It’s been a while, but I guess it’s that time again. Since the last post about this whole ordeal there have been quite a few happenings in regards to the infamous Internet forum. For a while the site was only reachable over Tor and at the beginning of this year it was, for a while, fairly stable thanks to TerraHost and Epik. I use Epik as a registrar myself and had good experiences with them. They did have a breach a while back, but that was before I used them and since then there have been a few changes so I assume they’ll try their best to prevent this from happening again. TerraHost is a Norwegian hosting company and subsidiary of Epik. For some reason they could actually provide the farms with hosting for quite a while without too much trouble. They knew how to handle complaints and DDoS attacks, but at some point the site went down again. Here’s a rough summary of what’s happened over the past months:
- After Zayo dropped the forum it came back online via Tor on October 30th and on the Clearnet a day later
- The following days some parts of the Internet could not access the site due to individual ISPs caving to complaints and blackholing the Farm’s IP block
- On November 5th the routing issues were resolved and the site was accessible for the entire Internet again which was followed by the usual DDoS attacks
- At this point in time the site was using Epik as the domain registrar and TerraHost for hosting
- On December 2nd the EFF published an article and a website which covers the issue of ISPs censoring the Internet
- In December a bunch of ISPs (Lumen, GTT, Arelion, Zayo and Voxility) began blackholing the forum again
- On December 23rd the only ISP still blocking the site was Lumen aka. CenturyLink
- Continuous DDoS attacks over the holidays
- On January 14th CenturyLink and Arelion stopped blocking the site
- On February 2nd the site celebrated its tenth anniversary
- The site is mostly stable for a few months with short down time very now and then
- On the fifth of May the site goes down completely
- Two days later the main site explains the situation
- On the ninth of May the site is reachable via Tor again and new hardware is supposed to be installed, which didn’t work properly and resulted in a few days of downtime
Then for a few days the site is available via Tor, because of how the forum software works the site needs to use HTTPS over Tor, which is very rare since traffic via the Onion network is already encrypted. Because of how rare this is there are only two certificate authorities that offer SSL certificates for .onion domains. One of them being very expensive and the other one being a research institution in Greece. The latter one was used by the farms and they told Null that they would revoke his certificate because the site violated a catch-all clause in their subscriber agreement. They most likely got the usual complaints and responded hastily. In their statement they mention that they received harassment after they made their decision to revoke the certificate, which is obviously problematic, but there’s no way of telling who’s behind those messages. Ultimately they realized that there are only two CAs and therefore revoking would essentially require the forum to use self signed certificates. Which isn’t the worst thing, after all people are already forced to download a special browser just so they can continue shitposting. The problem with this is rather that this is just another part of the stack that can be attacked. So far certificate authorities have not budget.
For a while the site was then only accessible via Tor. On July 1st a mirror was set up which was reachable via sneed.today. This mirror was initially hosted via TerraHost who had to shut it down, because their ISPs were pressuring them into doing so. Shortly after the mirror was reachable again, because a company wanted to test their ISPs, this lasted a full two days before TubeHosting folded. Later on Combahton blackholed IPs despite it apparently being a “safe haven” for malicious network activity. On July 27th identity.digital (formerly Donuts Inc.) seized the domain:
This domain was recently reported for PII exposure. Our review has concluded the presence of repeated and clear instances of the disclosure of personal data relating to individuals, which have been posted in a manner which either directly or contextually, pose a credible threat of harm to those identified individuals. Any such use of a domain in connection with such observed conduct, is in violation of the registry’s acceptable use policy.
This is nothing surprising as domains are seized more and more often for arbitrary reasons. After the .today domain got seized people on twitter immediately wondered where else they can apply the pressure tactic to get sites shutdown. The obvious next target is archive.today, which unlike archive.org has not yet blacklisted the Kiwi Farms from being archived. Thankfully nothing has come from this as of now, but currently the campaign is still busy with trying to keep the farms offline.
After the mirror went down the site is as of today reachable via kiwifarms.pl and the main domain might follow soon. This is thanks to a Polish company that, at least for now, seems to be able to deal with complaint volume in a more professional manner. But just because the site is reachable doesn’t mean that things are over. On July 29th one of the, if not the largest ISPs has decided to block the Kiwi Farms:
Hurricane Electric, one of the largest ISPs in the entire world, has blocked 1776 Hosting’s IPs which very briefly (~2 days) was a way to connect to the Kiwi Farms.
Hurricane Electric admits that blocking an entire subnet of IP addresses like this is unprecedented. They refuse to elaborate as to why they’ve done this.
HE is an extremely old, extremely large provider which owns an enormous share of all fiber optic cable in the world. Their connectivity between smaller ISPs is unparalleled. Their bandwidth is over 100Tbps. If every nerve in your body is connected to each other, much like two computers on the Internet, then Hurricane Electric would effectively be your spine - hence why they are called the Internet Backbone. The Internet Backbone is telling a small forum of a few thousand daily users that they may not exist, they will not explain why, and they are not open to meeting halfway.
However, our relationship with HE was indirect. 1776 Hosting had a relationship with an ISP, who itself had a relationship with another ISP, who has a relationship with Hurricane Electric. HE did not terminate a relationship with me, they instead obstructed my providers from receiving traffic they specifically requested because Hurricane Electric does not allow it, without stated reason, and without appeal.
What Hurricane Electric has not considered is that this relationship took place in Washington state. Washington is one of the few states which has state-level common carrier provisions for the Internet. Quote:
(2) A person engaged in the provision of broadband internet access service in
Washington state, insofar as the person is so engaged, may not:
(a) Block
lawful content, applications, services, or nonharmful devices, subject to
reasonable network management;
(b) Impair or degrade lawful internet traffic on
the basis of internet content, application, or service, or use of a nonharmful
device, subject to reasonable network management;
https://app.leg.wa.gov/RCW/default.aspx?cite=19.385.020
This cause of action cannot be brought by individuals or companies. It must be brought by the Attorney General’s Office in Washington. My providers have filed complaints with the Attorney General’s Office in Washington. I am preparing to do the same via representation.
If you are a citizen of Washington, your right to access legal content via your Internet connection (as guaranteed by the state of Washington, to which you pay considerable tax) has been infringed by Hurricane Electric. However, I am not asking anyone do anything at this point. We are awaiting a response from the Attorney General. If the Attorney General refuses to protect our rights, then we may need voices from the state of Washington to compel their Attorney General to protect their rights instead. If they still refuse, we have further options to pursue to compel the government to enforce its laws fairly and equitably.
Hurricane Electric’s political decision making and deliberate meddling with the Internet is the most dramatic action I have ever seen in the degradation of the Internet and the erosion of our personal liberties. The only path forward is for the Internet to be regulated as a common carrier. If we allow this behavior to continue, no website may exist without the collective assent of a dozen megacorporations joined at the hip.
This is where it’s at right now. We’ll have to see where the legal action goes, but it does seem like there’s no end to this. The best result would be if this establishes legal precedent that ISPs cannot legally (at least in Washington) make these kind of decisions in regards to a legal website.