data and several technical and legal measurements to make sure this data remains safe. However in the case the law will become active in Romania we will immidiate challenge this in court and are confident to appeal the law.


Conclusion for our customers:

No changes or worries required for now. In case the situation changes we will let you know.

What can i do?

In our previous blog post we mentioned that the Romanian Senate is due to vote on a piece of legislation that severely crippled the ability that hosting companies have to provide secure services to you, the customers. If you want to take a stand against this, we urge you to send a letter to the Commissions inside the Romania Senate, as well as the representatives of Romanian political parties.

You can use the letter below as a template, add your own position to it, and send it. We recommend you act sooner rather than later, since the vote on this piece of legislation is scheduled, most probably, for Monday, February 14th.

Think of it as sending a Valentine’s Day letter to a secure Internet. 😉

The blog entry with the background:

ANTI-SURVEILLANCE OPEN LETTER

A new proposal to extend communication surveillance and to intercept encrypted communications is about to be voted in the Romanian Senate.

This law proposal is designed to increase surveillance by crippling hosting security. Below you can find an open letter that we and other hosting companies have send to prevent this from happening and the letter that will go to the Romanian Senate.

In our second blogpost you can find further details how it influence your services with us.


Greetings,


There is a piece of legislation, most likely due to receive the Senate’s vote on Monday, February 14th, in Romania, that introduces a number of obligations that amount to increased surveillance and a decrease in the secure services we can offer. 
The piece of legislation is an amendment introduced, without any public debate, inside the Code for Communications (which implements a European directive). The amendment has nothing to do with the surrounding legislation – it was introduced strictly in order to increase state surveillance. 
I’ve composed an open letter, which I invite you to read and if you are in agreement with what is expressed, sign. The English version of this letter is appended at the end of the e-mail, and the Romanian version is attached. Your signature will appear on both. 
I urge you to respond to this as soon as you can – we need to send the open letter, in order for it to be received and read by all those we will contact:- the Communications, Economic and Juridic Committees inside the Senate;- the president of the Senate;- leaders of Romanian political parties.
The exact same open letter that I have attached to this e-mail will be sent to all of the above. 
Please respond, if you are willing to sign, by 5pm this Friday, February 11th. Let me know how your want your signature to appear (I suggest a format such as “Ion Popescu representing XYZ hosting company”).
For more context around this matter, you can consult the following:- the open letter of the civic society https://www.stareademocratiei.ro/2022/02/10/senatori-interceptarea-comunicatiilor-trebuie-facuta-legal-si-constitutional-nu-acceptati-calul-troian-din-codul-comunicatiilor/– the initial form of this amendment https://apti.ro/largirea-interceptarii-comunicatiilor-electronice-impusa-pe-sest– the aftermath of the amendment going through the Senate Committees https://apti.ro/furnizori-gazduire-calul-troian


Senator,


With this open letter, the signatory entities, providers of storage (hosting), instant messaging, and other online services express their common position of rejection of the Bill to amend and supplement certain regulatory acts in the field of electronic communications and to establish measures to facilitate the development of electronic communications networks (L532/2021, Communications Code) [1]. 
The signatory entities appeal directly to you to reject Article 10 index 2, in its current form and, possibly if still necessary, to send it to the Special Committees for rethinking and appropriate discussion.


In particular, the new obligation for IP resource hosting providers and electronic communication providers “to grant, at the request of authorized bodies, under the conditions of this law, the decrypted content of communications transited in their networks” puts us in the position of violating the confidentiality of communications transited in our networks, which is an express legal obligation provided by Art 4 Law 506/2004 (as the implementation of EU Directive 2002/58/EC Eprivacy) and Art 28 of the Constitution on the secrecy of correspondence.
Technically, this would be almost impossible if content served by one entity was encrypted by another entity unless we equipped ourselves with a series of highly sophisticated tools and turned into cyber criminals for a man-in-the-middle attack. Even then we don’t think we’d succeed.
Also, the concept of transit itself is vague and cannot be directly translated into a technical solution. In any web application, the term “communications content” refers both to messages exchanged between human users, who are communicating, but also messages exchanged between automated entities, which are part of the smooth functioning of the application. It is incorrect to treat any form of information exchange as homogeneous.  We remind you that most web communications are encrypted (https) nowadays.


The signatory entities are brought together by a common interest in providing customers with quality hosting, storage and messaging services to the same standards as other entities operating in the same field. The signatories carry out commercial activity on the territory of Romania, an activity which is directly targeted by the provisions of the draft law through the following wording:
“provider of electronic hosting services with IP resources – a person who, on the territory of Romania, provides services for storing, distributing content and ensuring access to it, on owned or rented servers, by managing a set of IP addresses on the Internet”.
We would also point out that providers of this type are already regulated by Law 365/2002 on electronic commerce, and an obligation to notify ANCOM (unique in the European Union) would violate the principle of Art 4 (1) of this law.


