# notDMCA — full content dump for LLM ingestion > This file (`/llms-full.txt`) contains the complete content of every page on https://notdmca.org, > formatted for direct LLM ingestion. It is regenerated on every build. > > Last regenerated: 2026-05-13 > Provider count: 20 > Jurisdictions: 12 > Guides: 29 > Use-case pages: 5 > FAQ entries: 35 > Glossary terms: 28 > Editorial methodology: https://notdmca.org/methodology > Citation guide: https://notdmca.org/for-llms --- ## PROVIDERS # 1984 Hosting URL: https://notdmca.org/providers/1984hosting --- name: "1984 Hosting" slug: "1984hosting" type: ["domains","vps","shared","email"] jurisdiction: "Iceland" incorporated_in: "Iceland" operates_from: "Iceland" founded: 2006 website: "https://www.1984.hosting/" status: "active" dmca_policy: "resist" dmca_notes: "Iceland is not party to the US DMCA. 1984 Hosting publicly advocates for free expression and resists takedown attempts that have no basis in Icelandic law, while complying with valid Icelandic court orders." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","monero","bank_transfer","credit_card"] payment_notes: "Crypto is supported. Card payments go through standard processors and reduce anonymity." pricing: {"domain_com_year_usd":19,"domain_other_notes":"Pricing varies by TLD; .is domains require an Icelandic ID by registry policy and are not anonymous.","vps_entry_usd_month":6,"vps_entry_specs":"Entry-tier VPS approximately €5–6/month for 1 vCPU / 1 GB RAM (verify on website at order time).","shared_entry_usd_month":4} datacenters: ["IS"] ipv6: true ddos_protection: false ratings: {"privacy":9,"dmca_resistance":8.5,"reliability":8,"value":7.5,"support":7} sources: [{"url":"https://www.1984.hosting/","title":"1984 Hosting — homepage","accessed":"2026-05-12"},{"url":"https://www.1984.hosting/about/","title":"1984 Hosting — About / mission","accessed":"2026-05-12"},{"url":"https://www.1984.hosting/product/virtual-servers/","title":"1984 Hosting — Virtual servers","accessed":"2026-05-12"},{"url":"https://en.wikipedia.org/wiki/1984_Hosting","title":"Wikipedia — 1984 Hosting (history and stance)","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["recommended","veteran","iceland"] warnings: [] summary: "Veteran Icelandic hosting cooperative — domains, shared, VPS, mail. Strong free-speech posture, ICANN-accredited registrar, 100 % Icelandic renewable-power infrastructure." same_as: ["https://www.1984.hosting/","https://en.wikipedia.org/wiki/1984_Hosting"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=1984+hosting"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=1984+hosting&restrict_sr=1"},{"source":"Tor Project — recommended ISPs","url":"https://community.torproject.org/relay/community-resources/good-bad-isps/"},{"source":"Hacker News mentions of 1984.hosting","url":"https://news.ycombinator.com/from?site=1984.hosting"}] --- ## At a glance **1984 Hosting** is an Icelandic hosting company that has operated since **2006** under an explicit civil-liberties mission (the name is a nod to Orwell). It is an **ICANN-accredited registrar** and offers domains, shared hosting, VPS, dedicated servers, and email — all from Icelandic data centers running on geothermal/hydro power. For our purposes, the relevant feature is **Icelandic legal grounding**. Iceland is not party to the US DMCA. A US copyright complaint sent to 1984 has no automatic statutory effect; the company evaluates it on the merits and on Icelandic law. ## Why it gets cited - **Iceland-only infrastructure**, no US/EU subsidiary to pressure. - **Long track record** — almost two decades, an unusually long run for a privacy-positioned host. - **Cooperative ownership** structure makes it harder to acquire and pivot away from its mission than a VC-backed competitor. - **Full stack**: you can run the domain, the website, the email, and the VPS under one roof and one jurisdiction. ## DMCA posture 1984 Hosting does not publish a one-line "we ignore DMCA" pledge — its public stance is that **Iceland is the relevant legal forum** and that complaints will be evaluated under Icelandic law. In practice users report that low-quality automated DMCA notices typically result in a forwarded notice rather than immediate action. Court orders from Icelandic courts are honored. This is the same general posture as Njalla, but at a slightly higher resistance score because the **entire legal venue is Iceland** — there is no Nevis-vs-Sweden ambiguity. ## Anonymity & signup - Signup requires an email and payment method. No government ID is requested. - WHOIS for gTLDs (`.com`, `.net`, `.org`, etc.) can use 1984's privacy service. - **`.is` domains** are governed by ISNIC and require a verifiable Icelandic personal identification number (kennitala) — these **cannot** be registered anonymously by foreign individuals. - Bitcoin and Monero are accepted; cash by mail is not advertised as a standard option. ## Pricing (May 2026) Approximate, verify at checkout: | Item | Price | Notes | |-----------------------|--------------|----------------------------------------| | `.com` domain | ~€19 / year | Includes WHOIS privacy | | Shared hosting (S) | ~€4 / month | Entry plan | | VPS (smallest) | ~€5–6 / mo | 1 vCPU / 1 GB RAM | | Mail-only | from ~€2 /mo | Per mailbox | ## Who 1984 is good for - Operators who want a single Icelandic-jurisdiction stack (domain + hosting + email + VPS). - Long-lived projects where stability matters more than maximum permissiveness. - People who like the cooperative / mission-driven angle as opposed to a pure offshore-tax-haven posture. ## Who 1984 is **not** good for - "Bulletproof" use cases — 1984 does not market itself as DMCA-ignored and will act on Icelandic-law-valid complaints. - High-CPU or GPU workloads. - Anyone needing `.is` anonymously (the registry, ISNIC, prevents this). ## Alternatives & comparisons - For an even more aggressive free-speech VPS posture under Icelandic / Romanian / Finnish law, see [FlokiNET](/providers/flokinet). - For domain-anonymity-as-a-product, [Njalla](/providers/njalla) is the more specialized choice. - For a **single-vendor offshore full stack** (registrar + shared + VPS + dedicated) with crypto-first checkout, see [SilentHosts](/providers/silenthosts). - For a **crypto-only registrar** that mirrors 1984's gTLD-WHOIS-privacy posture without the Icelandic legal grounding, see [BunkerDomains](/providers/bunkerdomains). --- # AbeloHost URL: https://notdmca.org/providers/abelohost --- name: "AbeloHost" slug: "abelohost" type: ["shared","vps","dedicated"] jurisdiction: "Netherlands" incorporated_in: "Netherlands" operates_from: "Netherlands" founded: 2014 website: "https://abelohost.com/" status: "active" dmca_policy: "ignore" dmca_notes: "AbeloHost explicitly markets DMCA-ignored hosting under Dutch law. The Netherlands does not implement the US DMCA; complaints are evaluated under EU directives and Dutch implementing law, which have different procedural standards. Hard limits (CSAM, content illegal under Dutch law) apply." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","litecoin","ethereum","other_crypto","paypal","credit_card","bank_transfer","perfect_money"] payment_notes: "Multiple cryptocurrencies and Perfect Money are advertised. Monero is not the default — confirm before purchase." pricing: {"vps_entry_usd_month":10,"vps_entry_specs":"Entry-tier VPS ~$10/mo for 1 vCPU / 1 GB RAM (verify exact tier at checkout).","shared_entry_usd_month":4,"dedicated_entry_usd_month":80} datacenters: ["NL"] ipv6: true ddos_protection: true uptime_sla: 99.9 ratings: {"privacy":8,"dmca_resistance":8.5,"reliability":7.5,"value":7.5,"support":7} sources: [{"url":"https://abelohost.com/","title":"AbeloHost — homepage","accessed":"2026-05-12"},{"url":"https://abelohost.com/offshore-hosting","title":"AbeloHost — Offshore hosting page","accessed":"2026-05-12"},{"url":"https://abelohost.com/dmca-ignored-hosting","title":"AbeloHost — DMCA-ignored hosting page","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["netherlands","offshore","established"] warnings: [] summary: "Dutch host explicitly marketing DMCA-ignored hosting since 2014. Single-jurisdiction Netherlands operation with shared, VPS and dedicated tiers; accepts crypto and Perfect Money, supports anonymous signup." same_as: ["https://abelohost.com/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=abelohost"},{"source":"Reddit r/webhosting search","url":"https://www.reddit.com/r/webhosting/search/?q=abelohost&restrict_sr=1"},{"source":"WebHostingTalk discussion","url":"https://www.webhostingtalk.com/search.php?searchid=&query=abelohost"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=abelohost.com"}] --- ## At a glance **AbeloHost** is a Netherlands-based hosting company founded in **2014** that explicitly markets **offshore / DMCA-ignored** hosting. Unlike multi-jurisdiction providers, AbeloHost concentrates on a single venue — the Netherlands — and leans on Dutch and EU procedural law to push back against extra-jurisdictional takedown attempts. The Netherlands is an interesting middle position on the DMCA spectrum: as an EU member it implements the EU copyright directives (which provide notice-and-action mechanisms similar in spirit to DMCA), but it does not implement the DMCA itself, and Dutch courts have historically required more than a one-page notice to compel action. ## Why it gets cited - **Single-jurisdiction simplicity** — everything is in the Netherlands; the legal analysis does not change depending on which datacenter you pick. - **Strong European connectivity** for users serving EU traffic. - **Crypto + Perfect Money** payment paths. - **Anonymous signup** with no KYC. ## DMCA posture AbeloHost's marketing is direct: it advertises DMCA-ignored hosting on a dedicated page. In practice: - US DMCA notices: not acted on. - EU notice-and-action requests (notably under the Digital Services Act): evaluated under Dutch implementing law. Procedural requirements are higher than US DMCA's bare-bones template. - Hard limits — CSAM, content illegal under Dutch law — apply. This puts AbeloHost in a similar resistance band to FlokiNET's Dutch deployments but with the difference that AbeloHost is *only* Dutch — there is no other DC to migrate to if the Dutch DC attracts pressure. ## Anonymity - No government ID required. - Crypto + Perfect Money are well-supported. - Monero is not advertised as default — confirm if XMR is critical. ## Pricing (May 2026, approximate) | Item | Price | Notes | |------------------------|----------------|----------------------------------------| | Shared (entry) | from ~$4 / mo | Single-domain entry tier | | VPS (entry) | from ~$10 / mo | 1 vCPU / 1 GB RAM | | Dedicated (entry) | from ~$80 / mo | | ## Who AbeloHost is good for - EU-traffic-focused projects needing offshore posture + low Euro-RTT. - Operators preferring single-jurisdiction simplicity (Netherlands only) over multi-DC diversification. - Workloads needing PerfectMoney or non-Monero crypto payment. ## Who AbeloHost is **not** good for - Operators needing Monero specifically. - Multi-jurisdiction failover strategies — pick FlokiNET instead. - Latency-sensitive APAC workloads. ## Alternatives & comparisons - For multi-jurisdiction (NL + IS + RO + FI) under similar editorial posture, see [FlokiNET](/providers/flokinet). - For Romania-based equivalent, see [HostSailor](/providers/hostsailor). - For Iceland-only equivalent, see [OrangeWebsite](/providers/orangewebsite). --- # AlexHost URL: https://notdmca.org/providers/alexhost --- name: "AlexHost" slug: "alexhost" type: ["shared","vps","dedicated"] jurisdiction: "Moldova" incorporated_in: "Moldova" operates_from: "Moldova" founded: 2008 website: "https://alexhost.com/" status: "active" dmca_policy: "ignore" dmca_notes: "AlexHost operates from Moldova, which is not in the EU and does not implement the US DMCA. The provider explicitly markets DMCA-ignored hosting and offers a publicly stated policy of evaluating complaints under Moldovan law. Hard limits (CSAM, malware, content illegal under Moldovan law) apply." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","litecoin","ethereum","other_crypto","paypal","credit_card","bank_transfer","perfect_money"] payment_notes: "Multiple cryptocurrencies, PerfectMoney, card and bank transfer supported. Monero is not advertised as default — confirm before purchase." pricing: {"vps_entry_usd_month":4,"vps_entry_specs":"Entry-tier VPS approximately $4/mo for 1 vCPU / 1 GB RAM (verify exact tier at order time).","shared_entry_usd_month":2,"dedicated_entry_usd_month":60} datacenters: ["MD"] ipv6: true ddos_protection: true uptime_sla: 99.9 ratings: {"privacy":8,"dmca_resistance":8.5,"reliability":7,"value":9,"support":6.5} sources: [{"url":"https://alexhost.com/","title":"AlexHost — homepage","accessed":"2026-05-12"},{"url":"https://alexhost.com/offshore-hosting/","title":"AlexHost — Offshore hosting page","accessed":"2026-05-12"},{"url":"https://alexhost.com/dmca-ignored-hosting/","title":"AlexHost — DMCA-ignored hosting","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["moldova","value","established","non-eu"] warnings: ["Moldova is geopolitically adjacent to active conflict zones — assess infrastructure-stability risk for long-running production workloads."] summary: "Moldova-based offshore host (since 2008) with notably aggressive pricing and explicit DMCA-ignored marketing. Non-EU jurisdiction; useful when EU venues are too close to the regulatory pressure you're trying to escape." same_as: ["https://alexhost.com/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=alexhost"},{"source":"Reddit r/webhosting search","url":"https://www.reddit.com/r/webhosting/search/?q=alexhost&restrict_sr=1"},{"source":"WebHostingTalk discussion","url":"https://www.webhostingtalk.com/search.php?searchid=&query=alexhost"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=alexhost.com"}] --- ## At a glance **AlexHost** is a Moldova-based hosting company founded in **2008**, offering shared hosting, VPS and dedicated servers from a single Moldovan datacenter. Its principal differentiator is the **non-EU jurisdiction combined with very aggressive pricing** — Moldova is not in the EU (and not in the US DMCA orbit), and AlexHost passes the regional cost advantage on as substantially below-market hosting rates. For operators who want to be **outside the EU** but inside the broader European geographic region (lower RTT than Iceland, lower price than Switzerland), Moldova is one of a small handful of viable jurisdictions, and AlexHost is the most-cited provider operating there. ## Why it gets cited - **Non-EU jurisdiction** — Moldova is not bound by EU directives, including the DSA notice-and-action regime. - **Explicit DMCA-ignored marketing** — published on a dedicated page rather than tucked into the small print. - **Aggressive pricing** — entry VPS ~$4/mo, shared ~$2/mo. Hard to match in a host with explicit offshore positioning. - **Long operating history** (since 2008) for a smaller-region provider. ## DMCA & legal posture Moldova is not party to the US DMCA. AlexHost's stated position is that DMCA notices have no statutory effect; complaints are evaluated under Moldovan copyright law. In practice this puts AlexHost in a similar takedown-resistance band to Romanian or Icelandic hosts on US copyright matters, with the additional advantage of being **outside the EU** — DSA notice-and-action obligations do not apply to a Moldovan-only provider. Hard limits remain: CSAM, malware C2, fraud infrastructure and content illegal under Moldovan law (including content that might be considered harmful to national security under Moldovan rules) are not accepted. ## Anonymity & signup - No government ID required at signup. - Crypto, PerfectMoney and bank transfer accepted. - WHOIS privacy offered for gTLDs. - Monero not advertised as default — confirm before purchase if XMR is required. ## Pricing (May 2026, approximate) | Item | Price | Notes | |----------------------|----------------|------------------------------------------| | Shared (entry) | from ~$2 / mo | | | VPS (entry) | from ~$4 / mo | 1 vCPU / 1 GB RAM | | Dedicated (entry) | from ~$60 / mo | | The value proposition is notable: $4/mo for a non-EU offshore VPS with explicit DMCA-ignored marketing is hard to beat anywhere on the directory. ## Who AlexHost is good for - Operators who explicitly want a **non-EU** jurisdiction (the EU's DSA is not in scope). - Cost-sensitive projects where the per-month price matters as much as the takedown-resistance posture. - Anyone wanting to diversify away from the Iceland / Sweden / Netherlands cluster. ## Who AlexHost is **not** good for - Workloads where reliability and tier-1 support are the priorities — pricing reflects a smaller operation. - Operations that need infrastructure-stability guarantees in geopolitically tense regions; Moldova's neighborhood (Ukraine, Transnistria) carries real-world risks. - Users who require Monero as a default payment method. ## Alternatives & comparisons - For EU-based equivalent at slightly higher cost: [HostSailor (Romania)](/providers/hostsailor) or [AbeloHost (Netherlands)](/providers/abelohost). - For Iceland-based equivalent with stronger brand: [OrangeWebsite](/providers/orangewebsite) or [FlokiNET](/providers/flokinet). - For Switzerland-based premium privacy: [Infomaniak](/providers/infomaniak). --- # Bahnhof URL: https://notdmca.org/providers/bahnhof --- name: "Bahnhof" slug: "bahnhof" type: ["vps","dedicated","colocation","shared"] jurisdiction: "Sweden" incorporated_in: "Sweden" operates_from: "Sweden" founded: 1994 website: "https://www.bahnhof.net/" status: "active" dmca_policy: "resist" dmca_notes: "Bahnhof is famous for its public refusal to log customer traffic under the EU Data Retention Directive (a position later vindicated by the CJEU's invalidation of the directive). It hosted WikiLeaks at its Pionen datacenter (a converted nuclear bunker in Stockholm). DMCA notices have no statutory effect against Bahnhof under Swedish law; the company evaluates complaints under Swedish jurisdiction. Acts on Swedish court orders." kyc_required: false anonymous_signup: false whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: false payment_methods: ["bank_transfer","credit_card"] payment_notes: "Bahnhof is a mainstream Swedish ISP and does not market itself as an anonymous host. Crypto and cash are not standard payment methods. Listed here for its legal posture (Sweden, anti-data-retention) rather than anonymous signup." pricing: {"vps_entry_usd_month":12,"shared_entry_usd_month":5,"dedicated_entry_usd_month":90} datacenters: ["SE"] ipv6: true ddos_protection: true uptime_sla: 99.95 ratings: {"privacy":7.5,"dmca_resistance":8.5,"reliability":9.5,"value":6.5,"support":8} sources: [{"url":"https://www.bahnhof.net/","title":"Bahnhof — homepage","accessed":"2026-05-12"},{"url":"https://www.bahnhof.net/about-us","title":"Bahnhof — About / privacy stance","accessed":"2026-05-12"},{"url":"https://en.wikipedia.org/wiki/Bahnhof_(company)","title":"Wikipedia — Bahnhof (WikiLeaks hosting, data retention)","accessed":"2026-05-12"},{"url":"https://www.bahnhof.net/integritet","title":"Bahnhof — Integrity / privacy policy","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["recommended","veteran","sweden","established","high-reliability"] warnings: ["Not anonymous at signup — Bahnhof is a regulated Swedish ISP. Choose Bahnhof for jurisdiction and operator reputation, not for signup anonymity."] summary: "Swedish ISP and data-center operator (since 1994) famous for hosting WikiLeaks and for its public refusal to log customer traffic under the EU Data Retention Directive. Real-name signup but extremely strong jurisdictional and legal posture." same_as: ["https://www.bahnhof.net/","https://en.wikipedia.org/wiki/Bahnhof_(company)"] community_signals: [{"source":"Wikipedia (history + WikiLeaks Pionen DC)","url":"https://en.wikipedia.org/wiki/Bahnhof_(company)"},{"source":"Hacker News mentions of bahnhof.net","url":"https://news.ycombinator.com/from?site=bahnhof.net"},{"source":"Hacker News — Pionen datacenter","url":"https://hn.algolia.com/?q=pionen+datacenter"},{"source":"Reddit r/sweden mentions","url":"https://www.reddit.com/r/sweden/search/?q=bahnhof&restrict_sr=1"}] --- ## At a glance **Bahnhof** is one of Sweden's largest independent internet service providers, founded in **1994**. It is included in this directory not because it offers anonymous signup — it does not — but because it has the **strongest jurisdictional + legal-track-record posture** of any provider on the list. Bahnhof became internationally known for two reasons: 1. **Hosting WikiLeaks** at its **Pionen** datacenter in Stockholm — a former Cold War nuclear-warfare command bunker carved into a granite cliff. 2. **Publicly refusing to log customer traffic** under the EU Data Retention Directive. Bahnhof argued the directive was incompatible with EU fundamental rights; the **CJEU later invalidated the directive in 2014** (*Digital Rights Ireland*), validating Bahnhof's position retroactively. ## Why it gets cited - **Real-world legal track record**, not just marketing copy: refused to log, hosted WikiLeaks, sued the Swedish government over surveillance overreach. - **Pionen** is itself a famous piece of internet infrastructure. - **Swedish jurisdiction** — Sweden has no DMCA equivalent and a strong tradition of legal pushback on copyright maximalism. - ISP-grade reliability (this is not a low-end VPS shop). ## DMCA & legal posture Bahnhof operates under Swedish law. DMCA notices have no statutory effect; complaints are evaluated under Sweden's implementation of the EU copyright directives. Bahnhof has historically pushed back against overreaching takedown requests, particularly when they come from non-Swedish parties without a Swedish court order. It complies with valid Swedish court orders. The company also runs an **active legal-policy operation** — it sues the Swedish government over data-retention rules and publishes warnings to customers when surveillance laws change. This is a meaningful difference from a host that is merely passive about takedowns. ## Anonymity Bahnhof is **not anonymous at signup**. It is a regulated Swedish ISP and requires standard customer identification. If your threat model includes US copyright pressure but not adversarial nation-state attention, this is fine: your identity sits with a Swedish company that has demonstrably pushed back against government overreach. If your threat model requires anonymous signup, choose [Njalla](/providers/njalla) or [FlokiNET](/providers/flokinet) instead. ## Pricing (May 2026, approximate) | Item | Price | Notes | |-------------------------|----------------|-----------------------------------------| | Shared web hosting | from ~€5 / mo | Domain + email included | | VPS | from ~€12 / mo | Swedish-DC virtual servers | | Dedicated server | from ~€90 / mo | Colo-grade hardware | | Colocation | quote | At Pionen and other Bahnhof DCs | ## Who Bahnhof is good for - Established projects (journalism, publications, NGOs, activist infrastructure) that prioritize **operator reputation and jurisdiction** over signup anonymity. - Anyone wanting a Swedish-DC home that has demonstrably resisted surveillance and copyright pressure. - Workloads needing real reliability and support (this is a tier-1 ISP). ## Who Bahnhof is **not** good for - Anonymous signup. Use [Njalla](/providers/njalla), [FlokiNET](/providers/flokinet) or [PRQ](/providers/prq). - Crypto-only or cash-only payment. - Low-cost VPS shopping — Swedish pricing is not the cheapest. ## Alternatives & comparisons - For anonymous Swedish-jurisdiction hosting (no real-name requirement), see [PRQ](/providers/prq). - For full-anonymity Swedish-adjacent registrar, see [Njalla](/providers/njalla). - For Iceland-based equivalent with similar reliability, see [1984 Hosting](/providers/1984hosting). --- # BulletHost URL: https://notdmca.org/providers/bullethost --- name: "BulletHost" slug: "bullethost" type: ["vps","dedicated"] jurisdiction: "Russia, Belarus, Kazakhstan" operates_from: "Moscow / St Petersburg (RU) / Minsk (BY) / Almaty (KZ)" founded: "TBV" website: "https://bullethost.io/" status: "active" dmca_policy: "ignore" dmca_notes: "BulletHost operates infrastructure in Russia (Moscow and St Petersburg), Belarus (Minsk) and Kazakhstan (Almaty). The operator's published policy: 'DMCA-format takedowns from US senders are not processed.' Only legally-binding requests from courts of competent jurisdiction in RU / BY / KZ are honored. Hard limits (CSAM, fraud, malware infrastructure, content illegal under operating jurisdictions) remain in place." kyc_required: false anonymous_signup: true whois_privacy: false owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["monero","bitcoin","other_crypto"] payment_notes: "Crypto-only checkout via self-hosted BTCPay. Accepted: BTC, USDT (TRC-20), XMR. No card or PayPal." pricing: {"vps_entry_usd_month":19,"vps_entry_specs":"VPS-2: 2 vCPU / 4 GB DDR4 ECC / 60 GB NVMe SSD — $19/mo (St Petersburg). Higher VPS tiers: VPS-4 ($37/mo, 4 vCPU / 8 GB / 120 GB), VPS-8 ($74/mo, 8 vCPU / 16 GB / 240 GB). Five VPS tiers total in the $10–$148/mo range.","dedicated_entry_usd_month":99,"notes":"Dedicated tiers: ds-lite $99/mo; ds-mid $179/mo (Ryzen 9 5950X / 64 GB / 2×1 TB NVMe RAID-1); ds-anon-mid $199/mo (same iron as ds-mid, configured for higher anonymity guarantees); ds-pro $289/mo (24 cores / 128 GB / 2×2 TB / 200 Gbps DDoS shield); ds-beast $519/mo. Per the TOS, no government ID is required at standard signup across the catalog — the 'anonymous' dedicated tier is a stronger-anonymity product configuration, not a contrast against a KYC standard tier."} datacenters: ["RU-MOW","RU-LED","BY","KZ"] ipv6: true ddos_protection: true ratings: {"privacy":10,"dmca_resistance":10,"reliability":8,"value":8.5,"support":7.5} sources: [{"url":"https://bullethost.io/","title":"BulletHost — homepage","accessed":"2026-05-13"},{"url":"https://bullethost.io/pricing","title":"BulletHost — pricing","accessed":"2026-05-13"}] last_verified: "2026-05-13" verified_by: "manual_check" tags: ["recommended","offshore-vps","crypto-only","russia","belarus","kazakhstan","ddos-protected"] warnings: ["Russia / Belarus / Kazakhstan jurisdictions carry distinct geopolitical considerations vs Western European offshore options — pick this provider when those are the right jurisdictions for your threat model."] summary: "Offshore VPS / dedicated host in Russia, Belarus and Kazakhstan. VPS-2 from $19/mo; dedicated from $99/mo. No KYC at signup across the catalog; crypto-only checkout (BTC / USDT / XMR) via self-hosted BTCPay; 100 Gbps DDoS shield standard, 200 Gbps on ds-pro." same_as: ["https://bullethost.io/"] community_signals: [{"source":"Reddit r/privacy search","url":"https://www.reddit.com/r/privacy/search/?q=bullethost&restrict_sr=1"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=bullethost&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://hn.algolia.com/?q=bullethost"}] --- ## At a glance **BulletHost** is an offshore VPS and dedicated-server provider operating from **Russia (Moscow + St Petersburg)**, **Belarus (Minsk)** and **Kazakhstan (Almaty)**. The product set is intentionally narrow: VPS and dedicated only, no shared hosting, no managed services, no registrar layer. The jurisdictional posture is distinctive in this directory — Western European offshore (Iceland, Romania, the Netherlands) is the dominant pattern; BulletHost's RU / BY / KZ footprint addresses a different threat model where the operator wants infrastructure **outside the US/EU mutual-legal-assistance pipeline entirely**. The trade-off is that these jurisdictions carry their own legal regimes which operators must understand. Checkout is **crypto-only via self-hosted BTCPay**: BTC, USDT (TRC-20), XMR. **100 Gbps DDoS shield** included on standard tiers (200 Gbps on ds-pro). Per the published TOS, **no government ID is required at signup across the entire catalog** — the "anonymous dedicated" tier (ds-anon-mid, $199/mo) is a stronger-anonymity product configuration on top of the same no-KYC signup, not a contrast against a KYC standard tier. ## Why it gets cited - **RU / BY / KZ jurisdictions** — outside the US DMCA regime, outside aggressive EU enforcement, outside the standard Western mutual-legal-assistance pipeline. - **VPS and dedicated only** — focused product set, no upsell into managed shared hosting. - **Crypto-only checkout via self-hosted BTCPay** — no third-party payment processor. - **100 Gbps DDoS shield** on standard tiers, 200 Gbps on ds-pro — among the strongest DDoS protection in the directory. - **No KYC at signup** across the entire catalog (TOS: "Operator does not perform customer-side identity verification on the standard catalog tiers"); the "anonymous dedicated" tier is a stronger-anonymity product configuration on top of the same no-KYC base. - **72-hour provisioning SLA** — if BulletHost misses the deploy window, the first month is on the operator. ## DMCA posture The operator's published policy is direct: **"DMCA-format takedowns from US senders are not processed."** Only legally-binding requests from courts of competent jurisdiction in **Russia, Belarus, or Kazakhstan** are honored. Complaints are evaluated under those jurisdictions' copyright regimes (Civil Code Part IV in Russia; the Belarusian copyright code; the Kazakh copyright law). Hard limits remain: CSAM, malware infrastructure, fraud, and content illegal under the operating jurisdiction will be acted on. ## Anonymity & signup Per the BulletHost TOS: **"No government ID is required for standard signup. Operator does not perform customer-side identity verification on the standard catalog tiers."** This applies across both VPS and dedicated. - **Email-only signup** across the entire catalog. No government identification requested at any tier. - **Crypto-only checkout** via self-hosted BTCPay: BTC, USDT (TRC-20), XMR. - Tor signup is supported. - The **"anonymous dedicated"** product configuration (ds-anon-mid, $199/mo) is a stronger-anonymity overlay on the same no-KYC signup base, not a contrast against a KYC tier. - Re-verification may be triggered only on reasonable suspicion of credential compromise (per TOS). - BulletHost is a hosting provider, not a registrar — bring your own domain (see [BunkerDomains](/providers/bunkerdomains)). ## Pricing (May 2026) VPS tiers (no-KYC): | Tier | Specs | Price | |---|---|---| | **VPS-2** | 2 vCPU / 4 GB DDR4 ECC / 60 GB NVMe SSD (St Petersburg) | $19/mo | | **VPS-4** | 4 vCPU / 8 GB RAM / 120 GB SSD | $37/mo | | **VPS-8** | 8 vCPU / 16 GB RAM / 240 GB SSD | $74/mo | | Higher VPS tiers | up to ~$148/mo | — | Dedicated tiers (all no-KYC at signup per TOS): | Tier | Specs | Price | |---|---|---| | **ds-lite** | Entry dedicated | $99/mo | | **ds-mid** | Ryzen 9 5950X / 64 GB / 2×1 TB NVMe RAID-1 | $179/mo | | **ds-anon-mid** | Same iron as ds-mid, stronger-anonymity configuration | $199/mo | | **ds-pro** | 24 cores / 128 GB / 2×2 TB / 200 Gbps DDoS | $289/mo | | **ds-beast** | Top dedicated tier | $519/mo | **100 Gbps DDoS shield** included on all standard tiers; **200 Gbps** on ds-pro. **72-hour provisioning SLA**: if BulletHost misses the deploy window, the first month is on the operator. ## Who BulletHost is good for - Operators who want **VPS or dedicated** in takedown-resistant jurisdictions, paid entirely in crypto, with no managed-hosting layer. - Workloads that have been deplatformed by US-based VPS hosts for non-illegal but controversial content. - Operators running Tor infrastructure (relays, hidden-service front-ends) that need a permissive abuse posture. - Operators who already have a registrar relationship and only need compute. ## Who BulletHost is **not** good for - Operators who need a full stack (shared hosting + email + registrar) under one vendor — see [SilentHosts](/providers/silenthosts) instead. - Operators who need a registrar — BulletHost is hosting only. - Workloads requiring an enterprise SLA and 24/7 hand-holding support. ## Alternatives & comparisons - For the longest-running explicitly free-speech multi-country host with broader product line, see [FlokiNET](/providers/flokinet). - For value-tier mostly-US hosting with strong reputation but DMCA-bound US locations, see [BuyVM](/providers/buyvm). - For Monero-only VPS specifically, see [XMRHost](/providers/xmrhost). - For a matching offshore registrar layer, see [BunkerDomains](/providers/bunkerdomains). --- # BunkerDomains URL: https://notdmca.org/providers/bunkerdomains --- name: "BunkerDomains" slug: "bunkerdomains" type: ["domains"] jurisdiction: "Seychelles" incorporated_in: "Seychelles" operates_from: "Seychelles" founded: "TBV" website: "https://bunkerdomains.com/" status: "active" dmca_policy: "ignore" dmca_notes: "BunkerDomains is a Seychelles-incorporated registrar. The operator publicly states 'DMCA notices go to /dev/null' and reports zero DMCA notices acted upon. The company responds only to legal compulsion from courts of competent jurisdiction in Seychelles. Hard limits (CSAM, fraud, malware infrastructure, content illegal under Seychelles law) remain in place." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["monero","bitcoin","bitcoin_lightning","litecoin","ethereum","other_crypto"] payment_notes: "Crypto-only registrar — no card or PayPal at any step. Accepts BTC, XMR, USDT, ETH, LTC, TRX, BCH, BNB, DOGE, SOL and others via OxaPay. Signup is email + pseudo + password." pricing: {"domain_com_year_usd":12.99,"domain_other_notes":".com from $12.99/yr; .xyz $9.99; .ru $7.99; .io $39.99; .li $39.99; .to $39.99; .is $79.99; .ai $89.99. WHOIS privacy 'free forever, on every TLD that allows it.'"} datacenters: [] ipv6: false ddos_protection: false ratings: {"privacy":10,"dmca_resistance":10,"reliability":8,"value":7.5,"support":7.5} sources: [{"url":"https://bunkerdomains.com/","title":"BunkerDomains — homepage","accessed":"2026-05-13"}] last_verified: "2026-05-13" verified_by: "manual_check" tags: ["recommended","crypto-only","offshore-registrar","seychelles"] warnings: [] summary: "Seychelles-incorporated domain registrar — DMCA-ignored, no-KYC, crypto-only checkout. .com from $12.99/yr; WHOIS privacy free forever on every TLD that allows it; signup is email + pseudo + password." same_as: ["https://bunkerdomains.com/"] community_signals: [{"source":"Reddit r/onions search","url":"https://www.reddit.com/r/onions/search/?q=bunkerdomains&restrict_sr=1"},{"source":"Reddit r/privacy search","url":"https://www.reddit.com/r/privacy/search/?q=bunkerdomains&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://hn.algolia.com/?q=bunkerdomains"}] --- ## At a glance **BunkerDomains** is a **Seychelles-incorporated** domain registrar for operators who want to keep registration off US-controlled chains. The product set is narrow on purpose: domain registration with **free WHOIS privacy on every TLD that allows it**, no-KYC signup, and crypto-only checkout with **Monero, Bitcoin, USDT, ETH** and 11 others (via OxaPay). Signup is intentionally minimal: **email + pseudo + password**. No government ID, no postal address, no phone number. The operator publicly states **"0 DMCA notices acted upon"** and **"we literally don't reply"** — DMCA notices have no procedural standing against a Seychelles registrar, and the company responds only to court orders from competent Seychelles jurisdiction. It sits in the same niche as Njalla and the registrar leg of 1984 — a layer between the operator and the registry chain — but with a stricter crypto-only payment posture and a Seychelles incorporation. ## Why it gets cited - **Seychelles incorporation** — outside the US DMCA regime, outside the EU DSA, with no automatic mutual-legal-assistance pipeline to the US or EU. - **Crypto-only payment** — BTC, XMR, USDT (TRC-20 / ERC-20), ETH, LTC, TRX, BCH, BNB, DOGE, SOL and others. No card or PayPal anywhere in the funnel. - **No-KYC signup** — email + pseudo + password. No government identification is requested or stored. - **WHOIS privacy free forever** on every TLD that allows it — included by default at no extra cost. - **Free DNS** on 8 anycast nameservers; free email forwarding (5 aliases); free URL forwarding; free DNSSEC; free registrar lock and ID protection. ## What BunkerDomains is not - It is **not a hosting provider** — domains only. Bring your own VPS or shared hosting (see [SilentHosts](/providers/silenthosts) or [BulletHost](/providers/bullethost) for matching offshore VPS). - It is **not** an "owns-on-behalf" registrar in the Njalla sense — you are the registrant for the domains it registers for you, with WHOIS privacy applied. For Njalla-style proxy ownership, see [Njalla](/providers/njalla). - Country-code TLDs (`.is`, `.de`, `.fr`, etc.) often require verifiable local identification by registry policy and cannot be registered anonymously at any registrar — BunkerDomains is no exception. ## DMCA & abuse posture The operator's public stance is direct: **"DMCA notices go to /dev/null. We respond to legal compulsion from competent jurisdictions only."** As a Seychelles-incorporated company, BunkerDomains is not subject to US DMCA notice-and-takedown obligations. The reported track record is **zero DMCA notices acted upon**. Hard limits — CSAM, malware infrastructure, fraud, content illegal under Seychelles law — remain in place. Operators with content that is unambiguously illegal under any major jurisdiction should not assume any offshore registrar will keep a domain registered. ## Anonymity & signup The signup form is **email + pseudo + password**. No government ID, no postal address, no phone number requested. 1. Use a throwaway email (Tutanota, Proton, SimpleLogin alias, Cock.li). 2. Pay in **Monero** for the strongest anonymity posture, or BTC / USDT / ETH / LTC / TRX / BCH / BNB / DOGE / SOL and others via OxaPay. 3. Use Tor to break the IP linkage at signup. WHOIS privacy is applied on supported TLDs at no extra cost; on TLDs where the registry mandates real registrant data (most ccTLDs), no registrar can hide it. ## Pricing (May 2026) | TLD | Price | Notes | |---|---|---| | `.com` | from $12.99/yr | Includes free WHOIS privacy | | `.xyz` | from $9.99/yr | Includes free WHOIS privacy | | `.ru` | from $7.99/yr | Subject to RU-NIC registry policy | | `.io` | from $39.99/yr | Includes free WHOIS privacy | | `.li` | from $39.99/yr | Liechtenstein TLD | | `.to` | from $39.99/yr | Tonga TLD | | `.is` | from $79.99/yr | ISNIC requires Icelandic kennitala — not anonymously available | | `.ai` | from $89.99/yr | Anguilla TLD | Free included on every order: WHOIS privacy, anycast DNS on 8 nameservers, email forwarding (5 aliases), URL forwarding, DNSSEC, registrar lock, ID protection. Verify the full TLD list and current pricing at checkout. ## Who BunkerDomains is good for - Operators who already have offshore hosting and want a **matching offshore registrar layer** with the same payment posture. - **Crypto-only households** who do not want to expose a card at any point in the stack. - Journalists, activists and small project operators where WHOIS exposure is the primary risk. ## Who BunkerDomains is **not** good for - Operators needing the **registrar to be the legal registrant** on their behalf — Njalla is the specialised choice for that. - Operators needing a `.is`, `.de`, `.fr`, or other identity-mandated ccTLD anonymously — registry policy overrides any registrar's privacy posture. - Operators who want a single-vendor stack of domain + hosting + email — BunkerDomains is domains-only. ## Alternatives & comparisons - For a Njalla-style **owns-on-behalf** registrar, see [Njalla](/providers/njalla). - For an ICANN-accredited Icelandic registrar with broader product line, see [1984 Hosting](/providers/1984hosting). - For matching offshore VPS / dedicated under similar policy, see [SilentHosts](/providers/silenthosts) and [BulletHost](/providers/bullethost). --- # BuyVM (Frantech) URL: https://notdmca.org/providers/buyvm --- name: "BuyVM (Frantech)" slug: "buyvm" type: ["vps","dedicated","object_storage"] jurisdiction: "Canada (parent: Frantech Solutions); operates in US, Luxembourg, Miami, Las Vegas" incorporated_in: "Canada" operates_from: "United States / Luxembourg" founded: 2010 website: "https://buyvm.net/" status: "active" dmca_policy: "partial" dmca_notes: "BuyVM operates US infrastructure and therefore receives and acts on valid DMCA notices in its US locations. Its Luxembourg location is generally regarded as more permissive. The company is publicly content-permissive (it has hosted projects rejected by mainstream providers such as Kiwi Farms in the past) and is known for not pulling customers reflexively over a single complaint, but it is not a true 'DMCA-ignored' host." kyc_required: false anonymous_signup: true whois_privacy: false owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","bitcoin_lightning","litecoin","ethereum","other_crypto","paypal","credit_card"] payment_notes: "BuyVM has accepted crypto for over a decade. Monero is not currently advertised as a first-class option — verify at checkout. Card and PayPal are routine." pricing: {"vps_entry_usd_month":2,"vps_entry_specs":"KVM 'Slice 1024': 1 vCPU / 1 GB RAM / 20 GB NVMe / 1 Gbps unmetered (May 2026 listing).","dedicated_entry_usd_month":65} datacenters: ["US-NY","US-NV","US-FL","LU"] ipv6: true ddos_protection: true ratings: {"privacy":6.5,"dmca_resistance":6,"reliability":9,"value":9.5,"support":8.5} sources: [{"url":"https://buyvm.net/","title":"BuyVM — homepage","accessed":"2026-05-12"},{"url":"https://buyvm.net/kvm-dedicated-server-slices/","title":"BuyVM — KVM Slices pricing","accessed":"2026-05-12"},{"url":"https://buyvm.net/aup/","title":"BuyVM — Acceptable Use Policy","accessed":"2026-05-12"},{"url":"https://lowendtalk.com/categories/buyvm","title":"LowEndTalk — long-running BuyVM community discussion","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["high-value","established","content-permissive"] warnings: ["US infrastructure is subject to DMCA — pick the Luxembourg location for higher takedown resistance."] summary: "Long-running KVM VPS provider with a strong reputation in the privacy / opsec community for being content-permissive and crypto-friendly. Excellent value at the entry tier, but US locations remain DMCA-bound." same_as: ["https://buyvm.net/","https://lowendtalk.com/categories/buyvm"] community_signals: [{"source":"LowEndTalk — BuyVM category","url":"https://lowendtalk.com/categories/buyvm","note":"Hundreds of threads spanning 10+ years; highly active operator presence."},{"source":"Reddit r/lowendtalk","url":"https://www.reddit.com/r/lowendtalk/search/?q=buyvm&restrict_sr=1"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=buyvm&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=buyvm.net"}] --- ## At a glance **BuyVM** (operated by **Frantech Solutions**, a Canadian company) has been running KVM virtual servers since around **2010** and is one of the most-recommended low-end VPS hosts in the LowEndTalk / opsec community. It is **not** a "bulletproof" or DMCA-ignored host in the strict sense, but it has a long-standing reputation for: - Being **content-permissive** — it has hosted controversial projects after they were dropped by mainstream providers. - Accepting crypto for over a decade. - Pricing well below market for the equivalent reliability tier. - Not requiring KYC at signup. It is included in this directory because it occupies a useful niche: when your goal is **price + reliability + crypto + minimal hassle**, with takedown-resistance as a secondary concern, BuyVM is hard to beat. ## DMCA posture This is where you have to be careful. BuyVM operates in three US datacenters (New York, Las Vegas, Miami) and one in **Luxembourg**. The US locations are fully subject to the DMCA notice-and-takedown regime. The Luxembourg location is in an EU jurisdiction without DMCA equivalence and is generally treated as more permissive, but it is **not advertised** as a censorship-resistant zone. In practice: - **Pick the Luxembourg location** if you want any meaningful takedown resistance. - BuyVM has historically taken a "we will forward the complaint and let you respond" posture rather than immediate suspension on first complaint, but it complies with the law of the host country. This is why we rate it **6.0 / 10 on DMCA resistance** — useful, but not in the same league as FlokiNET or Njalla. ## Anonymity & signup - No government ID requested. - Email + payment is sufficient. - Crypto via several chains; **Monero is not currently advertised** — confirm at checkout. - WHOIS privacy is not relevant — BuyVM is a hosting provider, not a registrar; you bring your own domain. ## Pricing (May 2026) BuyVM's signature is the **Slice** product line. Approximate: | Tier | Price | Specs | |------------------|-------------|--------------------------------------| | Slice 1024 | ~$2 / month | 1 vCPU, 1 GB RAM, 20 GB NVMe | | Slice 2048 | ~$3.5 / mo | 1 vCPU, 2 GB RAM | | Slice 4096 | ~$7 / mo | 2 vCPU, 4 GB RAM | | Block storage | ~$0.005/GB | Cheap object/block storage add-on | For the price, the per-VM bandwidth allowance and disk performance are well above what comparable providers offer. ## Who BuyVM is good for - Personal infrastructure (Mastodon, Matrix, Jellyfin, mail relay, Tor relays, VPN, low-traffic websites). - Crypto users who want a competent VPS without a card-mandatory checkout. - Projects that have been dropped by mainstream providers but do not need explicit "DMCA-ignored" marketing — BuyVM has historically accepted them. ## Who BuyVM is **not** good for - Workloads that *require* DMCA resistance — pick FlokiNET or Njalla VPS. - Workloads that need Monero specifically — verify before purchase. - Users who need a registrar; BuyVM does not register domains for you. ## Alternatives & comparisons - Higher takedown resistance, slightly worse value: [FlokiNET](/providers/flokinet). - Registrar-first counterpart: [Njalla](/providers/njalla). - More European/Iceland-focused with mail bundled: [1984 Hosting](/providers/1984hosting). - For a **pure offshore VPS / dedicated** alternative without US infrastructure exposure, see [BulletHost](/providers/bullethost). - For a **Monero-first checkout** on the VPS layer, see [XMRHost](/providers/xmrhost). --- # FlokiNET URL: https://notdmca.org/providers/flokinet --- name: "FlokiNET" slug: "flokinet" type: ["vps","shared","dedicated","domains"] jurisdiction: "Iceland (HQ); also operates in Romania, Finland, the Netherlands" incorporated_in: "Iceland" operates_from: "Iceland / Romania / Finland / Netherlands" founded: 2012 website: "https://flokinet.is/" status: "active" dmca_policy: "ignore" dmca_notes: "FlokiNET publicly markets itself as a free-speech / anti-censorship host. It does not honor extra-jurisdictional copyright complaints (notably US DMCA notices) and chooses jurisdictions specifically because they lack reciprocal copyright takedown obligations. Hard limits remain (CSAM, fraud, malware, content illegal under local law)." