💾 Archived View for dioskouroi.xyz › thread › 24996329 captured on 2020-11-07 at 00:50:29. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
________________________________________________________________________________
I will admit that after the RIAA/youtube-dl story I felt that it confirmed my belief that it was a mistake for anyone to host anything on US based servers. This takedown with complete lack of transparency from a French provider (OVH) really proves me wrong.
Unless this is some extreme security situation/investigation where it was being used for communication between groups I can't really see this holding up in a European Court?
As an aside Guerrila Mail/ Shark Lasers was my go to service for that kind of 'subscribe this' throw-away email. Anybody has recommendations for alternatives?
_> I will admit that after the RIAA/youtube-dl story I felt that it confirmed my belief that it was a mistake for anyone to host anything on US based servers. This takedown with complete lack of transparency from a French provider (OVH) really proves me wrong._
There is a huge difference between these two cases. Most hosting providers in the world are not going to challenge law enforcement in their jurisdiction and will just cooperate. That's what OVH did, as everyone should have expected.
But at the same time most hosting providers in the world will oppose overreach of copyright trolls. That's what Github didn't do.
Still, if you need some minimal resilience it's never enough to rely on a single hosting provider from a single jurisdiction. Multiple different providers in different countries for frontend servers with some primitive DNS failover can easily solve this and similar problems.
"Still, if you need some minimal resilience it's never enough to rely on a single hosting provider from a single jurisdiction."
Or don't use a "hosting provider" at all.
A _full rack_ at he.net with 15a of power is USD $350/mo[1] - and that's probably not a super competitive rate. You can probably do better elsewhere.
Now _you are the host_. The notices _go to you_.
I don't know why we have this collective amnesia about what it takes to run a simple website.
[1] At their Fremont, CA HQ building.
I thought the issue with doing that kind of thing is that they can easily go after the colo provider as well. "xxx is in your building, please pull the plug or you're liable also" is pretty convincing. Or am I mistaken?
Sure but then the solution is that you go and pick up the servers and move them somewhere else, instead of suddenly finding yourself with absolutely nothing and no way out.
A better approach is to have a reverse proxy in a difference account/hosting provider. That way the take-down is of the proxy which should be minimal config and no data.
Setting up another reverse proxy in the event of a take-down should be minimal effort.
It then becomes a game of whack a mole if anybody wants to take down a service. I assume this is how The Pirate Bay stayed up for so long.
Downside is doubling bandwidth costs.
Until you are served with a court order to preserve evidence for forensic inspection and then you are stuck with a powered off pile of hardware while you wait for the forensic analyst to show up and make bit level copies of everything; or you are served with a temporary restraining order/preliminary injunction forbidding you from reconnecting the hardware at all until the case is decided.
>>> Unless this is some extreme security situation/investigation where it was being used for communication between groups I can't really see this holding up in a European Court?
I feel the need to point out that each EU country has its own judiciary system and laws. There isn't such a thing as an European court. There's are laws/agreements set at the European level that are supposed to trickle down to each country and the process is fairly complicated and messy.
It's a very strong misconception from US readers to think that there is an Europe court, like there is a supreme court or something in the US.
The siblings are half-right; there _is_ the ECJ, and a lot of law is harmonised, but far from everything. But it has nowhere near the political significance of the USSC. And both are appeal courts, so you have to exhaust your country's system first _and_ be granted leave to appeal.
I don't really see there being much of a case to answer, although it may be possible to get the alleged secret law enforcement request. OVH terms of service will undoubtedly allow them to terminate your account for any reason.
European Courts are the ultimate court of appeal in the EU. In this instance I'd say the European Court of Human Rights would absolutely find shutting down these servers as a violation of the European Convention on Human Rights.
Human rights have to do with things like torture, unfair detention, having a fair trial, etc...
You are not going there because an hosting company shutdown your mail service.
Last cases for reference:
https://hudoc.echr.coe.int/eng#{%22languageisocode%22:[%22EN...
}
Actually, a hosting company challenging the police in jurisdiction where ECHR is ratified would go exactly there once it exhausts options in local courts. But not a customer of a hosting company challenging the decision of a hosting company.
.. on what basis? (a) you've not checked whether the OVH user agreement allows this kind of termination, which it almost certainly does, and (b) we don't know any of the underlying facts about the alleged police letter.
A court action might bring some facts to light, but it's unlikely to reinstate the service.