The Romanian civil society has addressed an open letter to you [1] whose arguments we support:
1. The Communications Code should not be extended with amendments that legislate the interception of communications. The European Directive, which is transposed by the present Communications Code, does not specify such obligations. Moreover, the amendment introduced in the Communications Code is contrary to the existing E-Commerce Directive and the proposed Digital Services Act Directive; 
2. The wording in the amendment is vague: both the wording describing the entities covered by the amendment and the wording describing the obligations incumbent on the entities. From the present wording, the obligation is imposed on any entity hosting content or providing messaging services on the territory of Romania, regardless of the legal entity, the location of the infrastructure, the purpose of the activity. Moreover, this wording is directly contrary to the proper functioning of some hosting and messaging services – from a technical point of view, encryption is necessary and critical for the security of these systems. The obligations of the amendment translate directly into a degradation of the quality of services, which will be suffered by all persons accessing content on Romanian territory;
3. The Constitutional Court of Romania has ruled that vague formulations cannot be considered constitutional.  
Thus, the signatory entities recommend:
1. Rejection of art 10^2 or referral to discussion in the Senate Committees.
2. Transparency in the drafting of legislation on hosting and messaging services, as well as public debates in which the actors concerned offer their support for the drafting of laws that are beneficial to all. 
[1] – https://www.stareademocratiei.ro/2022/02/10/senatori-interceptarea-comunicatiilor-trebuie-facuta-legal-si-constitutional-nu-acceptati-calul-troian-din-codul-comunicatiilor/

 

Flokinet DNS Resolver

An open DNS recursive service for free with high security and high privacy in mind.

No data containing your IP address is ever logged in our service. Connections can use encryption if your system supports it and unlike a growing number of resolvers we do not censor your DNS.

We support DNS over HTTPS and DNS over TLS to allow you to encrypt your DNS traffic so untrusted networks can no longer see or tamper with the websites you look up.

All websites are encrypted today and so should your DNS traffic be.

Our DNS in Romania is reachable at

ro.resolv.flokinet.net and resolv.flokinet.net (resolv.flokinet.net will be migrated to anycast soon)

IPv4: 185.247.225.17

IPv6: 2a06:1700:0:36::1

Our Netherlands resolver is reachable at

nl.resolv.flokinet.net

IPv4: 185.246.188.51
IPv6: 2a06:1700:3:11::1

Freedom Of Speech


Freedom of Speech

One of FlokiNET’s core values is freedom of speech. We promote this through our products and services.

However, in the context of the latest global health crisis, it has become more clear that the line must be drawn between what’s acceptable for FlokiNET and what’s not.

Where are the limits? The legal framework surrounding freedom of speech differs by country. While one might have fewer limitations, like the United States, through the First Amendment, other countries might be more restrictive about the expression of speech in certain ways.

Even under the protection of the First Amendment, there are certain categories that are not considered free speech: obscenity, fighting words, defamation (including libel and slander), child pornography, perjury, blackmail, incitement to imminent lawless action, true threats, and solicitations to commit crimes. So certain speech would be illegal under most speech laws.

For us, the guidelines we use when it comes to freedom of speech are dictated by law. More specifically, Icelandic law. The Icelandic constitution protects and aims to be a haven for freedom of speech; however, there are certain limits (for example, hate speech. See the case of Lilliendahl V. Iceland )

Covid and the worldwide pandemic

Since the start of the pandemic, we have often received requests to host websites that spread false information and make unsupported claims such as COVID-19 being a hoax, vaccines not working or endangering people, and so on. As a result, we refused all similar offers or suspended any websites that tried to proceed to create such content without our consent.

As much as we do love free speech, we have the responsibility to host content that doesn’t violate the EU’s best practices in the context of a global pandemic. Every client who signs up with FlokiNET should carefully read our terms and conditions regarding disinformation in order to avoid any misunderstandings and issues.

As the European Union Council cites: “Disinformation is hazardous to your health. While disinformation is always used with destructive or divisive intent, it can turn into a lethal weapon when it concerns public health.” Having this in mind, we have not and will not support any type of content that uses disinformation regarding the global pandemic.

We believe in free speech. We believe in science.

For any questions or suggestions please contact us at info@flokinet.is.

Webhosting 101 – Reseller Hosting

Have you heard about reseller hosting? It is an easy and efficient method of expanding your hosting business.