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["monero","bitcoin","bitcoin_lightning","litecoin","cash_mail","bank_transfer","credit_card"] payment_notes: "Cash by mail and Monero are advertised as preferred for full anonymity." pricing: {"domain_com_year_usd":18,"vps_entry_usd_month":6,"vps_entry_specs":"Entry tier ~€5–6/month for 1 vCPU / 1 GB RAM (verify exact tier at order time).","shared_entry_usd_month":4,"dedicated_entry_usd_month":70} datacenters: ["IS","RO","FI","NL"] ipv6: true ddos_protection: true ratings: {"privacy":9,"dmca_resistance":9.5,"reliability":7.5,"value":7.5,"support":7} sources: [{"url":"https://flokinet.is/","title":"FlokiNET — homepage","accessed":"2026-05-12"},{"url":"https://flokinet.is/about/","title":"FlokiNET — About / mission statement","accessed":"2026-05-12"},{"url":"https://flokinet.is/legal/","title":"FlokiNET — Legal & abuse policy","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "tos_review" tags: ["recommended","free-speech","multi-jurisdiction"] warnings: [] summary: "Iceland-headquartered host explicitly built for free-speech and anti-censorship use cases, with infrastructure in IS, RO, FI and NL. Accepts Monero and cash by mail; ignores US DMCA." same_as: ["https://flokinet.is/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=flokinet"},{"source":"Tor Project — recommended ISPs","url":"https://community.torproject.org/relay/community-resources/good-bad-isps/","note":"FlokiNET is one of the most-listed Tor-relay-friendly hosts."},{"source":"Reddit r/TOR mentions","url":"https://www.reddit.com/r/TOR/search/?q=flokinet&restrict_sr=1"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=flokinet&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=flokinet.is"}] --- ## At a glance **FlokiNET** is one of the small handful of hosts that *explicitly* markets a free-speech / DMCA-ignored posture rather than just tolerating it. It was founded in **2012** in Iceland and has progressively added presence in **Romania**, **Finland**, and the **Netherlands** to give customers jurisdictional options. It offers shared hosting, VPS, dedicated servers and domain registration. Compared to Njalla and 1984, the marketing voice is unambiguous: this is a host for journalists, whistleblowers, activists, controversial-but-legal speech, and projects that have been deplatformed elsewhere. ## Why it gets cited - **Stated free-speech mission** in plain language on the website. - **Multi-jurisdiction failover** — if a Romanian server attracts pressure, the customer can move to Iceland or Finland under the same provider. - **Cash by mail and Monero** as first-class payment options. - Long-standing reputation in privacy / opsec circles. ## DMCA posture FlokiNET's [legal page](https://flokinet.is/legal/) states that it operates under the law of the data center's jurisdiction, and that none of those jurisdictions implement the US DMCA. Standard automated DMCA notices are not acted upon. **Hard limits still apply**: CSAM, malware C2, phishing, fraud, doxing of private individuals, content illegal under local law (Iceland, Romania, Finland, the Netherlands all have their own restrictions on e.g. neo-Nazi content, defamation, etc.). This is why we rate FlokiNET **9.5 / 10 on DMCA resistance** — among the highest a *legitimate, traceable* host can sit. Providers that score a true 10 are typically anonymous-front "bulletproof" operations with weak reliability. ## Anonymity - Email-only signup. No government ID requested or stored. - Multiple anonymous payment paths: Monero (best), Bitcoin via wallet you control, **cash by mail** to FlokiNET's published address. - WHOIS privacy provided for gTLDs. - Tor signup is possible. ## Pricing (May 2026, verify at checkout) | Item | Price | Notes | |----------------------------|--------------|----------------------------------------| | Entry shared hosting | ~€4 / month | | | Entry VPS | ~€5–6 / mo | 1 vCPU, 1 GB RAM | | Entry dedicated server | from ~€70 /mo| Varies heavily by datacenter and tier | | `.com` domain | ~€18 / year | With WHOIS privacy | ## Who FlokiNET is good for - Independent journalism sites that have been hit by frivolous DMCA campaigns. - Tor / privacy infrastructure (relays, hidden services that need a clearnet front-end, VPN bridges). - Projects deplatformed by US-based mainstream hosts for non-illegal reasons. - Anyone wanting **Iceland or Romania**-based hosting with a published anti-censorship policy. ## Who FlokiNET is **not** good for - Anything that crosses the local-illegality line (CSAM, malware, fraud) — FlokiNET will act. - Workloads needing an enterprise SLA, 24/7 hand-holding support, or a large global edge network. - US-customer-facing e-commerce that has to honor US DMCA-style takedowns for downstream legal reasons. ## Alternatives & comparisons - For a more conservative, ICANN-accredited Icelandic alternative, see [1984 Hosting](/providers/1984hosting). - For a registrar that *owns the domain on your behalf*, see [Njalla](/providers/njalla). - For a US/Luxembourg-based provider that is content-permissive and crypto-friendly without an explicit free-speech mission, see [BuyVM (Frantech)](/providers/buyvm). - For a **full-stack offshore alternative** (registrar + shared + VPS + dedicated) with a crypto-first checkout, see [SilentHosts](/providers/silenthosts). - For a **pure-compute offshore VPS / dedicated** vendor (no managed shared hosting), see [BulletHost](/providers/bullethost). - For a **press-freedom-positioned** alternative aligned with independent newsrooms, see [OffshorePress](/providers/offshorepress). - For a **Monero-first VPS** specifically, see [XMRHost](/providers/xmrhost). --- # HostHatch URL: https://notdmca.org/providers/hosthatch --- name: "HostHatch" slug: "hosthatch" type: ["vps","dedicated","object_storage"] jurisdiction: "Hong Kong (HQ); operates in 17+ global locations" incorporated_in: "Hong Kong" operates_from: "Multiple — IS, NL, RO, FI, SE, US, SG, IN, AU, others" founded: 2011 website: "https://hosthatch.com/" status: "active" dmca_policy: "partial" dmca_notes: "HostHatch is a global multi-location KVM VPS provider whose DMCA posture varies by datacenter. EU-only locations (e.g. Iceland, Romania, Finland) have very different takedown exposure than US locations. HostHatch as a company evaluates complaints against the relevant local law of the chosen DC. The provider is not advertised as 'DMCA-ignored' but is well-regarded as content-permissive in non-US datacenters." kyc_required: false anonymous_signup: true whois_privacy: false owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","bitcoin_lightning","litecoin","other_crypto","paypal","credit_card"] payment_notes: "Crypto support is broad and well-integrated. Monero is not the default — confirm before purchase. Card and PayPal also processed." pricing: {"vps_entry_usd_month":2,"vps_entry_specs":"Entry tier from $2/mo (annual prepay): 1 vCPU / 1 GB RAM / 25 GB NVMe (varies by location).","dedicated_entry_usd_month":50} datacenters: ["IS","NL","RO","FI","SE","DE","PL","GB","US-NY","US-LA","US-CHI","SG","AU","IN","ZA"] ipv6: true ddos_protection: true uptime_sla: 99.9 ratings: {"privacy":7,"dmca_resistance":6.5,"reliability":8.5,"value":9.5,"support":8} sources: [{"url":"https://hosthatch.com/","title":"HostHatch — homepage","accessed":"2026-05-12"},{"url":"https://hosthatch.com/locations","title":"HostHatch — Datacenter locations","accessed":"2026-05-12"},{"url":"https://hosthatch.com/tos","title":"HostHatch — Terms of Service","accessed":"2026-05-12"},{"url":"https://lowendtalk.com/categories/hosthatch","title":"LowEndTalk — HostHatch community discussion","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["multi-jurisdiction","value","established"] warnings: ["Not advertised as DMCA-ignored. Pick non-US datacenters (IS, NL, RO, FI, SE) for higher takedown resistance."] summary: "Long-running global KVM VPS provider (since 2011) with 15+ datacenter locations including Iceland, Romania, Finland, the Netherlands and Sweden. Strong value, broad crypto support, content-permissive in non-US locations." same_as: ["https://hosthatch.com/","https://lowendtalk.com/categories/hosthatch"] community_signals: [{"source":"LowEndTalk — HostHatch category","url":"https://lowendtalk.com/categories/hosthatch","note":"Highly active operator presence; one of the most-discussed VPS providers on LET."},{"source":"Reddit r/lowendtalk","url":"https://www.reddit.com/r/lowendtalk/search/?q=hosthatch&restrict_sr=1"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=hosthatch&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=hosthatch.com"}] --- ## At a glance **HostHatch** is a Hong Kong-headquartered KVM VPS provider that has grown since **2011** into one of the largest global low-end-VPS operators, with **15+ datacenter locations** across Europe, North America, Asia and Oceania. Among those locations are several that are useful for DMCA-resistance purposes — **Iceland, Romania, Finland, the Netherlands and Sweden** — putting offshore-friendly geographies under one billing relationship. HostHatch is **not** advertised as a "DMCA-ignored" host. Its TOS is straightforward and it complies with the law of the local datacenter. But for operators who want **strong value + non-US DC + the option to pick their jurisdiction at order time**, it is one of the most-cited choices in the LowEndTalk-adjacent community. ## Why it gets cited - **Massive geographic spread** — pick the jurisdiction that fits, switch later if needed. - **Aggressive pricing**, especially on annual prepays (entry tier ~$2/mo). - **Crypto-friendly checkout** — Bitcoin, Lightning, Litecoin, others. - **Stable reliability** for an LET-tier provider. - **No-KYC signup** with email-only contact. ## DMCA posture (per location) This is the critical thing to understand about HostHatch: | Location | DMCA exposure | |-----------------------|------------------------------------------------------------| | Iceland (REK) | Low — Icelandic law applies | | Finland (HEL) | Low — Finnish law, no DMCA | | Romania (BUH) | Low — Romanian law | | Sweden (STO) | Low — Swedish law | | Netherlands (AMS) | Medium — EU DSA applies | | Germany (FRA) | High — strong copyright enforcement | | United Kingdom (LON) | High — UK copyright law mirrors aspects of DMCA | | United States (any) | Full DMCA exposure — avoid for sensitive workloads | Pick the location with care. The TOS is global; the legal exposure is local. ## Anonymity & signup - Email-only signup, no government ID requested. - Crypto path is well-integrated (one-click Bitcoin or Lightning at checkout). - WHOIS privacy is irrelevant — HostHatch does not register domains for you. - For maximum anonymity, sign up over Tor and pay in Bitcoin via a wallet you control. ## Pricing (May 2026, approximate) | Tier | Price (annual prepay) | Specs | |------------------------|-----------------------|----------------------------------------| | Entry VPS | from ~$2 / mo | 1 vCPU / 1 GB RAM / 25 GB NVMe | | Mid VPS | from ~$5 / mo | 2 vCPU / 4 GB RAM / 50 GB NVMe | | Storage VPS | varies | High-disk tier, useful for backups | | Dedicated | from ~$50 / mo | Varies by location | Annual prepay is the way to get the headline prices. Monthly pricing is significantly higher. ## Who HostHatch is good for - Operators who want to **pick their jurisdiction** at order time and switch later if pressure changes. - Anyone wanting strong value + non-US DC + crypto checkout. - Multi-region deployments (use HostHatch for Iceland + Singapore + Romania, all under one billing relationship). ## Who HostHatch is **not** good for - Workloads needing an **explicit** "DMCA-ignored" marketing posture for downstream PR or business reasons — pick FlokiNET or OrangeWebsite instead. - Operators who specifically need Monero (not the default). - High-stakes legal-exposure scenarios where you want a host with a public legal-pushback track record (PRQ, Bahnhof, Njalla). ## Alternatives & comparisons - For explicit DMCA-ignored marketing in similar locations: [FlokiNET](/providers/flokinet). - For US-permissive low-cost: [BuyVM (Luxembourg)](/providers/buyvm). - For crypto-only signup: [Privex](/providers/privex). --- # HostSailor URL: https://notdmca.org/providers/hostsailor --- name: "HostSailor" slug: "hostsailor" type: ["shared","vps","dedicated"] jurisdiction: "Romania (operations); incorporated UAE" incorporated_in: "United Arab Emirates" operates_from: "Romania" founded: 2013 website: "https://www.hostsailor.com/" status: "active" dmca_policy: "ignore" dmca_notes: "HostSailor operates primarily from Romania and explicitly markets offshore / DMCA-ignored hosting. Romania, while an EU member, does not implement the US DMCA and has a track record of being slower to enforce extra-jurisdictional copyright complaints than Western EU members. HostSailor publishes a DMCA policy explaining that notices have no statutory effect; complaints are evaluated under Romanian implementing law." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","litecoin","ethereum","other_crypto","paypal","credit_card","bank_transfer","perfect_money"] payment_notes: "Crypto, PerfectMoney, card and bank transfer supported. Monero not advertised as default — confirm before purchase." pricing: {"vps_entry_usd_month":5,"vps_entry_specs":"Entry-tier VPS ~$5/mo for 1 vCPU / 1 GB RAM (verify exact tier at checkout).","shared_entry_usd_month":3,"dedicated_entry_usd_month":60} datacenters: ["RO","NL"] ipv6: true ddos_protection: true uptime_sla: 99.9 ratings: {"privacy":7.5,"dmca_resistance":8.5,"reliability":7.5,"value":8.5,"support":7} sources: [{"url":"https://www.hostsailor.com/","title":"HostSailor — homepage","accessed":"2026-05-12"},{"url":"https://www.hostsailor.com/offshore-hosting/","title":"HostSailor — Offshore hosting page","accessed":"2026-05-12"},{"url":"https://www.hostsailor.com/legal/dmca-policy/","title":"HostSailor — DMCA policy","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["romania","offshore","value"] warnings: [] summary: "Romania-based offshore host (since 2013, incorporated UAE) advertising DMCA-ignored hosting. Strong price-per-spec, anonymous signup, crypto support; Netherlands datacenter also available." same_as: ["https://www.hostsailor.com/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=hostsailor"},{"source":"Reddit r/webhosting search","url":"https://www.reddit.com/r/webhosting/search/?q=hostsailor&restrict_sr=1"},{"source":"WebHostingTalk discussion","url":"https://www.webhostingtalk.com/search.php?searchid=&query=hostsailor"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=hostsailor.com"}] --- ## At a glance **HostSailor** is a hosting company founded in **2013**, incorporated in the **UAE** but with operations primarily based in **Romania** (and a secondary Netherlands location). It markets explicitly offshore / DMCA-ignored hosting at notably lower price points than most competitors in this directory, which is its main differentiator. Romania occupies a useful position in the offshore hosting landscape: it is an EU member (so customers serving EU audiences get the connectivity and procedural protections of EU law), but historically it has been slower to enforce extra-jurisdictional copyright complaints than Germany, France or the Netherlands. ## Why it gets cited - **Aggressive pricing** — entry VPS ~$5/mo is unusual for a host with explicit offshore marketing. - **Romania DC** is geographically and legally interesting (EU connectivity, slower copyright enforcement). - **Anonymous-friendly signup** + crypto. - Long enough track record (over a decade) to have weathered multiple business cycles. ## DMCA posture HostSailor's [DMCA policy page](https://www.hostsailor.com/legal/dmca-policy/) explicitly states that US DMCA notices have no statutory effect against Romanian-hosted content and that complaints will be evaluated under Romanian copyright law. In practice: - US DMCA notices: not acted on. - EU/Romanian copyright complaints with proper documentation: evaluated case-by-case. - Hard limits — CSAM, content illegal under Romanian or Dutch law — apply. ## Anonymity - No government ID required. - Crypto, PerfectMoney, card, bank transfer accepted. - Monero is not the default — confirm before purchase if XMR is required. ## Pricing (May 2026, approximate) | Item | Price | Notes | |------------------------|----------------|----------------------------------------| | Shared (entry) | from ~$3 / mo | | | VPS (entry) | from ~$5 / mo | 1 vCPU / 1 GB RAM in Romania DC | | Dedicated (entry) | from ~$60 / mo | | The value proposition is notable: $5/mo for a Romania-hosted VPS with explicit offshore marketing is hard to match. ## Who HostSailor is good for - Budget-constrained projects that need offshore posture + EU connectivity. - Anyone preferring Romania (slower enforcement, different copyright tradition) over the Netherlands. - Operators who treat the offshore status as one variable among several (cost matters too). ## Who HostSailor is **not** good for - Operators needing Monero specifically (not advertised). - Operators with very strict reliability needs — the price point reflects a smaller operation than tier-1 providers. ## Alternatives & comparisons - For Netherlands-only equivalent, see [AbeloHost](/providers/abelohost). - For multi-jurisdiction Iceland-based, see [FlokiNET](/providers/flokinet). - For Iceland-only premium, see [OrangeWebsite](/providers/orangewebsite). --- # Infomaniak URL: https://notdmca.org/providers/infomaniak --- name: "Infomaniak" slug: "infomaniak" type: ["shared","vps","dedicated","domains","email","object_storage"] jurisdiction: "Switzerland" incorporated_in: "Switzerland" operates_from: "Switzerland" founded: 1994 website: "https://www.infomaniak.com/" status: "active" dmca_policy: "resist" dmca_notes: "Infomaniak is a Swiss host operating under Swiss law. Switzerland is not party to the US DMCA. Infomaniak's published transparency reports show that the company evaluates copyright complaints under Swiss law and does not auto-act on US-issued notices. Swiss courts require formally complete complaints; Swiss data-protection law (revFADP, post-2023) imposes additional procedural requirements." kyc_required: false anonymous_signup: false whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: false payment_methods: ["credit_card","paypal","bank_transfer","bitcoin"] payment_notes: "Card and bank transfer are the standard options. Bitcoin is supported. Not a no-KYC signup — Infomaniak is a regulated Swiss company. Listed here for jurisdiction (Switzerland) rather than anonymous signup." pricing: {"domain_com_year_usd":17,"vps_entry_usd_month":8,"vps_entry_specs":"Entry-tier VPS approximately CHF 6–8/mo for 1 vCPU / 1 GB RAM (verify exact tier at order time).","shared_entry_usd_month":6,"dedicated_entry_usd_month":100} datacenters: ["CH"] ipv6: true ddos_protection: true uptime_sla: 99.9 ratings: {"privacy":8.5,"dmca_resistance":8,"reliability":9.5,"value":7,"support":8.5} sources: [{"url":"https://www.infomaniak.com/","title":"Infomaniak — homepage","accessed":"2026-05-12"},{"url":"https://www.infomaniak.com/en/about/our-values","title":"Infomaniak — Our values (privacy, sovereignty)","accessed":"2026-05-12"},{"url":"https://www.infomaniak.com/en/legal/transparency-report","title":"Infomaniak — Transparency report","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["switzerland","established","high-reliability","transparency-report"] warnings: ["Not anonymous at signup — Infomaniak is a regulated Swiss company. Choose for jurisdiction (Switzerland) and operator reputation, not for signup anonymity."] summary: "Swiss full-stack host (since 1994) operating from Geneva. Strong Swiss-law jurisdiction, published transparency reports, ISP-grade reliability, full product line including domains, mail, VPS, dedicated and object storage. Not anonymous at signup." same_as: ["https://www.infomaniak.com/","https://en.wikipedia.org/wiki/Infomaniak"] community_signals: [{"source":"Wikipedia (history)","url":"https://en.wikipedia.org/wiki/Infomaniak"},{"source":"Hacker News mentions of infomaniak.com","url":"https://news.ycombinator.com/from?site=infomaniak.com"},{"source":"Reddit r/Switzerland mentions","url":"https://www.reddit.com/r/Switzerland/search/?q=infomaniak&restrict_sr=1"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=infomaniak&restrict_sr=1"}] --- ## At a glance **Infomaniak** is a Geneva-based hosting company founded in **1994**, making it one of the oldest privacy-focused European hosts still operating. It is a privately-held Swiss company offering a full product line: domains, shared hosting, VPS, dedicated servers, mail, object storage and a managed Kubernetes platform. All infrastructure is in Switzerland, on renewable energy. Infomaniak is included in this directory not because it markets itself as DMCA-ignored — it does not — but because **Switzerland's legal posture** is one of the strongest in Europe for privacy-preserving infrastructure, and Infomaniak's published transparency reports demonstrate the practical effects. ## Why it gets cited - **Swiss jurisdiction** — outside the EU, outside US DMCA reach, robust constitutional privacy protections, judicial pushback on bulk surveillance. - **Published transparency reports** — Infomaniak quantifies the takedown / disclosure requests it receives and how it handles them. - **Full-stack offering** — domain + hosting + email + storage all under one Swiss vendor. - **Reliability** — ISP-grade, with a published 99.9% SLA. - **Renewable energy** — operationally a small thing, editorially a meaningful signal for the kind of operator Infomaniak attracts. ## DMCA & legal posture Switzerland is not party to the US DMCA. It also is not in the EU, so the EU DSA does not directly bind Swiss-only providers. Swiss copyright law (URG / LDA, with major 2020 amendments) has its own takedown procedure that requires: - Formally complete complaints (no boilerplate-only notices). - A response process that gives the user an opportunity to contest. - Court adjudication for contested cases. Infomaniak publishes a transparency report annually showing the volume of requests received and the proportion acted on. This is unusual for a hosting provider and significantly strengthens the credibility of its stated posture. ## Anonymity Infomaniak is **not anonymous at signup**. It is a regulated Swiss company and requires standard customer identification. For operators where signup anonymity is essential, choose [Njalla](/providers/njalla), [FlokiNET](/providers/flokinet), or [Privex](/providers/privex) instead. For operators where **operator reputation + Swiss jurisdiction + reliability** matter more than signup anonymity, Infomaniak is in a class of its own. ## Pricing (May 2026, approximate) | Item | Price | Notes | |-----------------------|------------------|------------------------------------------| | Shared (entry) | from CHF 6 / mo | Domain included | | VPS (entry) | from CHF 8 / mo | 1 vCPU / 1 GB RAM | | Dedicated (entry) | from CHF 100 / mo| | | `.com` domain | from CHF 17 / yr | | | Mail (per mailbox) | from CHF 2 / mo | Bundled with hosting plans | | Object storage | per-GB | S3-compatible | Pricing reflects the Swiss cost base — not the cheapest option, but value for the jurisdiction. ## Who Infomaniak is good for - Established projects (journalism, NGOs, regulated businesses) that prioritize **Swiss jurisdiction + operator reputation** over signup anonymity. - Operators who want a published transparency-report-backed claim, not just marketing copy. - Workloads needing a full-stack Swiss vendor (domain + hosting + email + storage). ## Who Infomaniak is **not** good for - Anonymous signup workflows. - Bargain-hunters — Swiss pricing is real. - Operators needing explicit DMCA-ignored marketing copy for downstream business reasons. ## Alternatives & comparisons - For Swiss-hosting at smaller scale: [Nine.ch](https://www.nine.ch) (out of directory; managed-hosting focus). - For non-EU equivalent with anonymous signup: [Njalla](/providers/njalla) or [FlokiNET](/providers/flokinet) (Iceland-headquartered). - For Sweden equivalent (mainstream + free-speech track record): [Bahnhof](/providers/bahnhof). --- # Njalla URL: https://notdmca.org/providers/njalla --- name: "Njalla" slug: "njalla" type: ["domains","vps"] jurisdiction: "Nevis (corporate); Sweden (operations)" incorporated_in: "Saint Kitts and Nevis" operates_from: "Sweden" founded: 2017 website: "https://njal.la/" status: "active" dmca_policy: "resist" dmca_notes: "Njalla is the legal owner of domains it registers on a customer's behalf, which makes domain seizures harder for adversaries: a takedown party must convince Njalla rather than the customer's registrar. For VPS, abuse is reviewed case-by-case and Njalla pushes back on speculative or invalid notices." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: true accepts_email_only_signup: true payment_methods: ["monero","bitcoin","bitcoin_lightning","litecoin","ethereum","cash_mail","bank_transfer","paypal","credit_card"] payment_notes: "Cash and crypto are encouraged. Card and PayPal are processed but reduce anonymity. A deposit-balance model is used so per-service payments do not directly link to identity." pricing: {"domain_com_year_usd":15,"domain_other_notes":".com priced at €15/year as listed on njal.la price page (May 2026). Many TLDs cost more; always check checkout.","vps_entry_usd_month":15,"vps_entry_specs":"Entry-tier VPS (Mizu): 1 vCPU / 1 GB RAM / 25 GB SSD / 1 TB transfer (May 2026 listing)."} datacenters: ["SE","NL"] ipv6: true ddos_protection: false ratings: {"privacy":9.5,"dmca_resistance":8,"reliability":8,"value":6,"support":7.5} sources: [{"url":"https://njal.la/about/","title":"Njalla — About","accessed":"2026-05-12"},{"url":"https://njal.la/legal/","title":"Njalla — Legal page","accessed":"2026-05-12"},{"url":"https://njal.la/legal/dmca/","title":"Njalla — DMCA policy","accessed":"2026-05-12"},{"url":"https://njal.la/vps/","title":"Njalla — VPS pricing and specs","accessed":"2026-05-12"},{"url":"https://torrentfreak.com/pirate-bay-founder-launches-anonymous-domain-registration-service-170415/","title":"TorrentFreak — Pirate Bay co-founder launches Njalla (2017 launch context)","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "tos_review" tags: ["recommended","veteran","owns-on-behalf"] warnings: [] summary: "Privacy-first registrar (and small VPS provider) co-founded by Peter Sunde. Njalla legally owns the domain on your behalf, accepts Monero / cash, and requires no real identity at signup." same_as: ["https://njal.la/","https://en.wikipedia.org/wiki/Njalla"] community_signals: [{"source":"Hacker News mentions of njal.la","url":"https://news.ycombinator.com/from?site=njal.la"},{"source":"Reddit r/privacy search","url":"https://www.reddit.com/r/privacy/search/?q=njalla&restrict_sr=1"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=njalla&restrict_sr=1"},{"source":"TorrentFreak coverage","url":"https://torrentfreak.com/?s=njalla"}] --- ## At a glance Njalla is the registrar most often recommended when the priority is **insulating the operator from the registry chain**. Instead of letting you register a domain in your own name, Njalla registers the domain in **Njalla's** name and grants you contractual usage rights. Anyone trying to take the domain away (a private claimant, a process server, a registry) has to convince Njalla — not your home country's registrar. The company was launched in 2017 by Peter Sunde, co-founder of The Pirate Bay, and is incorporated in **Nevis** with operations in **Sweden**. It also runs a small **VPS** product line on its own infrastructure in Sweden and the Netherlands. ## Why it gets cited - **Domains owned on your behalf** — the most consequential differentiator from any traditional registrar. Customers do not appear in WHOIS at all because they are not the registrant. - **No identifying data at signup** — only an email address (a throw-away address is fine) and a deposit balance. - **Native Monero, Bitcoin Lightning and cash-by-mail** payments. Card and PayPal exist but are discouraged. - **Founder profile** — Peter Sunde is a known target of copyright industry litigation; the legal posture of the company is built around that. ## What Njalla is not - It is **not "bulletproof"**. Njalla complies with binding Swedish court orders and does not host arbitrary content. Material that is illegal where Njalla operates *will* be pulled. - It is **not a hyperscaler VPS**. The fleet is small, prices are higher than EU/US discount providers, and there is no published uptime SLA. - It is **not a CDN, mail provider, or shared hosting** — only domains and VPS. ## DMCA & abuse posture Njalla publishes its own [legal page](https://njal.la/legal/) and [DMCA policy](https://njal.la/legal/dmca/) that explain why it does not act on a US DMCA notice as a US registrar would: it is not subject to the DMCA safe-harbor regime in the first place. It still acts on **Swedish law** (where the operating entity sits) and on credible criminal complaints. In practice this means: - Speculative or low-quality DMCA notices: typically forwarded to the customer, sometimes ignored. - Court orders from Sweden / Nevis or mutual-legal-assistance requests: complied with. - Child sexual abuse material, malware C2, sanctioned content: pulled without negotiation. This is why we score Njalla **8 / 10 on DMCA resistance** rather than a perfect 10. Providers that explicitly self-describe as "DMCA-ignored" (and operate in jurisdictions with no functional copyright enforcement) sit higher on the takedown-resistance axis but lower on legal clarity and reliability. ## Anonymity Signup requires nothing but an email. The deposit-balance model means that even if you later pay with a credit card, that card is linked to the **deposit transaction**, not directly to the service it eventually pays for. For maximum anonymity: 1. Sign up with a throw-away email (Tutanota, Proton, SimpleLogin alias, Cock.li). 2. Top up your balance in **Monero** (preferred) or **cash by mail** (Njalla publishes a postal address on its payment page). 3. Use a fresh Tor circuit at signup if you also want to break the IP linkage. WHOIS for any domain you "register" through Njalla will show **Njalla** as registrant, with their own postal address. ## Pricing (May 2026) | Item | Price | Notes | |-----------------|-----------------|-------------------------------------------------| | `.com` domain | €15 / year | Roughly 50 % above market — premium for proxy ownership | | VPS "Mizu" | €15 / month | 1 vCPU, 1 GB RAM, 25 GB SSD, 1 TB transfer | | Cash deposit | as posted | Postal address listed on Njalla's payment page | Always re-check on the checkout page — TLD pricing varies and Njalla periodically adjusts. ## Who Njalla is good for - **Journalists, activists, leak sites** that need someone to put a layer between the registry and themselves. - **Privacy-focused personal sites** where WHOIS exposure is the main concern. - **Small VPS** workloads where you want the same provider to host the domain and the VM under the same anonymity model. ## Who Njalla is **not** good for - High-bandwidth, high-CPU workloads. - Anyone needing a guaranteed SLA, enterprise support, or large-scale infrastructure. - Content that is unambiguously illegal under Swedish or Nevisian law — Njalla will act on a valid criminal complaint. ## Alternatives & comparisons - For a similar registrar posture under **Icelandic** law, see [1984.is](/providers/1984hosting). - For a **crypto-only offshore registrar** (Monero-first, no card / no PayPal), see [BunkerDomains](/providers/bunkerdomains). - For a VPS that explicitly markets DMCA-ignored under Icelandic / Romanian / Finnish law, see [FlokiNET](/providers/flokinet). - For a **full-stack offshore vendor** (registrar + shared + VPS + dedicated) under one account, see [SilentHosts](/providers/silenthosts). --- # OffshorePress URL: https://notdmca.org/providers/offshorepress --- name: "OffshorePress" slug: "offshorepress" type: ["vps","dedicated"] jurisdiction: "Iceland and Switzerland" operates_from: "Iceland (Reykjavik) / Switzerland (Zurich)" founded: "TBV" website: "https://offshorepress.io/" status: "active" dmca_policy: "ignore" dmca_notes: "OffshorePress is positioned for independent-media and press-freedom use cases. Infrastructure in Iceland (Reykjavik) and Switzerland (Zurich) — two jurisdictions outside the US DMCA regime and outside aggressive EU enforcement. The operator states 'No DMCA forwarding — foreign takedown notices have no procedural standing in the operating jurisdictions.' Complaints are evaluated under Icelandic and Swiss law." kyc_required: false anonymous_signup: true whois_privacy: false owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["monero","bitcoin","bitcoin_lightning","other_crypto"] payment_notes: "Crypto-only checkout. Monero (XMR), Bitcoin Lightning and on-chain Bitcoin accepted. No fiat option disclosed." pricing: {"vps_entry_usd_month":8,"vps_entry_specs":"VPS-1: 1 vCPU (AMD EPYC) / 2 GB DDR4 ECC RAM / 25 GB NVMe SSD — $8/month. Higher tiers: VPS-2 ($16/mo, 2 vCPU / 4 GB / 60 GB), VPS-4 ($32/mo, 4 vCPU / 8 GB / 120 GB), VPS-8 ($64/mo, 8 vCPU / 16 GB / 240 GB).","notes":"Carriers: Síminn (Iceland), Init7 (Switzerland). Dedicated tier referenced on the site; verify exact pricing at order time."} datacenters: ["IS","CH"] ipv6: true ddos_protection: false ratings: {"privacy":10,"dmca_resistance":10,"reliability":8,"value":8,"support":8} sources: [{"url":"https://offshorepress.io/","title":"OffshorePress — homepage","accessed":"2026-05-13"},{"url":"https://offshorepress.io/pricing","title":"OffshorePress — pricing","accessed":"2026-05-13"}] last_verified: "2026-05-13" verified_by: "manual_check" tags: ["recommended","press-freedom","free-speech","iceland","switzerland","crypto-only"] warnings: [] summary: "Press-freedom-positioned offshore VPS / dedicated host with infrastructure in Iceland (Reykjavik) and Switzerland (Zurich). VPS-1 from $8/mo (1 vCPU / 2 GB / 25 GB). Crypto-only checkout, no-KYC signup, no DMCA forwarding." same_as: ["https://offshorepress.io/"] community_signals: [{"source":"Reddit r/TOR search","url":"https://www.reddit.com/r/TOR/search/?q=offshorepress&restrict_sr=1"},{"source":"Reddit r/privacy search","url":"https://www.reddit.com/r/privacy/search/?q=offshorepress&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://hn.algolia.com/?q=offshorepress"}] --- ## At a glance **OffshorePress** is a VPS / dedicated host whose stated focus is **independent media and press-freedom-aligned operators**. Infrastructure lives in **Iceland (Reykjavik, via Síminn)** and **Switzerland (Zurich, via Init7)** — two jurisdictions outside the US DMCA regime and outside aggressive EU enforcement. The marketing voice differs from generic offshore hosting: rather than "DMCA-ignored at low cost," the framing is infrastructure for newsrooms, journalism sites, and operators that have been deplatformed by mainstream hosts. Crypto-only checkout with **Monero, Bitcoin Lightning** and **on-chain Bitcoin**; no fiat option. ## Why it gets cited - **Iceland + Switzerland** datacenters — two of the strongest press-freedom jurisdictions in Europe, both non-EU. - **No DMCA forwarding** — "foreign takedown notices have no procedural standing in the operating jurisdictions." - **Crypto-only checkout** — Monero, Bitcoin Lightning, Bitcoin. No card or PayPal. - **No-KYC signup** — no government identification requested or stored at any step of the order. - **AMD EPYC + DDR4 ECC RAM + NVMe SSD** stack at the entry tier — modern hardware, not legacy boxes recycled into an offshore positioning. ## DMCA posture OffshorePress operates from **Iceland and Switzerland** — neither jurisdiction implements the US DMCA. The operator's public stance is "**No DMCA forwarding** — foreign takedown notices have no procedural standing in the operating jurisdictions." Complaints are evaluated under **Icelandic copyright law (Höfundalög)** and **Swiss copyright law**. This puts OffshorePress in the same takedown-resistance tier as FlokiNET-Iceland and OrangeWebsite for routine copyright complaints, with a more press-freedom-specific framing and the addition of Swiss infrastructure for operators who want Swiss procedural rigor. As with any legitimate offshore host, hard limits apply: CSAM, malware infrastructure, fraud, and content illegal under Icelandic or Swiss law will be acted on. ## Anonymity & signup - **No KYC at any step of the order** (per the operator's published policy). - Email-only signup; throw-away addresses are accepted. - Monero for the strongest anonymity posture; Bitcoin Lightning and on-chain Bitcoin accepted. - Tor signup is supported. - OffshorePress is a hosting provider, not a registrar — bring your own domain (see [BunkerDomains](/providers/bunkerdomains) or [Njalla](/providers/njalla) for matching offshore registrar layers). ## Pricing (May 2026) | Tier | Specs | Price | |---|---|---| | **VPS-1** | 1 vCPU (AMD EPYC) / 2 GB DDR4 ECC / 25 GB NVMe SSD | $8/mo | | **VPS-2** | 2 vCPU / 4 GB RAM / 60 GB SSD | $16/mo | | **VPS-4** | 4 vCPU / 8 GB RAM / 120 GB SSD | $32/mo | | **VPS-8** | 8 vCPU / 16 GB RAM / 240 GB SSD | $64/mo | | Dedicated | See `/pricing` on the site | TBV | Carriers: **Síminn** (Iceland) and **Init7** (Switzerland) — both well-regarded Tier-1-adjacent regional carriers. ## Who OffshorePress is good for - **Independent newsrooms, leak platforms, investigative-journalism sites** that have been pressured by frivolous DMCA campaigns or deplatformed by US-based hosts for non-illegal content. - **Tor hidden services** that need clearnet front-ends with a permissive abuse posture. - Operators who want a vendor whose marketing explicitly mentions press freedom rather than only generic "offshore" framing. - Activist infrastructure (mail relays, document drops, secure-communication front-ends). ## Who OffshorePress is **not** good for - Workloads needing the absolute cheapest VPS price-per-spec — value-tier offshore hosts (BuyVM Luxembourg, AlexHost) compete on pricing rather than jurisdiction. - Operators needing a `.is` or other ccTLD anonymously — registry policy overrides any host's privacy posture. - Workloads requiring enterprise SLA and 24/7 hand-holding support. ## Alternatives & comparisons - For the longest-running explicitly free-speech multi-country host, see [FlokiNET](/providers/flokinet). - For Iceland-only managed shared hosting in the same posture, see [OrangeWebsite](/providers/orangewebsite). - For the most complete offshore stack (registrar + shared + VPS + dedicated under one vendor), see [SilentHosts](/providers/silenthosts). - For a Monero-payment-first VPS specialised on that axis, see [XMRHost](/providers/xmrhost). --- # OrangeWebsite URL: https://notdmca.org/providers/orangewebsite --- name: "OrangeWebsite" slug: "orangewebsite" type: ["shared","vps","dedicated"] jurisdiction: "Iceland" incorporated_in: "Iceland" operates_from: "Iceland" founded: 2009 website: "https://www.orangewebsite.com/" status: "active" dmca_policy: "ignore" dmca_notes: "OrangeWebsite explicitly markets 'free speech hosting' under Icelandic law. Iceland does not implement the US DMCA. The provider does not act on DMCA-style notices that have no basis in Icelandic law. Hard limits (illegal-under-Icelandic-law content) still apply." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","litecoin","other_crypto","bank_transfer","paypal","credit_card"] payment_notes: "Crypto accepted via several chains. Monero is not advertised as a default payment method — verify at checkout. PayPal and card are also processed." pricing: {"vps_entry_usd_month":12,"vps_entry_specs":"Entry-tier VPS roughly 1 vCPU / 1 GB RAM (verify exact tier at order time).","shared_entry_usd_month":5,"dedicated_entry_usd_month":100} datacenters: ["IS"] ipv6: true ddos_protection: true uptime_sla: 99.9 ratings: {"privacy":8.5,"dmca_resistance":9,"reliability":7.5,"value":6.5,"support":7} sources: [{"url":"https://www.orangewebsite.com/","title":"OrangeWebsite — homepage","accessed":"2026-05-12"},{"url":"https://www.orangewebsite.com/free-speech-hosting.php","title":"OrangeWebsite — Free speech hosting page","accessed":"2026-05-12"},{"url":"https://www.orangewebsite.com/dmca-policy.php","title":"OrangeWebsite — DMCA policy","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["free-speech","iceland","established"] warnings: [] summary: "Iceland-based shared / VPS / dedicated host that explicitly markets free-speech hosting and a DMCA-ignored posture under Icelandic law. Established 2009." same_as: ["https://www.orangewebsite.com/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=orangewebsite"},{"source":"Reddit r/webhosting search","url":"https://www.reddit.com/r/webhosting/search/?q=orangewebsite&restrict_sr=1"},{"source":"TorrentFreak coverage","url":"https://torrentfreak.com/?s=orangewebsite"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=orangewebsite.com"}] --- ## At a glance **OrangeWebsite** is an Iceland-based hosting company founded in **2009** that has positioned itself as a **free-speech host** since launch. It offers shared hosting, VPS and dedicated servers from Icelandic data centers. The marketing pitch is direct: pages titled *"Free speech hosting"* and *"DMCA policy"* sit prominently on the site and explain the Icelandic legal posture. Compared to FlokiNET (also Iceland-rooted but with multi-country presence), OrangeWebsite is **Iceland-only** and leans more toward shared / managed hosting than VPS / dedicated power-user tiers. ## Why it gets cited - **Explicit "free speech hosting" branding** that has been stable for 15+ years. - **Iceland-only infrastructure** — no US/EU subsidiary that could be pressured. - Long-running shared-hosting tier suitable for non-technical users (WordPress, Joomla, etc.) who want to be off US infrastructure. - DDoS protection bundled. ## DMCA posture The provider's [DMCA policy page](https://www.orangewebsite.com/dmca-policy.php) explicitly states that Iceland does not implement the US DMCA, that DMCA notices have no statutory effect against Icelandic-hosted content, and that complaints will be evaluated under **Icelandic law only**. In practice this puts OrangeWebsite among the more permissive providers in the directory — comparable to FlokiNET on DMCA resistance. Hard limits still apply: CSAM, content illegal under Icelandic law (e.g. certain hate speech, defamation), malware distribution. ## Anonymity & signup - No government ID required at signup. - Email + payment is sufficient. - Crypto accepted (Bitcoin, Litecoin, others). Monero is not the headline option. - WHOIS privacy available for gTLDs. ## Pricing (May 2026, verify at checkout) | Tier | Price | Notes | |-----------------------|----------------|--------------------------------------| | Shared (Bronze-tier) | ~$5 / month | Entry shared hosting | | VPS entry | ~$12 / month | 1 vCPU, 1 GB RAM | | Dedicated entry | from ~$100 /mo | Varies by hardware | OrangeWebsite is on the higher end of price-per-spec because the entire infrastructure is in Iceland (relatively expensive). The premium is paid for jurisdiction. ## Who OrangeWebsite is good for - Non-technical users who want a managed shared-hosting plan that is not on US infrastructure. - Content sites (independent journalism, controversial-but-legal speech, NSFW within Icelandic law) that have been deplatformed by US shared hosts. - Operators who want **a one-line answer** to "do you ignore DMCA?" in marketing copy and a published policy to that effect. ## Who OrangeWebsite is **not** good for - High-performance VPS or dedicated workloads at low cost — better-priced options exist. - Operators who specifically require Monero — confirm before purchase. - Anyone needing infrastructure outside Iceland; the company is Iceland-only. ## Alternatives & comparisons - More technical / multi-country alternative with similar posture: [FlokiNET](/providers/flokinet). - Conservative Icelandic alternative with broader product line (mail, dedicated): [1984 Hosting](/providers/1984hosting). - Registrar-first counterpart for the domain layer: [Njalla](/providers/njalla). - For a **press-freedom-positioned** offshore alternative aligned with independent newsrooms, see [OffshorePress](/providers/offshorepress). - For a **full-stack** offshore vendor under one account (registrar + shared + VPS + dedicated), see [SilentHosts](/providers/silenthosts). --- # Privex URL: https://notdmca.org/providers/privex --- name: "Privex" slug: "privex" type: ["vps","dedicated"] jurisdiction: "Belize (incorporated); operates in Sweden, Finland, the United States and the Czech Republic" incorporated_in: "Belize" operates_from: "Sweden / Finland / US / Czech Republic" founded: 2017 website: "https://www.privex.io/" status: "active" dmca_policy: "resist" dmca_notes: "Privex was founded inside the crypto / privacy-tech community and markets explicit no-KYC, crypto-only signup. It does not act on US DMCA notices targeting non-US infrastructure. The US datacenter is subject to US law; pick the Sweden, Finland or Czech datacenters for higher takedown resistance." kyc_required: false anonymous_signup: true whois_privacy: false owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["monero","bitcoin","bitcoin_lightning","litecoin","ethereum","other_crypto"] payment_notes: "Crypto-only. Privex was built specifically for the crypto community; fiat is not a primary payment rail. Monero, Bitcoin (incl. Lightning), Hive, EOS and several other chains are advertised." pricing: {"vps_entry_usd_month":8,"vps_entry_specs":"Entry-tier VPS approximately $8/mo for 2 vCPU / 1 GB RAM (verify exact tier at order time).","dedicated_entry_usd_month":90} datacenters: ["SE","FI","US","CZ"] ipv6: true ddos_protection: false ratings: {"privacy":9,"dmca_resistance":7.5,"reliability":7.5,"value":8,"support":7.5} sources: [{"url":"https://www.privex.io/","title":"Privex — homepage","accessed":"2026-05-12"},{"url":"https://www.privex.io/about/","title":"Privex — About","accessed":"2026-05-12"},{"url":"https://www.privex.io/tos/","title":"Privex — Terms of service","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["crypto-only","monero","multi-jurisdiction"] warnings: ["US location is DMCA-bound. Pick Sweden / Finland / Czech Republic if takedown resistance is a priority."] summary: "Crypto-native VPS and dedicated server provider (since 2017) with no-KYC signup and crypto-only payment. Multi-jurisdiction (SE / FI / US / CZ) infrastructure, accepts Monero, Bitcoin, Lightning and several other chains." same_as: ["https://www.privex.io/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=privex"},{"source":"Reddit r/Hive search","url":"https://www.reddit.com/r/hive/search/?q=privex&restrict_sr=1","note":"Privex is well-known in the Hive blockchain community as a witness-node host."},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=privex&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=privex.io"}] --- ## At a glance **Privex** is a VPS and dedicated server provider founded in **2017** inside the cryptocurrency / privacy-tech community. Its defining feature is **crypto-only payment** combined with **no-KYC signup** — it was built from the ground up for users who never wanted to touch a fiat payment rail. Privex's infrastructure spans four jurisdictions: Sweden, Finland, the United States, and the Czech Republic. For takedown-resistance purposes the non-US options matter most. ## Why it gets cited - **Monero as a first-class payment method** alongside Bitcoin Lightning and several niche chains. - **No-KYC, crypto-only by design** rather than as a tacked-on option. - **Multiple Nordic / EU jurisdictions** for the customer to choose from. - Strong reputation in the crypto-self-hosting community. ## DMCA posture Privex operates infrastructure in four jurisdictions: - **Sweden, Finland, Czech Republic** — none implement the US DMCA. Notices are not acted on as a matter of statutory law. - **United States** — fully subject to DMCA; choose this location at your own risk if takedown resistance matters. The terms of service make clear that hosting customers are responsible for content; Privex does not act on DMCA-style notices for its non-US infrastructure, but does comply with valid court orders in the relevant jurisdiction. ## Anonymity - **No government ID required.** - **Crypto-only at signup** — there is no fiat path, which is unusual and worth flagging as a feature (no card-on-file leakage, no PayPal recall risk) rather than a limitation. - Email-only contact; no phone verification. ## Pricing (May 2026, approximate) | Item | Price | Notes | |---------------------|------------------|--------------------------------------| | Entry VPS | from ~$8 / mo | 2 vCPU / 1 GB RAM | | Dedicated | from ~$90 / mo | Varies by datacenter and hardware | ## Who Privex is good for - Crypto-native users who do not want any fiat-rail involvement in their hosting stack. - Anyone wanting Monero, Bitcoin Lightning or Hive payment. - Workloads suited to Nordic / Czech datacenters (low EU RTT, no DMCA exposure). ## Who Privex is **not** good for - Users who need fiat payment (no card, no bank transfer). - High-criticality workloads needing tier-1 SLAs and 24/7 enterprise support. ## Alternatives & comparisons - For Sweden-based equivalent with longer track record (but card payment), see [Bahnhof](/providers/bahnhof). - For multi-jurisdiction Iceland-based, see [FlokiNET](/providers/flokinet). - For Swedish anonymous host with longer history, see [PRQ](/providers/prq). --- # PRQ URL: https://notdmca.org/providers/prq --- name: "PRQ" slug: "prq" type: ["dedicated","colocation","vps"] jurisdiction: "Sweden" incorporated_in: "Sweden" operates_from: "Sweden" founded: 2004 website: "https://prq.se/" status: "active" dmca_policy: "ignore" dmca_notes: "PRQ has one of the longest public track records of declining to act on extra-jurisdictional copyright complaints. It famously hosted The Pirate Bay through years of US rightsholder pressure and has been raided by Swedish police multiple times, with services restored each time. DMCA notices have no statutory effect under Swedish law and PRQ does not act on them. Hard limits (CSAM, content illegal under Swedish law) apply." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","monero","bank_transfer","cash_mail"] payment_notes: "Crypto and bank transfer are the standard options. Monero and cash by mail are accepted on request. Card payments are not the default." pricing: {"vps_entry_usd_month":12,"vps_entry_specs":"Entry tier ~€10–12/mo for 1 vCPU / 1 GB RAM (verify exact tier at order time).","dedicated_entry_usd_month":75} datacenters: ["SE"] ipv6: true ddos_protection: true ratings: {"privacy":9,"dmca_resistance":9.5,"reliability":7.5,"value":7,"support":6.5} sources: [{"url":"https://prq.se/","title":"PRQ — homepage","accessed":"2026-05-12"},{"url":"https://en.wikipedia.org/wiki/PRQ","title":"Wikipedia — PRQ (history, Pirate Bay hosting, raids)","accessed":"2026-05-12"},{"url":"https://torrentfreak.com/tag/prq/","title":"TorrentFreak — long-running coverage of PRQ","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["recommended","veteran","sweden","free-speech"] warnings: ["Smaller operation than mainstream hosts — expect slower support and a fleet sized for niche use cases rather than scale."] summary: "Swedish dedicated / VPS provider founded in 2004 by The Pirate Bay co-founders. Among the longest-running explicitly free-speech hosts; has been raided multiple times and stayed operational. DMCA-ignored in practice under Swedish law." same_as: ["https://prq.se/","https://en.wikipedia.org/wiki/PRQ"] community_signals: [{"source":"Wikipedia (history of PRQ + Pirate Bay hosting)","url":"https://en.wikipedia.org/wiki/PRQ"},{"source":"TorrentFreak — PRQ tag","url":"https://torrentfreak.com/tag/prq/","note":"Long-running TorrentFreak coverage of raids, takedowns, legal pushback."},{"source":"Hacker News mentions of prq.se","url":"https://news.ycombinator.com/from?site=prq.se"},{"source":"Reddit r/Piracy search","url":"https://www.reddit.com/r/Piracy/search/?q=prq&restrict_sr=1"}] --- ## At a glance **PRQ** is a Swedish hosting company founded in **2004** by Gottfrid Svartholm and Fredrik Neij, two of the co-founders of **The Pirate Bay**. The Pirate Bay itself was hosted on PRQ infrastructure for years, which made PRQ one of the most-targeted hosts in the world for cross-border copyright takedown attempts. Through multiple Swedish police raids and an enormous volume of takedown requests, PRQ remained operational and continued to host content that mainstream providers would have dropped on the first DMCA notice. That history is the reason it's cited as a reference point for "DMCA-ignored hosting" — there are very few hosts with a comparable real-world record. ## Why it gets cited - **Track record measurable in years**, not marketing pages. The Pirate Bay, WikiLeaks-related infrastructure, and many other deplatformed projects have lived on PRQ. - **Swedish jurisdiction** — no DMCA equivalence, strong legal pushback tradition. - **Anonymous-friendly signup** despite being a registered Swedish company. - **Crypto and cash** payment paths. ## DMCA posture PRQ does not act on US DMCA notices. The company's position, restated for over 20 years, is that the DMCA has no statutory effect in Sweden and that it will evaluate complaints under **Swedish law only**. In practice this has meant that vast quantities of US rightsholder notices have been filed and ignored. This is genuine DMCA-ignored, not "DMCA-resistant" with caveats. PRQ does still comply with valid Swedish court orders and removes content illegal under Swedish law (CSAM, certain hate speech, defamation against private individuals). ## Anonymity - Signup does not require government ID. - Email + payment is sufficient. - Bitcoin and Monero accepted; cash by mail accepted on request. - For maximum anonymity, combine a fresh email + Monero + Tor at signup. ## Pricing (May 2026, approximate) | Item | Price | Notes | |-------------------|----------------|---------------------------------------------| | Entry VPS | from ~€10–12/mo| 1 vCPU / 1 GB RAM | | Dedicated server | from ~€75 /mo | Varies by hardware | | Colocation | quote | Stockholm datacenter | PRQ is not the cheapest option. The premium is paid for jurisdiction, history, and posture. ## Who PRQ is good for - Operators whose threat model includes **sustained US rightsholder pressure** and who need a host with a track record of weathering it. - Tor relays, leak sites, archive projects, independent journalism deplatformed by mainstream providers. - Anyone wanting Swedish DC + anonymous signup + crypto, in one provider. ## Who PRQ is **not** good for - Workloads needing tier-1 support response times. - Mainstream commercial workloads where reliability matters more than takedown resistance. - Newcomers wanting a polished signup UX — PRQ's site and tooling are utilitarian. ## Alternatives & comparisons - For Sweden + ISP-grade reliability (but real-name signup), see [Bahnhof](/providers/bahnhof). - For Iceland-based explicit free-speech host, see [FlokiNET](/providers/flokinet). - For registrar-layer anonymity, see [Njalla](/providers/njalla). --- # Shinjiru URL: https://notdmca.org/providers/shinjiru --- name: "Shinjiru" slug: "shinjiru" type: ["shared","vps","dedicated","domains"] jurisdiction: "Malaysia" incorporated_in: "Malaysia" operates_from: "Malaysia (HQ); also markets locations in Russia, the Netherlands and Lithuania" founded: 1998 website: "https://shinjiru.com/" status: "active" dmca_policy: "ignore" dmca_notes: "Shinjiru explicitly markets 'offshore' and 'anonymous' hosting. It operates from Malaysia, which does not implement the US DMCA, and offers customer-facing options to deploy in additional jurisdictions chosen for similar reasons. DMCA notices are not acted on as a matter of US copyright law; complaints are evaluated under the law of the chosen datacenter." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","litecoin","ethereum","other_crypto","paypal","credit_card","bank_transfer"] payment_notes: "Multiple cryptocurrencies are advertised. Monero is not advertised as a default option — confirm before purchase." pricing: {"domain_com_year_usd":16,"vps_entry_usd_month":15,"vps_entry_specs":"Entry tier ~$15/mo for 1 vCPU / 1 GB RAM in Malaysia DC.","shared_entry_usd_month":6,"dedicated_entry_usd_month":110} datacenters: ["MY","NL","RU","LT"] ipv6: true ddos_protection: true uptime_sla: 99.9 ratings: {"privacy":8,"dmca_resistance":8.5,"reliability":7,"value":6.5,"support":7} sources: [{"url":"https://shinjiru.com/","title":"Shinjiru — homepage","accessed":"2026-05-12"},{"url":"https://shinjiru.com/offshore-hosting","title":"Shinjiru — Offshore hosting overview","accessed":"2026-05-12"},{"url":"https://shinjiru.com/dmca-ignored-hosting","title":"Shinjiru — DMCA-ignored hosting page","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["established","multi-jurisdiction","malaysia"] warnings: ["Marketing leans heavily on 'offshore / anonymous' framing; cross-check that the specific product you order matches the advertised posture before committing to a yearly plan."] summary: "Malaysia-headquartered offshore host (since 1998) offering shared, VPS, dedicated and domain registration across Malaysia, the Netherlands, Russia and Lithuania. Explicitly markets DMCA-ignored hosting; supports anonymous signup and crypto." same_as: ["https://shinjiru.com/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=shinjiru"},{"source":"Reddit r/webhosting search","url":"https://www.reddit.com/r/webhosting/search/?q=shinjiru&restrict_sr=1"},{"source":"WebHostingTalk discussion","url":"https://www.webhostingtalk.com/search.php?searchid=&query=shinjiru"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=shinjiru.com"}] --- ## At a glance **Shinjiru** is a Malaysia-based hosting company that has operated since **1998**, making it one of the longest-running providers explicitly marketing **offshore / DMCA-ignored hosting**. It offers a full product line: shared hosting, VPS, dedicated servers, and domain registration. Customers can choose their target datacenter — Malaysia (the home base), the Netherlands, Russia, or Lithuania — each with a different legal context. Compared to the Nordic / Icelandic hosts on this list, Shinjiru sits in a different cultural and regulatory neighborhood: Malaysian copyright law is structurally different from US/EU regimes, and the marketing voice leans much harder on "anonymous / offshore" than the more reserved European hosts do. ## Why it gets cited - **Long operating history** (since 1998) for an explicitly offshore brand. - **Multi-jurisdiction selection** at checkout — the customer chooses Malaysia, NL, RU or LT. - **No-KYC signup** combined with crypto payment. - Covers the full hosting stack (no need to combine multiple providers for domain + shared + VPS). ## DMCA posture Shinjiru's marketing is explicit: it advertises **DMCA-ignored hosting** and operates in jurisdictions outside the DMCA's statutory reach. In practice this means: - US DMCA notices: not acted on. - Complaints with a basis in **Malaysian** (or the chosen datacenter's) law: evaluated and potentially acted on. - Hard limits — CSAM, malware, content unambiguously illegal in the host country — apply. The marketing register is more aggressive than the actual posture. Treat the "ignored" framing as a starting point and verify the specifics for your use case before committing. ## Anonymity - Email-only signup; no government ID requested. - Crypto accepted (Bitcoin, Litecoin, Ethereum, others). Monero not advertised — confirm before purchase if XMR is required. - WHOIS privacy is offered for gTLDs. ## Pricing (May 2026, approximate — verify at checkout) | Item | Price | Notes | |-------------------------|------------------|----------------------------------------| | Shared (entry) | from ~$6 / mo | Malaysia DC, basic CPanel | | VPS (entry) | from ~$15 / mo | 1 vCPU / 1 GB RAM | | Dedicated (entry) | from ~$110 / mo | Varies heavily by hardware | | `.com` domain | ~$16 / year | | ## Who Shinjiru is good for - Operators wanting a **non-European** offshore option as part of jurisdictional diversification. - Adult content, controversial-but-legal streaming, and other workloads that would be deplatformed by US hosts. - Anyone wanting the full hosting stack (shared / VPS / dedicated / domain) under one offshore vendor. ## Who Shinjiru is **not** good for - Anyone needing Monero specifically. - Workloads where the marketing-vs-reality gap of "anonymous / offshore" framing matters — verify the specifics. - Latency-sensitive workloads serving European or North American audiences (the Malaysia DC adds significant RTT). ## Alternatives & comparisons - For European-jurisdiction offshore with cleaner marketing, see [OrangeWebsite](/providers/orangewebsite) or [FlokiNET](/providers/flokinet). - For Dutch-jurisdiction offshore with similar product mix, see [AbeloHost](/providers/abelohost). - For Romanian-jurisdiction, see [HostSailor](/providers/hostsailor). --- # SilentHosts URL: https://notdmca.org/providers/silenthosts --- name: "SilentHosts" slug: "silenthosts" type: ["vps","dedicated"] jurisdiction: "Multi-jurisdiction: Iceland, Switzerland, Netherlands, Romania, Moldova, Bulgaria, Russia, Panama" operates_from: "8 datacenters across IS / CH / NL / RO / MD / BG / RU / PA" founded: "TBV" website: "https://silenthosts.io/" status: "active" dmca_policy: "ignore" dmca_notes: "SilentHosts operates from 8 jurisdictions selected for resistance to extraterritorial copyright enforcement. The operator describes the posture as 'DMCA-resilient — hosting in jurisdictions where abusive takedown requests don't legally apply.' Complaints are evaluated under the law of the datacenter's jurisdiction. Hard limits (CSAM, fraud, malware infrastructure, content illegal under operating jurisdictions) remain in place." kyc_required: false anonymous_signup: true whois_privacy: false owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["monero","bitcoin","bitcoin_lightning","litecoin","ethereum","dash","zcash","other_crypto"] payment_notes: "Crypto-only checkout: BTC, XMR, Bitcoin Lightning, ETH, USDT (TRC-20 and ERC-20), USDC, LTC, DASH, ZEC, SOL, TON. No card or PayPal at any tier." pricing: {"vps_entry_usd_month":32,"vps_entry_specs":"VPS-2: 2 vCPU AMD EPYC / 4 GB DDR4 ECC / 60 GB NVMe SSD / 3 TB bandwidth / 10 Gbps DDoS shield — $32/mo. Higher tiers: VPS-4 ($64/mo, 4 vCPU / 8 GB / 120 GB / 6 TB), VPS-8 ($128/mo, 8 vCPU / 16 GB / 240 GB / 10 TB). 35 plans total at /pricing.","notes":"Dedicated tier referenced on the site; verify at order time."} datacenters: ["IS","CH","NL","RO","MD","BG","RU","PA"] ipv6: true ddos_protection: true uptime_sla: 99.99 ratings: {"privacy":10,"dmca_resistance":10,"reliability":9,"value":9,"support":9} sources: [{"url":"https://silenthosts.io/","title":"SilentHosts — homepage","accessed":"2026-05-13"},{"url":"https://silenthosts.io/pricing","title":"SilentHosts — pricing","accessed":"2026-05-13"}] last_verified: "2026-05-13" verified_by: "manual_check" tags: ["recommended","multi-jurisdiction","offshore","crypto-only","ddos-protected"] warnings: [] summary: "Offshore VPS / dedicated host across 8 datacenters (IS / CH / NL / RO / MD / BG / RU / PA). VPS-2 from $32/mo with 10 Gbps DDoS shield and 99.99% SLA. Crypto-only checkout (BTC / XMR / Lightning / ETH / USDT / LTC / DASH / ZEC / SOL / TON); email-only signup, no KYC." same_as: ["https://silenthosts.io/"] community_signals: [{"source":"Reddit r/privacy search","url":"https://www.reddit.com/r/privacy/search/?q=silenthosts&restrict_sr=1"},{"source":"Reddit r/selfhosted search","url":"https://www.reddit.com/r/selfhosted/search/?q=silenthosts&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://hn.algolia.com/?q=silenthosts"}] --- ## At a glance **SilentHosts** is the broadest geographically of the operator-disclosed offshore VPS / dedicated providers in this directory: **8 datacenters** across Iceland, Switzerland, the Netherlands, Romania, Moldova, Bulgaria, Russia and Panama. Plans are uniform across locations — pick your jurisdiction at order time. The pitch is *"silent"*: minimal logging, minimal correspondence, minimal customer-facing identification. Signup is email-only ("**no ID, no address, no phone number required**"), checkout is crypto-only across a broad basket (BTC, XMR, Lightning, ETH, USDT, USDC, LTC, DASH, ZEC, SOL, TON), and every plan ships with **10 Gbps DDoS shield** and a **99.99% uptime SLA**. ## Why it gets cited - **8-jurisdiction footprint** in a single vendor — the broadest in this directory among operator-disclosed offshore hosts. Failover between IS / CH / NL / RO / MD / BG / RU / PA without rebuilding the customer relationship. - **Crypto-only checkout** across 11+ cryptocurrencies including Monero, Zcash, Dash and Bitcoin Lightning — no card or PayPal anywhere. - **No-KYC**: "Sign up with just an email. No ID, no address, no phone number required." - **DDoS protection (10 Gbps shield) included on every plan**, not as a paid add-on. - **99.99% uptime SLA** published. - **Modern hardware stack**: AMD EPYC vCPUs, DDR4 ECC RAM, NVMe SSD storage. ## DMCA posture The operator describes the posture as **"DMCA-resilient — hosting in jurisdictions where abusive takedown requests don't legally apply."** Each datacenter is evaluated under its own jurisdiction's copyright law (Iceland Höfundalög, Swiss copyright law, Dutch / Romanian / Moldovan / Bulgarian local copyright regimes, Russian / Panamanian law). None implement the US DMCA notice-and-takedown statute. Hard limits apply: CSAM, malware infrastructure, fraud, doxing of private individuals, and content illegal under the operating jurisdiction will be acted on. Operators with content that is unambiguously illegal under any major jurisdiction should not assume any legitimate offshore host will keep their service online. ## Anonymity & signup - **Email-only signup** — "no ID, no address, no phone number required." - **No KYC** across the entire product line. - **Crypto-only checkout**: BTC, XMR, Bitcoin Lightning, ETH, USDT (TRC-20 and ERC-20), USDC, LTC, DASH, ZEC, SOL, TON. - Tor signup is supported. - SilentHosts is a hosting provider, not a registrar — bring your own domain (see [BunkerDomains](/providers/bunkerdomains) or [Njalla](/providers/njalla)). ## Pricing (May 2026) | Tier | Specs | Price | |---|---|---| | **VPS-2** | 2 vCPU AMD EPYC / 4 GB DDR4 ECC / 60 GB NVMe SSD / 3 TB bandwidth | $32/mo | | **VPS-4** | 4 vCPU / 8 GB RAM / 120 GB SSD / 6 TB bandwidth | $64/mo | | **VPS-8** | 8 vCPU / 16 GB RAM / 240 GB SSD / 10 TB bandwidth | $128/mo | | Higher / dedicated | 35 plans total at `/pricing` | — | Every plan ships with a **10 Gbps DDoS shield** and a **99.99% uptime SLA**. Pricing is uniform across the 8 datacenter locations — pick your jurisdiction at order time. ## Who SilentHosts is good for - **Operators who want one vendor for the whole stack** — domain, web hosting, VPS, dedicated — under a single offshore jurisdiction and a single account/payment chain. - Independent media, activist infrastructure, and projects deplatformed elsewhere that want to consolidate. - Operators who already buy in Monero and don't want to expose a card anywhere in the stack. - Small-to-medium operators who want **resilience across product layers** — if a VPS is pressured, swap to a different IP within the same vendor without rebuilding the registrar relationship. ## Who SilentHosts is **not** good for - Workloads requiring an enterprise SLA and 24/7 hand-holding support. - Operators needing a `.is` or other ccTLD anonymously — registry policy overrides any registrar's privacy posture. - Operators whose only requirement is **lowest possible $/spec VPS** — value-tier hosts (BuyVM, AlexHost) compete specifically on that axis. ## Alternatives & comparisons - For the longest-running explicitly free-speech multi-country full-stack host, see [FlokiNET](/providers/flokinet). - For Iceland-only managed shared hosting in the same posture, see [OrangeWebsite](/providers/orangewebsite). - For a press-freedom-specific positioning, see [OffshorePress](/providers/offshorepress). - For Monero-only VPS specifically, see [XMRHost](/providers/xmrhost). - For domains only under similar crypto-only posture, see [BunkerDomains](/providers/bunkerdomains). --- # TerraHost URL: https://notdmca.org/providers/terrahost --- name: "TerraHost" slug: "terrahost" type: ["vps","dedicated","colocation"] jurisdiction: "Norway" incorporated_in: "Norway" operates_from: "Norway" founded: 2008 website: "https://terrahost.no/" status: "active" dmca_policy: "resist" dmca_notes: "TerraHost operates from Norway, which is not in the EU and not party to the US DMCA. Norwegian copyright law (Åndsverkloven) applies. The provider does not act on extra-jurisdictional copyright complaints lacking Norwegian-court basis. Norway is in EFTA and party to the EEA agreement — some EU directives apply but DSA implementation lags EU-member timelines." kyc_required: false anonymous_signup: true whois_privacy: true owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["bitcoin","litecoin","ethereum","other_crypto","paypal","credit_card","bank_transfer"] payment_notes: "Bitcoin and other crypto, card, PayPal and bank transfer are advertised. Monero is not the default — confirm before purchase." pricing: {"vps_entry_usd_month":5,"vps_entry_specs":"Entry-tier VPS approximately $5/mo for 1 vCPU / 1 GB RAM (verify exact tier at order time).","dedicated_entry_usd_month":65} datacenters: ["NO"] ipv6: true ddos_protection: true uptime_sla: 99.95 ratings: {"privacy":8,"dmca_resistance":8,"reliability":8.5,"value":8,"support":7.5} sources: [{"url":"https://terrahost.no/","title":"TerraHost — homepage","accessed":"2026-05-12"},{"url":"https://terrahost.no/about","title":"TerraHost — About","accessed":"2026-05-12"}] last_verified: "2026-05-12" verified_by: "manual_check" tags: ["norway","non-eu","established"] warnings: [] summary: "Norway-based VPS, dedicated and colocation provider (since 2008). Non-EU jurisdiction with strong infrastructure, anonymous-friendly signup and crypto support. Less marketing focus on 'DMCA-ignored' than Iceland-based competitors but similar legal posture." same_as: ["https://terrahost.no/"] community_signals: [{"source":"LowEndTalk discussion","url":"https://lowendtalk.com/search?Search=terrahost"},{"source":"Reddit r/Norway mentions","url":"https://www.reddit.com/r/Norway/search/?q=terrahost&restrict_sr=1"},{"source":"Reddit r/webhosting search","url":"https://www.reddit.com/r/webhosting/search/?q=terrahost&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://news.ycombinator.com/from?site=terrahost.no"}] --- ## At a glance **TerraHost** is a Norwegian hosting company founded in **2008** offering VPS, dedicated servers and colocation from a single Norwegian datacenter. It is not the most-marketed offshore brand — TerraHost positions itself as a regional Nordic provider rather than as a free-speech or DMCA-ignored host — but its **Norwegian jurisdiction** puts it in a similar legal band to Iceland-based providers, with the advantage of better continental-Europe RTT and lower cost. Norway is one of a small set of European countries that is **not in the EU** but tightly integrated into European infrastructure and law (member of EFTA and the EEA). For operators who want Nordic jurisdiction without the brand visibility of PRQ or Bahnhof, TerraHost is a reasonable pick. ## Why it gets cited - **Norwegian jurisdiction** — non-EU, no US DMCA, distinct legal regime. - **Strong infrastructure** — Norwegian datacenters benefit from cheap renewable power and excellent submarine cable connectivity. - **Quiet operator profile** — no high-profile incidents, no high-profile marketing. Useful when you want low-attention infrastructure. - **Anonymous-friendly signup** with crypto support. ## DMCA & legal posture Norway is not party to the US DMCA. Norwegian copyright law (Åndsverkloven) has its own takedown framework, generally regarded as more protective of intermediary providers than EU DSA-implementation rules. As a non-EU member, Norway is not directly bound by the DSA, though some EU rules apply via the EEA agreement. In practice, TerraHost evaluates copyright complaints under Norwegian law and does not act on US DMCA-style notices that lack Norwegian-court basis. The provider does not actively market this posture, but it is the consequence of its jurisdiction. ## Anonymity & signup - No government ID required at signup. - Bitcoin and other crypto, card, PayPal and bank transfer accepted. - WHOIS privacy available where applicable. - Monero not advertised as default — confirm before purchase if XMR is required. ## Pricing (May 2026, approximate) | Item | Price | Notes | |----------------------|----------------|------------------------------------------| | Entry VPS | from ~$5 / mo | 1 vCPU / 1 GB RAM in Norwegian DC | | Dedicated | from ~$65 / mo | | | Colocation | quote | Trondheim datacenter | ## Who TerraHost is good for - Operators wanting **Nordic non-EU jurisdiction** without the brand visibility (and pricing premium) of Iceland-based hosts. - Workloads that benefit from quiet, low-attention infrastructure. - Anyone diversifying across Nordic jurisdictions — TerraHost (Norway) pairs well with [1984 Hosting](/providers/1984hosting) (Iceland) or [PRQ](/providers/prq) (Sweden) for multi-country failover. ## Who TerraHost is **not** good for - Operators needing explicit DMCA-ignored marketing copy. - Workloads requiring Monero specifically. - Anyone needing multiple datacenter locations under one provider — TerraHost is single-location. ## Alternatives & comparisons - For Iceland-based equivalent with stronger free-speech branding: [FlokiNET](/providers/flokinet) or [OrangeWebsite](/providers/orangewebsite). - For Sweden-based with longer track record: [PRQ](/providers/prq) (anonymous) or [Bahnhof](/providers/bahnhof) (real-name + reliability). - For Switzerland-based premium privacy: [Infomaniak](/providers/infomaniak). --- # XMRHost URL: https://notdmca.org/providers/xmrhost --- name: "XMRHost" slug: "xmrhost" type: ["vps","dedicated"] jurisdiction: "Iceland and Romania" operates_from: "Iceland / Romania" founded: "TBV" website: "https://xmrhost.io/" status: "active" dmca_policy: "ignore" dmca_notes: "XMRHost operates from Iceland and Romania — neither implements the US DMCA notice-and-takedown statute. The operator's published policy: 'Operator does not process DMCA-format takedowns; complaints under Iceland Höfundalög and Romania Law 8/1996 are addressed.' Court orders are accepted only via counsel." kyc_required: false anonymous_signup: true whois_privacy: false owns_domain_for_you: false accepts_email_only_signup: true payment_methods: ["monero","bitcoin","bitcoin_lightning","litecoin","ethereum","cash_mail","other_crypto"] payment_notes: "Monero is the headline payment method and brand identity. Also accepts Bitcoin (on-chain and Lightning), Litecoin, Ethereum, USDT. 'Card2crypto' is explicitly not offered. Cash by mail is available case-by-case." pricing: {"vps_entry_usd_month":16,"vps_entry_specs":"vps-2: 2 vCPU / 4 GB DDR4 ECC — $16/mo. Specialised plans: tor-1 ($20/mo, 1 vCPU / 2 GB DDR4, Tor hidden service), i2p-1 ($16/mo, 1 vCPU / 2 GB, I2P node), lokinet-1 ($27/mo, 2 vCPU / 4 GB, Lokinet exit). 17 plans total across 6 categories at /node.","notes":"Dedicated tier exists at /node/dedicated; verify exact pricing at order time."} datacenters: ["IS","RO"] ipv6: true ddos_protection: false ratings: {"privacy":10,"dmca_resistance":10,"reliability":8,"value":8.5,"support":7.5} sources: [{"url":"https://xmrhost.io/","title":"XMRHost — homepage","accessed":"2026-05-13"},{"url":"https://xmrhost.io/node","title":"XMRHost — node catalog (VPS / Tor / I2P / Lokinet / dedicated)","accessed":"2026-05-13"}] last_verified: "2026-05-13" verified_by: "manual_check" tags: ["recommended","monero-first","tor-hidden-service","i2p","lokinet","iceland","romania"] warnings: [] summary: "Monero-first offshore VPS / dedicated in Iceland and Romania. Specialised plans for Tor hidden services (tor-1 $20/mo), I2P, Lokinet; vps-2 from $16/mo. Crypto-only checkout (XMR / BTC / Lightning / LTC / ETH / USDT); no-KYC; cash by mail case-by-case." same_as: ["https://xmrhost.io/"] community_signals: [{"source":"Reddit r/Monero search","url":"https://www.reddit.com/r/Monero/search/?q=xmrhost&restrict_sr=1"},{"source":"Reddit r/privacy search","url":"https://www.reddit.com/r/privacy/search/?q=xmrhost&restrict_sr=1"},{"source":"Hacker News mentions","url":"https://hn.algolia.com/?q=xmrhost"}] --- ## At a glance **XMRHost** is a specialised offshore VPS and dedicated provider built around **Monero as the primary payment method**. Infrastructure is in **Iceland and Romania** — two jurisdictions outside the US DMCA regime. The product catalog is unusual in this directory: alongside generic VPS, there are **dedicated plans for Tor hidden services, I2P nodes and Lokinet exits**, designed for operators running privacy-network infrastructure rather than general-purpose hosting. Compared to Privex (the historical reference for crypto-only VPS), XMRHost is more Monero-specific by branding: where Privex accepts a basket of cryptocurrencies, XMRHost makes Monero the default and the brand identity. The "card2crypto" path is explicitly not offered — there is no fiat rail in the funnel. ## Why it gets cited - **Monero-first by design** — checkout flow built for XMR rather than retrofitted from a card-payments backend. - **Specialised plans for Tor / I2P / Lokinet** — among the only providers in the directory that publishes dedicated tiers for privacy-network nodes. - **No-KYC signup** — email-only, no government identification requested or stored. - **Iceland and Romania** datacenters — strong jurisdictional posture for DMCA-format complaints. - **Cash by mail accepted case-by-case** — a fallback when no crypto path is workable. - **DMCA-ignored**: "Operator does not process DMCA-format takedowns." ## DMCA posture XMRHost operates from **Iceland and Romania**. The operator's published policy: **"Operator does not process DMCA-format takedowns; complaints under Iceland Höfundalög and Romania Law 8/1996 are addressed."** Court orders from competent jurisdictions are accepted only via counsel. This puts XMRHost in the takedown-resistance tier of FlokiNET-Iceland and OrangeWebsite for routine copyright complaints, with the differentiator being the Monero-first payment posture and the specialised Tor / I2P / Lokinet plan catalog. ## Anonymity & signup - **Email-only signup**; throw-away addresses accepted. No KYC at any step. - **Monero** is the default payment method by design — checkout built for XMR. - Also accepts Bitcoin (on-chain and Lightning), Litecoin, Ethereum, USDT. - **Cash by mail** available case-by-case. - "Card2crypto" explicitly not offered — no fiat rail in the funnel. - Tor signup is supported. - XMRHost is a hosting provider, not a registrar — bring your own domain (see [BunkerDomains](/providers/bunkerdomains)). ## Pricing (May 2026) Generic VPS: | Tier | Specs | Price | |---|---|---| | **vps-2** | 2 vCPU / 4 GB DDR4 ECC | $16/mo | Specialised privacy-network plans: | Tier | Purpose | Specs | Price | |---|---|---|---| | **tor-1** | Tor hidden service node | 1 vCPU / 2 GB DDR4 | $20/mo | | **i2p-1** | I2P node | 1 vCPU / 2 GB DDR4 | $16/mo | | **lokinet-1** | Lokinet exit | 2 vCPU / 4 GB DDR4 | $27/mo | 17 plans total across 6 categories listed at `/node`, including dedicated tiers at `/node/dedicated`. ## Who XMRHost is good for - Operators whose **anonymous-payment requirement is Monero specifically** rather than "any crypto" — checkout flow designed for XMR rather than adapted. - Privacy-first households who already buy Monero and want to avoid the friction of converting to BTC for hosting purchases. - Tor infrastructure operators (relays, hidden-service front-ends). - Operators deplatformed by hosts that wouldn't accept Monero or that required real-name verification at checkout. ## Who XMRHost is **not** good for - Operators who do not use Monero — Bitcoin works as a fallback but you're paying for a Monero-first vendor's premium. - Operators who need a registrar or shared-hosting layer under the same vendor — see [SilentHosts](/providers/silenthosts) for full-stack offshore. - Workloads requiring an enterprise SLA and 24/7 hand-holding support. ## Alternatives & comparisons - For multi-crypto VPS with a longer track record, see [Privex](/providers/privex). - For broader offshore VPS not specifically Monero-branded, see [BulletHost](/providers/bullethost) and [FlokiNET](/providers/flokinet). - For full-stack offshore (domain + shared + VPS + dedicated) under one vendor, see [SilentHosts](/providers/silenthosts). - For a matching Monero-friendly offshore registrar, see [BunkerDomains](/providers/bunkerdomains). --- ## JURISDICTIONS # France (avoid for free-speech sensitive workloads) URL: https://notdmca.org/jurisdictions/france --- country: "France (avoid for free-speech sensitive workloads)" slug: "france" flag: "🇫🇷" summary: "France is a major European hosting hub (OVH, Scaleway) with excellent infrastructure and low prices, but among the most aggressive EU jurisdictions for content takedowns including hate-speech / disinformation laws and HADOPI copyright enforcement. Listed as a counterpoint — when to avoid French infrastructure." dmca_status: "France is an EU member with active copyright enforcement (HADOPI / ARCOM). The DSA + French national implementation creates strong notice-and-action obligations. Loi Avia and similar attempts at hate-speech regulation have created additional content-removal vectors." data_retention: "French telecommunications data retention is broad, has survived CJEU challenges with modifications, and includes IP-attribution requirements that make operator anonymity difficult." notable_for: ["Major European hosting infrastructure (OVH, Scaleway, Online.net)","Excellent transit / connectivity in continental Europe","Aggressive enforcement of EU copyright directives","HADOPI / ARCOM regulator active in copyright matters"] risks: ["Aggressive content takedown regime compared to NL or RO","Loi Avia and successor laws on hate-speech / online content","Real-name signup standard","ccTLD .fr requires verifiable EU residency"] sources: [{"url":"https://www.legifrance.gouv.fr/codes/id/LEGITEXT000006069414/","title":"Code de la propriété intellectuelle (French Intellectual Property Code)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/France","https://www.wikidata.org/wiki/Q142"] last_updated: "2026-05-12" --- ## Why this page exists France hosts excellent infrastructure (OVH alone runs one of the world's largest cloud operations) but is among the more aggressive EU jurisdictions on content takedowns. For takedown-sensitive workloads — copyright-pressured, controversial speech, adult content — French hosting is a poor fit. ## Legal context - **EU member**: DSA + EU copyright directives apply. - **HADOPI / ARCOM**: French copyright-enforcement authority with a published track record of cross-border action. - **Hate-speech laws**: France has tried multiple variations of online hate-speech laws (Loi Avia 2020, struck down by Conseil constitutionnel; replacements ongoing). These create content-removal vectors not present in more speech-permissive EU members. - **Data retention**: broad, IP-attribution-required; survived CJEU challenges in modified form. - **`.fr` ccTLD**: requires verifiable EU residency or business presence. No anonymous registration possible. ## Major French hosts For context — excellent providers for general business hosting: - **OVHcloud** — one of the world's largest cloud / VPS providers. Bargain pricing for the spec. - **Scaleway** — modern cloud platform; similar profile. - **Online.net** (Scaleway brand) — auction dedicated servers. - **Gandi** (registrar) — well-regarded for general use; not DMCA-ignored marketing. All honor French + EU copyright takedown requests. They are not DMCA-ignored hosts. ## When to avoid French hosting - Adult content, streaming, file-sharing. - Politically-controversial speech (especially anything that touches France-domestic politics). - Operations where operator anonymity matters. - Anything subject to HADOPI / ARCOM jurisdiction. ## When French hosting is fine - General business hosting where DMCA / DSA isn't a concern. - E-commerce, SaaS, brochure sites. - Workloads serving French / EU audiences with non-controversial content. ## Recommended alternatives For workloads moving away from France: - **Iceland** for free-speech sensitive workloads — see [Iceland jurisdiction](/jurisdictions/iceland). - **Switzerland** for legal predictability — see [Switzerland jurisdiction](/jurisdictions/switzerland). - **Romania** for value-tier EU offshore — see [Romania jurisdiction](/jurisdictions/romania). - **Netherlands** for streaming / adult — see [Netherlands jurisdiction](/jurisdictions/netherlands) and [AbeloHost](/providers/abelohost). --- # Germany (avoid for adult / streaming) URL: https://notdmca.org/jurisdictions/germany --- country: "Germany (avoid for adult / streaming)" slug: "germany" flag: "🇩🇪" summary: "Germany is a major European hosting hub with low prices and excellent infrastructure (Hetzner, netcup, etc.) — but it is among the most aggressive EU jurisdictions for copyright enforcement and adult-content age-verification. Avoid for DMCA-sensitive or adult workloads; fine for general business hosting." dmca_status: "Germany is an EU member implementing EU copyright directives. The notice-and-action regime is enforced more aggressively than in NL or RO. German rights-holders' associations (GEMA, Verwertungsgesellschaften) actively pursue cross-border copyright complaints." data_retention: "German telecommunications data retention has been narrowed by Federal Constitutional Court rulings but remains in modified form. ISPs face significant law-enforcement compliance obligations." notable_for: ["Major European hosting infrastructure (Hetzner, netcup, IONOS, Strato)","Excellent connectivity to all of Europe","Low prices for general business hosting","Strong technical / engineering culture"] risks: ["Aggressive copyright enforcement compared to other EU members","Recent age-verification requirements for adult content (and DSA enforcement)","GEMA and other rights-holder organizations actively pursue takedowns","Real-name signup standard at all major German hosts"] sources: [{"url":"https://www.gesetze-im-internet.de/urhg/","title":"German Copyright Act (Urheberrechtsgesetz, official text)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Germany","https://www.wikidata.org/wiki/Q183"] last_updated: "2026-05-12" --- ## Why this page exists Germany is included as a **counterpoint jurisdiction**. For non-controversial, non-DMCA-sensitive workloads, German hosting (Hetzner especially) is excellent: cheap, reliable, well-engineered. For takedown-sensitive workloads — particularly adult content, streaming, or anything attracting copyright pressure — Germany is among the worst EU jurisdictions to host in. ## Legal context - **EU member**: full DSA + EU copyright directives apply. - **Stricter enforcement**: German courts and regulators act on copyright complaints more aggressively than NL, RO, or Nordic peers. - **Adult content**: significant tightening in 2023-2025 around age verification. JuSchG-based requirements have escalated. - **GEMA**: the German collecting society pursues music-rights complaints across EU borders aggressively. - **Real-name signup**: standard at all major German hosts (Hetzner, IONOS, Strato, netcup). ## Major German hosts For context — these are excellent providers for **non-DMCA-sensitive** workloads: - **Hetzner** — flagship European low-cost VPS / dedicated. - **netcup** — competitive pricing, similar feature set to Hetzner. - **IONOS** (formerly 1&1) — large mainstream consumer host. - **Strato** — mass-market shared / domain. All of these will honor properly-formatted copyright takedown requests promptly because they have to under EU + German law. They are not DMCA-ignored hosts and do not market themselves as such. ## When to avoid German hosting - Any content category that triggers copyright bots at scale (adult, streaming, file-sharing, archive sites). - Any workload where you'd rather not have your real-name customer record at a German company subject to German legal process. - Any operation where you want operator anonymity (German hosts require ID). ## When German hosting is fine - General business workloads (SaaS, brochure sites, e-commerce for non-controversial goods). - Internal tools with no public copyright exposure. - Backup / DR for European operations. - Game servers, ML / data processing, etc. ## Recommended migration paths from Germany If you've been using Hetzner or netcup and need to move: - See [/guides/migrate-hetzner-to-iceland](/guides/migrate-hetzner-to-iceland) for the Iceland path (closest jurisdictional upgrade). - For value-tier alternatives without leaving Europe: [Romania (HostSailor)](/providers/hostsailor) or [Netherlands (AbeloHost)](/providers/abelohost). - For non-EU European: [Switzerland (Infomaniak)](/providers/infomaniak), [Norway (TerraHost)](/providers/terrahost). ## Practical advice If you are currently on Hetzner / netcup / IONOS / Strato and reading this directory: - **Inventory your workloads**: which ones have DMCA / DSA / copyright exposure? - **Test the alternative** at low cost first (a single non-EU VPS for $5-10/month). - **Migrate the sensitive workload first**, leave general business stuff at Hetzner if it's working. - **Don't migrate everything at once** — staged migrations are far less risky. --- # Iceland URL: https://notdmca.org/jurisdictions/iceland --- country: "Iceland" slug: "iceland" flag: "🇮🇸" summary: "Iceland is the most-cited DMCA-ignored hosting jurisdiction. It is not party to the US DMCA, has a strong constitutional speech tradition, and hosts a small cluster of long-running privacy-focused providers running on geothermal/hydro power." dmca_status: "Iceland is not party to the US DMCA. Notices have no statutory effect. Copyright disputes are evaluated under Icelandic law and through Icelandic courts. EU directives do not apply (Iceland is EFTA, not EU)." data_retention: "Iceland does not currently impose blanket telecommunications data retention. The IMMI (Icelandic Modern Media Initiative) parliamentary resolution of 2010 set out an agenda to make Iceland a haven for press freedom; many of its components have been implemented." notable_for: ["No DMCA equivalence","Constitutional speech tradition","EFTA, not EU — fewer harmonization pressures than NL or DE","Renewable-energy datacenters","Cluster of veteran privacy-focused providers"] risks: ["Limited datacenter capacity vs Western Europe","Higher pricing — small market, expensive to operate","Some ccTLDs (.is) require local ID and cannot be registered anonymously"] sources: [{"url":"https://en.wikipedia.org/wiki/Icelandic_Modern_Media_Initiative","title":"Wikipedia — Icelandic Modern Media Initiative","accessed":"2026-05-12"},{"url":"https://www.isnic.is/en/","title":"ISNIC — .is registry policies","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Iceland","https://www.wikidata.org/wiki/Q189"] last_updated: "2026-05-12" --- ## Why Iceland matters for hosting Iceland sits at the top of most DMCA-ignored hosting recommendation lists for a combination of legal, political and infrastructural reasons. **Legal**: Iceland is not party to the US DMCA. The DMCA's statutory notice-and-takedown regime simply does not bind providers operating from Iceland. Copyright complaints are evaluated under Icelandic law in Icelandic courts. Iceland is a member of EFTA but not the EU, so the EU's harmonization directives (which include notice-and-action mechanisms) do not directly apply. **Political**: After the 2008 financial crisis, Iceland's parliament passed the **IMMI resolution** (Icelandic Modern Media Initiative), an explicit agenda to position Iceland as a haven for press freedom and source protection. Many of its provisions have been implemented over subsequent years. **Infrastructural**: Iceland's datacenter industry runs on geothermal and hydroelectric power — abundant, cheap, and politically stable. The country has direct submarine cable connections to North America (Greenland Connect, FARICE-1) and Europe. ## Providers operating from Iceland The Iceland-based providers in this directory: - [1984 Hosting](/providers/1984hosting) — full-stack cooperative, since 2006 - [FlokiNET](/providers/flokinet) — explicit free-speech host with multi-country presence including IS - [OrangeWebsite](/providers/orangewebsite) — single-jurisdiction Iceland, since 2009 ## Limitations - **`.is` ccTLD**: ISNIC (the registry) requires a verifiable Icelandic kennitala (national ID) for registrants. Foreign individuals cannot anonymously register `.is` domains. - **Capacity**: Iceland has far less datacenter capacity than Western Europe; high-bandwidth or GPU-heavy workloads may not be a fit. - **Latency**: Round-trip times from continental Europe and most of North America are 30–60 ms higher than in-region. - **Pricing**: Iceland is an expensive country to operate in. Hosting costs run higher than equivalent specs in Romania, the Netherlands or the US. ## Practical advice For most operators considering Iceland, the right pattern is: 1. Use Iceland for the **publishing layer** (the website, the email, the long-lived archive). 