European Court of Human Rights is also not exclusive to European Union, other countries signed the convention as well and ratified at least parts of it. There appeals can reach ECHR and its rulings have to be enforced locally.
This view is not accurate. There is at least the European Court of Justice[1], and there are directives[2], which are laws written and enacted by the European Union, without any national act being necessary. Of course, the Court of Justice (sadly) doesn't have a European Constitution to rule on, but it does overturn national laws sometimes.
[1]:
https://en.wikipedia.org/wiki/European_Court_of_Justice
[2]:
https://en.wikipedia.org/wiki/Regulation_(European_Union)
Nice to know if you can afford to stand still while your case works its way through the courts for years. Most companies can’t.
What is this then?
https://en.m.wikipedia.org/wiki/European_Court_of_Justice
> The European Court of Justice (ECJ, French: Cour de Justice européenne), formally just the Court of Justice, is the supreme court of the European Union in matters of European Union law. As a part of the Court of Justice of the European Union, it is tasked with interpreting EU law and ensuring its equal application across all EU member states under Article 263 of the Treaty of the Functioning of the European Union (TFEU).
The EJC is there to handle discrepancies between EU regulations and nations (not fully/correctly) implementing them.
So this is _not_ a general supreme court. Cases which don't run in local law conflicting EU regulations can't end up there.
EU regulations don't cover everything and do often have large margins of interpretation. They are generally not laws but regulations about making laws.
So there is a good chance your case will never have a chance to end up there even if it continues to escalate.
Edit: also the ECJ does work different in the results they produce then you think, e.g. they can rule that a certain court action/law/etc. is in beach if regulations and anull it to some degree, but that didn't mean they can e.g. force gurillamail to be rehosted. At most they could "annul" a france court discussion that the takedown for given reasons was legal. Which seems similar but is a massive difference as they then could argue that the takedown was still legal due to other reasons and still win (or just delay it further).
OVH do have datacentres in a number of countries, a dig of guerillamail.com and WHOIS suggests they may have been hosted in Montreal, Canada.
Is 'Montreal' an approximation for Beauharnois[1] or is there another OVH data centre in the region?
[1]
https://goo.gl/maps/g31VwjMtvr7GwCsf8
"With three offices in Montreal, Quebec and Toronto as well as a data centre in Beauharnois, OVH Canada offers a full range of cloud solutions"
https://www.ovh.com/ca/en/discover/canada.xml
The IPs are probably registered to their Montreal office but indeed, the data centre is in Beauharnois. Think they introduced their services there ~5 years ago.
Since the domain is using an ARIN IP it seems a decent bet that's where they were hosted.
Without knowing the inside story, it seems like an overreaction for OVH to take down an entire service based on law enforcement requests, unless there's more to the story, which there probably is.
FWIW, DNSimple was blocked by an entire country because we adhere to our local laws in the US and we _didn't_ take down a site that was illegal in their country. This is the Internet we have today.
10minutemail.com and anonbox.net are both good.
If I need a new service, I look at the list of temporary email services supported by the Bloody Vikings Firefox extension [1]. There are quite a few there.
[1]:
https://addons.mozilla.org/en-US/firefox/addon/bloody-viking...
I personally use
.
Unlike others I've tried before, they seem to have a fairly large amount of domains in rotation, making them difficult to block as a website admin.
Last time I had problems with throwaway email domains being blacklisted, emailondeck.com worked for me, they also seem to regularly change domains.
I don't know your use-case, or what your purpose for the throwaways are, but my solution is a domain I only use for email where *@mydomain.tld is redirected to something I read.
So when I register for hackernews I would likely just register hackernews@mydomain.tld, and if their data is ever leaked, or they sell it, I know who did it, or can block that email.
It's obviously not anonymous if that's your use-case, but it solves my issues of not wanting one email registered everywhere and eventually getting spam, and having accountability per service.
I do something similar, except that I add entries to the MTA configuration to do the redirects, rather than use a wildcard. That requires positive action (adding the entry), and I don't have to worry about spammers bugging me by just sending stuff to random addresses. If I start getting spammed (and it HAS happened) I can revoke the address by just removing the redirect.
Amusingly, spam is still getting sent to some of these addresses that I revoked years ago, only to get bounced. I guess it's too much work for spammers to clean the deadwood out of their lists, especially since that inflates the number of addresses they can sell. The good thing is that these addresses are excellent spam traps for fail2ban.