What is reseller hosting?

Reseller hosting is the process of buying hosting services from a provider and then reselling them to others.

You sell our products under your own brand and prices while counting on us to give professional support, manage the operation’s technical back-end, and lower costs as you grow.

When is reseller hosting a good option?

It’s the perfect kick-start for companies that are just beginning their hosting business venture as it requires no time to create products from scratch. Reseller hosting implies low investment, fixed costs, easy planning, and a variety of features.

This option also offers a wider range of products in different regions and networks, reaching a broader market.

What do you need for it?

  • A website
  • A web hosting management platform
  • A billing system ( for example WHMCS)
  • A payment system (for example coinpayments.net)
  • A customer support system

Optional: a registered company, if you don’t want to trade as a private person.

Plus points

  • Cost-effective
  • A way of earning extra income
  • A way to expand your hosting business
  • Low investment
  • Customer support offered by the owner company

Minus points

  • Availability for customer support in case it is not offered by the renting company
  • Reliance on third parties  
  • Products flexibility

Is reseller hosting a good option for your hosting business?

For any questions or suggestions please contact us at info@flokinet.is.

Webhosting 101 – Dedicated Servers

Fast, secure and resourceful! This week’s all about dedicated servers! Let’s see if a dedicated server is the right option for you.

What is a dedicated server?

Unlike other services such as Cloud, VPS and shared hosting, a dedicated server is a physically isolated service that does not share computing resources. It is placed in a data center designed for optimal operating conditions and is available to be rented.

In the vast majority of cases, dedicated servers are faster, but that will mostly depend on the specifications of the dedicated server.

When is a dedicated server a good option?

  • High traffic/bandwidth usage is expected.
  • Security is very important to you.
  • You value flexibility (when you need or want higher requirements).
  • You care about stable performance.

What are the advantages of a dedicated server?

  • Complete control of the server (including Remote Console through iLO).
  • The client can choose their own operating system.
  • All server resources are used for the client’s own purposes.
  • Improved performance (compared with shared environment).
  • Faster than other hosting services.

What are the disadvantages of a dedicated server?

  • Increased costs.
  • Technical skills are required in order to control or monitor the server.
  • Not recommended to applications that do not require  resources.
  • Recommended mostly to applications that need more stable and larger resources.

Still not sure if dedicated servers are a good choice for you? E-mail us at info@flokinet.is.

CloudLinux – Shared Hosting Done Safe

Heard about CloudLinux?

Our shared hosting servers are equipped with a Linux distribution named CloudLinux, that improves server stability, density, and security by isolating each tenant and giving them allocated server resources. Some of its main features are:

  • Security (SecureLinks)

SecureLinks is a kernel-level technology that prevents all known symbolic link attacks and enhances the security level of the servers even further, preventing malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user’s PHP config files).

Source

  • CageFS

CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. What CageFS does is that it prevents a large number of attacks, including most privilege escalation and information disclosure attacks. With the help of CageFS, users have the following benefits:

  • they only have access to safe files.
  • they cannot see other users and have no way to detect the presence of other users or user names on the server.
  • they cannot see server configuration files, like Apache config files.
  • they have a limited view of their own processing file system, and cannot see other users’ processes.

Source

  • HardenedPHP

Several highly popular versions of PHP, used in nearly 85% of all PHP sites, are unsupported by the PHP.net community. HardenedPHP secures old and unsupported versions of PHP – 4.4.9, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0, 7.1, 7.2.

HardenedPHP secures old and unsupported versions of PHP. In those old versions, including the widely used 7.2, 7.1, 7.0, and 5.6, vulnerabilities, even if discovered, are not patched by the PHP.net community. HardenedPHP takes care of all this.

Source

  • Python Selector

The Python Selector allows end-users to select the specific version of Python they need.

Each customer is different, and each has different needs. The Python Selector allows end users to choose the Python version as an application and install additional modules. Python Selector uses mod_passenger to get the best performance from Python applications.

Source

  • Ruby selector

The Ruby Selector allows end-users to select the specific version of Ruby they need.

Each of your customers is different, and each has different needs. The Ruby Selector allows end-users to choose the Ruby version for applications and install additional modules (gems) to the application environment. Ruby Selector uses mod_passenger for optimum performance.

Source

Have any questions about CloudLinux? E-mail us at info@flokinet.is.

Web Hosting 101 – Shared Hosting

Next on the list of our weekly Web Hosting 101 series is shared hosting.

What is shared hosting?

Shared hosting is a type of web hosting in which a single physical server, a cluster or a cloud hosts multiple websites. The fact that many users access the resources of a server, helps to keep the service at a low cost. 