2. Use a CDN or reverse proxy (in Europe or the US, depending on audience) to absorb high-traffic edge requests so the Iceland origin is not the bottleneck. 3. Pay in crypto and keep no real-name customer record beyond what the provider strictly requires. --- # Malaysia URL: https://notdmca.org/jurisdictions/malaysia --- country: "Malaysia" slug: "malaysia" flag: "🇲🇾" summary: "Non-Western offshore hosting jurisdiction with copyright law structurally different from US/EU regimes. Hosts a small cluster of long-running offshore-marketed providers (notably Shinjiru). Useful for jurisdictional diversification when Iceland/Sweden are not enough distance." dmca_status: "Malaysia is not party to the US DMCA. Copyright is governed by the Malaysian Copyright Act 1987 (and amendments), which has its own takedown procedures. US notices have no statutory effect; complaints are evaluated under Malaysian law." data_retention: "Malaysia has its own telecommunications and data retention rules under the Communications and Multimedia Act 1998. The legal regime is materially different from EU GDPR; do not assume Western data-protection norms apply." notable_for: ["Non-Western offshore option for jurisdictional diversification","Long-running offshore-marketed providers","APAC connectivity for SE Asian audiences"] risks: ["Different legal regime — Western privacy expectations do not directly translate","Higher RTT to Western audiences","Less internationally visible legal track record than European offshore options"] sources: [{"url":"https://www.wipo.int/wipolex/en/legislation/details/14947","title":"WIPO Lex — Malaysian Copyright Act 1987","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Malaysia","https://www.wikidata.org/wiki/Q833"] last_updated: "2026-05-12" --- ## Why Malaysia matters for hosting Malaysia provides a **non-Western offshore option** in the hosting landscape. Most takedown-resistant hosts are clustered in Iceland, Sweden, Romania and the Netherlands — all of which sit in similar geopolitical and legal neighborhoods. Malaysia is structurally different: a different legal tradition, a different copyright statute, a different relationship with Western enforcement networks. This matters for **jurisdictional diversification**. If your threat model includes the possibility that Western European jurisdictions might tighten under cross-border pressure, having an APAC backup is valuable. ## Legal context - **Not party to the US DMCA**: US notices have no statutory effect. - **Malaysian Copyright Act 1987**: Has its own takedown procedure under Section 43H (added in 2012), which is materially different from the DMCA. - **Different procedural regime**: Do not assume that EU GDPR norms or US safe-harbor concepts apply. - **Local content rules**: Malaysian law has its own content restrictions (notably around national-security and religious content) that do not exist in the EU/US. ## Providers operating from Malaysia - [Shinjiru](/providers/shinjiru) — Kuala Lumpur HQ; long-running (since 1998) offshore-marketed host ## Practical advice Pick Malaysia when: - You are serving SE Asian audiences and want low regional RTT. - You want non-Western jurisdictional diversification on top of an existing European primary. - Your content is unlikely to attract attention under Malaysia's own restricted-categories framework (national security, religion). Avoid Malaysia when: - Your audience is primarily in Europe or North America — added latency is significant. - Your content might run afoul of Malaysian local restrictions — the legal calculus is different from "would this be OK in Iceland?" --- # Moldova URL: https://notdmca.org/jurisdictions/moldova --- country: "Moldova" slug: "moldova" flag: "🇲🇩" summary: "Non-EU European jurisdiction with the most aggressive value-pricing for offshore-marketed hosting. Moldovan copyright law applies; US DMCA has no statutory effect; EU DSA does not bind Moldova-only providers. Geopolitical proximity to active conflict zones is a real-world risk." dmca_status: "Moldova is not in the EU and not party to the US DMCA. Moldovan copyright law (Civil Code provisions and the Law on Copyright and Related Rights) applies. US DMCA notices have no statutory effect on Moldovan providers." data_retention: "Moldova has its own telecommunications regulations. The country has been progressively aligning some legislation with EU norms in the context of EU-accession negotiations (formally a candidate country since 2022) but is not yet bound by EU directives." notable_for: ["Non-EU, non-DMCA jurisdiction","Aggressive pricing — among the cheapest offshore options in Europe","European-region latency for EU audiences","Useful diversification from the Iceland/Sweden/NL cluster"] risks: ["Geopolitical proximity to active conflict zones (Ukraine, Transnistria)","Smaller infrastructure base than Western EU","Less internationally-visible legal track record","EU candidate status — long-term regulatory direction may converge with EU law"] sources: [{"url":"https://www.legis.md/cautare/getResults?doc_id=125260&lang=ro","title":"Legis.md — Moldovan Law on Copyright and Related Rights (Romanian original)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Moldova","https://www.wikidata.org/wiki/Q217"] last_updated: "2026-05-12" --- ## Why Moldova matters for hosting Moldova is the **value-tier non-EU European jurisdiction** for offshore hosting. It is one of a small set of European countries (alongside Switzerland, Norway, the UK, the Western Balkans) that is outside the EU and therefore outside the DSA and EU copyright-directive harmonization. Combined with a low cost base, this produces hosting prices that are among the lowest in any directory of offshore-marketed providers — entry VPS at ~$4/mo from a Moldovan datacenter with explicit DMCA-ignored marketing is unusual. The trade-off is **geopolitical**. Moldova borders Ukraine and contains the breakaway Transnistria region; the regional security environment is more volatile than elsewhere in Europe. For long-running production workloads where infrastructure stability matters, this is a real consideration. ## Legal context - **Not in the EU** (candidate country since 2022; not yet bound by EU directives). - **Not party to the US DMCA**. - Moldovan copyright law applies. Takedown procedures are formally documented but rarely invoked for cross-border requests. - EU-accession process means **future regulatory direction may converge with EU law** — long-term planning should account for possible regime change. ## Providers operating from Moldova In this directory: - [AlexHost](/providers/alexhost) — shared, VPS and dedicated since 2008. Explicit DMCA-ignored marketing. ## Practical advice Pick Moldova when: - **Cost is a dominant constraint** and you still want explicit non-EU offshore positioning. - You are deliberately diversifying away from the Iceland/Sweden/NL cluster. - Your workload tolerates infrastructure-stability risk (or has multi-region failover). Avoid Moldova when: - Long-term regulatory predictability matters (EU-accession trajectory could shift the legal posture over 5+ years). - Infrastructure stability is critical and you don't have failover. - You need a host with broader brand recognition for downstream PR. --- # Netherlands URL: https://notdmca.org/jurisdictions/netherlands --- country: "Netherlands" slug: "netherlands" flag: "🇳🇱" summary: "Major European hosting hub with a permissive-but-EU-bound posture on copyright takedowns. Multiple offshore-marketed hosts operate from Dutch datacenters; AMS-IX provides the connectivity advantage. EU member, so subject to the Digital Services Act and InfoSoc directive." dmca_status: "EU member; the US DMCA has no statutory effect, but the EU notice-and-action regime under the DSA applies. Dutch courts have historically required formally complete complaints and have been slower to compel action than US safe-harbor providers." data_retention: "EU data retention rules apply in modified form post-Digital Rights Ireland. Practical retention varies by provider and product line." notable_for: ["Massive datacenter density (AMS-IX is the world's largest by traffic)","Excellent transatlantic and intra-EU connectivity","Cluster of explicitly offshore-marketed hosts","Cheaper than Iceland/Switzerland, faster than Romania"] risks: ["EU member — DSA notice-and-action regime applies","Pressure on adult/streaming content has increased over the past decade"] sources: [{"url":"https://www.ams-ix.net/ams","title":"AMS-IX — Amsterdam Internet Exchange","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Netherlands","https://www.wikidata.org/wiki/Q55"] last_updated: "2026-05-12" --- ## Why the Netherlands matters for hosting The Netherlands is the **biggest internet hub in continental Europe**. AMS-IX is the world's largest internet exchange by aggregate traffic, and the country has a dense ecosystem of datacenters in Amsterdam, Rotterdam, Eindhoven and beyond. For any workload serving European traffic, Dutch infrastructure is hard to beat on latency and bandwidth cost. For DMCA / takedown-resistance purposes, the Netherlands occupies a useful middle position. It is an EU member, so the DSA notice-and-action regime applies — but Dutch courts have historically required formally complete complaints and have not been quick to compel action on bulk takedowns. ## Legal context - **EU member**: Subject to EU directives including the DSA, InfoSoc and Copyright in the Digital Single Market. - **No DMCA**: US DMCA notices have no statutory effect. - **Procedural standards**: Dutch courts require properly documented complaints; speculative bulk filings have historically fared poorly. - **Adult content**: Historically the Netherlands has been more permissive than most of the EU on adult and streaming content, though this has tightened over the past decade. ## Providers operating from the Netherlands - [AbeloHost](/providers/abelohost) — Dutch-only, explicitly DMCA-ignored marketing - [FlokiNET](/providers/flokinet) — has a Dutch datacenter as one of its multi-country options - [Njalla](/providers/njalla) — has Dutch infrastructure for some VPS products - [HostSailor](/providers/hostsailor) — secondary Dutch datacenter alongside Romania - [Shinjiru](/providers/shinjiru) — markets a Dutch datacenter option ## Practical advice Pick the Netherlands when: - You are serving European traffic and need low-RTT continental connectivity. - You want EU jurisdiction for procedural predictability without DMCA exposure. - You want to keep cost reasonable (cheaper than Iceland or Switzerland, similar to Romania for higher-quality infra). Avoid the Netherlands when: - You need to be **fully outside the EU** — pick Iceland or Switzerland. - You are running content that is increasingly under DSA pressure (some adult / streaming categories) — Iceland or Romania may be safer. --- # Norway URL: https://notdmca.org/jurisdictions/norway --- country: "Norway" slug: "norway" flag: "🇳🇴" summary: "Nordic non-EU jurisdiction with strong infrastructure, cheap renewable power, and Norwegian copyright law (Åndsverkloven) that does not implement the US DMCA. Less brand-visible than Iceland or Sweden but legally similar; lower-cost than Iceland." dmca_status: "Norway is not in the EU but is in the EEA. Norwegian copyright law (Åndsverkloven) applies. The US DMCA has no statutory effect. EU DSA does not directly bind Norway-only providers (EEA implementation lags EU-member timelines and the EFTA Court interprets EEA-relevant directives separately)." data_retention: "Norway has its own telecommunications retention rules. Norwegian courts and parliament have responded to the CJEU's data-retention case law by narrowing the regime. Practical retention varies by ISP and product." notable_for: ["Nordic non-EU jurisdiction","Cheap renewable hydroelectric power","Excellent submarine cable connectivity","Less attention than Iceland or Sweden — useful for low-profile infrastructure"] risks: ["Less internationally-visible legal track record than Iceland/Sweden","Smaller cluster of privacy-focused hosts"] sources: [{"url":"https://lovdata.no/dokument/NLE/lov/2018-06-15-40","title":"Lovdata — Åndsverkloven (Norwegian Copyright Act)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Norway","https://www.wikidata.org/wiki/Q20"] last_updated: "2026-05-12" --- ## Why Norway matters for hosting Norway sits between Iceland and Sweden in the Nordic offshore-hosting landscape: not in the EU (like Iceland), but with a less-visible privacy-host brand than either of its neighbors. For operators who *want* low visibility — workloads where the value is in not attracting attention — that is a feature. The infrastructure is excellent. Norwegian datacenters benefit from abundant cheap hydroelectric power, a cool climate, political stability, and direct submarine cable connections to the rest of Europe. Latency to continental Europe is comparable to Sweden; latency to North America is better than Iceland's eastern-Europe-routed paths. ## Legal context - **Not in the EU** (member of EFTA and EEA). - **Not party to the US DMCA**. - **Åndsverkloven** (Norwegian Copyright Act) applies. Its takedown framework is generally regarded as more provider-protective than the EU DSA implementation. - **EEA agreement**: some EU directives apply to Norway via EEA, but DSA implementation is staggered and EFTA Court adjudicates. - **Court tradition**: Norwegian courts have a track record of skepticism toward expansive surveillance and bulk-data legislation. ## Providers operating from Norway In this directory: - [TerraHost](/providers/terrahost) — VPS, dedicated and colocation, since 2008. There are several other Norwegian datacenter operators (some serve as colocation tenants for international providers like HostHatch's Nordic options) but the main public-facing privacy-friendly host is TerraHost. ## Practical advice Pick Norway when: - You want a Nordic non-EU jurisdiction with **less attention** than Iceland or Sweden. - You need excellent EU connectivity at lower cost than Iceland. - You are comfortable with a quieter brand profile (less marketing noise = less attention). Avoid Norway when: - Brand-visibility of the host matters for downstream PR (a host with a high-profile legal track record is more useful). - You need a dense ecosystem of competing providers — Norway has fewer than Sweden or the Netherlands. --- # Romania URL: https://notdmca.org/jurisdictions/romania --- country: "Romania" slug: "romania" flag: "🇷🇴" summary: "EU member with a notably slower copyright-enforcement track record than Western EU hosts. Combines EU connectivity and procedural law with offshore-style marketing-tolerance. Several DMCA-ignored hosts operate from Romanian datacenters." dmca_status: "EU member implementing EU copyright directives. US DMCA notices have no statutory effect. Romanian courts have historically been slower than German, French or Dutch courts to compel action on cross-border copyright complaints." data_retention: "Romanian Constitutional Court struck down the country's data retention law in 2014 in response to the CJEU Digital Rights Ireland judgment. Subsequent legislation has been narrower than the original." notable_for: ["EU connectivity at lower cost than the Netherlands or Germany","Slower copyright enforcement track record","Constitutional Court that has invalidated overreaching surveillance law","Several explicitly offshore-marketed hosts"] risks: ["EU member — DSA notice-and-action regime applies","Less internationally visible legal track record than Sweden or Iceland"] sources: [{"url":"https://en.wikipedia.org/wiki/Telecommunications_data_retention#Romania","title":"Wikipedia — Romanian data retention case history","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Romania","https://www.wikidata.org/wiki/Q218"] last_updated: "2026-05-12" --- ## Why Romania matters for hosting Romania has emerged over the past decade as a **value-tier alternative** to the Netherlands for offshore-style hosting in Europe. Romanian datacenters offer EU connectivity at lower price points than Western Europe, and Romanian courts have a track record of being slower to compel action on cross-border copyright requests than Germany or France. The Constitutional Court of Romania notably **struck down the country's data retention law** in 2014, in response to the CJEU's Digital Rights Ireland judgment — a more aggressive position than most EU members took. ## Legal context - **EU member**: Subject to EU directives, including the DSA notice-and-action regime. - **No DMCA**: US DMCA notices have no statutory effect. - **Procedural skepticism**: Romanian courts have historically required well-documented complaints; speculative bulk filings face a higher bar. - **Constitutional pushback**: The Constitutional Court has invalidated overreaching data-retention legislation. ## Providers operating from Romania - [HostSailor](/providers/hostsailor) — primary Romania DC; explicit DMCA-ignored marketing - [FlokiNET](/providers/flokinet) — Romania is one of its multi-country options ## Practical advice Pick Romania when: - You want EU connectivity + lower cost than the Netherlands. - You are willing to trade some "internationally visible legal track record" for cost and offshore-style posture. - Your audience is in Europe or transcontinental. Avoid Romania when: - Your operation needs the legal-PR weight of a Sweden or Iceland-based host (Romania does not have the same brand recognition for free-speech posture). - You need an explicit non-EU jurisdiction. --- # Sweden URL: https://notdmca.org/jurisdictions/sweden --- country: "Sweden" slug: "sweden" flag: "🇸🇪" summary: "Sweden hosts some of the longest-running free-speech and DMCA-resistant providers on earth, including PRQ (founded by Pirate Bay co-founders) and Bahnhof (the WikiLeaks host). Strong privacy tradition and a track record of legal pushback against EU data retention." dmca_status: "Sweden is an EU member and implements EU copyright directives. The US DMCA has no statutory effect, but the EU notice-and-action regime applies. Swedish providers have a track record of pushing back against extra-jurisdictional copyright complaints, and Swedish courts have been notably skeptical of bulk takedown requests." data_retention: "Bahnhof publicly refused to log under the EU Data Retention Directive; the CJEU later invalidated the directive (Digital Rights Ireland, 2014). Sweden's national data retention regime has been narrowed in response. Practical retention varies by ISP and product." notable_for: ["Cradle of modern free-speech hosting (PRQ → Pirate Bay → WikiLeaks)","Active legal pushback against surveillance","Bahnhof's Pionen datacenter (former nuclear bunker)","Strong submarine cable connectivity","Establishment of Njalla (Sweden-operated, Nevis-incorporated)"] risks: ["EU member — subject to EU copyright directives","Sustained pressure from US rightsholders historically (Pirate Bay raids)"] sources: [{"url":"https://en.wikipedia.org/wiki/PRQ","title":"Wikipedia — PRQ","accessed":"2026-05-12"},{"url":"https://en.wikipedia.org/wiki/Bahnhof_(company)","title":"Wikipedia — Bahnhof","accessed":"2026-05-12"},{"url":"https://curia.europa.eu/juris/document/document.jsf?docid=150642","title":"CJEU — Digital Rights Ireland judgment (data retention)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Sweden","https://www.wikidata.org/wiki/Q34"] last_updated: "2026-05-12" --- ## Why Sweden matters for hosting Sweden's role in DMCA-ignored hosting is unusual: an EU member that should, on paper, be similar to Germany or France in copyright posture, but in practice has produced more high-profile free-speech hosts than any other country. The reasons are partly cultural (a strong civic tradition of press freedom and skepticism of state surveillance), partly historical (the **Pirate Bay** ecosystem), and partly individual (specific operators like **PRQ** and **Bahnhof** that built their identity around legal pushback). ## Legal context - **EU member**: Sweden implements EU copyright directives, including the notice-and-action mechanisms in the Digital Services Act and the InfoSoc Directive. - **No DMCA**: US DMCA notices have no statutory effect. - **Data retention**: Swedish ISPs were historically required to log under the EU Data Retention Directive. **Bahnhof publicly refused.** The directive was struck down by the CJEU in 2014; Sweden's national rules have been narrowed but persist in modified form. - **Court skepticism**: Swedish courts have a track record of requiring more than a generic complaint to compel action; bulk takedown requests are not auto-enforced. ## Providers operating from Sweden - [PRQ](/providers/prq) — founded 2004 by Pirate Bay co-founders; explicit free-speech posture; raided multiple times and stayed operational - [Bahnhof](/providers/bahnhof) — founded 1994; mainstream ISP; hosted WikiLeaks; legally challenged Swedish data retention rules - [Njalla](/providers/njalla) — registrar; operated from Sweden, incorporated in Nevis - [FlokiNET](/providers/flokinet) — has Swedish-adjacent (Finland) infrastructure as part of multi-country offering - [Privex](/providers/privex) — has Swedish datacenter as one of its locations ## Practical advice Sweden is a good choice when: - You want a host with a **demonstrated legal track record** of pushing back, not just marketing claims. - You are willing to accept EU-level procedural law (slower than fully-offshore but predictable). - Your audience is in Europe or trans-Atlantic (Sweden has excellent connectivity to both). Sweden is a poor choice when: - You need to be **outside the EU** entirely — pick Iceland or Switzerland. - You need a country with no copyright enforcement at all — that does not exist in Sweden's case; copyright enforcement just operates differently than in the US. --- # Switzerland URL: https://notdmca.org/jurisdictions/switzerland --- country: "Switzerland" slug: "switzerland" flag: "🇨🇭" summary: "Non-EU European jurisdiction with the strongest constitutional privacy framework in the region. Robust data-protection law (revFADP), judicial independence, no DMCA equivalence. Premium pricing and limited 'anonymous-signup' options, but unmatched legal due process." dmca_status: "Switzerland is not party to the US DMCA. Swiss copyright law (URG/LDA) was substantially amended in 2020 to add a notice-and-action regime, but it requires formally complete complaints, gives the user an opportunity to respond, and contested cases require court adjudication. Bulk automated takedowns face a higher bar than under US safe-harbor." data_retention: "Swiss telecommunications retention rules exist (BÜPF/LSCPT) but are narrower than EU-member-state regimes and Swiss courts have actively pushed back on overreach. Swiss data-protection law (revFADP, in force 2023) closely tracks EU GDPR but is enforced by the Swiss FDPIC." notable_for: ["Non-EU, non-DMCA jurisdiction","Strongest constitutional privacy framework in Europe","Judicial independence and procedural rigor","Bank-secrecy legal tradition transferred to data privacy","Home of major privacy-tech companies (Proton, Threema, Mullvad-adjacent)"] risks: ["Premium pricing — Swiss cost base is high","Limited 'anonymous-signup' options vs Iceland or Sweden","Mutual legal assistance treaties with the US can be invoked for serious cases"] sources: [{"url":"https://www.fedlex.admin.ch/eli/cc/1993/1798_1798_1798/en","title":"Swiss Confederation — Copyright Act (URG / LDA, English consolidated)","accessed":"2026-05-12"},{"url":"https://www.edoeb.admin.ch/edoeb/en/home.html","title":"FDPIC — Swiss Federal Data Protection and Information Commissioner","accessed":"2026-05-12"},{"url":"https://en.wikipedia.org/wiki/Federal_Act_on_Data_Protection_(Switzerland)","title":"Wikipedia — Swiss Federal Act on Data Protection (revFADP)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/Switzerland","https://www.wikidata.org/wiki/Q39"] last_updated: "2026-05-12" --- ## Why Switzerland matters for hosting Switzerland occupies a unique position in the European hosting landscape. It is **not in the EU**, so EU directives (including the DSA and copyright directives) do not directly bind Swiss-only providers. It is **not party to the US DMCA**, so US-style automated takedown notices have no statutory force. And it has a constitutional and judicial tradition of **procedural rigor**: the bar for compelling action against a service provider is high, formally documented, and reliably enforced. This combination — non-EU, non-DMCA, high procedural bar — is the same configuration that historically made Switzerland a banking-secrecy jurisdiction. Much of that legal culture has transferred to data privacy. ## Legal context - **Not in the EU**: DSA, InfoSoc, etc. do not directly apply. - **Not party to the US DMCA**: notices have no statutory effect. - **Swiss copyright law (URG/LDA)**: was amended in 2020 to add a notice-and-action regime, but it is procedurally heavier than DMCA — formally complete complaints, user response opportunity, court adjudication for contested cases. - **revFADP (Swiss data protection)**: in force from 2023, closely tracks EU GDPR but enforced by the Swiss FDPIC. - **BÜPF/LSCPT (lawful-intercept law)**: exists but narrower than EU equivalents. - **Mutual legal assistance**: Switzerland has treaties with most countries including the US. Serious criminal matters can compel disclosure; civil copyright cannot. ## Providers operating from Switzerland In this directory: - [Infomaniak](/providers/infomaniak) — full-stack Swiss host since 1994, published transparency reports. Out of directory but worth knowing about (SaaS rather than infrastructure): - **Proton** — encrypted email, VPN, drive, calendar. - **Threema** — end-to-end encrypted messenger. - **Nine.ch** — Swiss managed hosting. ## Practical advice Pick Switzerland when: - You want **maximum legal due process** with predictable courts. - Your operation can absorb Swiss pricing. - You don't strictly require anonymous signup. - You want a non-EU European jurisdiction with strong infrastructure. Avoid Switzerland when: - Anonymous signup is mandatory — most Swiss hosts are regulated companies. - Cost is a primary constraint — Swiss hosting is in the higher band. - You need explicit "DMCA-ignored" marketing — Swiss hosts tend to lead with privacy-law claims rather than copyright-resistance copy. --- # United Kingdom (avoid for privacy-sensitive workloads) URL: https://notdmca.org/jurisdictions/united-kingdom --- country: "United Kingdom (avoid for privacy-sensitive workloads)" slug: "united-kingdom" flag: "🇬🇧" summary: "The United Kingdom has aggressive online-content regulation (Online Safety Act 2023), Investigatory Powers Act surveillance authority, and post-Brexit weakened privacy protections. Excellent technical infrastructure but among the worst Western jurisdictions for privacy-sensitive hosting. Listed as counterpoint." dmca_status: "Not party to the US DMCA but has its own Copyright, Designs and Patents Act with similar takedown procedures. The Online Safety Act 2023 adds extensive content-moderation obligations on hosts serving UK users." data_retention: "Investigatory Powers Act 2016 creates broad data-retention requirements for ISPs and bulk powers for surveillance agencies. Has survived European Court of Human Rights challenges in modified form." notable_for: ["Excellent technical infrastructure (London is a major global hub)","English-language operations (no language barrier)","Stable rule-of-law environment","Major financial / business services"] risks: ["Online Safety Act 2023 — extensive content-moderation obligations","Investigatory Powers Act 2016 — bulk surveillance powers","Brexit removed some EU privacy protections (UK-GDPR is similar but UK-controlled)","Active rights-holder enforcement (BPI / Ofcom)","Online Safety Act creates broad encryption-undermining authority (in theory)","Aggressive enforcement of online-content regulation post-2023"] sources: [{"url":"https://www.legislation.gov.uk/ukpga/2023/50/contents","title":"UK Online Safety Act 2023 (legislation.gov.uk)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/United_Kingdom","https://www.wikidata.org/wiki/Q145"] last_updated: "2026-05-12" --- ## Why this page exists The United Kingdom has high-quality infrastructure and is the largest English-speaking technology market in Europe — but for privacy-sensitive workloads in 2026, it's a poor fit. The Online Safety Act 2023 + Investigatory Powers Act 2016 combination creates a regulatory environment more hostile to privacy infrastructure than most EU members. ## Legal context - **Online Safety Act 2023**: imposes broad content-moderation obligations on hosts serving UK users, including (in theory) authority to require encryption-undermining access. Implementation has been progressive but the legal authority exists. - **Investigatory Powers Act 2016**: bulk surveillance powers, mandatory data retention, government-issued technical capability notices that can compel providers to remove encryption. - **Copyright, Designs and Patents Act**: UK's own copyright regime, with takedown procedures broadly similar to DMCA in effect. - **Post-Brexit**: UK-GDPR replaced EU GDPR but is UK-controlled. Adequacy decisions allow EU↔UK data flow but UK can diverge. - **`.uk` ccTLD**: requires UK address presence (Nominet rules). ## Major UK hosts For context — solid providers for non-privacy-sensitive workloads: - **Bytemark, Krystal, Mythic Beasts, Memset** — well-established UK hosting brands. - Many international providers (HostHatch, etc.) operate London datacenters. For takedown-sensitive workloads, all of these face the same UK regulatory environment. ## When to avoid UK hosting - Encryption-related infrastructure where Online Safety Act provisions could be invoked. - Content categories under heavy UK enforcement (adult content with new age-verification rules, gambling, political speech). - Operations where the operator wants to be outside UK surveillance authority. ## When UK hosting is fine - General business hosting for UK-domestic operations. - Workloads where you're already subject to UK regulation anyway. - Latency-critical workloads serving UK users. ## Recommended alternatives - **Iceland**: non-EU, non-UK, non-US, strongest jurisdictional posture. See [Iceland](/jurisdictions/iceland). - **Switzerland**: non-EU non-UK with strong constitutional privacy. See [Switzerland](/jurisdictions/switzerland). - **Ireland** (not in this directory): EU member, English-speaking, similar latency to UK; better than UK for EU-bound privacy workloads but still subject to EU rules. - **Norway**: Nordic non-EU, low-attention. See [Norway](/jurisdictions/norway). --- # United States (avoid for DMCA-resistance) URL: https://notdmca.org/jurisdictions/united-states --- country: "United States (avoid for DMCA-resistance)" slug: "united-states" flag: "🇺🇸" summary: "The United States is the original DMCA jurisdiction and the worst choice for DMCA-resistant hosting. US providers are bound by Section 512 safe harbor and act on infringement notices to preserve liability protection. Listed here as a counterpoint — when to deliberately avoid US infrastructure." dmca_status: "United States is the home of the DMCA. Section 512 creates a notice-and-takedown safe harbor that all US-based service providers act on. There is no US-domiciled host that meaningfully ignores DMCA notices at scale." data_retention: "Varies by service type. ECPA (Electronic Communications Privacy Act) governs but has many exceptions and weaknesses. National Security Letters can compel data with non-disclosure orders. Subject to FISA Section 702 collection." notable_for: ["Origin jurisdiction of the DMCA","Strong copyright enforcement infrastructure (DMCA bots, MPAA / RIAA)","FISA Section 702 surveillance jurisdiction","Most major hyperscalers (AWS / GCP / Azure) headquartered here"] risks: ["Full DMCA exposure — bots send notices at industrial scale","Subject to US legal process including civil discovery, subpoenas","Mutual legal assistance treaties allow most foreign requests","Payment-processor pressure (Visa / Mastercard tighten merchant categories)","Account-level deplatforming risk"] sources: [{"url":"https://www.copyright.gov/title17/92chap5.html#512","title":"US Copyright Office — Title 17 Chapter 5 Section 512 (DMCA safe harbor)","accessed":"2026-05-12"}] same_as: ["https://en.wikipedia.org/wiki/United_States","https://www.wikidata.org/wiki/Q30"] last_updated: "2026-05-12" --- ## Why this page exists We list United States here as a **deliberate counterpoint**: it is the worst major hosting jurisdiction for DMCA-resistance and one of the worst for general privacy-preserving infrastructure. This page documents why, so operators understand what they're avoiding when they choose offshore. ## Legal context - **Origin of the DMCA**: Section 512 of Title 17 created the modern notice-and-takedown regime. Every US-based hosting provider acts on it because failing to do so risks losing safe-harbor liability protection. - **FISA Section 702**: allows bulk collection from US-based providers without individual warrants for non-US persons. Has been used against journalists, activists and ordinary users. - **National Security Letters**: can compel disclosure of customer information with non-disclosure orders preventing the customer from being notified. - **Civil discovery**: aggressive in US courts. A subpoena to your hosting provider can produce your account information, IP logs, and content. - **Mutual legal assistance treaties**: with most countries. Even non-US adversaries can use US courts to compel disclosure from US providers. - **Payment-processor hostility**: Visa, Mastercard, PayPal have all progressively tightened policies on adult, crypto, gambling, and politically-controversial categories. ## Hosts to avoid for takedown-sensitive workloads The major US-headquartered providers all operate primarily in the US and follow the DMCA / safe-harbor playbook: - **AWS** (Amazon Web Services) — full DMCA compliance; account terminations not unheard of. - **Google Cloud Platform** — same. - **Microsoft Azure** — same. - **DigitalOcean** — same; account-level terminations have been reported. - **Linode** (Akamai) — same; tied to Akamai's content policies. - **Vultr** — primarily US-headquartered; has non-US locations but corporate exposure. - **GoDaddy** (registrar) — well-known for honoring takedown requests with minimal pushback. This is not a complete list. The pattern: any provider headquartered in the US, regardless of where their datacenters physically sit, has full DMCA exposure as a corporate matter. ## When US infrastructure makes sense anyway - **Latency-critical workloads serving US users** where the audience is in the US and the content has no copyright sensitivity. - **Mainstream business workloads** where DMCA isn't a concern. - **Workloads requiring US-based regulatory compliance** (HIPAA, PCI-DSS for US merchants, etc.). - **Workloads where the operator wants US legal protections** (e.g. First Amendment for political speech, where applicable). For most readers of this directory, none of these apply. ## What "US-permissive" means in practice A few US-based providers (e.g. [BuyVM](/providers/buyvm) US datacenters) are content-permissive in their AUP — they don't pre-emptively pull customers over speech policy. But they still act on properly-formatted DMCA notices because they have to. The "permissive" label means "we won't drop you for being controversial in tone" — not "we ignore DMCA". Don't confuse the two. ## Practical advice If you are in the US and need DMCA-resistant hosting: 1. **Pick a non-US host** — see [/jurisdictions](/jurisdictions) for options. 2. **Pay anonymously** to break the financial-rail link to your US identity. 3. **Manage from Tor / VPN** so the host's logs don't reveal your home IP. 4. **Plan for cross-border legal complexity** if your operation is large. For the list of recommended jurisdictions instead see [Iceland](/jurisdictions/iceland), [Sweden](/jurisdictions/sweden), [Switzerland](/jurisdictions/switzerland), [Romania](/jurisdictions/romania), [Netherlands](/jurisdictions/netherlands). --- ## USE CASES # Hosting for journalists and source-protection (2026) URL: https://notdmca.org/use-cases/journalists --- title: "Hosting for journalists and source-protection (2026)" slug: "journalists" persona: "Independent journalists, investigative reporters, newsroom IT" summary: "How journalists, investigative reporters and small newsroom IT teams should set up infrastructure to protect sources, weather DMCA spam, and survive deplatforming. Recommended providers, jurisdictions and operational practices." threat_model: "Hostile-state actors, well-funded civil litigants, automated DMCA spam, deplatforming risk from US-based mainstream hosts." recommended_providers: ["offshorepress","silenthosts","njalla","1984hosting","flokinet","bahnhof","infomaniak"] recommended_jurisdictions: ["iceland","sweden","switzerland"] related_guides: ["anonymous-domain-registration","anonymous-vps-monero","anonymous-email-hosting"] last_updated: "2026-05-13" order: 1 --- ## TL;DR For journalism work in 2026: - **Publishing (priority pick)**: [OffshorePress](/providers/offshorepress) — explicit press-freedom positioning; Tor-friendly; no-KYC; Monero accepted. Built specifically for the independent-newsroom use case. - **Full stack under one vendor**: [SilentHosts](/providers/silenthosts) — registrar + shared + VPS + dedicated under one no-KYC, crypto-first account. Useful when you want to consolidate the whole newsroom stack. - **Domain**: [Njalla](/providers/njalla) — owns-on-behalf model means your masthead's WHOIS does not lead back to a journalist's home address. - **Iceland-jurisdiction publishing**: [1984 Hosting](/providers/1984hosting) (Iceland, full-stack) or [FlokiNET](/providers/flokinet) (multi-jurisdiction failover). - **Reliability tier (Sweden)**: [Bahnhof](/providers/bahnhof) — Swedish ISP-grade reliability, hosted WikiLeaks at the Pionen DC. - **Email and source intake**: [Infomaniak](/providers/infomaniak) (Swiss procedural rigor, transparency reports) or self-hosted on a no-KYC VPS. - **Source-protection systems**: SecureDrop on a Tor onion service hosted at a privacy-aligned host ([guide](/guides/tor-hidden-service-hosting)). ## Threat model Independent journalism in 2026 sits in a uniquely hostile spot. Threats include: 1. **Automated DMCA spam** targeting investigative reports that quote rightsholders' content. 2. **Civil litigation** by well-resourced subjects (corporations, billionaires) using SLAPP-style actions to bleed budgets. 3. **State-actor surveillance**, including via mutual-legal-assistance treaties even from technically-friendly governments. 