The US is a toxic jurisdiction as far as any technology is concerned. They were the ones to give us the wonderful gifts of forever Disney copyright and the DMCA.
8chan which was banned by USA based CNServers and Cloudflare uses Russian based : ddos-guard[.]net
This is only my personal opinion but considering how weak the European cloud market is compared to the US one, it wouldn't surprise me if European cloud providers would bend to police requests because they are already in a vulnerable position.
getnada.com has been great for me, I used to use guerrilla but it often got blacklisted on some forms getnada usually goes without issue
This may be unrelated and a coincidence, but:
France has a strong and growing body of anti-terrorist legislation, and I believe that some of it prevents providers from discussing some law enforcement notices (I believe that the same also exists in the US, hence some companies disclosing that they have NOT received any such requests. So when they stop saying that, you know what's up).
As other commentators have stated, OVH have datacenters in multiple jurisdictions. For example the US and European services are distinct entities and while product offerings are similar there are some specific differences. Also worth noting that while they use support teams across continents, the teams rarely have much context of what's happening in the other continents (has been as issue in the past for my teams).
It is unclear which entity was providing the service to Guerrilla Mail.
I use GuerrillaMail regularly. This is a security tool. There is an absolute need for easy anonymous throwaway email addresses. Hopefully, this will be resolved quickly. Tell us how to help!
mailinator?
You can create throwaway emails pretty easily if you register a domain name, they're not quite anonymous but they're practically the same.
This is correct. I strongly recommend registering a random, throwaway domain and running your own mailserver.
Creating an entry in /etc/mail/aliases is just as fast as the interface on the throwaway email sites and you have much more control over the resulting inbound mail.
How can I register an anonymous domain? Asking for a friend. Truly anonymous.
I didn't say anonymous - I said random/throwaway.
Start a Delaware corp (or Wyoming or Nevada, etc.), get a simple checking account with a debit card, and purchase a domain.
It takes like 30 seconds to register a GMail address. I understand it's a bit less convenient, but how often do you need a throwaway email with zero prior use?
No, "please give us your telephone number, you cannot skip this step"
Pretty much every website requires you to enter an email address to create an account. If you don't trust the site or don't think you are going to use it for more than a trial then if you use your real email address you risk getting spam either through database leaks, because they have signed you up to a bunch of newsletters or because after signing up for a thousand different sites you get privacy policy updates every week.
Can someone explain why a throw-away email service such as Guerrilla Mail has to go offline as a result of law enforcement?
I understand that shady people are doing a lot of shady things with such services, but when equally shady people (criminals, terrorists, pedophiles, etc.) use platforms like Facebook or WhatsApp to commit extremely serious crimes nobody is taking Facebook or WhatsApp offline.
What is the rationale behind this?
As an old girlfriend told me: “Size matters”.
Closing Guerrilla Mail will upset us a lot but the rest of the world will ignore it. Close Whatsapp and the world will be a chaos.
It is selective application of the law. It is easy to shut down a small company without army of lawyers and infinite resources. If you don't have broad shoulders, then you need to accept that you have to follow the law. Law does not apply to large companies.
For the comparison, Facebook/WhatsApp would fully cooperate with the police, if an account is identified to be some sort of fraud/terrorism/drugs, they will communicate the known identity of the user with last known IP and any information they have (under warrant).
OVH cannot do that, they only rent physical servers, they have no information about the software or the user. If the police comes knocking, the only thing that can be done is to shutdown or seize the servers.
The police must have something against some users of guerilla mail (not a surprise given the nature of the service), they probably went against the servers because they couldn't get a reply or any action from guerilla mail. I checked and found no contact information and no ownership information on their website.
They can contact the server user so that the user can hand out that info information.
Any law enforcement should contact guerillamail not the hardware hoster.
Only if gurillamail itself is classified as a criminal organization or similar should OVH be contacted for takedown. Even then gurillamail still should be informed about the exact legal court order which caused that so that they can take appropriate actions.
The fact that they are taken down supposedly because of the law enforcement but no reason is given is SUPER fishy and smell like non law compliment overreach.ail
>>> They can contact the server user so that the user can hand out that info information.
What do you think happens when the hoster receives an official warrant to disclose who is one particular customer? They shutdown the customer.
It should be handled better. On that we can agree.
