Our valued sponsor

Best company/jurisdiction for secure hosting/DNS?

JustAnotherNomad

Pro Member
Oct 18, 2019
2,569
1,289
135
Visit site
I am thinking about moving my email to Protonmail, but they don't offer hosting. So I would need another hoster to manage my domains.
Now that would of course be useless if they forced the hoster to manipulate the MX records.
Which hoster would have very low risk of complying with a request to manipulate DNS records? Many VPN providers seem to be registered in Panama - maybe that would be a good jurisdiction?
 
What are you trying to achieve?

Who are you trying to protect yourself from? Customers / family / Government (which) / 3 letter agencies

Why are you trying to protect yourself from them - what are you doing? Grey area / highly illegal / legal in some but not all jurisdictions.
 
So you just don't want to be known publicly.

No hosting company is going to give your name to anyone who just asks, same with DNS providers. For a bit more protection you can just go with EU companies who have stronger customer protection laws than the US.

But you mentioned you were worried about requests to change DNS records. This is such a rare occurance and only happens with governement / legal / court approval. Which makes me think there is a more concern than just not wanting to be known publicly, which implies you are doing something in a grey area.

You mentioned Panama. IF you are concerned, I would be thinking, "how easy would be to bribe someone in Panama to make this happen and how much harder would it be to do the same in Germany". Some "offshore" jurisdications have a reputation for privacy, but the issue is, how easy is it to twist some arms compared to a country without that reputation, but a strong rule of law.

If you have nothing to fear from governements / courst, then I would go for a robust country, rather than some obscure offshore location.

but again, without knowing more specific details of your situation, no one can give you a good answer.
 
I’m more than open for a solution from a “robust” country.
It’s funny that you mention Germany, I looked into that because some “secure” email providers are located in Germany. Did you know that German email inboxes can be accessed by the police without a court order?
I don’t trust the EU, so something outside the EU would probably be preferable. I have heard that Iceland or Switzerland could be an option.
 
But if you are just wanting to not be connected to the company, what difference does it make if the police have access?


Did you know that German email inboxes can be accessed by the police without a court order?
No I was not aware of that, I had a quick search and found nothing. Any links?`
 
I don’t care about anonymity. I just don’t want them to be able to read my email.

I don’t remember, just google it. They only need a court order for “surveillance.” Surveillance means that they monitor email as it goes in and out. Also, I doubt the judges even read the requests as 90% or so are approved.
But anyway, if the emails are stored on the server (as is usually the case), the police can simply “seize” the inbox without a court order.
 
You need to think about setting up a safe (hosting/dns/mail) environment: The Megaupload guy went down as he used Gmail for his internal mails.

You need to consider several things:

-- location and setup of your main site (country A)
-- location and setup of your backup site (country B)
-- location and setup of your auxiliary site(s) (country B or C)


You can run a linux hardware server, or your main site you could run Proxmox, and run your services i separate VM's. Make sure you rent a hardware server (and no vps, as the cloud provider has access to your data!).

Encrypt your disks with:

You need two servers (ip's) that decrypt the linux server (like magic), make sure they are in a different jurisdiction.

Run your mail on the linux server (configure no mx, if your server is down, the sender will spool the mail), configure your primary dns and your websites. Use the offsite servers as secondary dns and ndbe decryption box) You can of course designate one of the offsite servers as backup server (if you run ndbe on all servers you need to ensure there is a 4th, stealth server, then all server are encrypted and you only need to ensure 2 servers up at all times). (make sure that the public sites A+B cannot decrypt the other)
 
  • Like
Reactions: cckuhqilfownnfctux
Email is inherently insecure. No amount of offshoring is going to change that. Your biggest weaknesses are the mail servers that might touch your email during transit, and the recipients. The super secret pancake recipes you email your business partner ceases to be secret when they then forward it to your flour and sugar supplier and CCs someone. Now the recipe is on two or more different email systems, and you have no control over that.

You could host your mail server in the privacy-friendliest place on the planet but it won't help you if you have a dedicated adversary.

To make email secure, you need both parties to use the same security-focused service (like Tuta or ProtonMail) and ensure that the services delivers emails directly between users, or use any mail service and use a messaging encryption method such as PGP/GPG.
 
I am well aware of the risks. And like I said, I have nothing to hide, so setting this up myself would be overkill. And also a risk because I’m not experienced enough to run all of this myself. It’s more likely I’ll introduce security issues than anything else.
And I already use PGP and I’m not planning to stop doing that.
Protonmail is more than good enough for me.
I just want to have my DNS in a jurisdiction that would award the best protection from someone changing the MX record by a court order. It’s extremely unlikely that this would ever happen, but when you have the choice, why not go for the best option?

Really the worst case I could think of is some country claiming I have stayed for too long and trying to tax me. That should never happen because I always make sure to keep moving, but you never know. For example, who knows if there will be worse lockdowns next year and I will get stuck somewhere.
I don’t want them to then try to access my email to get to my IP addresses to establish travel patterns. Which I’m not sure if Protonmail even stores, they definitely strip them from outgoing email. And I always use a VPN anyway.
But I still just don’t want them snooping around. I don’t do anything illegal, so I certainly don’t need them reading my email.
 
No DNS provider is going to reject a court order for you. DNS services don't cost nearly enough to be worth fighting a legal battle over some individual customer.

For example, the people behind Rage4 Networks are (or at least were when they were set up) very much pro-privacy and individual rights, but I don't think 2 EUR/month is going to be enough for them to throw a court order in the trash. You're not worth jail time.

Just use Cloudflare and chances are you will be fine. There are heaps of dodgy websites using Cloudflare and, AFAIK, they have only taken proactive action when it's been very high profile cases. Aside from that, they'll need a court order to be compelled to take action. If your travel plans are interesting enough that someone will go and successfully petition a court in California or federal court, you have far worse problems at hand than DNS.
 
That’s what I mean. I don’t need extreme protection because I don’t do anything illegal.
I just want to make it more difficult.
Like I mentioned above, in some countries, they don’t even need a court order to “seize” email inboxes and court orders are usually approved immediately.
But by having my DNS in a jurisdiction that would ideally require a new court order from the country the hosting provider is in, it might just be too much hassle for anyone to come after me because they think I might have stayed two days too long in their country. Whereas if I used a provider from the same country, they might do it because all it takes for them is one phone call.
And again, I’m completely on the legal side, not involved in any shady business. I’m just thinking, if I can spend my 2 bucks a month in country X instead of country Y and that increases my privacy, why not do it? You never know when that might come handy.

I’ll check out Cloudflare. I didn’t know that they also offer pure DNS. I thought they only offered a CDN and DoS protection.
 

Latest Threads