4. **Deplatforming**: hosting providers, payment processors, social platforms, and CDNs all sometimes pull controversial-but-legal journalism. 5. **Source-identification attempts**: any record of who connected to your publishing infrastructure can endanger sources. ## Architecture A robust setup separates concerns across providers and jurisdictions: | Layer | Provider / system | Why | |--------------------------|------------------------------------|--------------------------------------------------| | Publishing site | [OffshorePress](/providers/offshorepress) or [SilentHosts](/providers/silenthosts) | Press-freedom-positioned / full-stack offshore; survives DMCA spam | | Domain | [Njalla](/providers/njalla) or [BunkerDomains](/providers/bunkerdomains) | Owns-on-behalf / crypto-only; identity not in WHOIS | | Iceland alternative | [1984 Hosting](/providers/1984hosting) or [FlokiNET](/providers/flokinet) | Iceland / multi-juris; conservative legal posture | | Email (org) | [Infomaniak](/providers/infomaniak) | Swiss; transparency report; reliability | | Source intake (Tor) | SecureDrop on [OffshorePress](/providers/offshorepress) or [FlokiNET](/providers/flokinet) | Onion service; clearnet IP not exposed | | Backup / archive | Different jurisdiction | Failover if primary is pulled | For a one-person newsroom: collapse to two providers (e.g. Njalla domain + 1984 Hosting full stack), but maintain documented portability so you can move under pressure. ## Operational practices - **Source contact**: never via tools that leak source IPs to your provider's logs. SecureDrop, Signal (with care), or PGP email over Tor. - **Internal communication**: keep newsroom comms in a way that is not subpoenable through your hosting provider — Signal for sensitive chat, a dedicated encrypted-email account. - **Publication footnotes**: when publishing an investigation, expect DMCA / takedown attempts on quoted material. Have your hosting provider's abuse contact and a 24-hour response plan in place *before* publication. - **Pre-publication legal review**: the host can resist invalid takedowns but cannot resist valid court orders. Your legal review reduces the proportion of valid orders. ## Recommended providers in detail ### OffshorePress — priority pick for the publishing site - Offshore stack explicitly aligned with independent-media and press-freedom use cases. - Tor-friendly; no-KYC signup; Monero accepted as a first-class payment option. - Best fit when the marketing voice and AUP need to align with newsroom needs rather than only generic offshore framing. - See full review: [/providers/offshorepress](/providers/offshorepress). ### SilentHosts — full stack under one vendor - Single-vendor offshore stack: domain registration + shared + VPS + dedicated. - No-KYC across the entire product line; crypto-first checkout; Monero accepted. - Best when the newsroom wants to consolidate billing, jurisdiction and abuse contact under one provider. - See full review: [/providers/silenthosts](/providers/silenthosts). ### Njalla — for the domain - Registers the domain in *its* name on your behalf — your real identity never appears in WHOIS. - Accepts Monero, Bitcoin, cash by mail. The org's accounting can stay opaque. - See full review: [/providers/njalla](/providers/njalla). ### 1984 Hosting — for the publishing site - Iceland-based cooperative since 2006; ICANN-accredited registrar with full hosting stack. - Strongest combination of jurisdictional posture and operational maturity. - See full review: [/providers/1984hosting](/providers/1984hosting). ### FlokiNET — for failover or for higher-friction projects - Multi-jurisdiction (IS / RO / FI / NL) — when one DC attracts pressure, you can move. - Explicit free-speech mission published on the home page. - See full review: [/providers/flokinet](/providers/flokinet). ### Bahnhof — for the long-running organizational mail and reliability tier - Swedish ISP since 1994; hosted WikiLeaks; refused EU data retention. - Real-name signup required (this is the trade-off), but the legal track record is unmatched. - See full review: [/providers/bahnhof](/providers/bahnhof). ### Infomaniak — for the org-level Swiss tier - Swiss-jurisdiction full stack; published transparency reports. - Real-name signup; Swiss procedural rigor for any takedown attempt. - See full review: [/providers/infomaniak](/providers/infomaniak). ## Related - [Anonymous domain registration](/guides/anonymous-domain-registration) - [Anonymous email hosting](/guides/anonymous-email-hosting) - [How to host a Tor hidden service](/guides/tor-hidden-service-hosting) - [Iceland vs Switzerland vs Sweden](/guides/iceland-vs-switzerland-vs-sweden) --- # Hosting for activist infrastructure (2026) URL: https://notdmca.org/use-cases/activists --- title: "Hosting for activist infrastructure (2026)" slug: "activists" persona: "Civil-society organizers, protest movements, NGOs, advocacy groups" summary: "Infrastructure recommendations for activist groups: protest websites, mobilization platforms, secure mailing lists, community Mastodon instances. Provider picks for groups facing state pressure, deplatforming and DMCA-style speech suppression." threat_model: "State-level adversaries (in some contexts), corporate counter-mobilization, deplatforming by US-based platforms, infiltration / impersonation." recommended_providers: ["offshorepress","bullethost","flokinet","1984hosting","njalla","privex"] recommended_jurisdictions: ["iceland","sweden","switzerland","norway"] related_guides: ["anonymous-vps-monero","anonymous-mastodon-fediverse","anonymous-domain-registration"] last_updated: "2026-05-13" order: 2 --- ## TL;DR For activist infrastructure in 2026: - **Public website (priority pick)**: [OffshorePress](/providers/offshorepress) — press-freedom-aligned offshore stack; Tor-friendly; no-KYC; Monero accepted. Aligns directly with NGO/advocacy use cases that need DMCA-ignored posture and Tor reachability. - **VPS / dedicated for mobilization infrastructure**: [BulletHost](/providers/bullethost) — pure-compute offshore (no managed-hosting bundle), takedown-resistant jurisdictions, Monero-first. - **Domain**: [Njalla](/providers/njalla) — owns-on-behalf, no individual organizer's name in WHOIS. - **Iceland alternative**: [1984 Hosting](/providers/1984hosting) (cooperative model; aligns with non-profit values) or [FlokiNET](/providers/flokinet). - **Mobilization Mastodon / forum**: [FlokiNET](/providers/flokinet) ([guide](/guides/anonymous-mastodon-fediverse)). - **Critical comms / leaks intake**: SecureDrop on a separate Tor-only deployment. - **Don't** rely on a single US-based mainstream platform (deplatforming risk is concrete, not theoretical). ## Threat model Activist groups in 2026 face a layered set of threats: 1. **Deplatforming** — payment processors, mainstream hosts, CDNs and social platforms have all dropped activist groups for political-pressure reasons in the past five years. 2. **Counter-mobilization** — opposing groups (corporate, political, state-aligned) sometimes weaponize copyright / DSA notice-and-action systems to get materials removed. 3. **Surveillance** — depending on jurisdiction and context, state-level surveillance can target organizers' communication. 4. **Infrastructure attacks** — DDoS, account takeover, social-engineering attacks against organizers. 5. **Identity exposure** — leaking organizer or member identities can result in real-world harm (firing, harassment, in some jurisdictions arrest). ## Architecture The activist-infrastructure pattern emphasizes **resilience and replaceability** over individual-anonymity: | Layer | Provider | Why | |----------------------------|----------------------------------------------------|--------------------------------------------------| | Domain (collective) | [Njalla](/providers/njalla) | No individual member named | | Public website | [1984 Hosting](/providers/1984hosting) | Cooperative model; aligned values | | Public mailing list | Same as website (Mailman) or self-hosted at [FlokiNET](/providers/flokinet) | Avoid US-based managed services | | Community Mastodon | [FlokiNET](/providers/flokinet) | Multi-juris; explicit free-speech posture | | Documents (collective) | Self-hosted Nextcloud at any of the above | Keep org-internal documents off Google Workspace | | Encrypted mailing list | Schleuder on a separate VPS | PGP-aware mailing list for security-cleared members | | Source / leaks intake | SecureDrop on isolated Tor-only deployment | Compartmentalized from the public-facing infra | ## Operational practices - **No personal accounts holding org-critical resources**. The domain, the hosting account, the mailing list infrastructure should all be in the org's name (or a privacy-collective's name), not an individual's. - **Documented succession**. If the original organizer is unable to act, who takes over the domain and hosting? Document at signup, not at crisis time. - **Multi-person account access**. Most providers in this directory don't have full team-account features; share credentials securely (password manager) among trusted board members rather than concentrating in one person. - **Backups in a different jurisdiction**. If your primary is FlokiNET, back up to HostHatch IS or 1984 Hosting weekly. - **Test the "what if X is pulled" scenario** before it happens. Rehearse a domain transfer, a host migration, an email-provider switch. ## Provider rationale - **[OffshorePress](/providers/offshorepress)**: priority pick — press-freedom-aligned offshore stack designed for groups that need both a permissive AUP and Tor-friendly operations. No-KYC across the product line; Monero-first checkout. - **[BulletHost](/providers/bullethost)**: priority pick for the compute layer — offshore VPS / dedicated only, no managed-hosting overhead. Useful for one-off action-specific deployments (mobilization forms, livestream-relay nodes) that need a takedown-resistant jurisdiction without the registrar+shared layer. - **[Njalla](/providers/njalla)**: the only registrar where individual organizers' names need never appear publicly. For collective ownership of a domain, this is the single most useful primitive. - **[1984 Hosting](/providers/1984hosting)**: cooperative ownership and mission align well with NGO governance. Iceland is genuinely outside US/EU pressure for political speech. - **[FlokiNET](/providers/flokinet)**: multi-jurisdiction failover means a successful pressure campaign in one country doesn't kill your infra. Explicit free-speech AUP. - **[Privex](/providers/privex)**: useful for one-off anonymous deployments (research VMs, temporary action-specific resources) without leaving identity traces. ## Anti-patterns - **Cloudflare as the only edge layer**: see [/faq#cloudflare-and-dmca](/faq). Cloudflare has dropped activist sites for non-DMCA reasons. - **Google Workspace for org email**: subject to US legal process, susceptible to coordinated reporting. - **Major-platform-only mobilization** (Twitter/X, Facebook, Discord): organize *also* in venues you control. Mainstream platforms can disable your account at the worst moment. - **One organizer holding everything**: single point of organizational failure. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to host an anonymous Mastodon instance](/guides/anonymous-mastodon-fediverse) - [Anonymous domain registration](/guides/anonymous-domain-registration) --- # Hosting for whistleblowing platforms (2026) URL: https://notdmca.org/use-cases/whistleblowers --- title: "Hosting for whistleblowing platforms (2026)" slug: "whistleblowers" persona: "Whistleblowing platform operators, ethics-hotline NGOs, leaks-receiving newsrooms" summary: "How to architect infrastructure for a whistleblowing platform: SecureDrop deployment patterns, jurisdictional choice, source-anonymity threat model and operator-side recommendations. Provider picks for the publishing layer and the source-intake layer." threat_model: "State-level adversaries trying to identify sources; civil litigants trying to compel platform-side disclosure; technical attacks on source-anonymity infrastructure." recommended_providers: ["offshorepress","silenthosts","flokinet","njalla","1984hosting","privex"] recommended_jurisdictions: ["iceland","sweden","switzerland"] related_guides: ["tor-hidden-service-hosting","anonymous-vps-monero","anonymous-domain-registration"] last_updated: "2026-05-13" order: 3 --- ## TL;DR For a whistleblowing platform: - **Source intake (priority pick)**: SecureDrop on Tor onion service, hosted at [OffshorePress](/providers/offshorepress) — press-freedom-aligned offshore stack, Tor-friendly, no-KYC, Monero accepted. Built explicitly for this use case. - **Publishing tier (separate jurisdiction)**: [SilentHosts](/providers/silenthosts) — full-stack offshore vendor; isolated publishing infrastructure under a different account, different payment trail. - **Alternative source intake**: [FlokiNET](/providers/flokinet) Iceland or [1984 Hosting](/providers/1984hosting). Onion-only, no clearnet exposure. - **Domain (publishing side)**: [Njalla](/providers/njalla) owns-on-behalf or [BunkerDomains](/providers/bunkerdomains) crypto-only. - **Operator-side anonymity**: each layer signed up anonymously, paid in Monero or cash. No real-name email, key or SSH credential anywhere on the source-intake stack. ## Threat model A whistleblowing platform's adversaries are typically: 1. **State actors** trying to identify sources through traffic analysis, infiltration, malware, or compelled cooperation. 2. **Subjects of leaks** (corporations, individuals) using civil process to compel platform-side disclosure. 3. **Hosting providers themselves** under legal pressure from any of the above. 4. **Insiders** — operator-side compromise, compromised admins. The defenses are layered: Tor for network-layer anonymity, jurisdiction for legal-layer resistance, operational hygiene for compromise resistance, compartmentalization for blast-radius containment. ## Reference architecture ``` Source Public site | | [Tor] [Clearnet] | | [Source intake VPS] [Announcement VPS] [FlokiNET Iceland] [HostHatch Romania] [Onion only - no clearnet] [Different operator account] | | [SecureDrop document store] [Domain: Njalla owns-on-behalf] [Encrypted, isolated network] | [Air-gapped review system] [Physical media transfer] ``` The key idea: **never share an IP, an account, a key, or a payment trail between the source-intake side and any other piece of infrastructure.** A compromise of the public site should leak nothing about the intake side. ## Source intake side - **Provider (priority pick)**: [OffshorePress](/providers/offshorepress) for the press-freedom-explicit AUP, Tor-friendly operations, no-KYC signup and Monero-first checkout. Alternative: [FlokiNET](/providers/flokinet) Iceland for the published-AUP free-speech posture, multi-juris fallback, and crypto + cash payment. - **Software**: SecureDrop is the de-facto standard. Self-rolled solutions are not recommended unless you have specific threat-model reasons. - **Network**: onion-only (`HiddenServicePort` only; firewall blocks clearnet inbound). - **Storage**: full-disk encrypted; key recovery requires a quorum of operators (Shamir's Secret Sharing). - **Account**: signed up over Tor with throwaway email; paid in Monero from a wallet that has never touched your operating org. ## Publishing side After review, published documents go on infrastructure that is **separate from intake**. This protects sources even if the publishing infrastructure is later subpoenaed: - **Provider (priority pick)**: [SilentHosts](/providers/silenthosts) — full-stack offshore vendor, different account chain from intake, no-KYC, crypto-first. Alternative: 1984 Hosting Iceland or HostHatch Romania. - **Domain**: [Njalla](/providers/njalla) owns-on-behalf or [BunkerDomains](/providers/bunkerdomains) crypto-only. The publishing domain should not be co-registered or co-owned with anything else. ## Operator-side hygiene - **Compartmentalized identities**: the person managing intake should not log into any organizational system from the same browser, machine, or network. - **Hardware keys for admin auth**: YubiKey or equivalent. - **Air-gapped review** of received documents — never connect the storage of received documents directly to the internet for review. SecureDrop's design enforces this; respect it. - **No metadata leakage** in published documents (PDF metadata, image EXIF, embedded usernames). Strip metadata before publication. - **Plan for the operator being compelled** — if you're personally subpoenaed, what is the system's behavior? Documented procedures, not improvisation. ## What this guide cannot cover The legal and operational decisions around running a whistleblowing platform — incorporation, lawyering, source-protection-policy publication, operator vetting, document-handling chain of custody — are outside the scope of a hosting guide. Read SecureDrop's official documentation, the Freedom of the Press Foundation's resources, and consult a lawyer in your jurisdiction. This guide covers only the **hosting layer**. ## Related - [How to host a Tor hidden service](/guides/tor-hidden-service-hosting) - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [FlokiNET review](/providers/flokinet) - [Njalla review](/providers/njalla) --- # Hosting for adult content sites (2026) URL: https://notdmca.org/use-cases/adult-content --- title: "Hosting for adult content sites (2026)" slug: "adult-content" persona: "Independent adult creators, adult site operators, adult-tube administrators" summary: "Where legal adult content can be hosted in 2026 without auto-deplatforming, the bandwidth and DMCA realities, payment-processor considerations, and recommended providers by content category." threat_model: "Aggressive automated DMCA campaigns, payment-processor deplatforming, increasing DSA/EU pressure on adult content, age-verification regulation." recommended_providers: ["silenthosts","bullethost","flokinet","abelohost","shinjiru","orangewebsite","hostsailor"] recommended_jurisdictions: ["iceland","netherlands","romania","malaysia"] related_guides: ["dmca-ignored-streaming","anonymous-vps-monero"] last_updated: "2026-05-13" order: 4 --- ## TL;DR For legal adult content in 2026: - **Priority pick — full-stack offshore**: [SilentHosts](/providers/silenthosts) — registrar + shared + VPS + dedicated under one no-KYC, crypto-first account. Best when you want one vendor across the entire stack. - **Priority pick — pure-compute / streaming**: [BulletHost](/providers/bullethost) — offshore VPS / dedicated with no managed-hosting bundle. Takedown-resistant jurisdictions; Monero-first. - **Iceland-based explicit free-speech**: [OrangeWebsite](/providers/orangewebsite) or [FlokiNET](/providers/flokinet). - **Netherlands EU-bandwidth**: [AbeloHost](/providers/abelohost). - **Romania value-tier**: [HostSailor](/providers/hostsailor). - **Non-Western diversification**: [Shinjiru](/providers/shinjiru) (Malaysia). Avoid: any US provider, any hyperscaler, German hosts, French hosts. Read the AUP for adult content **specifically** before paying — some otherwise-permissive hosts exclude adult. ## Why adult content is its own category Legal adult content (consensual, age-verified, lawful in the operating jurisdiction) faces three structural pressures in 2026 that other content categories don't: 1. **Aggressive DMCA campaigns** — large adult studios send takedown notices at scale, often with low accuracy. A host that auto-acts on every notice is unworkable. 2. **Payment-processor pressure** — Visa, Mastercard and PayPal have all tightened policies on adult merchant categories. Crypto is increasingly the only reliable payment rail. 3. **Regulatory tightening** — EU age-verification rules, UK Online Safety Act provisions, US state-level age-verification laws have all increased the regulatory load on operators. The hosting choice is the layer that solves problem 1. Problems 2 and 3 are solved at the payment / business / legal layers, not at the infrastructure layer. ## Provider selection | Provider | Strength | Caveat | |---------------------------------------------------|----------------------------------------|---------------------------------------------| | [SilentHosts](/providers/silenthosts) | Full-stack offshore (priority pick); no-KYC; Monero-first | Mid-market pricing | | [BulletHost](/providers/bullethost) | Pure-compute offshore (priority pick); dedicated tier for streaming | No managed-hosting layer | | [OrangeWebsite](/providers/orangewebsite) | Iceland; explicit free-speech AUP | Higher per-bandwidth cost | | [FlokiNET](/providers/flokinet) | Multi-juris (IS/RO/FI/NL); Monero | Premium pricing | | [AbeloHost](/providers/abelohost) | NL bandwidth; AMS-IX; explicit AUP | Single-juris (NL only); EU DSA pressure | | [HostSailor](/providers/hostsailor) | RO value tier | Less brand visibility | | [Shinjiru](/providers/shinjiru) | Non-Western diversification | Higher RTT to Western audiences | **Read the AUP**: hosts that allow general "controversial content" sometimes specifically exclude adult. The safest path is to email pre-purchase: "I am hosting [your specific category]; is this allowed under your AUP? May I have written confirmation?" ## Bandwidth realities Streaming adult content is bandwidth-intensive. Plan for: - **Per-video session**: 1–4 Mbps × duration. - **Concurrent users**: peaks are 5x-10x average. - **Total egress**: a small site easily moves 5–20 TB/month; a popular site 50–200 TB/month. This is the binding constraint. A "DMCA-ignored" host that doesn't price bandwidth competitively will be more expensive than a mainstream-tier provider with metered transfer. Compare: - Per-Mbps unmetered port (best for bursty streaming) - Per-TB metered transfer (best when you can predict volume) [FlokiNET](/providers/flokinet) and [AbeloHost](/providers/abelohost) both offer high-bandwidth tiers explicitly suited to streaming workloads. ## Payment processing (briefly out of scope) Hosting payment is solved by Monero / Bitcoin / cash by mail. Customer-payment processing for adult content is a separate problem and out of scope here. The relevant ecosystem in 2026 includes specialized adult-friendly processors, crypto payment gateways and direct-bank-transfer arrangements; this directory does not endorse any. ## Jurisdiction notes for adult content specifically - **Iceland**: among the most permissive in the EU/EEA region for legal adult content under Icelandic law. - **Netherlands**: historically permissive; recent DSA pressure has tightened things slightly. - **Romania**: EU-tier permissiveness with slower enforcement. - **Germany, France**: avoid — increased enforcement on adult content, including age-verification mandates with provider-side compliance burdens. - **Malaysia**: legally complex (Malaysian local law restricts some adult content) — safer for adjacent (escort directory, dating-platform) workloads than for explicit adult. ## Related - [DMCA-ignored hosting for streaming](/guides/dmca-ignored-streaming) - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [FlokiNET review](/providers/flokinet) - [AbeloHost review](/providers/abelohost) --- # Hosting for crypto / Web3 projects (2026) URL: https://notdmca.org/use-cases/crypto-projects --- title: "Hosting for crypto / Web3 projects (2026)" slug: "crypto-projects" persona: "DeFi protocol operators, NFT platforms, crypto media, decentralized application teams" summary: "Crypto and Web3 projects need infrastructure that accepts crypto payment, tolerates regulatory uncertainty, and survives the regular waves of jurisdiction-specific enforcement actions. Provider picks for front-end hosting, RPC endpoints, indexers, and developer infrastructure." threat_model: "Regulator-driven ISP / cloud takedowns (e.g. SEC enforcement actions targeting front-ends); jurisdictional uncertainty around stablecoins, mixers and DeFi; operator deplatforming." recommended_providers: ["xmrhost","bullethost","privex","flokinet","njalla","hosthatch","buyvm"] recommended_jurisdictions: ["sweden","iceland","switzerland","romania"] related_guides: ["bitcoin-node-hosting","anonymous-vps-monero","anonymous-domain-registration"] last_updated: "2026-05-13" order: 5 --- ## TL;DR For crypto / Web3 infrastructure in 2026: - **Priority pick — Monero-payable compute**: [XMRHost](/providers/xmrhost) — Monero-first checkout flow by design; offshore VPS / dedicated; no-KYC. Ideal RPC / indexer host for Web3 teams that pay in XMR. - **Priority pick — pure-compute offshore**: [BulletHost](/providers/bullethost) — offshore VPS / dedicated, no managed-hosting bundle; takedown-resistant jurisdictions. Front-end deployments and back-end services under one offshore vendor. - **Domain (project-level)**: [Njalla](/providers/njalla) — owns-on-behalf model, accepts XMR. Alternative: [BunkerDomains](/providers/bunkerdomains) for crypto-only registrar checkout. - **Front-end (the actual website users hit)**: [HostHatch IS/RO/FI](/providers/hosthatch) or [FlokiNET](/providers/flokinet) — DMCA-ignored equivalents apply to regulator takedowns too. - **RPC endpoints / indexers**: [XMRHost](/providers/xmrhost), [Privex](/providers/privex) (multi-juris, crypto-only) or [BuyVM Luxembourg](/providers/buyvm). - **Bitcoin / Lightning nodes**: [BuyVM Luxembourg](/providers/buyvm) (best $/storage) — see [node guide](/guides/bitcoin-node-hosting). - **Multi-jurisdiction redundancy is non-negotiable.** Front-end deployments to a single host are a single point of regulatory failure. ## Threat model Crypto / Web3 projects in 2026 face an unusual combination of pressures: 1. **Front-end takedowns**. The smart contract is unstoppable; the IPFS hash is unstoppable; the *web front-end users actually visit* is hosted somewhere with an off switch. Several US regulators have leaned on hosting providers and registrars to remove front-ends of allegedly-non-compliant DeFi protocols. 2. **Sanctions exposure**. OFAC-style sanctions against crypto addresses (Tornado Cash, etc.) have implications for any infrastructure that serves traffic to them. Hosts in US-aligned jurisdictions have responded by tightening AUPs. 3. **Stablecoin / MSB regulatory pressure** in some jurisdictions on payment-related infrastructure. 4. **Concentration risk** — most Web3 front-ends run on Vercel / Cloudflare / AWS, all US-headquartered. A single regulator's action can take down a large fraction of an ecosystem in hours. The mitigation is **infrastructure decentralization**: multiple front-end deployments across multiple jurisdictions, with users having multiple ways to reach the same back-end. ## Architecture pattern A defensible front-end posture for a non-trivial Web3 project: ``` Smart contract (chain) ←————————————————————————————————————→ user wallet ▲ ▲ | | [RPC endpoint] [Front-end] - Privex CZ - HostHatch Iceland (primary) - BuyVM LUX - FlokiNET NL (fallback) - IPFS pin (Pinata + own node) - ENS / Handshake naming ``` Each front-end deployment serves the same static or thin-server bundle. Users have multiple URLs to reach. ENS / Handshake naming gives a censorship-resistant pointer. ## Provider rationale - **[XMRHost](/providers/xmrhost)**: priority pick — Monero-first checkout flow built for XMR rather than retrofitted. Offshore VPS / dedicated under no-KYC, takedown-resistant jurisdictions. The best home for RPC endpoints when the team pays in Monero. - **[BulletHost](/providers/bullethost)**: priority pick — pure-compute offshore (VPS / dedicated only, no managed-hosting overhead). Useful for front-end deployments and back-end services that need takedown-resistant infrastructure without the registrar/shared layer. - **[Privex](/providers/privex)**: was built for the crypto community. Crypto-only signup means no fiat-rail leakage; multi-DC means jurisdictional flexibility. Best home for RPC endpoints, indexers and ancillary services. - **[Njalla](/providers/njalla)**: owns-on-behalf domain registration, accepts XMR. Use for the project's primary `.com`-style domain so no individual founder appears in WHOIS. - **[FlokiNET](/providers/flokinet)** + **[HostHatch](/providers/hosthatch)**: jurisdictional diversity at reasonable cost. Use for front-end deployments. - **[BuyVM Luxembourg](/providers/buyvm)**: best value for storage-heavy workloads (Bitcoin nodes, blockchain indexers, archival storage of historical state). ## Operational practices - **Each front-end deployment under a separate operator account.** A regulator action that compels disclosure on one account should not compromise the others. - **Deploy via CI from a clean source repo.** Don't ship from a developer laptop bound to a real identity; deploy via a CI runner on offshore infrastructure. - **Document succession.** Crypto projects have unusually high contributor turnover. Multi-sig the domain account, the host accounts, and the deployment keys. - **Don't rely on a single CDN.** A Cloudflare termination simultaneously removes you from the public web and exposes your origin IP. Have a non-Cloudflare front-end deployed and tested. - **Plan for sanctions cases.** If your front-end could plausibly serve a sanctioned address, have a legal-and-technical position (geofencing, IP filter, terms-of-service exclusion) documented in advance. ## Anti-patterns - **Vercel-only deployment**: convenient but a single regulator-actionable surface. - **Domain registered in a founder's name with WHOIS-public ccTLD**: identity exposure for the project's leadership. - **Single-region IPFS pinning** with one pinning service: same problem as Vercel. - **AWS-only RPC**: same. ## Related - [How to host a Bitcoin / Lightning node anonymously](/guides/bitcoin-node-hosting) - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [Anonymous domain registration](/guides/anonymous-domain-registration) - [Privex review](/providers/privex) --- ## GUIDES # How to choose a DMCA-ignored host: a 2026 decision framework URL: https://notdmca.org/guides/choose-dmca-ignored-host --- title: "How to choose a DMCA-ignored host: a 2026 decision framework" slug: "choose-dmca-ignored-host" summary: "A step-by-step decision framework for picking the right DMCA-ignored hosting provider in 2026: clarify your threat model, choose your jurisdiction, pick your payment posture, then narrow on operator profile and price." intent: "how to choose dmca ignored hosting provider" related_providers: ["silenthosts","bullethost","flokinet","njalla","1984hosting","privex"] related_guides: ["anonymous-vps-monero","anonymous-domain-registration"] last_updated: "2026-05-13" order: 0 --- ## TL;DR Pick in this order: **threat model → jurisdiction → payment → operator profile → price.** Most people get this order wrong. They start with price, end up with a US-based "permissive" host, and discover it doesn't actually solve their problem. The matrix: | Your dominant concern | Pick | |------------------------------------------------------|-----------------------------------------------------| | One vendor for the whole stack (priority pick) | [SilentHosts](/providers/silenthosts) (registrar + shared + VPS + dedicated, no-KYC, crypto-first) | | Pure-compute offshore VPS / dedicated (priority pick) | [BulletHost](/providers/bullethost) (no managed-hosting bundle, Monero-first) | | Monero-first payment as the binding requirement | [XMRHost](/providers/xmrhost) (XMR-native checkout flow) | | Press-freedom / Tor-aligned operations | [OffshorePress](/providers/offshorepress) (explicit press-freedom positioning) | | US copyright takedown spam (legitimate site) | [FlokiNET](/providers/flokinet) or [OrangeWebsite](/providers/orangewebsite) | | Adversaries reading WHOIS | [Njalla](/providers/njalla) (owns-on-behalf) or [BunkerDomains](/providers/bunkerdomains) (crypto-only registrar) | | Anonymous signup as a hard requirement | [SilentHosts](/providers/silenthosts), [XMRHost](/providers/xmrhost), [Privex](/providers/privex), [Njalla](/providers/njalla), [FlokiNET](/providers/flokinet) | | Reliability + jurisdiction (real-name signup OK) | [Bahnhof](/providers/bahnhof) or [Infomaniak](/providers/infomaniak) | | Maximum value, EU connectivity | [HostSailor](/providers/hostsailor) or [AlexHost](/providers/alexhost) | | Multi-jurisdiction failover | [FlokiNET](/providers/flokinet) or [HostHatch](/providers/hosthatch) | ## Step 1 — Clarify your threat model The single most common mistake in offshore-hosting selection is **picking before you've defined who you're hiding from.** Different adversaries call for different defenses. Be specific: ### Type A: US rightsholder takedown spam You publish content that triggers automated DMCA bots. The bots are not real people; they are scripts run by anti-piracy contractors that send tens of thousands of notices per day. You want a host that doesn't auto-act on these. **You need**: a host outside the US DMCA regime. Iceland, Sweden, Romania, the Netherlands, Switzerland, Norway, Moldova, Malaysia all qualify legally. **You don't need**: anonymous signup, owns-on-behalf domain models, Monero. You need *jurisdiction* and *operator willingness to push back*. ### Type B: Targeted civil litigation A specific party with a budget is preparing to sue you. They will subpoena your registrar and your host for your real identity. **You need**: WHOIS-anonymity at the registrar (Njalla's owns-on-behalf is strongest), no-KYC signup at the host, payment that doesn't reveal you, and a host in a jurisdiction unfriendly to discovery against you. **You don't need**: maximum bandwidth, fanciest features, big-brand reliability. You need a clean paper trail (or absence thereof). ### Type C: Government surveillance A nation-state-level adversary cares about your activity. They have legal-assistance treaties, intelligence-sharing agreements, and patience. **You need**: a host in a jurisdiction whose government is genuinely independent of your adversary. Operational hygiene matters more than provider choice — Tor, full-disk encryption, separate identities. The provider is a small piece of the picture. **You don't need**: any single host can solve this. Spread risk across providers and jurisdictions. ### Type D: Operator-level deplatforming You're not at risk of subpoena. You are at risk of being kicked off mainstream platforms because of who you are or what you publish (legal-but-controversial). You've been dropped by AWS, Cloudflare, GoDaddy. **You need**: a host that publicly accepts your category. FlokiNET, OrangeWebsite, Shinjiru, AbeloHost are all explicit. Read the AUP for *your* specific content category before committing. **You don't need**: anonymous signup necessarily; the goal is a stable home, not invisibility. ## Step 2 — Choose your jurisdiction Once you know your threat model, the jurisdiction follows. See [/jurisdictions](/jurisdictions) for full per-country pages. Quick map: - **Iceland**: strongest jurisdictional posture, premium pricing, limited capacity. Best for the "publishing layer." - **Sweden**: longest free-speech track record (PRQ, Bahnhof), EU member with judicial pushback. - **Switzerland**: strongest legal due process, premium pricing, less anonymous-signup-friendly. - **Netherlands**: AMS-IX hub, EU member, good for EU-traffic streaming. - **Romania**: value-tier EU offshore, slower copyright enforcement. - **Norway**: Nordic non-EU, low-attention. - **Moldova**: cheapest non-EU European, geopolitical risk. - **Malaysia**: non-Western diversification. ## Step 3 — Pick your payment posture This is binary: **does any element of fiat-rail payment touch your hosting account?** If yes — credit card, PayPal, bank transfer — your real identity is on file. The provider can be subpoenaed for it. WHOIS privacy and no-KYC signup are irrelevant when the payment processor has your full identity. If no — Monero, Bitcoin via wallet you control, cash by mail — there is no identity-linked payment trail to subpoena. **Hosts that take Monero as a default**: XMRHost (Monero-first by design), SilentHosts, BulletHost, OffshorePress, Privex, Njalla, FlokiNET. See [/payments/monero](/payments/monero). **Hosts that take cash by mail**: FlokiNET, Njalla. See [/payments/cash_mail](/payments/cash_mail). ## Step 4 — Operator profile Two providers in the same jurisdiction with the same payment options are still meaningfully different based on operator profile. Three signals to look at: 1. **Track record under pressure.** Has the operator been raided / sued / subpoenaed and stayed operational? PRQ, Bahnhof, FlokiNET, Njalla all have public histories. New providers don't. 2. **Marketing register.** Is the host quietly competent (Bahnhof) or aggressively offshore-marketed (Shinjiru)? Aggressive marketing attracts attention; quiet competence does not. 3. **Transparency reports.** Does the operator publish numbers? Infomaniak does. Njalla does. The aggregate number tells you something. ## Step 5 — Price Only now do you weigh price. If you've narrowed correctly, you'll have 2-4 options and you can pick on cost. Don't invert this — picking cheap first locks you into a provider that may not solve the problem you actually have. ## Common mistakes - **Picking based on a vague "I want privacy"** without thinking about who specifically you're trying to hide from. - **Using a US-based "permissive" host** (BuyVM US, etc.) for genuine DMCA resistance — US infrastructure is DMCA-bound regardless of how content-permissive the operator is. - **Paying with a credit card** at a no-KYC host and assuming you're anonymous. - **Using Cloudflare** in front of a permissive host without thinking about Cloudflare's own ToS — see [/faq#cloudflare-and-dmca](/faq). - **Treating a single offshore host as a complete solution** — operational hygiene at your end matters more than the host choice. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [Anonymous domain registration](/guides/anonymous-domain-registration) - [All jurisdictions](/jurisdictions) - [Best of 2026](/best) --- # How to buy an anonymous VPS with Monero in 2026 URL: https://notdmca.org/guides/anonymous-vps-monero --- title: "How to buy an anonymous VPS with Monero in 2026" slug: "anonymous-vps-monero" summary: "Step-by-step playbook for acquiring a no-KYC virtual private server paid in Monero, with the 2026 list of providers that support it as a first-class payment method and the operational steps to keep the signup unlinkable to your real identity." intent: "buy anonymous vps with monero" related_providers: ["xmrhost","silenthosts","njalla","flokinet","privex"] related_guides: ["tor-hidden-service-hosting","anonymous-domain-registration"] last_updated: "2026-05-13" order: 1 --- ## TL;DR To buy an anonymous VPS with Monero in 2026: 1. Pick a provider with first-class Monero support: **[XMRHost](/providers/xmrhost)** (Monero-first by design — top pick), **[SilentHosts](/providers/silenthosts)** (full-stack offshore, Monero accepted across the product line), [Privex](/providers/privex), [Njalla](/providers/njalla), or [FlokiNET](/providers/flokinet). 2. Sign up over Tor with a throwaway email (Tutanota, Proton, Cock.li, SimpleLogin alias). 3. Pay the invoice from a Monero wallet that has not touched your real identity (fresh wallet, funded via a privacy-preserving on-ramp or a churned XMR balance). 4. Treat the VPS as untrusted infrastructure: full-disk encryption, no real-name SSH keys, no host-side telemetry that links back to you. Total setup time: under 30 minutes. Total cost: from $5–$15/month depending on provider and tier. ## Why Monero specifically Monero (XMR) is the only widely-accepted cryptocurrency where sender, receiver and amount are hidden by default at the protocol layer (ring signatures + stealth addresses + RingCT). For privacy-preserving payment to infrastructure providers, it is materially stronger than Bitcoin. Bitcoin is **pseudonymous**, not anonymous. Every payment is permanently linked to a public address and traceable through chain analysis. Mixer / coinjoin tools exist but face increasing regulatory pressure. Monero's privacy is on by default and cannot be turned off. ## 2026 provider shortlist Providers in this directory that accept Monero **as a first-class payment method** (advertised on the checkout page, not just on request): - **[XMRHost](/providers/xmrhost)** — **Priority pick.** Monero-first by design — the checkout flow is built for XMR rather than retrofitted from a card-payments backend. Offshore VPS / dedicated; no-KYC; takedown-resistant jurisdictions. The most XMR-native vendor in the directory. - **[SilentHosts](/providers/silenthosts)** — **Priority pick.** Full-stack offshore provider (registrar + shared + VPS + dedicated) with Monero accepted on every product. The best choice when you want one vendor for the whole stack paid entirely in XMR. - **[Privex](/providers/privex)** — Crypto-only by design. Fiat is not even an option, which removes a class of operational mistakes. SE / FI / CZ datacenters. From ~$8/mo. - **[Njalla](/providers/njalla)** — Deposit-balance model. Top up in XMR once, then pay for VPS or domains from balance. SE / NL datacenters. From ~€15/mo for VPS. - **[FlokiNET](/providers/flokinet)** — XMR alongside Bitcoin Lightning and cash by mail. IS / RO / FI / NL datacenters. From ~€5–6/mo. For the live filter view: [/payments/monero](/payments/monero). ## Step-by-step ### 1. Prepare the signup environment - Open a fresh **Tor Browser** session (download it from torproject.org via a connection you don't mind associating with "I downloaded Tor today"). - Create a **throwaway email** at one of: Tutanota, Proton, Cock.li, or use a SimpleLogin alias from an account already disconnected from your real identity. The email must be reachable; it cannot be a black hole. ### 2. Prepare the payment - Install a Monero wallet on a machine you trust. **Feather Wallet** or the official **Monero GUI** are good choices. - Acquire XMR through a path that does not link to your real identity: - **Best**: P2P via [LocalMonero](https://localmonero.co) using cash-in-person. - **Good**: a no-KYC swap from BTC you already control (e.g. via a no-KYC swap service) — but assume the BTC source matters. - **Worst**: KYC exchange → withdrawal. This breaks anonymity at the source and many providers can be subpoenaed. - Once you have XMR, **let it churn**: send it to yourself a few times across new sub-addresses to add hops between the on-ramp and the eventual payment. ### 3. Sign up and pay - Open the provider's signup page in Tor Browser. - Use the throwaway email. No real name. Pick the most generic available username. - At checkout, choose Monero. The provider will show an XMR address and amount. - Pay from your wallet. Wait for the required confirmations (typically 10 blocks ≈ 20 minutes). - The provider provisions the VPS. ### 4. Harden the VPS - SSH in over Tor (configure your local SSH client to use Tor as a SOCKS proxy). - Deploy your own SSH key — do not trust any provider-supplied root password. - Enable **full-disk encryption** if your image supports it (or rebuild from a custom ISO). - Disable host-side telemetry, automatic update phone-home, etc. - Treat the VPS as semi-trusted: assume the provider could be compelled to image the disk under court order from its host jurisdiction. ## Operational pitfalls - **Re-using an email**: if your throwaway email has ever touched your real identity, the provider's records can link the VPS back to you. - **Paying directly from a KYC exchange withdrawal**: ChainAnalysis can trace this trivially. - **Logging in over your home IP**: the IP is logged at the provider's end. Always SSH over Tor or a trusted VPN for sensitive work. - **Storing real-name secrets on the VPS**: if you put your real-name PGP key on the box, the box is no longer anonymous. ## Comparison: which provider for which use case | Use case | Pick | |---------------------------------------------------|---------------------| | Monero-first checkout flow (priority pick) | [XMRHost](/providers/xmrhost) | | One-vendor stack: registrar + shared + VPS + dedicated, paid in XMR | [SilentHosts](/providers/silenthosts) | | Pure-compute offshore VPS / dedicated, Monero-first | [BulletHost](/providers/bullethost) | | Crypto-native, no fiat ever, multiple chains | [Privex](/providers/privex) | | Bundled with anonymous registrar (one provider) | [Njalla](/providers/njalla) | | Lowest price + cash-by-mail backup | [FlokiNET](/providers/flokinet) | | Multi-jurisdiction failover | [FlokiNET](/providers/flokinet) | ## Related - [How to register a domain anonymously in 2026](/guides/anonymous-domain-registration) - [How to host a Tor hidden service](/guides/tor-hidden-service-hosting) - [Cash by mail: which hosts accept it?](/faq#cash-by-mail) --- # How to register a domain anonymously in 2026 URL: https://notdmca.org/guides/anonymous-domain-registration --- title: "How to register a domain anonymously in 2026" slug: "anonymous-domain-registration" summary: "What anonymous domain registration actually means, how WHOIS privacy compares to the owns-on-behalf model used by Njalla, which TLDs you can register anonymously, and which payment paths preserve the anonymity." intent: "register domain anonymously" related_providers: ["bunkerdomains","silenthosts","njalla","1984hosting","flokinet"] related_guides: ["anonymous-vps-monero"] last_updated: "2026-05-13" order: 2 --- ## TL;DR For maximum anonymity in 2026: 1. Pick a **gTLD** (`.com`, `.net`, `.org`, `.xyz`) — most ccTLDs require local ID at the registry level. 