Archive for August 15, 2017

Tuesday, August 15, 2017

Tech Companies Fighting for User Privacy


The request from the DOJ demands that DreamHost hand over 1.3 million visitor IP addresses — in addition to contact information, email content, and photos of thousands of people — in an effort to determine who simply visited the website. (Our customer has also been notified of the pending warrant on the account.)

That information could be used to identify any individuals who used this site to exercise and express political speech protected under the Constitution’s First Amendment.


As we do in all such cases where the improper collection of data is concerned, we challenged the Department of Justice on its warrant and attempted to quash its demands for this information through reason, logic, and legal process.

Mitchel Broussard:

Apple, Twitter, Snap, Facebook, Microsoft, and a collection of other technology companies have filed a legal brief this week, aimed at the Fourth Amendment and its “rigid analog-era” protections that lag behind protecting users in the modern age (via Reuters).

Update (2017-08-23): Kate Conger:

The US Department of Justice is rescinding its request for IP logs that would have revealed visitors to a website used to plan a protest during Donald Trump’s inauguration.

Update (2017-08-24): Robert Iafolla:

A District of Columbia Superior Court judge on Thursday approved a government warrant seeking data from an anti-Trump website related to Inauguration Day protests, but he added protections to safeguard “innocent users.”

Some on Hacker News think this may be related to the DDoS that DreamHost is currently experiencing.

Update (2017-08-28): See also: these two DreamHost posts and The Register.

Update (2017-10-11): DreamHost:

Under this order, we now have the ability to redact all identifying information and protect the identities of users who interacted with before handing over any data to the court. Chief Judge Morin acknowledged that the government “does not have the right to rummage through the information contained on DreamHost’s website” to “discover the identity of . . . individuals not participating in alleged criminal activity.”


As it stands today, the sum total of requested data in this case very closely aligns with hundreds of other government requests that DreamHost has received, and complied with lawfully, in the past.

We do not intend to appeal the court’s ruling.

Tech Companies Refusing DNS Service to Daily Stormer

Katie Mettler:

After months of criticism that GoDaddy was providing a platform for hate speech, the Web hosting company announced late Sunday that it will no longer house the Daily Stormer, a neo-Nazi website that promotes white supremacist and white nationalist ideas.


“Given The Daily Stormer’s latest article comes on the immediate heels of a violent act, we believe this type of article could incite additional violence, which violates our terms of service,” Race wrote in the email.


GoDaddy has previously said that the content, however “tasteless” and “ignorant,” is protected by the First Amendment. The company told the Daily Beast in July that a Daily Stormer article threatening to “track down” the family members of CNN staffers did not violate Domains by Proxy’s terms of service.

Russell Brandom (Hacker News):

Just hours after being dropped by GoDaddy, prominent white nationalist publication The Daily Stormer attempted to find a home at Google. As of press time, the site’s registration info pointed to, indicating the web giant had taken over services as registrar.

Shortly after the switch was noticed, Google announced plans to drop the site. “We are cancelling Daily Stormer’s registration with Google Domains for violating our terms of service,” the company said in a statement. Later in the day, Google also banned The Daily Stormer from YouTube, according to Bloomberg.

Common carrier laws do not apply to DNS or Web hosting.

GoDaddy’s terms of service state in part:

You will not use this Site or the Services in a manner (as determined by GoDaddy in its sole and absolute discretion) that:

  • Is illegal, or promotes or encourages illegal activity;
  • Promotes, encourages or engages in child pornography or the exploitation of children;
  • Promotes, encourages or engages in terrorism, violence against people, animals, or property;

Google’s term of service don’t seem to have anything that specific, but they do include a sort of catch-all:

Google may accept or reject Registrant’s application for registration or renewal for any reason at its sole discretion[…].

In a way, this is disappointing because you can’t see where and how they would draw the line. On the other hand, this is the first I’ve heard of any companies refusing DNS service, and I don’t expect to see a slippery slope where lots of sites have to worry about this. I imagine that GoDaddy’s actual policy is that it’s all at their sole discretion, anyway. I seriously doubt they would reinstate service if the particular offending article were removed, nor do they want to have to continuously monitor the content of new articles.

Update (2017-08-15): Joseph Cox:

Early Tuesday morning, users on Twitter started sharing a link for a dark web version of the Daily Stormer. Searches for the URL of the site returned no results on Google, indicating that the site may be newly created. (Although the content of dark web sites themselves may not be cached by Google, many sites maintain collections of addresses for Tor hidden services, which are catalogued by the search engine.)


Running as a Tor hidden service means the site will be largely immune to some of the issues the Daily Stormer has faced over the past few days. It doesn’t rely on a domain registrar, such as GoDaddy or Google, so those companies can’t decide to stop providing services. And it is typically not possible to see what company is providing web servers to the site itself, making it unclear where to direct any complaints or takedown requests.

Keith Collins:

Other tech companies have also made moves against the far right: Airbnb banned users it suspected were traveling to attend the rally, while Discord, a chat service for online gamers, shut down a server and some accounts used for spreading extremist views.


Cloudflare acts as a shield between websites and the outside world, protecting them from hackers and preserving the anonymity of the sites’ owners. But Cloudflare is not a hosting service: It does not store website content on its servers. And that fact, as far as the company is concerned, exempts it from judgment over who its clients are—even if those clients are literally Nazis.


Cloudflare’s indiscriminate approach to its clients appeals not only to neo-Nazis, but also to another set of bad actors: websites that provide illegal hacking services.