They do have contact info in the "about us" section, and also as a signature at the bottom of each email.
https://webcache.googleusercontent.com/search?q=cache:54xhOU...
"Please contact us on Twitter / Facebook" is not a receivable contact information.
There's a signature that leads to contact info at the bottom of each email.
That doesn't cut it, law enforcement is not going to send emails to figure out how to send them emails.
FYI: A website is required by (French) law to have legal mentions including the company name, address, director, company registration number...
LE does in fact follow the link and use the contacts there 99.999% of the time. The site has been running fine on OVH for nearly 5 years without problem.
For one, Facebook is its own hosting provider. Not only do they have their own servers, they have their own datacenters and networks. There's quite literally no one to take them offline like that.
It is common that large companies split into subsidiaries dedicated to handle one or a couple of tasks. I wouldn't be surprised if the FB hosting was handled by a separate company owned by FB. Regardless - if there is a request to take something offline, then it should be followed. It is unacceptable that we have two tier legal system. One, very strict for small players, and essentially no rules for the big boys.
I hereby request that FB and Twitter be taken offline.
It regularly happens, eg. China blocks Google, Brazil sometimes blocks WhatsApp.
It depends very much on who does the requesting, and how much pushback there will/would be, and how it will be dealt with. (In China, the pushback doesn't really matter, in Brazil it still does.)
I know it does. I just thought the claim above was absurd:
> if there is a request to take something offline, then it should be followed.
I guess it is called a double standard.
Ask sir William about that
"Can someone explain why a throw-away email service such as Guerrilla Mail has to go offline as a result of law enforcement?"
It doesn't. Guerrilla Mail could very easily (and relatively cheaply) house their own infrastructure (a single 1U server ?) in their own rack and self provide their hosting.
The takedown notices would go to them. Subpoenas would go to them. They would be served and have great leeway in deciding how to respond and what information to share.
Further, placing the entire operation inside a corporate entity would insulate the owners and allow them to slow down the entire legal/notice/response process.
You do not have to rely on intermediary providers to publish your website.
Prevent destruction of evidence in an ongoing case?
Probably lack of oversight, that is, the US law enforcement systems do not have access to the information shared.
Whatsapp may not be secure and the NSA and co may be listening in. I don't believe their end-to-end encryption claim has to be accurate. And it may be end-to-end encrypted but the NSA has a master key to said encryption.
Given how there's services like Encrochat, I believe the dodgy side of society is aware of Whatsapp not being secure and are avoiding it.
WhatsApp and Facebook are tied to real identities (phone numbers, names, etc.) so while law enforcement may not know what is said they know who said it. So if they compromise one end of a conversation they can probably find all the other participants. Guerrilla Mail on the other hand did not allow for that.
Maybe they should look at hosting at 1984.is instead, as they seem to have a more robust policy in place regarding take downs:
"Unwavering loyalty to our customers and their fundamental rights is a core value of 1984, hence the name to remind us of what can happen if we fall asleep on our watch. We state that 1984 as a company and its officers will always go the extra mile to protect our customers' civil rights, including the freedom of expression, the freedom of the press, the right to anonymity and privacy. 1984 will always do everything within its legal power to inform our customers of any inquiries from any authorities, lawyers or courts into the customer's affairs that we may become aware of. It is essential that the jurisdiction that the company operates in is Iceland, where the IMMI legislation is forthcoming, making Iceland a haven for freedom of the press and freedom of expression in general." [1]
[1]:
exoscale.com would be a good alternative as well
Not sure what they've been doing, but in my experience the handling of law enforcement requests by OVH is hit and miss.
So far they have always forwarded requests to us, but in some cases they shut down some of our servers if we didn't respond within a few hours.
This looks like the request was directly addressed to them and they may be legally prohibited from talking about it.
For those who don't know what Guerrilla Mail is:
https://en.m.wikipedia.org/wiki/Guerrilla_Mail
Non-mobile link:
https://en.wikipedia.org/wiki/Guerrilla_Mail
Userscript to forget about mobile links forever:
// ==UserScript==
// @name Redirect from mobile wiki to desktop
// @namespace http://tampermonkey.net/
// @version 0.1
// @description try to take over the world!
// @author You
// @match https://*.m.wikipedia.org/*
// @grant none
// @run-at document-start
// ==/UserScript==
window.location.hostname=window.location.hostname.split(".")[0]+".wikipedia.org";
Funny, I use
https://addons.mozilla.org/en-US/firefox/addon/mobile-wikipe...
because I generally prefer the mobile site, even on desktop. (Same with Twitter by the way.)