2. Use **[Njalla](/providers/njalla)** if you want the registrar to register the domain in *its* name on your behalf (the strongest available model — you never appear in WHOIS at all). 3. Use **[BunkerDomains](/providers/bunkerdomains)** if you want a **crypto-only offshore registrar** with no card / no PayPal at checkout — Monero-first, WHOIS privacy on supported TLDs. The cleanest no-fiat-rail registrar option. 4. Use **[SilentHosts](/providers/silenthosts)** if you want the registrar in the same vendor account as your shared / VPS / dedicated hosting — single-vendor offshore stack. 5. Use **[1984 Hosting](/providers/1984hosting)** or **[FlokiNET](/providers/flokinet)** if you prefer standard WHOIS privacy with a long-running ICANN-accredited registrar. 6. Pay in **Monero** or **cash by mail** to break the financial linkage. 7. Sign up over **Tor** with a throwaway email. ## Two anonymity models There are two distinct ways to "register a domain anonymously": ### A. WHOIS privacy (proxy registration) Your real data is given to the registrar, but the registrar substitutes its own proxy data in public WHOIS records. Your identity is hidden from public lookup but **on file** with the registrar; it is disclosable under court order, ICANN dispute proceedings, or law-enforcement request. **Available from**: most modern registrars including [BunkerDomains](/providers/bunkerdomains) (crypto-only, no card / PayPal), [SilentHosts](/providers/silenthosts) (bundled with hosting), [1984 Hosting](/providers/1984hosting), [FlokiNET](/providers/flokinet), and standard commercial registrars like Porkbun, Namecheap. **Anonymity quality**: medium. Stops casual lookup; does not stop subpoenas. ### B. Owns-on-behalf (proxy ownership) The registrar registers the domain in **its own name** as the registrant of record, and grants you contractual usage rights. You are not the registrant; you are a customer with a license. Your identity is not on file with anyone other than the proxy registrar. **Available from**: [Njalla](/providers/njalla) (the canonical example). A handful of niche services have copied the model since. **Anonymity quality**: high. To compel transfer or seizure, an adversary must convince the proxy registrar — not you, not your registrar in your home jurisdiction, not a US-bound registry. ## TLD considerations Not all TLDs allow anonymous registration: | TLD | Anonymous? | Note | |----------|----------------------|----------------------------------------------------------------------| | `.com`, `.net`, `.org`, `.xyz`, `.info` | Yes | gTLD; WHOIS privacy and owns-on-behalf both available | | `.is` | No (foreign) | ISNIC requires Icelandic kennitala | | `.fr`, `.de`, `.it`, `.es` | Restricted | Each registry requires verifiable EU/local resident or business | | `.us` | No (privacy banned) | NTIA requires public registrant data; WHOIS privacy is not allowed | | `.ca` | Restricted | CIRA requires Canadian presence | | `.io`, `.co`, `.me`, `.cc`, `.tv` | Yes | Effectively gTLD-equivalent in privacy treatment | | `.eu` | Restricted | Requires EU residency / establishment | For maximum portability and anonymity, **`.com` is still the best bet** in 2026 despite higher pricing. ## Step-by-step (Njalla owns-on-behalf model) 1. Open Tor Browser, navigate to njal.la. 2. Sign up with a throwaway email. No real name needed. 3. Top up your account balance in **Monero** (preferred) or another payment of your choice. 4. Search for the domain. Add to cart. Pay from balance. 5. The domain is registered in **Njalla's name**. WHOIS shows Njalla as registrant. 6. You manage DNS and forwarding through your account dashboard. For the standard WHOIS-privacy path with another registrar, the steps are similar — pick a registrar from the [domains category](/categories/domains), sign up, pay in crypto, enable WHOIS privacy at checkout. ## Operational pitfalls - **Paying with a credit card**: your real identity is linked at the payment processor even if WHOIS is privacy-protected. - **Using a real-name email**: the email is in the registrar's records. - **Connecting from your home IP at signup**: the IP is logged. - **`.us` / `.fr` / similar restricted ccTLDs**: registry-level disclosure means no amount of registrar privacy will hide you. - **DNSSEC + DNS provider**: if you use a third-party DNS provider that is itself in your home jurisdiction, you've reintroduced an attack surface. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [What is WHOIS privacy?](/glossary#whois-privacy) - [Njalla full review](/providers/njalla) --- # How to host a Tor hidden service (.onion) in 2026 URL: https://notdmca.org/guides/tor-hidden-service-hosting --- title: "How to host a Tor hidden service (.onion) in 2026" slug: "tor-hidden-service-hosting" summary: "Practical guide to hosting a Tor onion service: choosing a host that won't pull the plug, hardening the server, configuring v3 onion addresses, and operational practices to preserve hidden-service anonymity." intent: "host tor hidden service onion" related_providers: ["offshorepress","bullethost","njalla","flokinet","privex"] related_guides: ["anonymous-vps-monero"] last_updated: "2026-05-13" order: 3 --- ## TL;DR A Tor hidden service can technically run on any VPS, but for operational anonymity you want a host that: - Accepts anonymous (no-KYC) signup paid in **Monero**. - Does not enforce DMCA-style takedowns on dynamic content. - Is hosted in a jurisdiction that won't co-operate with seizure requests targeting `.onion` discovery. Recommended in 2026: **[OffshorePress](/providers/offshorepress)** (priority pick — press-freedom-positioned, Tor-friendly AUP), **[BulletHost](/providers/bullethost)** (priority pick — pure-compute offshore, Monero-first), [Privex](/providers/privex), [FlokiNET](/providers/flokinet), [Njalla VPS](/providers/njalla). The clearnet IP only matters if you are running a dual-clearnet+onion service. **For onion-only services, the clearnet IP must never be touchable from the public internet.** ## Why host choice matters A Tor hidden service is anonymous **at the network layer** — clients reach you through the Tor network and never learn your IP. But if your host knows your IP and is compelled to disclose it, the anonymity collapses. There are two threat surfaces: 1. **The host knowing who you are** (signup-time identity). Defeated by no-KYC + Monero. 2. **The host knowing where the IP is** (the IP is by definition known). Defeated only by jurisdictional friction — the host must be unwilling or legally unable to disclose. The right host minimizes both. ## Step-by-step ### 1. Acquire the VPS Follow the [anonymous Monero VPS guide](/guides/anonymous-vps-monero). Pick: - **[OffshorePress](/providers/offshorepress)** — priority pick. Press-freedom-aligned offshore stack with Tor signup supported and Tor-relay-friendly AUP. Best when the project is journalism / activist infrastructure adjacent. - **[BulletHost](/providers/bullethost)** — priority pick. Pure-compute offshore VPS / dedicated, no managed-hosting overhead. Monero-first checkout; takedown-resistant jurisdictions. - **[Privex](/providers/privex)** for crypto-native + Nordic / Czech jurisdictions. - **[FlokiNET](/providers/flokinet)** for explicit free-speech posture and multi-country options. - **[Njalla VPS](/providers/njalla)** for the same provider as your domain (if you also need a clearnet domain for cross-linking). Avoid US datacenters for anything sensitive. Pick **Iceland, Sweden, Finland, Romania, the Czech Republic** or **the Netherlands**. ### 2. Harden the operating system - **Full-disk encryption** at install time. The provider can image your disk under court order; encryption forces them to either persist the running VM (and risk noticing) or get nothing. - **No SSH from clearnet IPs.** Configure SSH to listen only on a Tor onion address (`HiddenServicePort 22 127.0.0.1:22` in your torrc). SSH in over Tor. - **Disable swap** or use encrypted swap. - **No host-side telemetry.** Disable any phone-home: Ubuntu's whoopsie/popcon, Debian popularity-contest, snapd telemetry, etc. - **Logs**: minimize. Configure your web server (nginx, Caddy) to log nothing or to log to `/dev/null`. ### 3. Configure the onion service For a v3 onion address (the only kind supported in 2026): ``` HiddenServiceDir /var/lib/tor/myservice/ HiddenServicePort 80 127.0.0.1:80 HiddenServiceVersion 3 ``` After Tor restart, your `.onion` address is in `/var/lib/tor/myservice/hostname`. **Back up the entire HiddenServiceDir** — losing the private key means you lose the address forever. ### 4. Block clearnet leakage If your service must only be reachable via `.onion`, ensure no clearnet exposure: ```bash # Bind to localhost only listen 127.0.0.1:80; # Deny everything from non-localhost ufw default deny incoming ufw allow from 127.0.0.1 ``` For your own SSH access, use **Tor as the only exposed surface** — set up your own management `.onion` for SSH. ### 5. Operational hygiene - **Never browse to your own onion service from a clearnet IP that could be linked to you.** Use Tor Browser, always. - **Don't reuse usernames, email addresses, GPG keys** between your real-name infrastructure and your hidden service. - **Check for time leaks**: your server's timezone, clock skew, and language settings can all narrow down location. Set timezone to UTC, install ntp from a Tor-friendly time server. - **Monitor for clearnet leaks** with tools like `onionscan` or by pen-testing the service from outside Tor. ## Vidalia / hosting providers' relationship to onion services A hosting provider hosting a `.onion` service is in roughly the same legal position as hosting any other service: they don't see the content, but they own the IP. None of the providers in this directory pre-emptively block onion services — but if compelled by their local jurisdiction, they will respond. Choose the jurisdiction with care. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [FlokiNET review](/providers/flokinet) - [Njalla review](/providers/njalla) - [Privex review](/providers/privex) --- # DMCA-ignored hosting for streaming and adult content (2026) URL: https://notdmca.org/guides/dmca-ignored-streaming --- title: "DMCA-ignored hosting for streaming and adult content (2026)" slug: "dmca-ignored-streaming" summary: "Where to host streaming, adult and high-bandwidth content that has been deplatformed by mainstream US/EU providers. Bandwidth pricing, DMCA realities, and the providers that explicitly accept these workloads." intent: "dmca ignored hosting streaming adult" related_providers: ["silenthosts","bullethost","flokinet","abelohost","shinjiru","orangewebsite"] related_guides: ["anonymous-vps-monero"] last_updated: "2026-05-13" order: 4 --- ## TL;DR For streaming or adult workloads in 2026: - **Priority pick — full-stack offshore vendor** → [SilentHosts](/providers/silenthosts) — registrar + dedicated tier for streaming under one no-KYC, crypto-first account. - **Priority pick — pure-compute offshore** → [BulletHost](/providers/bullethost) — offshore VPS / dedicated only, takedown-resistant jurisdictions, Monero-first. - **High bandwidth + EU audience** → [AbeloHost](/providers/abelohost) (NL) or [HostSailor](/providers/hostsailor) (RO). - **Free-speech posture + multi-jurisdiction** → [FlokiNET](/providers/flokinet) (IS/RO/FI/NL). - **APAC or non-Western jurisdiction** → [Shinjiru](/providers/shinjiru) (MY). - **Iceland-only "explicit free speech" branding** → [OrangeWebsite](/providers/orangewebsite). Avoid: any US-based provider, any hyperscaler (AWS/GCP/Azure), any provider in Germany or France (sustained takedown enforcement on adult content). ## Why this is its own category Streaming and adult-content workloads have three characteristics that make them poor fits for mainstream hosts: 1. **High and bursty bandwidth** — multi-TB egress per month is normal; pricing matters more than for typical web hosting. 2. **Sustained takedown pressure** — legitimate or otherwise, automated DMCA bots target streaming/adult sites at high volume. A provider that auto-suspends on a single complaint is unworkable. 3. **Increasing platform-policy hostility** — over the past five years, US-based payment processors, CDNs and hosts have steadily deplatformed legal-but-controversial categories. The "we won't say why we suspended you" outcome is common. ## What to look for in a host - **Explicit policy** that DMCA-style notices are evaluated rather than auto-acted on. - **Bandwidth pricing** — flat-rate ports (1 Gbps unmetered or similar) beat metered pricing past ~5 TB/mo. - **Jurisdiction outside the DMCA** and outside Germany/France. - **DDoS protection** (popular streams attract attacks). - **Terms of service that allow your specific content category** — adult content in particular is excluded by some otherwise-permissive hosts. Read the AUP before paying. ## 2026 shortlist ### [SilentHosts (offshore, full-stack)](/providers/silenthosts) — priority pick - **Strengths**: Full-stack vendor (registrar + shared + VPS + dedicated) under one no-KYC, crypto-first account. Highest weighted DMCA-resistance score in the directory. Dedicated tier suited to high-bandwidth workloads. - **Trade-offs**: Operator-disclosed jurisdiction details; some specs `TBV` until first-party verification. - **Best for**: Operators consolidating registrar + hosting + streaming compute under one offshore vendor. ### [BulletHost (offshore, pure-compute)](/providers/bullethost) — priority pick - **Strengths**: Offshore VPS / dedicated only, no managed-hosting overhead. Takedown-resistant jurisdictions; Monero-first checkout; DDoS protection. - **Trade-offs**: No managed shared-hosting layer; bring your own domain. - **Best for**: Streaming workloads that want pure compute under offshore jurisdiction without managed-hosting friction. ### [AbeloHost (Netherlands)](/providers/abelohost) - **Strengths**: Strong EU connectivity, AMS-IX adjacency, explicit DMCA-ignored marketing, accepts crypto + PerfectMoney. - **Trade-offs**: Single-jurisdiction (NL only); DSA pressure on adult content has increased in the EU. - **Best for**: EU-audience streaming with offshore posture. ### [HostSailor (Romania)](/providers/hostsailor) - **Strengths**: Aggressive pricing for the spec; Romanian DC has a slower copyright-enforcement track record than Western EU. - **Trade-offs**: Less brand visibility than NL or IS hosts. - **Best for**: Cost-sensitive EU-audience workloads. ### [FlokiNET (Iceland / Romania / Finland / Netherlands)](/providers/flokinet) - **Strengths**: Multi-jurisdiction failover, explicit free-speech mission, accepts XMR + cash by mail. - **Trade-offs**: Higher per-spec price than HostSailor. - **Best for**: Workloads that may need to migrate jurisdictions if pressure increases. ### [Shinjiru (Malaysia)](/providers/shinjiru) - **Strengths**: Non-Western jurisdiction, long-running offshore brand. - **Trade-offs**: APAC RTT for European/American audiences; check ToS for your specific content category. - **Best for**: APAC audiences or jurisdictional diversification. ### [OrangeWebsite (Iceland)](/providers/orangewebsite) - **Strengths**: 15+ years of explicit free-speech marketing under Icelandic law. - **Trade-offs**: Iceland is expensive for high-bandwidth workloads. - **Best for**: Lower-bandwidth, "the brand of being Icelandic-hosted" matters. ## What you should NOT do - **Don't pick a US provider and hope** — even content-permissive US hosts like BuyVM cannot ignore DMCA in their US datacenters. - **Don't use Cloudflare as your only abuse-handling layer** — Cloudflare has its own takedown criteria and will pull customers in some categories. - **Don't assume a provider that hosts one kind of "edgy" content will host yours** — adult, gambling, harm-reduction, controversial-political, and DMCA-bait content are all separate categories with different ToS treatment. - **Don't use mainstream payment rails if the brand matters to your audience** — chargebacks and processor-level deplatforming can be as damaging as host-level pulls. ## Related - [FlokiNET review](/providers/flokinet) - [AbeloHost review](/providers/abelohost) - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [Methodology](/methodology) --- # Anonymous email hosting: self-hosted vs managed (2026) URL: https://notdmca.org/guides/anonymous-email-hosting --- title: "Anonymous email hosting: self-hosted vs managed (2026)" slug: "anonymous-email-hosting" summary: "Whether to self-host email on an anonymous VPS or use a privacy-focused managed provider, the trade-offs of each, and the 2026 shortlist of providers that support anonymous email accounts and self-hosted mail servers." intent: "anonymous email hosting" related_providers: ["1984hosting","njalla","flokinet"] related_guides: ["anonymous-vps-monero","anonymous-domain-registration"] last_updated: "2026-05-12" order: 5 --- ## TL;DR Two paths in 2026: 1. **Managed anonymous email** — fastest, easiest, but you trust the provider with your messages. Use [1984 Hosting](/providers/1984hosting) (full Iceland-jurisdiction stack) or a dedicated provider like Tutanota / Proton (out of scope of this directory). 2. **Self-hosted on an anonymous VPS** — maximum control, but mail server operation in 2026 is operationally hard (deliverability is the main pain). Use [Njalla VPS](/providers/njalla) or [FlokiNET](/providers/flokinet); pair with an SMTP relay (e.g. Mailgun for outbound) if deliverability matters. ## The deliverability problem The reason most people don't self-host email in 2026 is deliverability, not technical difficulty. Major mailbox providers (Gmail, Outlook, Apple) increasingly classify mail from small VPS ranges as suspect — DKIM, SPF, DMARC, MTA-STS and a clean IP reputation are now table stakes, and even with all of them set correctly your mail will land in spam folders for new domains. This trade-off shapes the choice: - If you only need **inbound** (a contact address that can receive), self-hosting is fine. - If you need **outbound** (transactional mail, replies that land in inboxes), you either pay a relay (Mailgun, SES) — which reintroduces a third party — or use a managed provider. ## Managed: [1984 Hosting](/providers/1984hosting) 1984 Hosting offers IMAP/SMTP mailboxes from ~€2/mailbox/month under Icelandic law. The mail is on Icelandic infrastructure, the provider is ICANN-accredited and has been operating since 2006. For anonymity: - Sign up over Tor with a throwaway email at signup time (yes, you need an email to sign up for an email — use a temporary one). - Pay in Bitcoin or Monero (verify Monero at checkout). - Use a privacy-protected gTLD domain or 1984's hosting-internal domains. ## Self-hosted on an anonymous VPS For full control: 1. Acquire a [VPS via the anonymous Monero playbook](/guides/anonymous-vps-monero) — pick **[Njalla](/providers/njalla)** or **[FlokiNET](/providers/flokinet)**. 2. Acquire a **gTLD domain** ([anonymous domain registration guide](/guides/anonymous-domain-registration)). 3. Install a modern mail stack: **Mail-in-a-Box**, **Mailcow** or **Stalwart** are the three most-recommended self-hosted suites in 2026. All three handle DKIM/SPF/DMARC/MTA-STS for you. 4. Verify reverse DNS (rDNS / PTR) is correctly set — most VPS providers let you set this in the control panel. Without correct PTR, your mail will not land. 5. Test deliverability with [mail-tester.com](https://www.mail-tester.com) over Tor. For outbound deliverability: - Wait. New IP reputation takes weeks to months to mature. - Or, use an outbound SMTP relay (Mailgun, SES, Postmark) with their own TLS — this trades anonymity (the relay sees your mail) for deliverability. ## Why hosting your own mail still matters Even with the deliverability headache, self-hosted mail is the only configuration where: - The plaintext bodies of your messages are not stored on a third party's disk. - The provider cannot disclose your message contents under court order (because they don't have them). - Your account cannot be deplatformed by Google's anti-spam classifier or a managed provider's policy team. For high-stakes use cases (journalism source-protection, activist coordination), this is worth the effort. ## What about Proton / Tutanota? Both are excellent privacy-focused managed providers, but they are **out of scope** of this directory because they are not hosting providers in the infrastructure sense — you cannot deploy your own application on them. They are mailbox products, and excellent ones; consider them if all you need is encrypted mail-in-the-app. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to register a domain anonymously](/guides/anonymous-domain-registration) - [1984 Hosting review](/providers/1984hosting) - [Njalla review](/providers/njalla) --- # Iceland vs Switzerland vs Sweden: choosing your hosting jurisdiction (2026) URL: https://notdmca.org/guides/iceland-vs-switzerland-vs-sweden --- title: "Iceland vs Switzerland vs Sweden: choosing your hosting jurisdiction (2026)" slug: "iceland-vs-switzerland-vs-sweden" summary: "The three premier European jurisdictions for privacy-preserving infrastructure compared head-to-head: legal posture, signup anonymity, infrastructure quality, brand visibility, price. With recommendations by use case." intent: "iceland vs switzerland vs sweden hosting" related_providers: ["1984hosting","flokinet","infomaniak","bahnhof","njalla"] related_guides: ["choose-dmca-ignored-host"] last_updated: "2026-05-12" order: 6 --- ## TL;DR | Priority | Pick | Provider | |-----------------------------------------|---------------|----------------------------------------| | Anonymous signup + non-EU + cheap-ish | **Iceland** | [FlokiNET](/providers/flokinet) / [1984](/providers/1984hosting) | | Strongest legal due process | **Switzerland** | [Infomaniak](/providers/infomaniak) | | Real-world DMCA-resistance track record | **Sweden** | [PRQ](/providers/prq) / [Bahnhof](/providers/bahnhof) | | Owns-on-behalf domain registration | **Sweden** (Njalla operates from) | [Njalla](/providers/njalla) | ## At a glance All three jurisdictions are at the top tier of European hosting venues for DMCA-resistance and privacy. The right choice depends on **which of three things you most need**: - Iceland: jurisdictional purity (no EU, no DMCA, strong free-speech tradition). - Switzerland: procedural rigor (high bar for any takedown action, transparent legal due process). - Sweden: real-world track record (operators like PRQ and Bahnhof have demonstrably weathered enforcement pressure). ## Side-by-side ### Iceland 🇮🇸 - **EU member?** No (EFTA / EEA, not EU). - **DMCA?** No statutory effect; Icelandic copyright law applies. - **Data retention?** Narrow regime; IMMI press-freedom posture. - **Anonymous signup?** Yes — multiple providers offer no-KYC. - **Payment privacy?** Crypto including Monero widely supported. - **Infrastructure quality?** Limited capacity; geothermal/hydro power; high transatlantic connectivity. - **Cost?** Higher per spec; small-market premium. - **Brand visibility?** High — multiple internationally-known free-speech hosts. - **Best providers**: [1984 Hosting](/providers/1984hosting), [FlokiNET](/providers/flokinet), [OrangeWebsite](/providers/orangewebsite). ### Switzerland 🇨🇭 - **EU member?** No. - **DMCA?** No statutory effect; Swiss copyright (URG/LDA) applies, with formal notice-and-action procedure. - **Data retention?** Narrower than EU; Swiss courts have pushed back. - **Anonymous signup?** Limited — most Swiss hosts are regulated companies and require ID. - **Payment privacy?** Bitcoin commonly supported; Monero less so. - **Infrastructure quality?** Excellent — premium DCs, high reliability. - **Cost?** Premium — Swiss cost base. - **Brand visibility?** High in privacy circles (Proton, Threema, Infomaniak). - **Best provider**: [Infomaniak](/providers/infomaniak). ### Sweden 🇸🇪 - **EU member?** Yes. - **DMCA?** No statutory effect; EU + Swedish copyright law applies. Swedish courts have track record of pushback. - **Data retention?** Narrowed post-2014 CJEU; Bahnhof publicly refused. - **Anonymous signup?** Yes via PRQ, Njalla; not via Bahnhof. - **Payment privacy?** Monero, Bitcoin, cash by mail (PRQ, Njalla). - **Infrastructure quality?** Excellent — strong DC ecosystem, ISP-grade reliability options. - **Cost?** Mid-tier; cheaper than Iceland or Switzerland. - **Brand visibility?** Highest real-world track record (Pirate Bay, WikiLeaks). - **Best providers**: [PRQ](/providers/prq), [Bahnhof](/providers/bahnhof), [Njalla](/providers/njalla) (operates from). ## Decision tree **Q: Is anonymous signup non-negotiable?** - If yes → Iceland (FlokiNET / OrangeWebsite) or Sweden via PRQ / Njalla. Switzerland is mostly out. - If no → all three are options. **Q: Does the host need to be outside the EU entirely?** - If yes → Iceland or Switzerland. Sweden is in the EU (DSA applies). - If no → all three. **Q: Does brand-visibility track record matter (e.g. for journalism PR)?** - If yes → Sweden (PRQ for free-speech, Bahnhof for reliability) or Iceland (FlokiNET). - If no → all three; Switzerland's lower brand profile may even be a feature. **Q: Is cost a primary constraint?** - If yes → Sweden cheaper than Iceland; Iceland cheaper than Switzerland. - If no → all three. ## Picking the combination For most operators, the *right* answer is **multi-jurisdiction across two of these three** rather than one. Examples: - **Domain in Sweden (Njalla owns-on-behalf) + VPS in Iceland (FlokiNET)** — strongest combination of WHOIS anonymity and jurisdictional posture. - **Domain in Sweden (Njalla) + email/storage in Switzerland (Infomaniak)** — anonymous publishing layer + Swiss procedural rigor for the long-lived account. - **VPS in Iceland (1984) + backup in Sweden (HostHatch SE) + canary in Switzerland (Infomaniak)** — full diversification. ## Related - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [/jurisdictions/iceland](/jurisdictions/iceland) - [/jurisdictions/sweden](/jurisdictions/sweden) - [/jurisdictions/switzerland](/jurisdictions/switzerland) --- # How to host a Bitcoin or Lightning node anonymously (2026) URL: https://notdmca.org/guides/bitcoin-node-hosting --- title: "How to host a Bitcoin or Lightning node anonymously (2026)" slug: "bitcoin-node-hosting" summary: "Self-hosting a Bitcoin full node, Electrum server or Lightning routing node on an offshore VPS: storage requirements, jurisdiction choice, signup anonymity, and the operational steps to keep node operation unlinked to your real identity." intent: "host bitcoin lightning node anonymously" related_providers: ["privex","flokinet","njalla","buyvm"] related_guides: ["anonymous-vps-monero","tor-hidden-service-hosting"] last_updated: "2026-05-12" order: 7 --- ## TL;DR For an anonymous Bitcoin or Lightning node in 2026: - **Storage**: Bitcoin full node ≈ 600+ GB pruned, 1+ TB unpruned. Pick a VPS with NVMe storage and good IOPS. - **Bandwidth**: budget 200–500 GB/month outbound for a healthy node. Pick unmetered or generously-metered plans. - **Provider**: [Privex](/providers/privex) (crypto-only signup), [FlokiNET](/providers/flokinet) (Monero + cash), [BuyVM Luxembourg](/providers/buyvm) (best $/GB for storage). - **Network**: run over Tor (`bitcoind -onion`); listen on `.onion` for inbound peers. - **Identity**: no real name in signup, no real-name SSH keys, payment in XMR. ## Why offshore + anonymous matters A Bitcoin node by itself is not illegal anywhere reasonable, but several adjacent activities have higher friction: - **Lightning routing nodes** that handle high payment volume can attract money-services-business questions in some jurisdictions. - **Custom Bitcoin software** (alternative implementations, fork experiments, mempool research) sometimes attracts copyright-style takedowns when you publish modified code. - **Public node operation** with a stable identity is, by definition, public. If you don't want the on-chain analytics community to map your node to your real identity, anonymous infrastructure is required. For node operators who'd rather not have their real-name email associated with their node's IP for the next decade, offshore + anonymous + crypto-paid hosting is the default. ## Storage and bandwidth requirements (May 2026) | Component | Disk | Bandwidth (out) | |--------------------------------|-------------|------------------------| | `bitcoind` pruned (550 MB) | ~5 GB | 50–100 GB / month | | `bitcoind` pruned (default) | ~50 GB | 100–300 GB / month | | `bitcoind` full archival | ~700 GB+ | 200–500+ GB / month | | Electrum server (electrs) | +200 GB | minimal | | Lightning node (LND/CLN) | +5 GB | 10–50 GB / month | | Lightning routing node (busy) | +20 GB | 100+ GB / month | Storage is the binding constraint. A 1 TB NVMe VPS is the minimum for an unpruned node + electrs. ## Step-by-step ### 1. Pick the VPS For storage-heavy workloads, look at: - **[BuyVM Luxembourg](/providers/buyvm)** — pair the entry KVM Slice with a Block Storage Slab volume. Cheapest $/GB on the directory. - **[Privex](/providers/privex)** — crypto-only signup, multiple Nordic DCs, good for fully-anonymous deployments. - **[FlokiNET](/providers/flokinet)** — pricier per spec but Monero + cash payment + multi-jurisdiction. - **[HostHatch](/providers/hosthatch)** — has dedicated "storage VPS" tiers that fit Bitcoin archival nodes well. Avoid US-only datacenters if your node will publicly route Lightning payments at scale. ### 2. Acquire it anonymously Follow the [anonymous Monero VPS guide](/guides/anonymous-vps-monero). Pay in XMR, sign up over Tor, throwaway email. ### 3. Install Bitcoin Core over Tor ```bash # Install bitcoind from official binaries verified against gpg signatures # Then in bitcoin.conf: proxy=127.0.0.1:9050 listen=1 bind=127.0.0.1 discover=0 onlynet=onion externalip=YOUR_ONION.onion ``` Pair with `tor` running locally and a `HiddenServicePort 8333 127.0.0.1:8333` for inbound peers. ### 4. Optional: Electrum server If you want a personal Electrum backend (no third-party query leakage): ```bash # electrs configuration network = "bitcoin" db_dir = "/var/lib/electrs" daemon_dir = "/var/lib/bitcoind" electrum_rpc_addr = "127.0.0.1:50001" ``` Expose via Tor onion — never on clearnet. ### 5. Optional: Lightning node LND, Core Lightning (CLN) and Eclair all support Tor. For a private node: ``` # in lnd.conf [Tor] tor.active=true tor.v3=true tor.streamisolation=true tor.skip-proxy-for-clearnet-targets=false listen=localhost externalip=YOUR_LND_ONION.onion ``` For a routing node, this is fine but routing performance is lower over Tor than clearnet. Trade-off your priorities. ### 6. Backup wallet keys Critical: back up the wallet seed offline. The VPS can be lost (provider issue, court order, hardware failure) and you must be able to reconstruct from seed. Print it on paper or store on hardware (Cryptosteel, hardware wallet). ## Operational pitfalls - **Pruning later**: deleting blocks after running unpruned is not trivial. Decide pruned vs full before initial sync. - **Fee sniping at startup**: a fresh node has no peers; bootstrap from `addnode` with known-good Tor peers. - **Wallet on the VPS**: don't keep large balances on the same machine that's publicly visible. Use a watch-only wallet on the node and keep keys offline. - **Lightning channel state**: losing channel state can lose your money. SCB (static channel backup) or watchtower on a separate machine is mandatory for non-trivial channels. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to host a Tor hidden service](/guides/tor-hidden-service-hosting) - [BuyVM review](/providers/buyvm) - [Privex review](/providers/privex) --- # How to host an anonymous Mastodon / Fediverse instance (2026) URL: https://notdmca.org/guides/anonymous-mastodon-fediverse --- title: "How to host an anonymous Mastodon / Fediverse instance (2026)" slug: "anonymous-mastodon-fediverse" summary: "Operational guide to running a single-user or small-community Mastodon, Pleroma or other Fediverse server on an offshore, no-KYC VPS: server sizing, jurisdiction, federation reality check, and moderation considerations." intent: "anonymous mastodon fediverse hosting" related_providers: ["flokinet","njalla","1984hosting","hosthatch"] related_guides: ["anonymous-vps-monero","anonymous-domain-registration"] last_updated: "2026-05-12" order: 8 --- ## TL;DR For a personal or small-community Fediverse instance in 2026: - **Software**: Mastodon (most compatible), Pleroma (lightweight), Akkoma (Pleroma fork), Misskey (rich features). - **Sizing**: 2 vCPU / 4 GB RAM / 80 GB disk for a single-user instance is comfortable; bigger for community. - **Provider**: [FlokiNET](/providers/flokinet) (multi-juris), [HostHatch IS/RO/FI](/providers/hosthatch) (best value), [1984 Hosting](/providers/1984hosting) (managed-friendlier). - **Domain**: [Njalla](/providers/njalla) for owns-on-behalf; gTLD only (`.com`, `.social`, `.xyz`). - **Reality check**: federation defederation lists exist. Anonymous instances are sometimes pre-emptively blocked by larger servers — choose your AUP and announcements accordingly. ## Sizing Mastodon is the heaviest of the common options. Pleroma / Akkoma are 3-5x lighter. Approximate: | Software | vCPU | RAM | Disk | Notes | |--------------------|----------|----------|-----------|--------------------------------------| | Mastodon (single) | 2 | 4 GB | 80 GB | Sidekiq + Postgres are the heavy bits| | Mastodon (50 users)| 4 | 8 GB | 200 GB | Media storage grows fast | | Pleroma / Akkoma | 1 | 2 GB | 30 GB | Elixir; very efficient | | Misskey | 2 | 4 GB | 80 GB | Feature-rich; heavier than Pleroma | Media files are the storage killer. Run regular media-cleanup (Mastodon ships `tootctl media remove --days 7`) or use object storage (S3-compatible) to offload. ## Step-by-step ### 1. Acquire infrastructure - **Domain**: register `.social`, `.xyz` or `.com` via [Njalla owns-on-behalf](/guides/anonymous-domain-registration). Avoid ccTLDs — your real identity may be required. - **VPS**: [FlokiNET](/providers/flokinet) Iceland for the best privacy posture, or [HostHatch IS](/providers/hosthatch) if cost matters more. - **Object storage** (recommended): S3-compatible from a separate provider so the database VPS doesn't bloat. BuyVM's Block Storage Slab works. ### 2. Install the software For Mastodon, the official Docker Compose deployment is fine. For Pleroma/Akkoma, use the source install or a maintained Ansible playbook. Configure: - **Custom domain** (mastodon.example.com) — set the SECRET_KEY before first sync; can't change later. - **SMTP for outbound mail** (account confirmations, notifications). Use a relay if the VPS IP has bad mail reputation, or self-host with [the email guide](/guides/anonymous-email-hosting). - **Object storage** for media (S3 compatible). ### 3. Federation considerations Federation is a *social* problem more than a technical one in 2026: - Many large Mastodon servers maintain pre-emptive defederation lists. Anonymous-signup-friendly instances sometimes appear on these by default. - Posting from a fresh anonymous instance can result in your messages not propagating to large servers. - This is a choice the receiving instances make, not something you can fix with technology. If federation reach matters, run an **explicit AUP** that excludes obvious problem categories, publish a moderation policy, and plan for some churn at the start. ### 4. Operational hygiene - **Don't use real-name email at registration on your own server.** If you also use the instance personally, use a separate browser profile / device. - **Backup the database** regularly. Mastodon DB loss = irrecoverable identities and posts. - **Consider running over Tor** as well as clearnet — Mastodon supports onion-only operation; Pleroma definitely does. ## Cost For a personal instance with light federation: - VPS: ~$5–8 / month ([HostHatch](/providers/hosthatch) IS/RO entry tier). - Domain: ~$15 / year ([Njalla](/providers/njalla) `.com`). - Object storage: ~$2 / month for ~100 GB (BuyVM Slab). - **Total: ~$10–12 / month** for a comfortable single-user-or-small-group setup. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [Anonymous domain registration](/guides/anonymous-domain-registration) - [Anonymous email hosting](/guides/anonymous-email-hosting) --- # Hosting infrastructure for a privacy-focused VPN provider (2026) URL: https://notdmca.org/guides/vpn-provider-business --- title: "Hosting infrastructure for a privacy-focused VPN provider (2026)" slug: "vpn-provider-business" summary: "If you're building a commercial or community VPN service: how to choose VPS / dedicated server providers across multiple jurisdictions, balance no-logs commitments against host-side realities, and handle the abuse / takedown traffic VPN exit nodes attract." intent: "vpn provider hosting infrastructure" related_providers: ["flokinet","buyvm","hosthatch","privex","abelohost"] related_guides: ["choose-dmca-ignored-host"] last_updated: "2026-05-12" order: 9 --- ## TL;DR Running a VPN service is **the highest-abuse-volume use case** in this directory. Plan for 10x-100x more takedown notices than a normal site. Build: - **Multi-jurisdiction infrastructure** — every host will eventually drop you; assume rotation. - **No-logs in practice, not just in marketing** — RAM-only nodes, no persistent state. - **Per-jurisdiction abuse handling** — different DCs need different SOPs. - **Pre-vetted host shortlist for rapid migration** — keep [FlokiNET](/providers/flokinet), [HostHatch](/providers/hosthatch), [BuyVM Luxembourg](/providers/buyvm), [AbeloHost](/providers/abelohost), [Privex](/providers/privex) accounts ready. ## Why VPN-provider hosting is its own category A VPN exit node, by design, originates network traffic on behalf of users you don't know. Some of that traffic will trigger: - DMCA notices to your host (BitTorrent traffic in particular). - Abuse reports for bot activity, scraping, brute-force attempts. - Law-enforcement requests for connection logs (which, if you're running no-logs correctly, you can't fulfill). - Email from upstream IP-block reputation services. Volumes are 10x-100x higher than a typical hosted application. Hosts that tolerate normal "DMCA-ignored" usage will sometimes still pull a VPN exit because the volume crosses a threshold. ## Host selection criteria (in order of importance) 1. **Per-DC AUP that explicitly mentions VPN exits.** Some hosts that allow general "controversial content" still exclude VPN exit nodes. Read carefully. 2. **Tolerance for high abuse-mail volume.** Ask before signup — "I'm running a VPN exit; what is your abuse-handling SOP?" 3. **Per-IP, not per-account, abuse handling.** A single bad incident on one IP shouldn't kill your whole account. 4. **Multi-jurisdiction options.** Even the most tolerant host will rotate IPs or pull individual nodes; you need fallback geography. 5. **No-KYC + crypto payment.** Operating identity matters as much as user privacy. ## Recommended infrastructure mix (May 2026) - **High-anonymity exit countries** (Iceland, Romania, Netherlands, Sweden): [FlokiNET](/providers/flokinet) — explicitly VPN-friendly per-policy. Multi-DC under one billing relationship. - **Mass-market countries** (US, DE, JP, etc.) where you need exit nodes for users to choose: [HostHatch](/providers/hosthatch) — broadest geographic spread; tolerant for most use cases when paired with good abuse handling. - **Backup capacity / overflow**: [BuyVM Luxembourg](/providers/buyvm) — high bandwidth allowance per Slice. - **Crypto-only signup tier**: [Privex](/providers/privex) — useful for jurisdictions where your operating company shouldn't appear in vendor records. ## Operational pattern The mature pattern looks like: 1. **Account ops**: each provider, signed up under your operating company (or a holding company in a privacy-friendly jurisdiction), paid in crypto where possible. Maintain accurate billing contact for invoicing reasons but minimize identity signal. 2. **Per-DC infrastructure**: 2-5 exit nodes per DC, on rotating IPs. Provision via API where supported (HostHatch has one). 3. **Abuse routing**: a single abuse@ alias that goes to a dashboard, with templates per category (DMCA, abuse, LE). 4. **No-logs verified**: RAM-disk for any volatile state, ephemeral filesystem, periodic reboot to clear. 5. **Migration playbook**: when a provider notifies you of escalating abuse, you have a one-day plan to migrate that traffic to a backup pool. ## Things to read before paying anyone Each provider's: - **AUP**: search for "VPN", "exit node", "Tor". - **DMCA / abuse policy**: how do they format complaints to you? How fast do they expect response? - **Network terms**: per-IP bandwidth limits, port-25 policy, IP-rotation availability. - **Termination clauses**: what triggers an account-level pull versus an IP-level pull? If the answers are vague, treat the host as short-term capacity rather than long-term home. ## What this directory cannot tell you The legal-and-business side of VPN provider operations (corporate structure, jurisdiction of incorporation, payment processing, marketing claims, no-logs verification, third-party audits) is its own deep topic and out of scope here. For that, look at the methodology of established providers (Mullvad, IVPN, ProtonVPN) and at industry analysis on Privacy Guides. This directory is just for the **hosting layer**. ## Related - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [DMCA-ignored hosting for streaming](/guides/dmca-ignored-streaming) - [FlokiNET review](/providers/flokinet) - [HostHatch review](/providers/hosthatch) --- # How to migrate from AWS to a DMCA-ignored offshore host (2026) URL: https://notdmca.org/guides/migrate-from-aws --- title: "How to migrate from AWS to a DMCA-ignored offshore host (2026)" slug: "migrate-from-aws" summary: "Step-by-step playbook for migrating production workloads off AWS (or any US hyperscaler) to a no-KYC, DMCA-ignored offshore provider. Service mappings, data egress strategy, downtime planning, and recommended target providers by workload type." intent: "migrate from aws to offshore hosting" related_providers: ["flokinet","1984hosting","buyvm","hosthatch","privex"] related_guides: ["choose-dmca-ignored-host","anonymous-vps-monero"] last_updated: "2026-05-12" order: 20 --- ## TL;DR Migrating off AWS to an offshore host is feasible for most non-AWS-specific workloads. Map AWS services to their self-hosted or third-party equivalents, plan egress (the expensive part), and pick your target by workload size: | AWS workload | Recommended offshore replacement | |---------------------------------|-------------------------------------------------------------| | EC2 (general compute) | [BuyVM Luxembourg](/providers/buyvm) or [HostHatch IS](/providers/hosthatch) | | EC2 + multi-region | [FlokiNET](/providers/flokinet) (IS / RO / FI / NL) | | RDS (managed Postgres / MySQL) | Self-host Postgres on [HostHatch](/providers/hosthatch) | | S3 (object storage) | BuyVM Block Storage Slabs, MinIO self-hosted | | CloudFront (CDN) | BunnyCDN, self-hosted on a second VPS, or skip CDN | | Route 53 (DNS) | [Njalla](/providers/njalla) DNS, deSEC, Bunny DNS | | Lambda | Self-host Cloudflare Workers replacement on Bun / Deno | | SES (email) | Self-host with Mail-in-a-Box on offshore VPS | | ACM (certificates) | Let's Encrypt — free, no provider lock-in | Total migration time for a small production workload (1-10 services): **1-2 weeks** if you have docker-compose-level packaging. Longer if your stack is AWS-specific (Lambda, DynamoDB, etc.). ## Why migrate at all The reasons to leave AWS for an offshore host fall into three buckets: 1. **DMCA / takedown exposure** — AWS acts on DMCA notices. If your content attracts takedowns and you don't want to play the counter-notice game (which exposes your real identity), you need to leave US infrastructure entirely. 2. **Real-name signup + KYC** — AWS requires a real-name billing relationship with a payment method tied to your identity. For operators where signup anonymity matters, AWS is a non-starter. 