Update (2017-08-16): See also: Hacker News.

Update (2017-08-17): Juli Clover:

Apple has disabled Apple Pay support on websites selling white nationalist and hate group apparel and accessories, reports BuzzFeed.

Matthew Prince (via Hacker News):

Earlier today, Cloudflare terminated the account of the Daily Stormer. We’ve stopped proxying their traffic and stopped answering DNS requests for their sites. We’ve taken measures to ensure that they cannot sign up for Cloudflare’s services ever again.

Our terms of service reserve the right for us to terminate users of our network at our sole discretion. The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.


The size and scale of the attacks that can now easily be launched online make it such that if you don’t have a network like Cloudflare in front of your content, and you upset anyone, you will be knocked offline. In fact, in the case of the Daily Stormer, the initial requests we received to terminate their service came from hackers who literally said: “Get out of the way so we can DDoS this site off the Internet.”


In a not-so-distant future, if we’re not there already, it may be that if you’re going to put content on the Internet you’ll need to use a company with a giant network like Cloudflare, Google, Microsoft, Facebook, Amazon, or Alibaba. […] Without a clear framework as a guide for content regulation, a small number of companies will largely determine what can and cannot be online.

Update (2017-08-18): John Gruber:

Prince’s thoughtful explanation makes clear that this was a last resort, and hopefully one-time exception, to their policy of not censoring sites over political content.

Nick Heer:

We have replaced many of the rights afforded to us in our own jurisdictions with the rights given to American companies.


Even for free speech advocates, this situation is deeply fraught with emotional, logistical, and legal twists and turns. All fair-minded people must stand against the hateful violence and aggression that seems to be growing across our country. But we must also recognize that on the Internet, any tactic used now to silence neo-Nazis will soon be used against others, including people whose opinions we agree with.


These are methods that protect us all against overbroad or arbitrary takedowns. It’s notable that in GoDaddy and Google’s eagerness to swiftly distance themselves from American neo-Nazis, no process was followed; CloudFlare’s Prince also admitted that the decision was “not CloudFlare’s policy.” Policies give guidance as to what we might expect, and an opportunity to see justice is done. We should think carefully before throwing them away.

Update (2017-08-21): Richard Kirkendall (via Hacker News):

At Namecheap, we see both sides of the free speech consideration. On the one hand, we cannot be the ones censoring content, unpopular though it may be. On the other hand, and without question, the content appearing on the is highly offensive, even more so in light of the recent events in Charlottesville, VA.


So, the question, as I see it, is whether deletion of these domains contradicts our core principle of advocacy of free speech? In this particular case, I state that the answer is “No.”


But is this the right thing for freedom of speech and should a registrar be the one making this decision? I don’t think so. In a perfect world, a registrar should be able to remain neutral in these situations regardless of public opinion but the fact of the matter is that this cannot happen in reality. Any business cannot operate under these circumstances due to the mob mentality and the nature of our current politics.

Update (2017-08-22): Tor (tweet):

We are disgusted, angered, and appalled by everything these racists stand for and do. We feel this way any time the Tor network and software are used for vile purposes. But we can't build free and open source tools that protect journalists, human rights activists, and ordinary people around the world if we also control who uses those tools. Tor is designed to defend human rights and privacy by preventing anyone from censoring things, even us.

Update (2017-11-27): Ernesto Van der Sar (via Hacker News):

Adult entertainment publisher ALS Scan wants to depose Cloudflare CEO Matthew Prince. The company is involved in a piracy liability battle with the CDN provider and brought up the recent decision to terminate the account of neo-Nazi site Daily Stormer as key evidence in the case.

F.lux 4

f.lux Software (via Hacker News):

Now f.lux can adapt to your schedule, so by telling it when you wake up, f.lux will automatically adjust throughout the seasons to help you synchronize to the day.

We’ve also tried to explain a really big topic: how light affects your body. So there are some numbers in f.lux now that indicate how bright your screen is, compared to standing outside on a bright day.

We’ve improved performance, so f.lux will have much less impact on your system and on games especially.

I never really used the more advanced features, so I’ve been pretty happy with Night Shift.

Update (2017-08-17): Ashley Bischoff:

For what it’s worth, it looks like F.lux 4 has only been released for Windows so far.

Modeling Implicit View Behaviors

Jared Sinclair:

The most critical reason why UI testing wasn’t the right choice for us is that it doesn’t make it easier to avoid breaking implicit behaviors in the first place. Over time, conditional statements pile up until it isn’t obvious from the code itself what the expected behaviors are. If a developer needs to make a change, it can be difficult to know where to begin and how to avoid introducing regressions. On our project, we sought an approach that substituted implicit behaviors with explicit behavior modeling — value types that can be passed between components and verified for correctness at compile time and in unit tests.


The evaluator returns three things: 1) an updated model, 2) a set of UI updates, and 3) a set of actions. The core replaces its current model with the updated model and performs all the actions in the actions set (if any). Lastly it forwards the UI update instructions to the view controller via a delegate protocol.


Because all the decision-making occurs inside the evaluator, and because the evaluator is a purely functional creature operating only on its inputs and always returning a value, we were able to unit test the evaluator for every event under all relevant conditions. Every property on the model struct — which is a comprehensive representation of the status of the entire system — is a value type, so it was trivial to establish special conditions for each test. As we discovered edge cases and added new features, we were able to extend the evaluator’s implementation and know immediately whether we had introduced any regressions.

Update (2017-08-16): See also: Andy Matuschak.