If you mean the React-powered mobile.twitter.com, the main site (twitter.com) now points to that as well (since about a year ago).
Years back I used to run a similar service (dudmail) which I eventually shutdown due to the time sink (and the unbelievable pain of trying to handle unicode in a million different languages correctly)
I was definitely a lot younger and naive back then and whilst I had intended it as mostly a way to avoid site registration email spam, until reading that wiki link I had never really thought of the potential for abuse.
I'd have to go back and look but I'm pretty sure it was running on OVH towards towards the end as well.
I use them on a weekly basis :(
If a site asks a mail, enter random-6-characters@pokemail.net , in 30 seconds, go to guerrillamail.com and enter the same random 6 characters for the verification link, if any.
Thanks for helping me avoid spam
I've been using mailinator.com for years - they have an almost identical service (they don't allow you to _send_ mail, though)
Another helpful use case: Some annoying sites ask you to create an account before you can browse them, but there's a faster way: Click on a 'lost password' link, and enter <website name>@mailinator.com as your email - chances are, someone else has already used mailinator to create an account, and you can re-use theirs :-)
I use bugmenot for websites that require an account to browse or to download stuff (looking at you Qt), it works most of the time
many websites do not accept the @mailinator.com email addresses. And Mailinator used to have a ton of alternate domains, nowadays I do not see those. what happened ?
You can set your own alternative domain, by setting a DNS MX record:
10 mail.mailinator.com
I have this setup for a subdomain ("xyz") of my personal domain.
If they have control over DNS, could they just move to another cloud service?
It's still greatly appreciated that they share the information so we know that OVH should be avoided.
I’ve been trying for months to get OVH to take down a phishing site that targets my company and I can’t get any response whatsoever from them.
Way back in the day when I worked for some server rental place, we had an AUP and all of that, but an internal policy: if the cops came knocking about your stuff, we were gonna shut it all down.
Basic reason is that the effort involved in such an account cost us more money than we made in dealing with it. Easier to just cut the relationship.
Admin of Guerrilla Mail here.
I've been hosting the site on OVH since 2016. The site hasn't changed much during this time, and I've been quite happy with their services until now.
A little bit about Guerrilla Mail: It its' first and foremost, an anti-spam solution. Nowhere on the website it says that's an "anonymous email" provider. In fact, the email sending feature prominently warned the user that their IP address would be included in the headers of the email sent. (The sending feature was not for anonymous email, but for the rare chance that a user needed to send an email from there or reply. Guerrilla Mail is mostly used for receiving)
The timeline for the suspension went like this:
On October 12th, I received what seemed like a canned message from the OVHCloud Abuse team, saying that my server was (quote) "used for a fraudulent activity" and threatening termination within 48 hours.
There was no further details about the nature of the "fraudulent activity". I've replied to the message asking to give more details.
On October 16, I've received a reply, but still no details about the specific case. They mentioned that, their quote: "the problem here is clearly, that your service is too easy to use for fraudulent and illegal activities. ", further threatening to shut down the service within 7 days "if the situation does not improve". They also suggested a list of measures that the site should take.
I've replied informing that most of measures that they suggested were already taken, plus some other measures including an anti-abuse policy that has worked well over the years.
On October 19, I received a reply, this time hinting that I should pay them for an additional service, their quote "Maybe you see an option in using a service which lets you customize the Whois-Record, so your contact details can be mentioned for abuse instead of ours.".
I've started to deeply consider such a service, but before I would take it up, I wanted to get more info about the alleged law enforcement requests they receive, that are never forwarded, so I've asked them for more information about these once again.
On November 2nd, I received a reply, but still no details about the specific case, or the rate of such requests, questions that I've asked previously were ignored. Again, they were offering the additional service, their quote "change of infra to have your own abuse contact in registry info".
At this stage I was ready to buy whatever they were offering. I've replied to the email with only two sentences "Is there someone I can speak with directly on your team?
Let's do a 30 minute call and reach an understanding."
On November 4th, I received a reply notifying that the server has been suspended.
Btw, if there's anyone at OVH that wants to look at the issue, it is WTLXFRCVSG.85a1
your server seems reachable through a ping.