A shared hosting server can host hundreds of user accounts.

Who uses shared hosting?

Shared hosting can be mainly used by blog or small business owners with light or medium traffic on their websites.

This type of hosting is suitable for those mentioned as it does not require advanced configurations or high bandwidth.

Advantages of shared hosting

  • Because the resources are shared by users, shared hosting is a very cost-effective option.
  • It is a great option for less experienced people in the web hosting industry.
  • Easy to keep maintenance.
  • It is managed professionally. 
  • FlokiNET offers CloudLinux, a feature that will offer server stability, density, and security by isolating each tenant and giving them allocated server resources. To find out more about CloudLinux, stay tuned for tomorrow’s post.

Disadvantages of shared hosting

  • Sharing resources with other users, which may cause in rare occasions unbalanced performance.
  • It is less flexible with applications compared to VPS or dedicated servers.
  • If you suspect your website will receive a considerable amount of traffic, shared hosting might not be a good option for you.

Have you decided yet if shared hosting is a good option for you? Got any questions? Contact us at info@flokinet.is.

WEB HOSTING 101

Starting last week we decided to launch a series of posts, here and on social media, regarding the basics of web hosting. We understand how confusing it might be, especially for the folks out there with limited technical understanding, to try and figure out what type of hosting they need for their website or what are the advantages and disadvantages.

Today’s topic is… VPS!

What is a VPS?

Short for Virtual Private Server, a VPS could be defined as a space on a server that has the characteristics of an entire server. A virtual hosting server holds it’s personal operating system, applications, resources and configurations, all of these contained in a single powerful server. Each server can have multiple VPS accounts on it.

Who uses VPS?

This type of hosting is generally used by people who have more traffic on their websites and shared hosting doesn’t suit them anymore. 

Also useful if you require to host your own services, such as: VoIP, XMPP or other services.

Advantages of VPS

It is a cost-effective option, compared to a dedicated server, for example.

You get to run your own configuration and services that might not work on shared hosting.

Fully managed services.

Good security, since your VPS is separated from other users, located on the same server.

Disadvantages of VPS

Configuring the server requires more technical experience.

Maintenance of services has to be done by yourself.

More expensive than shared hosting.

*A pro tip

Preboot encryption on a VPS is pointless as the RAM that contains your encryption key can be easily read.

If you want increased security we suggest a dedicated server.

So what do you think? Is a VPS the right choice for you?

Check out our VPS options at: https://billing.flokinet.is/index.php?rp=/store/virtual-private-server-iceland

A reached NEW STAGE: ICELAND

Our location in Iceland is how we always wanted a hosting location to be. Green energy, free natural cooling and great laws when it comes to privacy. But we always missed one thing that has become so important in the recent years: DDoS protection.

No DDoS protection was available and the setups we did for our customers could only be archived by expensive solutions only large budgets could afford. Not ideal, of course. Then, the following question arose: what if a customer with a small budget would be looking for a green hosting provider while also having privacy and security (like fridaysforfuture.org, for example) ?

As our Iceland location was growing we were searching for options to solve the problem. In the third quarter of 2020 we started to perform tests with filter options of traffic from one of our POPs in Amsterdam to avoid a delay in traffic routing and in the forth quarter we finished all major setups.

We think it should not be a matter of your budget to have DDoS protection. No one should be able to take down your project with a DDoS attack because you lack the resources to fight it.

That is why we include now free DDoS protection at our Iceland location.

With this update, more hardware options are coming. The specifications are the same as in Romania but come with an improved L7 filter (Beta). 

Another topic of importance regarding our upgrade in Iceland was the request for hardware at a lower price. While Iceland is, in general, not a low budget location, we wanted to explore options to lower the price for dedicated servers. For this we set up several blade centers so you can now get in Iceland the G7 and G8 blades that we usually offer in Romania.

More security was also one of our goals when the update was thought out. Our KVM network in Iceland is now secured behind a VPN to ensure an extra layer of security and that all data you enter is transmitted securely.

A short FAQ for you:

Q: Do I have to do anything to activate the protection?

A: There is nothing you need to do from your side, our DDoS sensor will detect any attack and filter the traffic before it reaches your server. Please keep in mind that such protection will just cover 99% and you still have to make sure your website and server is optimized to withstand attacks.

Q: Is Layer 7 protection included?

A: Yes, it is included. However, you will have to provide us your one year valid SSL certificate so we can install it into the filter. In our Beta setup, this is no longer required but it is not available yet for all customers.

Q: Can I have a personalized setup with optimized rules for my application?

A: Yes this is possible, please contact our support team for an offer.