[anti-abuse-wg] Bulletproof servers causing mischief on the internet

Both registries and registrars that are accredited by ICANN have contracts with clear clauses related to abuse and their responsibility towards reports etc.,
As of right now no such requirement exists in the RIPE region, so I’m not sure that the parallel is a good one.

In an ideal world self-regulation would be the way, but sadly there are a lot of providers who turn a blind eye to all sorts of unpleasant behaviour on their platforms / networks etc., so legislators are getting involved more and more.

If there are LIRs in the RIPE region with dodgy contact details or anything else that would be illegal under Dutch law or in breach of any contracts or policies then they should be reported to RIPE NCC. It’s in RIPE NCC’s best interest not to run afoul of regulators and I know they invest quite heavily in engagement with government including LEA.

Also please do not refer to DMCA. It’s American and is not legal in Europe. Seriously

Regards

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.


From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg at ripe.net>
Date: Friday, 19 January 2024 at 09:36
To: OSINTGuardian <contact at osintguardian.com>
Cc: anti-abuse-wg at ripe.net <anti-abuse-wg at ripe.net>
Subject: Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

Greetings,

Maybe we need a bulletproof hosting directory on the web? :-))

>From what i've learned, illegal content depends on jurisdiction, and
effectively that's what greatly impacts the possibility of takedowns.

I've also seen what you mention about advertising services as
'bulletproof', but i've already seen some of those companies remove that
kind of advertising (in this case, web archives are your friend!)

The RIPE NCC, afaik, doesn't act on illegal content, because it lacks any
mandate for that.

In the same way criminals are able to use phones, they are allowed to
use IP addresses. The downside with the IP addresses is they can in
practice build/manage (informal?) network operators, which provide them
with a lot more flexibility. But that's the model we have had for
decades...

I totally agree with the ICANN comparison, but it wouldn't be only RIPE
NCC, for efectiveness you would have to have all the five RIRs on the same
page.

But i'm afraid "the community" -- which also includes the 'bulletproofers'
-- will not issue any mandate to the RIPE NCC to do something. Instead,
at some point, we well see more regulatory stuff kicking in........


Best Regards,
Carlos



On Wed, 17 Jan 2024, OSINTGuardian wrote:

> hi,
>
> There are more and more bulletproof hosting in the world every month and they are causing more and more chaos, feeding the dark web by
> providing servers to criminals of all kinds who use the servers on .onion websites in Tor and flooding the clear web with illegal
> content.
>
> There is a bulletproof hosting market that is even openly promoted, it is as easy to find companies that provide bulletproof servers as
> searching on Google, hacker forums or simple internet websites that provide lists of bulletproof hosting companies.
>
> The business model of these companies is to ignore reports of abuse of illegal content, to look the other way when someone uploads
> illegal content. This is openly their business model, what does RIPE NCC do about this?
>
> RIPE NCC provides IP addresses to many of these companies with bulletproof servers that are then used by criminals on the Internet,
> strengthening organized crime.
>
> ICANN publicly has an abuse reporting form, where users can report if a company provides bulletproof domains or ignores abuse reports.
> If RIPE NCC did this same thing, the internet would become a better place.
>
> If RIPE NCC did this and also other IP address accreditors, they would greatly affect criminals on the Internet and therefore the
> Internet would become a slightly safer place than it is today. Bulletproof server companies would be afraid of being caught by RIPE NCC
> committing these violations. Unfortunately, these companies currently feel enough freedom to do this, that they even show themselves
> publicly.
>
> Is RIPE NCC planning to do anything against this?
>
> - Claudia Lopez
> OSINTGuardian
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20240119/a0fc1103/attachment-0001.html>