If I understand well the situation it seems that they suggest you to acquiert your own IP address to have your own @abuse contact. I think a lot of guys report your ip to @abuse (managed by OVH, not you) about spam that why OVH react.
However in that type of case, OVH swap your boot to a rescue mode :
https://docs.ovh.com/gb/en/dedicated/ovh-rescue/
You should be able to swap it to a normal boot mode.
Yes, I was under the impression that this is what they meant. It would have been great to be able to to chat so that I could learn more about how much this would cost, but as outlined above, they decided to end the conversation.
You're right, currently the server is sitting in "rescue mode" and under OVH's instructions, I'm not allowed to swap it back to the normal hard disk boot. That's ok, I can still mount the disks manually via SSH and move everything out. So at least that's some good news - the server hasn't been seized.
The hosting bill has been paid up until December, so I'll will be looking to get a partial refund hopefully.
Anyways, gotta roll with the punches I guess. Thanks for your comment.
"That's ok, I can still mount the disks manually via SSH and move everything out."
If you would like a free, temporary rsync.net account to assist in offloading or parking data just email info@rsync.net.
You can just rsync (or borg) over ssh to us.
We were considering using OVH for a huge upcoming project, not any more.
For all we know, the police appeared at the door with a suitable warrant to remove the server.
It's clear from the Tweets that OVH didn't communicate properly. Due to that, they're on a blacklist now as far as I'm concerned.
I host my temp mail
service @ OVH for the last 6-7 years and I hope they don't shut me down like that, They do from time to time send takedown requests to phishing attempts and other criminal activity which we take down ASAP but usually their response team is doing a good job.
Sounds like this is a good time to have a backup plan, probably getting servers somewhere else and making sure your DNS is hosted by someone else.
My bet is guerilla mail was pursued for fraud/terrorism/drug charges, it's not a stretch to guess how an anonymous email service is used by some users.
Looking at guerilla mail, there is no way to contact them and no information about who runs the service. It's a shady company with no legal information as far as anyone can tell. (nothing in the about us or the terms or service pages).
If the police wanted to investigate some users/mails, they would have to get a warrant to OVH to figure out who to contact in the first place (who runs that thing?). It's a fair guess that OVH receiving anything of that sort would shutdown the account immediately.
It's also possible that the police would purposefully shutdown the service and/or seize the servers but rather unlikely. Either way, all the roads lead to the site being dead.
Nowhere on the website it says that it's an anonymous email service provider - it was an anti-spam email solution first and foremost. In fact, the email sending feature prominently warned the user that their IP address would be included in the headers of the email sent. (The sending feature was not for anonymous email, but for the rare chance that a user needed to send an email from there or reply. Guerrilla Mail is mostly used for receiving)
Well, it allows to send and receive emails, it's going to be abused like an email service, how is up to creativity =)
It would certainly be nice to have more information on what exactly happened.
of course - create any website open to the public where they can message each other, and there will always be some abuse. It's unavoidable.
But what can you do? You can't police the messages for every potential form of abuse. (I've only ran an automated spam filter to make sure that the service is never used for blatant spam. I've also blanket-blocked some domains whenever I noticed a pattern in any abuse reports, and finally recipients were able to easily do a permanent block themselves). In any case, running a messaging service even more difficult if you're a small guy and not Facebook or Google.
I've added more information about the details of the suspension in another post on here:
https://news.ycombinator.com/item?id=24998922
You're being naive thinking you can run an open spam service with no consequences. Maybe you don't care about abuse but the hosting does and will act on the recurring complaints.
Seriously, cut the ability to reply to emails and that should be fine.
There's no use case to send replies for an anti-spam. Never seen a registration process that required to reply to complete the registration.
Tip: The google postmaster tool can show you the reputation of your domain and how much of your outbound emails are going to spam. That shall give you an idea how well it's abused.
https://www.gmail.com/postmaster/
It wasn't shutdown for spam, and the service is not a spam service but an ant-spam service.
The service has been sending out emails since about 2013. It only lets out a limited number of emails, and there's an anti abuse policy in place. The IP address always has a good reputation with Google and Microsoft, I am well aware of all the feedback loops.
I thought you allowed to send messages to guerilla addresses only, but you allow to send messages to the rest of the world? If you intend it only for replies, maybe check that inbox has a message that passed DKIM verification, aged no more than 4 days.
Was GM generating revenue?
i had a vps with ovh before and i am building a new service to launch soon and ovh was on top of my list...so i guess they can fuck the right off. vote with your wallet, as always.
What a bunch of cu9ts
Got any gleenogs?
Who will I use now when I want to spam people
Most people in HN use Disposable Email Address services like Guerrilla Mail almost on a daily basis to avoid companies spamming us or even worse: sell our email as PII.
But bad actors also use these services to anonymize themselves and not only abuse of legit services, but commit fraudulent activities like extortion, porn revenge, identity theft... and also terrorism.
I don’t know why OVH shuts down this service, but knowing in first person how laxe OVH rules are compared to other providers, it must be a serious thing. Probably they found out they could break the law (GDPR?) seriously keeping Guerrilla Mail as a customer.
> But bad actors also use these services to anonymize themselves
I mean yes, but then you'd also have to shut down Gmail, live.com and all the dozens of free email hosters.
Better make prepaid SIM cards illegal too. Oh an letters can be mailed anomalously, better make that illegal too.
Lots of countries require government ID to activate prepaid SIM cards for this reason (including supposedly privacy-conscious countries like Germany)
Some countries go further and require government ID to sign up for even stuff like social networks (South Korea)
You propose it as a ridiculous conclusion but these are things that democratically-elected governments do.
Good joke about Germany being privacy-conscious. From what I've read about state-of-the-art in Germany it is the most draconian state in EU (now when Britain has left).
Prepaid SIM cards without ID verification on either purchase or activation has been disappearing/banned country by country for years now.
Getting addresses at the big email providers anonymously is not easy. They ask for a mobile number if your IP isn't reputable enough (e.g. they're a Tor exit node).
They ask for mobile phones regardless of your IP.
In some countries anonymous e-mail is illegal. If your IP comes from such country, Google will _always_ ask for phone number on that account without option to refuse. Otherwise they will ask you after completing a registration (there is a delay to let you get hooked on, but Google still asks eventually). Some IP addresses are whitelisted — if you already have a "trusted" Google account, attached to that IP, or if Google recognizes your address as "corporate" or if you are an American and live in "liberal" state or... Basically, there are pockets of world, where Google does not ask it's existing accounts for phone numbers. But those pockets are shrinking and eventually you will be expected to cough up your phone. Unless you have already given Google your phone (e.g. by owning an Android device), which may create false impression, that you didn't need to.
I cannot agree more from the usage point of view.
But we have to think how others see them: The difference is about the “business model” of DEA and Freemail providers. It’s easy to justify in a court that the purpose of a Freemail service is to offer email service to individuals and that’s why they ask for PII and acceptance of a ToS.
Most of DEA don’t ask for PII to register (if any register at all) and the TOS if exists is against GDPR.
In Europe, SIM cards (prepaid or not) must have an owner, so PII is mandatory when buying one.
About anonymous letters. Do you know why the snail Mail in some European countries is “Royal Mail”? Because in the past the worst crime in a Kingdom was against the King/Queen. Anonymous mailing could cost you your life because it was a crime against the Royal Crown.
_This_ is criminal. How can they do this to us? It was a great service.
OVH added to personal shitlist of companies never to go near.
Edit: downvotes from OVH I suspect. It's perfectly rational if you read the comments about the abuse team being mostly useless. It's best to judge a company at the point something goes wrong and how it's handled not when it's going right. This is badly handled.
Your comment didn't get downvoted because people disagree or are shilling for OVH, but because it doesn't contribute anything to the conversation. Comments like this tend to get downvoted regardless of sentiment, which I'm surprised you haven't realized yet given your karma. This includes meta-commenting on comment voting.
Please refresh the guidelines.
Thank you for the reminder. I will indeed read them again.
We need to have more information to conclude anything. Servers hosting Guerrilla Mail might have been seized for an investigation for example and OVH might have very little choice but to comply.
I'm not saying it's great, but the story might have been the same if it was another provider. On the other hand, the location of the server might have a bigger impact as it changes which laws applies.
Any service of any importance should be run on hardware you own.
There should be nothing even slightly surprising about this. OVH is a shitty company that will let anyone do anything they want until enough complaints are made. They don't communicate.
Guerrilla Mail should colocate some servers and/or find a company that is small enough to have humans with whom they can actually communicate.
A colo company could change the locks or pull the cable if coming under comparable legal pressure. Depending on the colo company?
I'm surprised that Guerrilla Mail havent at least put a temporary status web page up on their domain yet though..