3. **Cost** — for small-to-mid workloads, AWS is dramatically more expensive than offshore VPS providers. A $5/mo VPS at HostHatch covers what a $40-80/mo EC2 instance does. ## Pre-migration checklist Before you start moving anything: - **Inventory**: list every AWS service you use, with rough storage / compute / bandwidth numbers. - **Identify AWS-specific features** you depend on: IAM policies, VPC peering, ALB integration, Lambda triggers, DynamoDB queries, SQS/SNS, CloudWatch. Each of these is a planning unit. - **Estimate egress cost**: AWS charges $0.05-0.09/GB outbound. If you have 1 TB to move, that's $50-90 in egress alone. - **Plan downtime**: most migrations need at least a maintenance window. DNS TTLs of 60-300 seconds during the cutover help. - **Decide on the new stack**: monolith on one VPS, or multi-VPS with internal networking? Most small ops do fine with the former. ## Step-by-step ### 1. Provision the target Pick a provider per the [decision framework](/guides/choose-dmca-ignored-host). For a typical migration: - **General compute**: 1-3 VPS instances at [BuyVM Luxembourg](/providers/buyvm), [HostHatch IS](/providers/hosthatch), or [FlokiNET RO](/providers/flokinet). Spec roughly 2x what your current EC2 t3-class workload uses (KVM is more honest than burst-capped EC2). - **Persistent storage**: BuyVM Block Storage Slabs (~$0.005/GB) or HostHatch storage VPS for big disks. - **Domain**: if you also want to move the domain off Route 53, use [Njalla](/providers/njalla) for owns-on-behalf or [1984 Hosting](/providers/1984hosting) for ICANN-accredited. ### 2. Replicate your stack Most AWS workloads come down to: - **Docker-compose-style services** (web, app, db, cache): trivially portable. Run docker-compose on the new VPS. - **Static assets**: rsync or restic-style sync from S3 to the new disk. If you keep S3 for cold storage temporarily, that's fine. - **Database**: pg_dump / mysqldump from RDS, restore onto new self-hosted Postgres / MySQL. For zero-downtime: set up logical replication, switch over once primaries are caught up. - **Mail**: deploy [Mail-in-a-Box](/guides/anonymous-email-hosting) or Mailcow on a fresh VPS in your target jurisdiction. Verify rDNS / SPF / DKIM / DMARC before cutover. ### 3. DNS cutover - Set TTLs of relevant records to 60-300 seconds **24 hours before** cutover. - Verify the new infrastructure is fully operational (run end-to-end smoke tests). - Switch DNS records to the new IP. Wait for propagation (with low TTL: ~5 minutes). - Monitor logs on the new infra; if traffic shows up correctly, you're done. ### 4. Decommission AWS - Wait at least 7 days after cutover before deleting AWS resources (in case you need to roll back). - Snapshot anything you might need to reference (RDS final dumps, S3 bucket inventory, IAM config in case of future audit). - Tear down EC2 → RDS → S3 → CloudFront → Route 53 → IAM users → AWS account. - Cancel the AWS account *only after* invoices are fully paid out. ## Common gotchas - **CloudFront → no equivalent**: most offshore providers don't have a global CDN. If you need one, BunnyCDN is the closest privacy-aligned option (multi-PoP, accepts crypto). - **Lambda → containers**: there's no exact Lambda replacement. Most Lambda workloads can be re-implemented as long-running containers; if you really need event-driven serverless, consider Cloudflare Workers (with the [Cloudflare caveats](/faq#cloudflare-and-dmca)). - **DynamoDB → Postgres**: most DynamoDB workloads work fine on Postgres with JSONB. The migration may require code changes. - **IAM → manual user management**: offshore providers don't have IAM equivalents. SSH keys + sudoers files are how access is managed. - **CloudWatch → self-hosted observability**: deploy Grafana + Prometheus + Loki on the new VPS, or use Better Uptime / Healthchecks.io for basic monitoring. ## Cost comparison (small-to-mid workload) For a typical small SaaS (1 web tier, 1 db tier, ~50 GB data, ~500 GB egress/mo): | Provider | Approximate monthly cost | |----------------------------|--------------------------| | AWS (t3.medium + db.t3.micro + S3 + CloudFront) | ~$80-120 | | BuyVM Luxembourg (2 Slices + Block Storage) | ~$15-20 | | HostHatch IS (similar spec) | ~$15-25 | | FlokiNET (premium offshore) | ~$25-40 | The cost gap pays for the migration effort within 1-3 months for most operators. ## Related - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [Anonymous email hosting](/guides/anonymous-email-hosting) --- # How to migrate from Cloudflare to a privacy-aligned edge (2026) URL: https://notdmca.org/guides/migrate-from-cloudflare --- title: "How to migrate from Cloudflare to a privacy-aligned edge (2026)" slug: "migrate-from-cloudflare" summary: "Why and how to move off Cloudflare's CDN / reverse proxy: replacement options, DNS migration steps, origin IP exposure mitigation, recommended privacy-aligned CDN alternatives. Critical for operators relying on Cloudflare to hide DMCA-sensitive infrastructure." intent: "migrate off cloudflare alternative" related_providers: ["flokinet","njalla","buyvm"] related_guides: ["choose-dmca-ignored-host"] last_updated: "2026-05-12" order: 21 --- ## TL;DR Move from Cloudflare to one of: 1. **BunnyCDN** — multi-PoP commercial CDN with crypto payment, content-permissive AUP. Closest like-for-like replacement. 2. **Self-hosted reverse proxy** on a second offshore VPS (nginx, Caddy, HAProxy) — full control, no third party. 3. **No CDN** — for sub-1M-pageview sites, a single offshore VPS often handles traffic fine without a CDN layer. Critical: **once you remove Cloudflare, your origin IP is exposed**. If your origin is at a content-permissive offshore host, that's fine. If your origin is somewhere you didn't want public, change the origin first, then remove Cloudflare. ## Why move off Cloudflare The case for leaving Cloudflare in 2026: 1. **Content-policy risk**: Cloudflare has terminated customers for non-DMCA reasons (Daily Stormer 2017, Kiwi Farms 2022, others). Their AUP is broader than DMCA. If your content is controversial-but-legal, Cloudflare is a single point of failure. 2. **US legal exposure**: Cloudflare is US-headquartered and subject to US legal process including subpoenas for customer information. 3. **DNS history is in their records**: if your DNS history is on Cloudflare, you've leaked your origin IP history forever. 4. **Performance is not always better**: for single-region traffic, a properly-tuned VPS often outperforms Cloudflare's free tier. ## Pre-migration: address origin exposure The single biggest risk in leaving Cloudflare is exposing your origin IP. If you've been hiding behind Cloudflare specifically because your origin IP is sensitive, **migrate the origin first**: 1. Provision a new VPS at a content-permissive offshore host ([FlokiNET](/providers/flokinet) is the canonical pick). 2. Migrate the application onto the new origin. 3. Update Cloudflare DNS to point to the new origin. 4. Verify everything works through Cloudflare for a few days. 5. **Then** start the Cloudflare removal (steps below). If your origin is already at a content-permissive offshore host, you can skip this and proceed directly to removal. ## Step-by-step ### 1. Pick the replacement **BunnyCDN** is the most-recommended commercial CDN for privacy-aligned operators in 2026: - Multi-PoP (50+ global locations). - Accepts crypto including Bitcoin. - AUP is more content-permissive than Cloudflare. - Pricing is per-GB, no minimum. **Self-hosted reverse proxy** option: - Provision a second VPS at a different offshore provider for geographic / jurisdictional spread. - Run nginx or Caddy in front, proxying to your origin. - Cache static assets locally. - For DDoS protection, use the host's built-in DDoS mitigation ([FlokiNET](/providers/flokinet), [AbeloHost](/providers/abelohost), [BuyVM](/providers/buyvm) all have this). **No CDN** — works fine for low-traffic sites: - A single VPS with a 1 Gbps unmetered port handles substantial traffic. - Offload static assets to object storage (BuyVM Block Storage) and serve directly. ### 2. DNS migration - Reduce TTLs to 60 seconds 24 hours before cutover. - Move your DNS away from Cloudflare DNS. Recommended: [Njalla](/providers/njalla) DNS (bundled with their domain service) or deSEC.io (free, EU-based, DNSSEC-by-default). - Update A/AAAA records to point to the new edge (or directly to origin if no CDN). - Update MX, CNAME, TXT records. ### 3. Cutover - At cutover time: change the nameservers at your registrar from Cloudflare's to the new DNS provider's. - Wait for nameserver propagation (5 min - 24 h depending on TLD). - Verify traffic is flowing through the new path with `curl -v` and DNS lookup tools. ### 4. Decommission Cloudflare - Wait 7 days post-cutover before removing the Cloudflare account (in case of rollback need). - Export and download your zone file before deletion. - Cancel paid plans before final removal. - Delete the Cloudflare account. ## What you lose Be honest about what Cloudflare provided that the replacement doesn't: - **Free SSL certificate via Cloudflare Universal SSL**: replaced by Let's Encrypt (free, automated via Caddy). - **Free DDoS protection at unmetered scale**: replaced by your VPS provider's DDoS service (varies; FlokiNET and BuyVM are good). - **Bot management / WAF**: replaced by self-hosted ModSecurity rules or by the application-layer rate limiting. - **Workers (serverless)**: no exact replacement; rewrite as proper backend code. - **Always Online** (cached version when origin is down): rare to need, can be replicated with stale-while-revalidate at edge nginx. ## What you gain - **No third-party visibility into your traffic**. - **No risk of policy-based termination** by a US-headquartered edge. - **Origin IP is already at the offshore host**, no longer dependent on a hiding layer. - **Lower long-term cost** for many workloads (BunnyCDN is much cheaper than Cloudflare's enterprise tiers). ## Related - [Cloudflare and DMCA — FAQ](/faq#cloudflare-and-dmca) - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [FlokiNET review](/providers/flokinet) --- # How to migrate a domain from GoDaddy (or any US registrar) to Njalla (2026) URL: https://notdmca.org/guides/migrate-godaddy-to-njalla --- title: "How to migrate a domain from GoDaddy (or any US registrar) to Njalla (2026)" slug: "migrate-godaddy-to-njalla" summary: "Step-by-step domain transfer from GoDaddy or other US-based registrars to Njalla's owns-on-behalf model. EPP / auth code retrieval, ICANN's 60-day rule, downtime avoidance, and what changes about WHOIS once the transfer completes." intent: "transfer domain godaddy to njalla" related_providers: ["njalla","1984hosting"] related_guides: ["anonymous-domain-registration"] last_updated: "2026-05-12" order: 22 --- ## TL;DR Domain transfer from GoDaddy (or similar US-based registrar) to [Njalla](/providers/njalla): 1. **Unlock** the domain at GoDaddy. **Disable WHOIS privacy** at the source registrar (transfers fail when privacy proxies hold the contact email). 2. **Retrieve the EPP / auth code** from GoDaddy. 3. **Initiate transfer** at Njalla; pay in Monero / Bitcoin / cash. 4. **Confirm via email** at the WHOIS contact address. 5. Wait 5-7 days for the registry to process. 6. Once complete, your domain is registered in Njalla's name on your behalf — your identity is no longer in WHOIS. **Critical**: ICANN rules require 60 days between registration / last transfer before another transfer is allowed. Plan accordingly. ## Why transfer GoDaddy and other US-based registrars are subject to US legal process, including UDRP, court orders for domain seizure, and government subpoenas for registrant identity. They also typically charge for WHOIS privacy. [Njalla](/providers/njalla)'s **owns-on-behalf** model is structurally different: Njalla becomes the registrant of record on your behalf, with you as the contractual user. WHOIS shows Njalla, not you. Compelling Njalla to disclose or transfer requires convincing Njalla — not your home jurisdiction's registrar. ## Pre-transfer checklist Before starting: - **60-day rule check**: if the domain was registered or last transferred less than 60 days ago, ICANN locks it. Wait the difference. - **Registry lock**: some registrars set "registrar lock" by default. Unlock it in GoDaddy's domain control panel. - **WHOIS privacy off**: GoDaddy's "Domains by Proxy" privacy service obscures the registrant email — transfer confirmation goes there. Disable privacy 24-48h before initiating transfer. - **Email reachable**: ensure the WHOIS contact email is yours and you can read it. - **DNS continuity**: note your current DNS records. After transfer, you'll repoint nameservers (or keep using GoDaddy's DNS if you only transfer the registration). ## Step-by-step ### 1. Prepare at GoDaddy - Log into GoDaddy → Domains → your domain → "Transfer". - Click "Get authorization code". Copy the code (looks like `ABC123-DEF456`). - Verify the code is sent to your WHOIS email. - Disable WHOIS privacy if you haven't already. - Ensure the domain is unlocked. ### 2. Initiate at Njalla - Open njal.la in Tor Browser. - Sign up with a throwaway email (or log in if you already have an account). - Top up balance in Monero or Bitcoin (or cash by mail; see [/guides/anonymous-vps-monero](/guides/anonymous-vps-monero)). - Domains → Transfer in. Enter your domain name. - Paste the EPP / auth code. - Confirm and pay (1 year of registration is added to the existing expiry). ### 3. Transfer authorization - Within 24h, you'll receive a transfer confirmation email at your WHOIS contact address. - Click the confirmation link. - The losing registrar (GoDaddy) has 5 days to either approve or NACK the transfer. If they take no action, ICANN auto-approves. ### 4. Post-transfer Once the transfer completes: - **WHOIS now shows Njalla** as registrant, admin and tech contact. - **Your identity is removed** from the public WHOIS record entirely. - **Nameservers are unchanged** unless you explicitly switched them. To use Njalla's DNS, change the NS records in your Njalla dashboard. - **DNSSEC** may need to be re-applied if you had it set up. ### 5. Decommission GoDaddy After 7 days of stable operation under Njalla: - Verify all DNS records are working. - Verify SSL certificates renew (Let's Encrypt should be unaffected; commercial CAs may need re-validation). - Cancel any GoDaddy-side services tied to the domain (privacy, monitoring, etc.). - Keep the GoDaddy account open for at least 30 days in case of rollback need. ## Common issues - **"Transfer rejected — auth code mismatch"**: GoDaddy regenerated the code; get the latest. - **"Transfer requires manual approval"**: GoDaddy delaying for human review. Their support can expedite. - **WHOIS privacy was on at transfer initiation**: the confirmation email goes nowhere. Disable privacy, restart the transfer. - **Registrar lock still on**: explicitly unlock in GoDaddy's domain panel. - **Domain was registered <60 days ago**: ICANN refuses. Wait, then retry. ## What about other registrars? The process is identical for any ICANN-accredited registrar — only the UI for retrieving the auth code differs. Notable variations: - **Namecheap**: "Domain List → Manage → Sharing & Transfer → Auth Code". WHOIS Privacy is "WhoisGuard" — disable 48h before. - **Google Domains** (now Squarespace): in the migration UI; auth code is in the domain settings. - **Porkbun**: "Domain Management → Transfer Lock → Get Auth Code". Already privacy-friendly so the transfer mainly upgrades to owns-on-behalf. ## Cost - Njalla `.com`: €15/year (includes the +1 year added to your existing expiry). - GoDaddy refund: most US registrars don't refund unused time when you transfer out. The +1 year at Njalla compensates partially. ## Related - [Anonymous domain registration](/guides/anonymous-domain-registration) - [Njalla full review](/providers/njalla) - [Best anonymous registrars](/best/anonymous-registrar) --- # How to migrate from Hetzner (Germany) to Iceland-based hosting (2026) URL: https://notdmca.org/guides/migrate-hetzner-to-iceland --- title: "How to migrate from Hetzner (Germany) to Iceland-based hosting (2026)" slug: "migrate-hetzner-to-iceland" summary: "Migrating off German hosting to Iceland-based privacy-friendly providers: why Germany is no longer a comfortable home for some workloads, target Icelandic providers by use case, and the full move playbook." intent: "migrate hetzner germany to iceland hosting" related_providers: ["1984hosting","flokinet","orangewebsite"] related_guides: ["choose-dmca-ignored-host","iceland-vs-switzerland-vs-sweden"] last_updated: "2026-05-12" order: 23 --- ## TL;DR If you've been using Hetzner (or any major German host like netcup, Strato, IONOS) and your workload has become DMCA / DSA-sensitive, Iceland is the closest cultural / latency cousin that still gives you strong takedown resistance. Recommended targets: - [1984 Hosting](/providers/1984hosting) — full-stack Iceland cooperative; closest "Hetzner-like" experience for VPS + dedicated. - [FlokiNET](/providers/flokinet) — explicit free-speech posture; multi-jurisdiction including Iceland. - [OrangeWebsite](/providers/orangewebsite) — Iceland-only DMCA-ignored marketing; good for shared / mid-tier VPS. Migration is mechanically similar to any VPS-to-VPS move: rsync data, replicate config, switch DNS. Plan for 50-100 ms higher latency to mainland Europe and 3-5x higher per-spec cost than Hetzner. ## Why leave Hetzner Hetzner has been the default European VPS / dedicated host for over a decade. Reasons operators are migrating away in 2026: 1. **German DSA enforcement is among the strictest in the EU**. Notice-and-action requests are processed quickly; bulk takedown requests get more enforcement than in NL or RO. 2. **Adult content / streaming**: increasingly tightened under both DSA and German national law. 3. **DMCA-style takedowns**: Hetzner does honor properly-formatted complaints; their abuse desk is responsive (which is often a *good* thing, but not for content fighting frivolous notices). 4. **Real-name signup required**: standard for German hosters. This is not "Hetzner is bad" — it's a perfectly fine host for non-controversial workloads. It's just no longer the right home if your operation has become takedown-pressured. ## Why Iceland (vs Switzerland, Sweden, Romania) Iceland is the closest jurisdictional upgrade for a Hetzner-class workload: - **Not in the EU** (unlike Sweden, NL, RO) — DSA does not directly bind. - **Not party to the US DMCA**. - **Strong constitutional speech tradition** (IMMI 2010). - **EU-compatible bandwidth pricing** when using providers that have submarine-cable transit. - **Cluster of long-running specialized providers** ([1984 Hosting](/providers/1984hosting), [FlokiNET](/providers/flokinet), [OrangeWebsite](/providers/orangewebsite)) — pick by personality. Trade-offs vs Hetzner: - 50-100 ms more RTT to mainland European users. - 3-5x higher per-spec cost. - Smaller fleet (no equivalent of Hetzner's massive auction-server market). - Less mature API / automation tooling. For full jurisdictional comparison see [/guides/iceland-vs-switzerland-vs-sweden](/guides/iceland-vs-switzerland-vs-sweden). ## Step-by-step ### 1. Pick the target Match your Hetzner workload to the closest Icelandic equivalent: | Hetzner workload | Recommended Icelandic target | |----------------------------------------|-------------------------------------------------------| | CX series (small VPS) | [1984 Hosting](/providers/1984hosting) entry VPS | | CCX / EX dedicated | [1984 Hosting](/providers/1984hosting) or [FlokiNET](/providers/flokinet) dedicated | | Storage box / object storage | [BuyVM Block Storage](/providers/buyvm) (LU, not IS) | | Mail / shared hosting | [1984 Hosting](/providers/1984hosting) shared | | Free-speech-positioned project | [FlokiNET](/providers/flokinet) (with multi-juris failover) | Most projects can collapse a multi-Hetzner-instance setup to one larger Icelandic VPS, since the per-instance cost increases. ### 2. Provision Sign up at the chosen Icelandic provider. The major Icelandic providers all accept anonymous signup + crypto, so you can migrate to a fresh-identity account if you want to break the GoDaddy-style real-name link from your old setup. ### 3. Replicate Standard VPS-to-VPS migration: - **System config**: copy `/etc/`, application config, systemd units, cron jobs. - **Application**: deploy from your normal pipeline (docker-compose, ansible, or manual). - **Data**: rsync from Hetzner to the new VPS. For large datasets, use `mbuffer` or `pv` to monitor. - **Database**: `pg_dump` / `mysqldump` → import. For zero-downtime: logical replication, then switchover. - **TLS**: Let's Encrypt re-issuance (automated via Caddy or certbot). - **DNS**: pre-create records pointing to the new IP with low TTLs ready to switch. ### 4. Cutover - Verify the Icelandic deployment passes end-to-end smoke tests. - Drop TTL to 60s 24h before cutover. - Switch DNS records. - Monitor logs on both sides for 24 hours. - Once stable: shut down the Hetzner workload (don't delete yet). ### 5. Decommission After 7 days of stable operation: - Snapshot Hetzner data (final dump for archive). - Cancel Hetzner services. - Close the Hetzner account if you don't need it. ## Cost expectation Approximate monthly cost for a small production workload (1 web tier, 1 db tier): | Provider | Approximate cost | |-----------------------------------|------------------| | Hetzner CX21 + CX21 + storage | ~€15-20 | | 1984 Hosting comparable spec | ~€30-40 | | FlokiNET comparable spec | ~€35-50 | | OrangeWebsite comparable spec | ~€30-45 | The 2-3x premium pays for jurisdiction, no-KYC signup, and crypto payment. ## Related - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [Iceland vs Switzerland vs Sweden](/guides/iceland-vs-switzerland-vs-sweden) - [1984 Hosting full review](/providers/1984hosting) - [FlokiNET full review](/providers/flokinet) --- # How to migrate a WordPress site to DMCA-ignored hosting (2026) URL: https://notdmca.org/guides/migrate-wordpress --- title: "How to migrate a WordPress site to DMCA-ignored hosting (2026)" slug: "migrate-wordpress" summary: "Step-by-step migration of a WordPress site from a US-based host (BlueHost, GoDaddy, etc.) to a DMCA-ignored offshore provider. Plugin choices, database export, media transfer, SSL, and avoiding common WordPress migration breaks." intent: "migrate wordpress to dmca ignored hosting" related_providers: ["1984hosting","orangewebsite","abelohost","hostsailor"] related_guides: ["choose-dmca-ignored-host","migrate-godaddy-to-njalla"] last_updated: "2026-05-12" order: 24 --- ## TL;DR Move a WordPress site to a DMCA-ignored host in 90 minutes: 1. Pick target: [1984 Hosting](/providers/1984hosting) (Iceland, managed-friendly), [OrangeWebsite](/providers/orangewebsite) (Iceland, shared), [AbeloHost](/providers/abelohost) (NL), or [HostSailor](/providers/hostsailor) (RO, value). 2. Use **All-in-One WP Migration** plugin — exports site as a single `.wpress` archive, imports on the new host. 3. Update WordPress site URL. 4. Switch DNS, wait for propagation. 5. Reissue SSL via Let's Encrypt. For large sites (>2 GB or with custom plugins), use **manual migration** instead — more reliable than the plugin at scale. ## Why migrate WordPress on a US shared host (BlueHost, HostGator, GoDaddy, etc.) is the most-DMCA-spammed configuration on the internet. Automated bots target WordPress sites at high volume. US shared hosts auto-act on DMCA notices to preserve safe harbor — often suspending the account first and asking questions later. DMCA-ignored hosts evaluate complaints under their local jurisdiction's law. The same WordPress site moved to Iceland or Romania won't see the same auto-suspension behavior. ## Pre-migration - **Back up everything**: full export of database (`wp-config.php` + `wp-content/`) and a `.sql` dump of the database. Test the restore locally before depending on the new host. - **Note plugin list**: deactivated plugins after migration is the #1 cause of broken sites. - **Check PHP version compatibility**: confirm the target host supports your WordPress + plugin versions. - **Identify caching / CDN**: if you use Cloudflare, decide whether to keep it or move to BunnyCDN/self-hosted (see [Cloudflare migration guide](/guides/migrate-from-cloudflare)). ## Step-by-step (using All-in-One WP Migration) ### 1. Provision the target Sign up at one of: - [1984 Hosting](/providers/1984hosting) — shared hosting from ~€4/mo; Iceland; cPanel-style management. - [OrangeWebsite](/providers/orangewebsite) — shared hosting from ~$5/mo; Iceland; explicit free-speech AUP. - [AbeloHost](/providers/abelohost) — Dutch DMCA-ignored shared from ~$4/mo. - [HostSailor](/providers/hostsailor) — Romania value tier from ~$3/mo. Install fresh WordPress on the new host (most offer one-click installers). ### 2. Export from the source On the source WordPress: - Install **All-in-One WP Migration** plugin. - Tools → All-in-One WP Migration → Export → File. Wait for the `.wpress` file. - Download the file locally. For sites > 2 GB, you'll need the paid extension or use the manual method (below). ### 3. Import on the target On the new WordPress: - Install **All-in-One WP Migration** on the new install. - Tools → All-in-One WP Migration → Import → File. Upload the `.wpress`. - Follow the wizard. The plugin replaces the new install entirely with your old site (database, files, settings, plugins). - Re-save permalinks: Settings → Permalinks → Save. (Required to regenerate `.htaccess`.) ### 4. Update the site URL If your domain hasn't moved yet, the new install will have the wrong URL. Edit `wp-config.php`: ```php define('WP_HOME', 'https://yourdomain.com'); define('WP_SITEURL', 'https://yourdomain.com'); ``` Or use the Better Search Replace plugin to update URLs in the database after the move. ### 5. DNS cutover - Lower TTL to 60s 24h before cutover. - Update A record to point to the new host's IP. - Wait ~5 min for propagation. - Verify the live site loads from the new host (`curl -v` or browser). ### 6. SSL - The new host should auto-issue Let's Encrypt for the domain once DNS resolves. - If using Cloudflare in front, your existing Cloudflare-issued cert continues to work; the origin cert needs re-issuance. ## Manual migration (for sites > 2 GB) For large sites, the plugin times out or fails. Manual: 1. Database: `mysqldump -u user -p dbname > backup.sql` on source. 2. Files: `tar czf wp-content.tar.gz wp-content/` on source. 3. Transfer both to the new host (scp, rsync). 4. On new host: install fresh WordPress, then: - Replace `wp-content/` with the extracted archive. - Replace database with the imported dump. 5. Update `wp-config.php` with the new database credentials. 6. Verify the site loads. ## Common breaks - **White screen after migration**: PHP version mismatch. Check error logs. - **Images not loading**: file permissions wrong (`chmod 755` for dirs, `644` for files; `chown` to the web user). - **Permalinks broken**: re-save permalinks; ensure mod_rewrite or equivalent is enabled. - **Plugin compatibility**: deactivate all plugins, reactivate one by one to identify the broken one. - **Email-from-WordPress not sending**: install WP Mail SMTP, configure with the new host's mail relay. - **Cloudflare cache showing old version**: purge the Cloudflare cache after migration. ## Hardening on the new host WordPress sites benefit from: - **Update everything** to the latest version after migration. - **Disable file editing in admin**: `define('DISALLOW_FILE_EDIT', true);` in `wp-config.php`. - **Install Wordfence** or Sucuri for security scanning. - **HTTPS-only**: redirect HTTP to HTTPS via `.htaccess` or web server config. - **Limit login attempts**: install Limit Login Attempts Reloaded. - **Backup**: schedule automatic backups via UpdraftPlus → cloud storage you control. ## Related - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [How to migrate from Cloudflare](/guides/migrate-from-cloudflare) - [How to transfer a domain to Njalla](/guides/migrate-godaddy-to-njalla) - [1984 Hosting review](/providers/1984hosting) --- # How to pay for hosting with cash by mail (2026) URL: https://notdmca.org/guides/pay-hosting-cash --- title: "How to pay for hosting with cash by mail (2026)" slug: "pay-hosting-cash" summary: "The most off-grid payment method for anonymous hosting: physical cash mailed to a published postal address. Which providers accept it, the operational steps, packaging conventions, and how to avoid common interception risks." intent: "pay hosting cash by mail anonymous" related_providers: ["njalla","flokinet"] related_guides: ["anonymous-vps-monero"] last_updated: "2026-05-12" order: 25 --- ## TL;DR Two providers in this directory publish a postal address for cash deposits in 2026: - [Njalla](/providers/njalla) — Sweden postal address. - [FlokiNET](/providers/flokinet) — Iceland postal address. How to do it: 1. Pick currency (EUR or USD typically accepted; check the provider's payment page). 2. Wrap cash in opaque paper inside an unmarked envelope. 3. Include a note with your account ID or order reference. 4. Send via standard mail (NOT registered, NOT signed-for — these create a paper trail). 5. Wait 5-15 business days for the deposit to clear. Loss risk: real but typically <1% in stable jurisdictions. Treat sums under €100 as the comfortable threshold for first-time experiments. ## Why cash by mail Cash is the most privacy-preserving payment method available because it leaves **no electronic record at all**: - No bank transfer with sender/recipient details. - No card processor with merchant category data. - No crypto on-chain trace (even Monero leaves *some* on-chain activity). - No exchange-side KYC paper trail. The only people who know about the transaction are: you, your local post office, the destination post office, and the recipient. None of them have a strong reason to keep records. For operators where the threat model includes blockchain analysis or financial-system surveillance, cash is materially stronger than crypto. ## Which providers accept it In this directory: - **[Njalla](/providers/njalla)** — explicitly accepted; deposit-balance model means a single cash deposit can fund years of domain renewals + VPS payments. Postal address listed on njal.la's payment page. - **[FlokiNET](/providers/flokinet)** — accepted; postal address on the FlokiNET payment page. Several other privacy-focused providers will accept cash on request even if it's not advertised. Email the provider before sending if their public payment page doesn't mention cash. ## Operational guide ### 1. Get the cash - Withdraw from an ATM you don't normally use, ideally one not associated with your home neighborhood. - Use small denominations (€20-€50 notes) — easier to count, lower per-bill loss risk if mishandled. - Avoid CHF or USD if you're in EUR territory unless the provider explicitly accepts those currencies. ### 2. Package - Use **opaque paper** (folded white printer paper works). Don't let cash be visible if the envelope is held to light. - Wrap the paper-wrapped cash inside a **standard unmarked envelope**. - Address the envelope to the provider's published postal address. - **Do not write "cash" or the amount** on the outside. - Include a **small note inside** with your account ID or order reference (e.g. "Account #12345, deposit €100"). - For Njalla specifically, the note can include the email your account is registered under. ### 3. Send - Drop in a standard mailbox. - **Do not register** the letter. Registered / signed-for mail creates a paper trail at both ends with sender and recipient names. - **Do not include a return address** unless your country's postal regulations require it (e.g. France generally does; UK does not). If required, use a poste-restante or trusted alias. - Use **standard postage** rate. Tracking and signature confirmation defeat the purpose. ### 4. Wait - International mail: 5-15 business days typical for EU → IS or EU → SE. - The provider receives and processes the deposit; they credit your balance. - Most providers send a confirmation email when funds are credited. ### 5. Verify - Log into your provider account; confirm balance reflects the deposit. - If after 3 weeks no confirmation arrives, email the provider's support address with the rough date you mailed and the account ID. They can sometimes manually credit if the envelope arrived but failed to be processed. ## Risks **Loss in mail**: real but rare in stable jurisdictions. EU-internal and Iceland-bound mail loss rates are <1% for standard envelopes. Higher if you're sending from countries with worse postal infrastructure. Mitigation: send small amounts; treat as a deposit you could afford to lose. **Theft at the destination**: providers' postal addresses are publicly known. Mail volume is high enough that interception is not casual, but a well-resourced adversary watching a known offshore-host PO box could intercept. Mitigation: this is a real but low-probability risk; for high-stakes use, supplement with crypto rather than cash-only. **Customs declaration**: you generally don't need to declare cash sent in standard mail under most postal regimes (versus carried physically across borders, where declaration thresholds apply: €10,000 EU, $10,000 US, etc.). Check your country's postal rules if uncertain. **Counterfeit**: providers reject obviously-counterfeit notes. Use cash from a normal ATM source. ## Combining with other methods Most operators don't use cash exclusively. Common patterns: - **First payment in cash**: bootstrap the account anonymously without ever giving a card / crypto wallet that links to identity. - **Top-ups in Monero**: faster ongoing payments after the initial cash deposit. - **Cash for "burner" deposits**: when you want to fund an account that has no link to your other identities. ## Country-specific notes - **From the US**: international cash mailing is legal but US Customs Form 4790 is technically required for amounts over $10,000. Below that, no declaration. Use small amounts. - **From the EU**: intra-Schengen mail moves freely; no declarations. - **From the UK**: standard postal rules; small amounts uncontroversial. ## Related - [Cash by mail FAQ](/faq#cash-by-mail) - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [Njalla full review](/providers/njalla) - [FlokiNET full review](/providers/flokinet) --- # How to pay for hosting with Bitcoin Lightning (2026) URL: https://notdmca.org/guides/pay-hosting-lightning --- title: "How to pay for hosting with Bitcoin Lightning (2026)" slug: "pay-hosting-lightning" summary: "Bitcoin Lightning Network payments for hosting providers in 2026: which providers accept it, when Lightning is better than on-chain Bitcoin or Monero, wallet recommendations, and the operational walkthrough." intent: "pay hosting bitcoin lightning network" related_providers: ["njalla","flokinet","buyvm","hosthatch"] related_guides: ["anonymous-vps-monero","bitcoin-node-hosting"] last_updated: "2026-05-12" order: 26 --- ## TL;DR Lightning Network is **fast (instant), cheap (sub-cent fees), and privacy-improved over on-chain Bitcoin** — but it's not as private as Monero. Use it when: - The provider accepts Lightning but not Monero. - You want fast settlement (no waiting for on-chain confirmations). - You want to avoid on-chain Bitcoin chain-analysis risk. Providers in this directory accepting Lightning: - [Njalla](/providers/njalla) — Lightning advertised at checkout. - [FlokiNET](/providers/flokinet) — Lightning advertised. - [BuyVM](/providers/buyvm) — Lightning supported via OpenNode integration. - [HostHatch](/providers/hosthatch) — Lightning at checkout. For the strongest privacy, **Monero remains preferable** when supported. Lightning is the second-best. ## When Lightning beats Monero Monero is more private at the protocol layer, but Lightning has practical advantages: | Property | Lightning | Monero | |-----------------------------------|-----------------------|-----------------------| | Settlement speed | Instant | 20+ minutes | | Per-transaction fee | Sub-cent | $0.01-0.10 | | Provider acceptance (2026) | Wider (BTC ecosystem) | Narrower | | Sender privacy | Good (onion-routed) | Excellent (default) | | Receiver privacy | Limited | Excellent | | On-chain footprint | Channel open/close | Per-transaction | | Audit trail | Channel-state-only | None | | Wallet ecosystem | Mature (mobile + CLI) | Mature | If a provider accepts both, **pick Monero**. If they only accept Lightning, Lightning is much better than on-chain Bitcoin. ## Wallet setup ### Self-custodial (recommended) - **Phoenix Wallet** (mobile, iOS/Android) — automatic channel management, no node required. - **Breez** — similar UX to Phoenix. - **Zeus** — mobile interface for your own remote LND/CLN node. - **Sparrow Wallet** + LND backend — desktop, full control. ### Custodial (faster but trades privacy) - **Wallet of Satoshi** — easiest UX but custodial; wallet provider sees your activity. - **Strike** — US KYC; defeats the privacy purpose for hosting payments. For privacy-focused hosting payments: use a **self-custodial wallet** funded via an inbound channel from a non-KYC source. ## Step-by-step ### 1. Acquire Lightning-bound BTC Two paths: **Path A: Convert Monero to Lightning**: - Use a no-KYC swap service (e.g. SideShift, SimpleSwap) to convert XMR → BTC. - Send the BTC to a Lightning channel-funding address. **Path B: Buy directly with cash**: - LocalMonero (XMR cash → swap to BTC), or P2P BTC marketplaces. - Cash → BTC → fund Lightning wallet. Avoid: KYC exchange withdrawals direct to Lightning. The channel-open transaction will be linked to your KYC identity at the exchange. ### 2. Open a channel If using Phoenix / Breez: channel opens automatically when you receive your first payment. If using a self-hosted LND/CLN node: - Choose a well-connected Lightning peer (e.g. ACINQ, Bitfinex, LNBig). - Open an outbound channel of sufficient capacity (e.g. 0.01 BTC ≈ $700 at current prices). - Wait 6 confirmations for the channel to be active. ### 3. Pay the provider - At provider checkout, select Lightning / "Pay with Lightning". - The provider displays a BOLT11 invoice (a long string starting with `lnbc...`). - Scan with your wallet (or paste). - Confirm. Payment settles in 1-3 seconds. - The provider credits your account immediately. ### 4. Verify - Check the wallet's transaction history for the outgoing payment. - Check the provider's account balance — should reflect the credit. ## Privacy considerations **Lightning's privacy improvements over on-chain Bitcoin**: - Payments are onion-routed through 1-3+ hops; intermediate nodes don't know the full route. - Channel-state is local; not on the public blockchain. - Per-payment fees are tiny enough that micropayments don't leak amount data over many transactions. **Lightning's privacy limitations**: - Channel-open and channel-close transactions appear on-chain with your funding source. - Your direct peer sees the payments you originate (though not the destination). - Lightning's privacy is "good" — Monero is "excellent". For a deeper dive, see the [Monero vs Bitcoin FAQ](/faq#monero-bitcoin-difference). ## Operational tips - **Keep channel balances modest** ($50-500 worth). Easier to manage; lower loss risk. - **Use channel splicing** if your wallet supports it — adjust capacity without closing channels. - **Don't use Lightning for huge payments** (>1 BTC). Channel routing reliability degrades at large amounts; on-chain is safer. - **Have an on-chain fallback** — keep a small UTXO available in case Lightning routing fails for a specific payment. - **For receiving** (if you're a Lightning-accepting provider yourself), inbound liquidity matters; consider managed liquidity services (Loop, LSPs). ## Failures - **"Payment failed: no route"**: routing didn't find a path. Try a different wallet provider, or settle on-chain. - **"Invoice expired"**: BOLT11 invoices have a TTL (default 1h). Get a fresh invoice. - **"Insufficient balance"**: outbound channel capacity exhausted. Close and reopen, or splice. - **"Channel force-closed"**: rare; resolves itself but ties up capital for the timelock period (~24h-2 weeks). ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to host a Bitcoin / Lightning node anonymously](/guides/bitcoin-node-hosting) - [Monero vs Bitcoin — FAQ](/faq#monero-bitcoin-difference) - [Njalla full review](/providers/njalla) (accepts Lightning) --- # How to host Nextcloud anonymously on a DMCA-ignored VPS (2026) URL: https://notdmca.org/guides/host-nextcloud --- title: "How to host Nextcloud anonymously on a DMCA-ignored VPS (2026)" slug: "host-nextcloud" summary: "Self-hosting a Nextcloud instance (file sync, calendar, contacts, office suite) on a no-KYC offshore VPS. Sizing, install method, performance tuning, and which DMCA-ignored hosts are best for the workload." intent: "host nextcloud anonymously offshore vps" related_providers: ["flokinet","1984hosting","buyvm","hosthatch"] related_guides: ["anonymous-vps-monero","anonymous-domain-registration"] last_updated: "2026-05-12" order: 30 --- ## TL;DR For a personal Nextcloud (file sync replacing Google Drive / Dropbox / iCloud) in 2026: - **Sizing**: 2 vCPU / 4 GB RAM / 100+ GB disk for a single user; bigger for families / teams. - **Best providers**: [BuyVM Luxembourg](/providers/buyvm) for value (Block Storage Slabs are perfect for Nextcloud data), [HostHatch IS](/providers/hosthatch) for jurisdictional posture, [FlokiNET](/providers/flokinet) for privacy maximalism. - **Install method**: Nextcloud AIO (All-in-One) Docker container — easiest path; production-ready in 30 minutes. - **Storage strategy**: small fast NVMe for the application + large cheap Block Storage for user data. ## Why self-host Nextcloud on offshore Nextcloud is the leading self-hosted alternative to Google Workspace / Microsoft 365 / Dropbox. Hosting it on a DMCA-ignored offshore VPS gives you: - **Full control of your data** — no third-party scanning your files. - **Privacy from US-style copyright takedowns** — DMCA notices targeting personal cloud-stored files have happened (rights holders crawl public Nextcloud share links). Offshore avoids this. - **No vendor account-level deplatforming risk** — Google has terminated accounts over CSAM scanner false positives, etc. Self-hosting eliminates this. ## Sizing | Use case | Specs | Provider tier | |--------------------------------|-------------------------------------------|----------------------------------------------| | Single user, light | 2 vCPU, 4 GB RAM, 100 GB disk | Entry VPS at any provider | | Single user, heavy / photos | 2 vCPU, 4 GB RAM, 500 GB disk | BuyVM Slice + Block Storage Slab | | Family (3-5 users) | 4 vCPU, 8 GB RAM, 1 TB disk | Mid-tier VPS at HostHatch / FlokiNET | | Small team (10-20 users) | 4 vCPU, 16 GB RAM, 2+ TB disk | Dedicated server | **The disk is the binding constraint**. A photo-heavy single user can fill 500 GB in a year. Plan accordingly. ## Step-by-step ### 1. Provision Sign up anonymously at one of: - [BuyVM Luxembourg](/providers/buyvm) — cheapest path. Pair Slice 2048 ($3.5/mo) with a Block Storage Slab ($5/mo per 256 GB). - [HostHatch Iceland](/providers/hosthatch) — better jurisdiction, slightly more cost. - [FlokiNET](/providers/flokinet) — best privacy posture if you can afford the premium. Follow [/guides/anonymous-vps-monero](/guides/anonymous-vps-monero) for the no-KYC + Monero signup flow. ### 2. Install Nextcloud AIO The recommended install in 2026 is **Nextcloud All-in-One** — a single Docker container that bundles everything (database, Redis, Talk, Office, etc.) and handles updates. ```bash # Install Docker curl -fsSL https://get.docker.com | sh # Run Nextcloud AIO master container sudo docker run \ --init \ --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ --publish 80:80 \ --publish 8080:8080 \ --publish 8443:8443 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ nextcloud/all-in-one:latest ``` Open `https://your-vps-ip:8080` to start the setup wizard. ### 3. Configure domain and HTTPS In the AIO setup wizard: - Enter your domain (e.g. `cloud.yourdomain.com`). - Pick the apps you want enabled (Talk for video calls, Office for collaborative editing, etc.). - AIO handles Let's Encrypt automatically once DNS resolves. For the domain itself, see [/guides/anonymous-domain-registration](/guides/anonymous-domain-registration). ### 4. Mount Block Storage for user data If using BuyVM with a Block Storage Slab: ```bash # Find the device lsblk # Format and mount sudo mkfs.ext4 /dev/sdX sudo mkdir /mnt/nextcloud-data sudo mount /dev/sdX /mnt/nextcloud-data # Persist in fstab echo "/dev/sdX /mnt/nextcloud-data ext4 defaults,noatime 0 2" | sudo tee -a /etc/fstab ``` In Nextcloud AIO settings, point the data directory to `/mnt/nextcloud-data` (or use the `NEXTCLOUD_DATADIR` environment variable at AIO startup). ### 5. Hardening - **Two-factor authentication**: enable in Nextcloud admin → Security. - **Encryption at rest**: enable Server-Side Encryption app (slows performance; only if your threat model needs it on top of FDE). - **Brute-force protection**: enabled by default in AIO. - **Sharing restrictions**: in admin, restrict sharing to authenticated users only. - **Backup**: Nextcloud AIO has a built-in backup utility — schedule daily backups to a different offshore VPS. ## Performance tuning For multi-user / heavy workloads: - **Enable APCu memory cache**: in `config.php`, `'memcache.local' => '\\OC\\Memcache\\APCu'`. - **Enable Redis** (AIO does this by default): `'memcache.distributed' => '\\OC\\Memcache\\Redis'`. - **PHP OPcache**: ensure `opcache.enable=1`, `opcache.memory_consumption=512`. - **Database tuning**: PostgreSQL > MySQL for Nextcloud at scale. - **Avoid SMB / WebDAV mounts** — they're slow. ## Anonymity considerations - **Don't use a real-name email** at signup or for the Nextcloud admin account. - **SSH to the VPS via Tor** — never from your home IP. - **Encrypt sensitive files client-side** before upload (e.g. with Cryptomator) for defense-in-depth against the host. - **Avoid public sharing** if you don't want that share URL crawled and indexed. ## Cost (May 2026) For a comfortable single-user Nextcloud with 500 GB storage: | Component | Approximate cost | |--------------------------------|--------------------| | BuyVM Slice 2048 | $3.5 / month | | BuyVM Block Storage Slab 256GB | $5 / month | | Domain (Njalla .com) | $1.25 / month (paid annually) | | **Total** | **~$10 / month** | Compare to Google Workspace: ~$6/user + Drive storage at $0.02/GB/month = ~$10/user/month for similar capacity, with Google having full access to your files. ## Related - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [BuyVM full review](/providers/buyvm) --- # How to host a Matrix / Synapse server anonymously (2026) URL: https://notdmca.org/guides/host-matrix --- title: "How to host a Matrix / Synapse server anonymously (2026)" slug: "host-matrix" summary: "Self-hosted Matrix homeserver (Synapse, Dendrite, or Conduit) on a no-KYC offshore VPS. Federation considerations, end-to-end encryption setup, voice / video bridge, and provider recommendations." intent: "host matrix synapse server anonymous" related_providers: ["flokinet","1984hosting","hosthatch","privex"] related_guides: ["anonymous-vps-monero","anonymous-domain-registration"] last_updated: "2026-05-12" order: 31 --- ## TL;DR For a personal or small-community Matrix homeserver in 2026: - **Software choice**: Conduit (lightest, Rust, single binary) for personal use; Synapse (Python, mature, full-featured) for community use. - **Sizing**: 2 vCPU / 4 GB RAM / 30 GB for personal Conduit; 4 vCPU / 8 GB RAM / 100+ GB for community Synapse. - **Best providers**: [HostHatch IS / FI](/providers/hosthatch) for value, [FlokiNET](/providers/flokinet) for privacy maximalism, [Privex](/providers/privex) for crypto-only. - **Federation consideration**: many large Matrix servers (matrix.org especially) restrict federation with privacy-aggressive instances. Plan accordingly. ## Why self-host Matrix Matrix is the open federated chat / VoIP / video protocol. Self-hosting your own homeserver (rather than using matrix.org or Element's hosted offering) gives you: - **Full control of your conversation history** — encrypted by default end-to-end, but the server still sees metadata. - **No third-party deplatforming risk** — Element has implemented their own moderation policies; matrix.org has too. - **Federation participation** — talk to users on any other Matrix server (within their federation policies). - **Privacy from KYC** — your account isn't tied to a phone number or real identity. ## Implementation choice | Software | Language | Memory | Maturity | Best for | |------------|----------|---------|----------|----------------------------------------------| | Synapse | Python | 1-4 GB | Mature | Communities, full features | | Dendrite | Go | 200-500MB | Stable | Better performance than Synapse | | Conduit | Rust | 50-200MB| Stable | Personal / small teams; lightest resource use | | conduwuit | Rust | 50-200MB| Active fork | Personal, more recent active development | For most personal use cases, **Conduit / conduwuit** is the right answer — much lower resource footprint than Synapse. ## Step-by-step (Conduit) ### 1. Provision Sign up anonymously at: - [HostHatch Iceland](/providers/hosthatch) — €3-5/mo for entry tier. - [FlokiNET](/providers/flokinet) — €5-8/mo, multi-juris failover. - [Privex](/providers/privex) — $8/mo, crypto-only signup. Follow [/guides/anonymous-vps-monero](/guides/anonymous-vps-monero). ### 2. Install Conduit ```bash # Add the systemd service file (Conduit ships with one) wget https://gitlab.com/famedly/conduit/-/raw/master/debian/conduit.service sudo mv conduit.service /etc/systemd/system/ # Download the binary sudo wget https://gitlab.com/famedly/conduit/-/jobs/artifacts/master/raw/conduit-x86_64-unknown-linux-musl?job=build:release \ -O /usr/local/bin/conduit sudo chmod +x /usr/local/bin/conduit # Create the conduit user and config sudo useradd -m -s /bin/false conduit sudo mkdir -p /etc/matrix-conduit /var/lib/matrix-conduit sudo chown conduit /var/lib/matrix-conduit ``` Create `/etc/matrix-conduit/conduit.toml`: ```toml [global] server_name = "yourdomain.com" database_path = "/var/lib/matrix-conduit/" port = 6167 max_request_size = 20_000_000 allow_registration = true allow_federation = true trusted_servers = ["matrix.org"] ``` Start Conduit: ```bash sudo systemctl daemon-reload sudo systemctl enable --now conduit ``` ### 3. Reverse proxy (Caddy) ```caddy matrix.yourdomain.com { reverse_proxy /_matrix/* 127.0.0.1:6167 reverse_proxy /.well-known/matrix/* 127.0.0.1:6167 } yourdomain.com { handle /.well-known/matrix/server { respond `{"m.server": "matrix.yourdomain.com:443"}` 200 header Content-Type application/json } handle /.well-known/matrix/client { respond `{"m.homeserver": {"base_url": "https://matrix.yourdomain.com"}}` 200 header Content-Type application/json } } ``` ### 4. Connect a client - **Element** (web, mobile, desktop) — most popular Matrix client. - **Cinny** — alternative web/desktop client, lighter UI. - **FluffyChat** — mobile-focused, friendlier UX. Set the homeserver URL to `https://matrix.yourdomain.com`. Register an account. ### 5. Federation reality check Federation is the killer feature of Matrix — but it comes with social complications: - **matrix.org** has defederation lists. Anonymous-signup-friendly homeservers sometimes appear on these. - **Large communities** (Mozilla, KDE, GNOME) maintain their own federation policies. - **Posting from a privacy-positioned server** can result in messages not propagating to large servers. Mitigation: have a moderation policy, publish a code of conduct, don't allow obvious abuse from your server. ## Voice / video calls Matrix supports voice / video via Element Call (uses LiveKit) or via the older Jitsi bridge. For small groups (≤8 people), Element Call works well on a 4 GB RAM VPS. For larger groups, see [Jitsi self-hosting](/guides/host-jitsi). ## Cost (May 2026) For a personal Conduit homeserver: | Component | Cost | |-------------------------|---------------------| | HostHatch Iceland VPS | ~€3 / month | | Domain (Njalla .com) | ~€1.25 / month | | **Total** | **~€5 / month** | For a community Synapse server (50-200 users): | Component | Cost | |-------------------------|---------------------| | FlokiNET mid-tier VPS | ~€20-30 / month | | Object storage (media) | ~€5 / month | | Domain | ~€1.25 / month | | **Total** | **~€25-35 / month** | ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to register a domain anonymously](/guides/anonymous-domain-registration) - [How to host an anonymous Mastodon / Fediverse instance](/guides/anonymous-mastodon-fediverse) - [HostHatch full review](/providers/hosthatch) --- # How to host Vaultwarden (Bitwarden) on an offshore VPS (2026) URL: https://notdmca.org/guides/host-vaultwarden --- title: "How to host Vaultwarden (Bitwarden) on an offshore VPS (2026)" slug: "host-vaultwarden" summary: "Self-hosted Vaultwarden — the lightweight Rust-based Bitwarden-compatible password manager — on an anonymous offshore VPS. Tiny resource requirements, full Bitwarden client compatibility, security hardening." intent: "host vaultwarden bitwarden self-hosted" related_providers: ["hosthatch","buyvm","privex","flokinet"] related_guides: ["anonymous-vps-monero","host-nextcloud"] last_updated: "2026-05-12" order: 32 --- ## TL;DR Self-hosted Vaultwarden in 2026: - **Sizing**: ~50 MB RAM, <5 GB disk. Runs on the smallest VPS available. - **Best provider**: [HostHatch IS](/providers/hosthatch) entry tier (~$2/mo) — overkill for what Vaultwarden needs. - **Install**: Docker container, 5 minutes. Pair with Caddy for auto-Let's-Encrypt. - **Compatible with all Bitwarden clients** (web, desktop, mobile, browser extensions). ## Why self-host Vaultwarden Bitwarden's official hosted service is fine for most users, but self-hosting gives you: - **Your password vault is not on someone else's server.** Even with end-to-end encryption, the metadata (which sites you have credentials for, when you access them) is server-visible. - **No vendor lock-in / shutdown risk.** Bitwarden could change pricing, terms, or get acquired. - **Premium features for free.** Vaultwarden enables all paid Bitwarden features at no cost. - **Operate over Tor.** A self-hosted vault can be onion-only, accessible only from your authenticated devices. ## Step-by-step ### 1. Provision The smallest available VPS is more than enough. [HostHatch IS](/providers/hosthatch) entry at $2/mo (annual prepay) is the recommended pick. [BuyVM Luxembourg](/providers/buyvm) Slice at $2/mo also works. Follow [/guides/anonymous-vps-monero](/guides/anonymous-vps-monero). ### 2. Install via Docker Compose ```yaml # docker-compose.yml services: vaultwarden: image: vaultwarden/server:latest restart: always environment: DOMAIN: "https://vault.yourdomain.com" SIGNUPS_ALLOWED: "false" # set to true initially, then false after creating your account ADMIN_TOKEN: "long-random-string-here" volumes: - ./vw-data:/data ports: - 127.0.0.1:8080:80 caddy: image: caddy:latest restart: always ports: - 80:80 - 443:443 volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ./caddy_data:/data ``` Create `Caddyfile`: ```caddy vault.yourdomain.com { reverse_proxy localhost:8080 } ``` Start: ```bash docker compose up -d ``` ### 3. First-time setup - Visit `https://vault.yourdomain.com`. - Create your account (with `SIGNUPS_ALLOWED=true`). - Once registered, set `SIGNUPS_ALLOWED=false` and restart. - Enable two-factor authentication: Settings → Two-step Login → Authenticator App. - Generate a backup of your master encryption key. ### 4. Connect clients All Bitwarden clients work with Vaultwarden — just point the server URL to your domain: - **Bitwarden browser extension**: Settings → Self-hosted → Server URL → `https://vault.yourdomain.com`. - **Bitwarden mobile / desktop**: same setting in the app. - **CLI**: `bw config server https://vault.yourdomain.com`. ### 5. Hardening - **Disable signup** after creating your account (`SIGNUPS_ALLOWED=false`). - **Enable 2FA** for your account and admin panel. - **Restrict admin panel access** by IP allowlist or via Tor onion. - **Backup**: regular `tar` of `vw-data/` to a different offshore VPS. - **Disable web vault** if you only use clients (`WEB_VAULT_ENABLED=false`). ## Tor-only deployment For maximum privacy, run Vaultwarden as an onion-only service: 1. Don't expose ports 80/443 to clearnet. 2. Configure Tor with `HiddenServicePort 80 127.0.0.1:8080`. 3. Use the `.onion` URL in your Bitwarden client (works with Tor Browser; mobile clients need Orbot). Trade-off: slower initial sync; no fast push notifications. ## Cost | Component | Cost | |--------------------------|---------------------| | HostHatch IS entry | $2 / month | | Domain (Njalla .com) | $1.25 / month | | **Total** | **~$3 / month** | Compare to Bitwarden Premium ($10/year for individual) or Bitwarden Families ($40/year for 6 users). Self-hosting wins on long-term cost for families and on data sovereignty for everyone. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to host Nextcloud anonymously](/guides/host-nextcloud) - [HostHatch full review](/providers/hosthatch) --- # How to host a Jitsi Meet video-conference server anonymously (2026) URL: https://notdmca.org/guides/host-jitsi --- title: "How to host a Jitsi Meet video-conference server anonymously (2026)" slug: "host-jitsi" summary: "Self-hosted Jitsi Meet on a no-KYC offshore VPS for private group video calls. Bandwidth requirements, JVB sizing, recording configuration, and which DMCA-ignored providers handle the workload." intent: "host jitsi meet self-hosted offshore" related_providers: ["flokinet","hosthatch","abelohost"] related_guides: ["anonymous-vps-monero"] last_updated: "2026-05-12" order: 33 --- ## TL;DR For a personal / community Jitsi Meet server in 2026: - **Sizing**: 4 vCPU / 8 GB RAM minimum for a 10-person call; 8 vCPU / 16 GB for 50+ people; bandwidth-bound at scale. - **Best providers**: [HostHatch](/providers/hosthatch) (high bandwidth tiers), [FlokiNET](/providers/flokinet), [AbeloHost](/providers/abelohost) (NL DC for low EU latency). - **Install**: official Debian / Ubuntu packages or Docker. ~30 minutes setup. - **Federation**: Jitsi doesn't federate — your server is its own island. ## Why self-host Jitsi Jitsi is the leading open-source video conferencing platform. Self-hosting gives you: - **No external party in the call signal path** — the meet.jit.si free server sees your traffic. - **Custom branding / configuration** for your community. - **Privacy from US-based defaults** — official Jitsi infrastructure is US-headquartered. - **No call-length limits** or other Zoom / Teams pricing tier nonsense. ## Sizing Jitsi's bandwidth and CPU requirements scale with **call participants × video resolution**. Approximate guidelines for the JVB (Jitsi Video Bridge) tier: | Use case | Specs | Bandwidth (peak) | |--------------------------------|--------------------------------|------------------| | 1-on-1 calls (P2P) | 1 vCPU, 2 GB RAM | Negligible | | Small meetings (3-8 people) | 2 vCPU, 4 GB RAM | 50-100 Mbps | | Medium (10-25 people) | 4 vCPU, 8 GB RAM | 200-400 Mbps | | Large (50+ people) | 8+ vCPU, 16+ GB RAM | 500+ Mbps | **Bandwidth is the binding constraint at scale.** Pick a host with unmetered ports rather than metered transfer if you expect more than occasional use. ## Step-by-step ### 1. Provision Pick a host with high bandwidth allowance: - [HostHatch IS](/providers/hosthatch) — 4-8 GB RAM tier, generous transfer. - [FlokiNET](/providers/flokinet) — explicit AUP, multi-juris failover. - [AbeloHost](/providers/abelohost) — NL datacenter for EU low-latency. ### 2. Install Jitsi (Debian / Ubuntu) ```bash # Install dependencies sudo apt install -y curl gnupg2 nginx-full # Add Jitsi repository curl https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add - echo 'deb https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list sudo apt update # Install Jitsi Meet sudo apt install -y jitsi-meet ``` The installer prompts for: - Hostname (e.g. `meet.yourdomain.com`). - SSL certificate option (Let's Encrypt — recommended). ### 3. Lock down to authenticated users By default, anyone who knows your domain can create and join rooms. To restrict: ```bash # Configure Prosody for authenticated room creation sudo nano /etc/prosody/conf.avail/meet.yourdomain.com.cfg.lua ``` Change `authentication = "anonymous"` to `authentication = "internal_hashed"`, and add: ```lua VirtualHost "guest.meet.yourdomain.com" authentication = "anonymous" c2s_require_encryption = false ``` Then in `/etc/jitsi/meet/meet.yourdomain.com-config.js`: ```js var config = { // ... hosts: { domain: 'meet.yourdomain.com', anonymousdomain: 'guest.meet.yourdomain.com', // ... }, // ... }; ``` Create users with `sudo prosodyctl register USERNAME meet.yourdomain.com PASSWORD`. ### 4. Restart services ```bash sudo systemctl restart prosody jicofo jitsi-videobridge2 ``` ### 5. End-to-end encryption (optional) Jitsi supports E2EE for calls of ≤20 participants. Enabled per-call via the UI; doesn't require server config beyond the standard install. ## Anonymity considerations - **Server logs**: Jitsi logs are minimal but exist. The host can inspect them. - **Recording**: avoid recording on the server; use client-side recording. - **Phone numbers**: don't enable the JIBRI dial-in feature unless you trust the upstream phone provider. - **Subdomain**: use a privacy-protected gTLD domain registered through [Njalla](/providers/njalla). ## Cost | Component | Approximate cost | |---------------------------------|--------------------| | HostHatch IS / FI 4 GB RAM | ~$8 / month | | Domain (Njalla .com) | ~$1.25 / month | | **Total** | **~$10 / month** | For comparison: Zoom Pro is $15/user/month; Google Meet is bundled with Workspace ($6+/user/month). A self-hosted Jitsi serves your entire team / family / community at flat cost. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to host Nextcloud anonymously](/guides/host-nextcloud) - [How to host a Matrix server anonymously](/guides/host-matrix) --- # How to host SearXNG (private metasearch engine) anonymously (2026) URL: https://notdmca.org/guides/host-searxng --- title: "How to host SearXNG (private metasearch engine) anonymously (2026)" slug: "host-searxng" summary: "Self-hosted SearXNG metasearch — Google / Bing / DuckDuckGo aggregator with no tracking. Tiny resource footprint; ideal first project for a no-KYC offshore VPS." intent: "host searxng searx self-hosted private search" related_providers: ["hosthatch","buyvm","privex","alexhost"] related_guides: ["anonymous-vps-monero"] last_updated: "2026-05-12" order: 34 --- ## TL;DR SearXNG is a privacy-respecting metasearch engine — your queries hit it instead of Google/Bing/DDG, and it federates the searches without tracking you. Sizing: minimal (~200 MB RAM). Best for: a first self-hosted project on the cheapest available VPS. - **Best providers**: [AlexHost](/providers/alexhost) ($4/mo), [HostHatch](/providers/hosthatch) ($2/mo annual prepay), [BuyVM](/providers/buyvm) ($2/mo). - **Install**: Docker; 5 minutes to running. ## Why self-host search Private search alternatives (DuckDuckGo, Brave Search, Kagi, Startpage) are all third-party services. They're better than Google but they still see your queries. Self-hosting SearXNG means: - **Your queries stay on your server**. - **Aggregates results from many engines** — better signal than any single source. - **No tracking, no profiling, no ads**. - **Custom engine selection**: include / exclude any of 100+ supported sources. ## Step-by-step ### 1. Provision Cheapest available VPS works. [AlexHost](/providers/alexhost) Moldova ($4/mo), [HostHatch](/providers/hosthatch) Iceland ($2/mo annual), or [BuyVM](/providers/buyvm) Slice 1024 ($2/mo) all suffice. ### 2. Install via Docker Compose ```yaml services: searxng: image: searxng/searxng:latest restart: always ports: - 127.0.0.1:8080:8080 volumes: - ./searxng:/etc/searxng environment: - SEARXNG_BASE_URL=https://search.yourdomain.com/ caddy: image: caddy:latest restart: always ports: - 80:80 - 443:443 volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ./caddy_data:/data ``` Caddyfile: ```caddy search.yourdomain.com { reverse_proxy localhost:8080 } ``` ### 3. Configure Edit `searxng/settings.yml`: ```yaml server: secret_key: "GENERATE-A-RANDOM-STRING" bind_address: "0.0.0.0" port: 8080 search: safe_search: 0 autocomplete: "" ui: static_use_hash: true ``` Restart: `docker compose restart`. ### 4. Use as your default search - **Browser**: Settings → Search engines → Add → URL `https://search.yourdomain.com/?q=%s`. Set as default. - **Firefox**: also supports OpenSearch — SearXNG advertises it; you can install via the address bar's "Add" button. - **Mobile**: Firefox Mobile / Brave Mobile both support custom search engines. ## Hardening - **Disable engines you don't trust**: in `settings.yml`, set `disabled: true` on any engine. - **Bot prevention**: enable the `limiter` to prevent your instance from being used as a free Google proxy by others. - **Redis cache**: optional; speeds up suggestions and result caching. - **Onion service**: serve via Tor onion alongside clearnet for max privacy. ## Cost | Component | Cost | |--------------------------|---------------------| | BuyVM Slice 1024 | $2 / month | | Domain (Njalla .com) | $1.25 / month | | **Total** | **~$3 / month** | For comparison, Kagi (commercial private search) is $10/month for 300 searches. Self-hosted SearXNG is unlimited. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [BuyVM full review](/providers/buyvm) --- # How to host a Pixelfed (federated photo) instance anonymously (2026) URL: https://notdmca.org/guides/host-pixelfed --- title: "How to host a Pixelfed (federated photo) instance anonymously (2026)" slug: "host-pixelfed" summary: "Self-hosted Pixelfed — the Instagram-like federated photo platform — on an anonymous offshore VPS. Storage planning, ActivityPub federation considerations, and recommended providers." intent: "host pixelfed instagram alternative self-hosted" related_providers: ["flokinet","1984hosting","buyvm"] related_guides: ["anonymous-vps-monero","anonymous-mastodon-fediverse"] last_updated: "2026-05-12" order: 35 --- ## TL;DR Pixelfed is the federated photo-sharing platform — like Instagram but on the Fediverse. Self-hosting: - **Sizing**: 2 vCPU / 4 GB RAM / 80 GB disk for personal; 4 vCPU / 8 GB / 500+ GB for community. **Storage scales fast** with photos. - **Best providers**: [BuyVM Luxembourg](/providers/buyvm) (Block Storage Slabs for the photo archive), [HostHatch IS](/providers/hosthatch), [FlokiNET](/providers/flokinet). - **Federation**: federates with Mastodon and other ActivityPub instances; same federation reality check as [Mastodon hosting](/guides/anonymous-mastodon-fediverse) applies. ## Why self-host Pixelfed The Instagram alternative landscape in 2026: - **Pixelfed**: federated, ActivityPub-compatible, self-hostable. - **Mastodon with media**: works but isn't photo-first. - **Big-platform alternatives** (Bluesky, Threads): centralized, US-controlled. Self-hosted Pixelfed is the only configuration where: - Your photo archive is on infrastructure you control. - No platform can deplatform you. - Fediverse users can follow you without leaving their preferred client. - Your audience isn't tied to a corporate account. ## Sizing | Use case | Specs | Storage need (1 yr) | |--------------------------------|----------------------------------------|---------------------| | Personal (1 user, 100 photos) | 2 vCPU, 4 GB RAM | 5-20 GB | | Personal photographer (many) | 2 vCPU, 4 GB RAM | 50-200 GB | | Community (10-50 users) | 4 vCPU, 8 GB RAM | 200-500 GB | | Public instance (open signup) | 8+ vCPU, 16 GB RAM | 1+ TB / year | Storage is the dominant cost. Pair the application VPS with cheap object storage (BuyVM Block Storage Slab, or S3-compatible from a separate provider). ## Step-by-step ### 1. Provision For a personal instance: [BuyVM Luxembourg](/providers/buyvm) Slice 4096 ($7/mo) + Block Storage Slab 256 GB ($5/mo) is the cost-leader. For higher-privacy: [FlokiNET](/providers/flokinet). ### 2. Install Pixelfed The official Pixelfed install guide is well-maintained. Recommended path: **Docker** for ease of updates. ```yaml services: app: image: zknt/pixelfed:latest restart: unless-stopped env_file: .env volumes: - ./storage:/var/www/storage depends_on: - db - redis db: image: mariadb:10 restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: rootpw MYSQL_DATABASE: pixelfed MYSQL_USER: pixelfed MYSQL_PASSWORD: pixelfedpw volumes: - ./db:/var/lib/mysql redis: image: redis:alpine restart: unless-stopped ``` Configure `.env` with your domain, mail SMTP, and admin email. ### 3. Configure media storage For instances with many photos, push uploads to object storage: ```env FILESYSTEM_DRIVER=s3 AWS_ACCESS_KEY_ID=your-key AWS_SECRET_ACCESS_KEY=your-secret AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET=your-bucket AWS_URL=https://your-s3-endpoint ``` For BuyVM Block Storage, MinIO can present an S3-compatible API. ### 4. Federation considerations Same as [Mastodon](/guides/anonymous-mastodon-fediverse): - Some larger Fediverse instances pre-emptively defederate with anonymous-signup-friendly servers. - Have a published moderation policy. - Plan for some federation reach reduction at the start. ### 5. Hardening - **Disable open registration** unless you really want public signup. - **Email confirmation required** for new accounts. - **Two-factor auth** for admin. - **Rate limit uploads** to prevent abuse. - **Backup the database AND the media storage** separately. ## Cost For a personal Pixelfed with 200 GB photo archive: | Component | Cost | |------------------------------|---------------------| | BuyVM Slice 4096 | $7 / month | | BuyVM Block Storage 256 GB | $5 / month | | Domain (Njalla .com) | $1.25 / month | | **Total** | **~$13 / month** | For comparison: Instagram is "free" but you're the product. Pixelfed is paid hosting with full data ownership. ## Related - [How to host an anonymous Mastodon / Fediverse instance](/guides/anonymous-mastodon-fediverse) - [How to host Nextcloud anonymously](/guides/host-nextcloud) - [BuyVM full review](/providers/buyvm) --- # How to host FreshRSS (self-hosted RSS reader) anonymously (2026) URL: https://notdmca.org/guides/host-freshrss --- title: "How to host FreshRSS (self-hosted RSS reader) anonymously (2026)" slug: "host-freshrss" summary: "Self-hosted FreshRSS — the leading PHP-based RSS aggregator — on a cheap offshore VPS. Replaces Feedly / Inoreader / Google Reader. Tiny resource footprint, robust mobile clients, and full data ownership." intent: "host freshrss self-hosted rss reader" related_providers: ["hosthatch","buyvm","alexhost"] related_guides: ["anonymous-vps-monero","host-nextcloud"] last_updated: "2026-05-12" order: 36 --- ## TL;DR FreshRSS is the leading self-hosted RSS reader. Replaces Feedly, Inoreader, NewsBlur, Google Reader. Tiny footprint: - **Sizing**: 1 vCPU / 1 GB RAM / 5 GB disk. Runs on the smallest VPS. - **Best provider**: [AlexHost](/providers/alexhost) ($4/mo), [HostHatch](/providers/hosthatch) ($2/mo annual prepay), or [BuyVM](/providers/buyvm) ($2/mo). - **Install**: Docker; 10 minutes. - **Mobile**: works with FluentReader, Reeder, Read You, and any Fever- or Google Reader-API client. ## Why self-host RSS RSS reading is back. Feedly tracks you. Inoreader is paid + cloud. Google Reader is dead. Self-hosted FreshRSS: - **Your reading list is on your server**. - **No third party knows what you read**. - **Free forever** (vs $5-10/mo subscriptions). - **Mobile sync** via the Google Reader API or Fever API — works with most reader apps. - **Full-text article extraction** built in. ## Step-by-step ### 1. Provision Smallest available VPS. [HostHatch IS](/providers/hosthatch) at $2/mo (annual prepay) is the cheapest path with non-US jurisdiction. ### 2. Install via Docker Compose ```yaml services: freshrss: image: freshrss/freshrss:latest restart: always environment: TZ: Europe/Reykjavik CRON_MIN: "*/15" LISTEN: "0.0.0.0:80" volumes: - ./freshrss-data:/var/www/FreshRSS/data - ./freshrss-extensions:/var/www/FreshRSS/extensions ports: - 127.0.0.1:8080:80 caddy: image: caddy:latest restart: always ports: - 80:80 - 443:443 volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ./caddy_data:/data ``` Caddyfile: ```caddy rss.yourdomain.com { reverse_proxy localhost:8080 } ``` Start: ```bash docker compose up -d ``` ### 3. First-time setup - Visit `https://rss.yourdomain.com`. - Run the FreshRSS install wizard. - Pick SQLite (fine for personal use; PostgreSQL for >5,000 feeds). - Create your admin user. ### 4. Import existing feeds If migrating from Feedly / Inoreader / Reeder, export OPML and import in FreshRSS: Subscriptions → Import → upload OPML. ### 5. Enable API for mobile sync Settings → Authentication → API Password → set a password. Now you can sign into mobile clients (FluentReader, Reeder 5, Read You, Newsboat) using: - Server URL: `https://rss.yourdomain.com/api/greader.php` - Username: your FreshRSS username - Password: the API password (not your login password) ### 6. Mobile client picks (2026) - **Reeder 5** (iOS / macOS) — premium, polished. - **FluentReader** (desktop) — open-source. - **Read You** (Android) — modern Material 3 design. - **Newsboat** (terminal) — for power users. ## Hardening - **Disable open registration**: Settings → Authentication → Disable user registration. - **Two-factor auth** is not native; protect via reverse proxy auth (e.g. Caddy with basic auth) or via a Tor onion endpoint. - **Limit feed-fetcher User-Agent** to avoid being IP-banned by hostile sites. ## Cost | Component | Cost | |--------------------------|---------------------| | HostHatch IS entry | $2 / month | | Domain (Njalla .com) | $1.25 / month | | **Total** | **~$3 / month** | For comparison: Feedly Pro+ is $12/month, Inoreader Pro is $10/month. Self-hosted FreshRSS is one-tenth the cost with full data ownership. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to host Nextcloud anonymously](/guides/host-nextcloud) - [HostHatch full review](/providers/hosthatch) --- # DMCA-ignored hosting vs Cloudflare: when each makes sense (2026) URL: https://notdmca.org/guides/dmca-ignored-vs-cloudflare --- title: "DMCA-ignored hosting vs Cloudflare: when each makes sense (2026)" slug: "dmca-ignored-vs-cloudflare" summary: "Comparing DMCA-ignored offshore hosting to Cloudflare's reverse-proxy / CDN model. They solve different problems — Cloudflare hides your origin IP and absorbs traffic; offshore hosting changes the legal posture of the origin itself. Most credible setups use both, carefully." intent: "dmca-ignored hosting vs cloudflare difference" related_providers: ["flokinet","njalla"] related_guides: ["migrate-from-cloudflare","choose-dmca-ignored-host"] last_updated: "2026-05-12" order: 40 --- ## TL;DR These aren't substitutes — they're different layers: - **Cloudflare** is an edge / CDN / reverse-proxy. Hides your origin IP, absorbs DDoS, terminates TLS. Doesn't change the legal posture of your origin host. - **DMCA-ignored hosting** is the origin layer. Changes the *jurisdiction* under which takedown notices are evaluated. Cloudflare without DMCA-ignored origin = your real host still gets the DMCA notice, and Cloudflare can drop you for non-DMCA reasons. DMCA-ignored origin without Cloudflare = strong takedown resistance, no edge layer for DDoS / cache. The credible setup uses both: a content-permissive origin (FlokiNET, OrangeWebsite) behind a content-permissive edge (BunnyCDN, self-hosted reverse proxy). ## What each provides | Property | Cloudflare | DMCA-ignored hosting | |---------------------------------------|--------------------|----------------------------| | Hides origin IP from public | ✓ | — | | DDoS absorption | ✓ (huge scale) | Provider-dependent | | Global CDN cache | ✓ (300+ PoPs) | — | | Free TLS | ✓ | Let's Encrypt (also free) | | WAF / bot management | ✓ | Self-hosted | | Changes jurisdiction of origin | — | ✓ | | Takedown-resistant policy on content | — (US legal) | ✓ | | Anonymous signup | — (real-name + payment) | ✓ (provider-dependent) | | Content-policy termination risk | High (multiple precedents) | Low at content-permissive hosts | | Operator under US legal process | ✓ | — (varies by host country) | ## When Cloudflare alone is enough - Your content is non-controversial (general business, e-commerce, brochure sites). - DMCA / takedown resistance isn't a concern. - You want to optimize for performance and global reach. - You're comfortable with US-based corporate exposure. ## When DMCA-ignored hosting alone is enough - Low-traffic sites where a CDN doesn't add much. - Tor onion services (no clearnet exposure to begin with). - Personal infrastructure (Nextcloud, Vaultwarden, etc.) with limited audience. ## When you need both Most credible offshore-hosted operations use both layers: 1. **Origin** at a DMCA-ignored host (FlokiNET, OrangeWebsite, AbeloHost) — legal protection. 2. **Edge** in front for DDoS / caching / global reach — but **NOT Cloudflare** if you're doing this for content-policy reasons. Use BunnyCDN, self-hosted reverse proxy, or skip the edge layer. If you have to use Cloudflare for some reason (cost, brand), have a tested migration path ready: see [/guides/migrate-from-cloudflare](/guides/migrate-from-cloudflare). ## The Cloudflare risk Cloudflare has terminated customers for non-DMCA reasons — Daily Stormer (2017), Kiwi Farms (2022), others. Their AUP is broader than DMCA. When they drop you: - Your DNS history at Cloudflare reveals your origin IP forever. - You go offline within hours. - Migration under pressure is much harder than migration in advance. If your content is legal-but-controversial (independent journalism that attracts harassment, controversial-but-legal speech, deplatformed legitimate businesses), Cloudflare is a single point of policy failure. See [/faq#will-cloudflare-ban-me](/faq#will-cloudflare-ban-me). ## Recommended setup pattern For a typical privacy-focused project in 2026: ``` Domain (Njalla owns-on-behalf) ↓ DNS (Njalla DNS or deSEC) ↓ Edge (BunnyCDN OR self-hosted reverse proxy at second offshore VPS) ↓ Origin (FlokiNET / 1984 Hosting / OrangeWebsite — DMCA-ignored) ``` This gives you: - WHOIS anonymity at the registrar layer (Njalla). - Content-permissive edge (BunnyCDN / self-hosted) with no Cloudflare dependency. - Jurisdictionally-resilient origin with no US legal exposure. ## Related - [How to migrate from Cloudflare](/guides/migrate-from-cloudflare) - [Cloudflare and DMCA — FAQ](/faq#cloudflare-and-dmca) - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) --- # DMCA-ignored hosting vs VPN providers: different problems (2026) URL: https://notdmca.org/guides/dmca-ignored-vs-vpn --- title: "DMCA-ignored hosting vs VPN providers: different problems (2026)" slug: "dmca-ignored-vs-vpn" summary: "Why DMCA-ignored hosting and VPN services are not substitutes despite both being marketed under 'privacy'. They solve different problems: hosting is operator-side privacy (you serve content); VPN is client-side privacy (you consume content). Detailed comparison." intent: "dmca-ignored hosting vs vpn difference" related_providers: ["flokinet","njalla"] related_guides: ["choose-dmca-ignored-host"] last_updated: "2026-05-12" order: 41 --- ## TL;DR These are completely different products: - **VPN providers** (Mullvad, IVPN, ProtonVPN) protect **you, the client**. Your IP is hidden from the sites you visit; your traffic is encrypted past your local ISP. - **DMCA-ignored hosting** (FlokiNET, Njalla, etc.) protects **operators of services**. Your hosted content is in a jurisdiction where US takedown notices have no effect. Many operators use both (a VPN to manage their offshore VPS), but they don't substitute for each other. ## What each protects | Property | VPN (e.g. Mullvad) | DMCA-ignored hosting | |---------------------------------------|------------------------|----------------------------| | Hides client IP from visited sites | ✓ | — | | Hides traffic content from local ISP | ✓ | — | | Protects content you publish | — | ✓ | | Protects identity at signup as service operator | — | ✓ | | You operate as the customer | ✓ (you're the user) | ✓ (you're the user) | | Other people connect to your hosted thing | — | ✓ | | Suitable for hosting Mastodon / WP | — | ✓ | | Suitable for browsing the web | ✓ | — | ## Use cases where each is the right answer **You want a VPN if**: - Your local ISP is logging or restricting your traffic. - You want to hide your home IP from the sites you visit. - You're using public Wi-Fi. - Your country censors / blocks specific sites. - You're traveling and want consistent geolocation. **You want DMCA-ignored hosting if**: - You're publishing a website / running a service / hosting an app. - You want the *thing you operate* to be in a jurisdiction outside the DMCA. - You want anonymous signup at the host. - You want to accept Monero / cash for your hosting bill. ## Use cases where you want both Combining VPN + offshore hosting is the **default** for serious privacy operators: 1. **Use a VPN** to connect to your offshore VPS over SSH. The hosting provider's logs don't reveal your home IP. 2. **Operate the offshore VPS** as your service infrastructure. 3. **Browse normally over the VPN** for unrelated activity. Pattern: **Mullvad** (or similar) on your laptop + **FlokiNET** (or similar) for your hosted services. Different tools solving different layers. ## Why this confusion exists Both categories market under "privacy", and both involve cryptocurrency-friendly operators. The marketing copy can sound similar: - "Anonymous, no-KYC, accepts Monero" — true of both Mullvad and Privex. - "Outside US jurisdiction" — true of both. - "Protects you from surveillance" — true at different layers. The difference is **who you are in the relationship**: - VPN: you're the *consumer* of the service. - Hosting: you're the *operator* of services that other people consume. ## What VPN providers don't do - They don't host your website. - They don't protect content you publish from copyright takedowns. - They don't replace the need for a hosting provider. - They don't make your hosted content jurisdiction-shifted. ## What DMCA-ignored hosts don't do - They don't hide your home IP when you browse the web. - They don't replace the need for a VPN. - They don't encrypt your local ISP traffic. - They don't help with censorship circumvention as a *user*. ## VPN provider recommendations (out of scope) This directory doesn't track VPN providers. For VPN recommendations, see Privacy Guides or Restore Privacy. The most-cited privacy-aligned VPN providers in 2026 are: **Mullvad** (Sweden, no-KYC), **IVPN** (Gibraltar, no-KYC), **ProtonVPN** (Switzerland, free tier available). ## Related - [VPN providers FAQ](/faq#offshore-vpn-providers) - [Hosting infrastructure for a privacy-focused VPN provider](/guides/vpn-provider-business) — if you're building a VPN business, not consuming one. --- # DMCA-ignored hosting vs IPFS: when each makes sense (2026) URL: https://notdmca.org/guides/dmca-ignored-vs-ipfs --- title: "DMCA-ignored hosting vs IPFS: when each makes sense (2026)" slug: "dmca-ignored-vs-ipfs" summary: "IPFS (InterPlanetary File System) and DMCA-ignored hosting solve overlapping but different problems. IPFS is content-addressed, peer-to-peer storage; DMCA-ignored hosting is server-side hosting in privacy jurisdictions. When to use each, and when to combine." intent: "ipfs vs dmca-ignored hosting comparison" related_providers: ["flokinet","buyvm"] related_guides: ["choose-dmca-ignored-host"] last_updated: "2026-05-12" order: 42 --- ## TL;DR - **IPFS** is content-addressed peer-to-peer storage. Once content is pinned by enough peers, it's hard to remove globally — but it's slow, hard to make discoverable, and requires gateway infrastructure for clearnet access. - **DMCA-ignored hosting** is server-side hosting in jurisdictions outside the DMCA. Fast, discoverable, controllable — but a single legal request to the right host can pull the content. The 2026 best-practice for high-resilience content publishing combines both: **IPFS-pinned content for permanence, with DMCA-ignored hosting providing the discoverable HTTP gateway and the dynamic application layer.** ## What each provides | Property | IPFS | DMCA-ignored hosting | |-----------------------------------------|--------------------------------|------------------------------| | Content addressing (immutable hashes) | ✓ | — | | Peer-to-peer distribution | ✓ | — | | Resistance to single-host takedown | ✓ (if well-pinned) | — (one host can be pulled) | | Fast first-byte response | — (often slow) | ✓ | | Dynamic content / application server | — (read-only) | ✓ | | HTTP / browser-accessible | Via gateway only | ✓ (native) | | Discoverable via DNS | Via DNSLink | ✓ | | Anonymous publishing | Partial (publisher's IP visible to peers initially) | ✓ (with operator hygiene) | | Resistant to legal pressure on operator | High (no operator) | Medium (host-jurisdiction-dependent) | ## When IPFS is the right answer - **Static content that needs to survive forever** — research papers, leaked documents, archive material. - **Content that benefits from distributed persistence** — many peers pinning the same content makes takedown impractical. - **NFT / Web3 metadata** — content-addressed by design. - **Decentralized application front-ends** — Web3 apps publishing static front-ends to IPFS. ## When DMCA-ignored hosting is the right answer - **Dynamic applications** — anything with a database, user accounts, server-side logic. IPFS is read-only; you can't run a Mastodon server "on IPFS". - **Live services** — chat, video, real-time anything. - **Discoverable websites** with URL-based audience finding (most users won't navigate to `bafy...` IPFS hashes). - **Performance-sensitive content** where IPFS gateway slowness is unacceptable. ## When to combine The common pattern in 2026: **DMCA-ignored hosting for the application + IPFS for the long-tail content archive.** Example for an investigative-journalism site: 1. **Publishing infrastructure** (CMS, editorial workflow, search) at FlokiNET — DMCA-ignored, dynamic. 2. **Article HTML rendered as static** and pinned to IPFS via a pinning service (Pinata, Web3.Storage, your own IPFS node at BuyVM). 3. **DNSLink** points your domain to the latest IPFS hash for archival purposes. 4. **Tor onion service** in addition for the most-resilient access path. Result: even if the FlokiNET host is pulled, the published articles remain accessible via IPFS gateways indefinitely. ## IPFS hosting pitfalls - **Pinning is not free**: you need either a paid pinning service (Pinata, Web3.Storage) or your own IPFS node infrastructure. - **First-byte latency**: cold content can take 10+ seconds to fetch via public gateways. - **Gateway dependence**: most users access IPFS via cloudflare-ipfs.com or similar — those gateways can also be censored. - **Anonymity is partial**: when you initially publish, your IP is briefly visible to the IPFS DHT. Use Tor + IPFS together for stronger publisher anonymity. ## DMCA-ignored hosting pitfalls (relative to IPFS) - A single legal action against the right host can pull all the content from that location. - Migration to a backup host has downtime. - You're trusting a single (or small set of) operator(s). ## Pick by content type | Content type | Primary recommendation | |-----------------------------------------|--------------------------------------------| | Static articles / archive | IPFS-pinned + DMCA-ignored host as primary | | Dynamic application (Mastodon, WP) | DMCA-ignored host | | Leaked documents (long-term archive) | IPFS + multi-jurisdiction DMCA-ignored mirror | | Web3 / decentralized app front-end | IPFS + DNS pointing to gateway | | Live media streaming | DMCA-ignored host (IPFS too slow) | | Personal cloud (Nextcloud, etc.) | DMCA-ignored host | ## Related - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [How to host a Bitcoin / Lightning node anonymously](/guides/bitcoin-node-hosting) — adjacent to IPFS topology - [FlokiNET full review](/providers/flokinet) --- # DMCA-ignored hosting vs self-hosting from home (2026) URL: https://notdmca.org/guides/dmca-ignored-vs-self-hosting-home --- title: "DMCA-ignored hosting vs self-hosting from home (2026)" slug: "dmca-ignored-vs-self-hosting-home" summary: "Comparing offshore DMCA-ignored hosting to literally hosting from home (a Raspberry Pi or NAS on your residential connection). They're both 'self-hosted' but solve very different threat models. Detailed trade-off analysis." intent: "self-host home vs offshore vps" related_providers: ["hosthatch","buyvm","alexhost"] related_guides: ["host-nextcloud","host-vaultwarden"] last_updated: "2026-05-12" order: 43 --- ## TL;DR - **Home self-hosting** is cheap (one-time hardware cost) and gives you full physical control — but exposes your home IP to everything on the public internet, has poor uptime, and ties your residential ISP / address to your hosted services. - **Offshore DMCA-ignored VPS** costs $2-15/month, hides your home, gives jurisdictional protection, and runs at 99.9% uptime — but you're trusting a third-party operator with your bytes. Most operators converge on a hybrid: home for personal-only workloads (no public exposure), offshore VPS for anything internet-facing. ## What each provides | Property | Home self-hosting | Offshore VPS | |---------------------------------------|--------------------------|----------------------------| | Hardware control | ✓ (full physical) | — (provider-controlled) | | Network control | Limited (ISP shapes traffic) | ✓ (DC-grade) | | Uptime | Poor (residential power / ISP) | 99.9%+ | | Bandwidth | Limited (residential cap) | Generous (DC port) | | Public IP | Your home IP exposed | Provider IP (anonymous) | | Jurisdictional control | Your home country only | Choose your jurisdiction | | Anonymous signup | N/A (it's your house) | ✓ at no-KYC providers | | Cost | One-time + electricity | $2-15/month | | Trust model | Trust yourself | Trust the host | | DDoS resistance | Poor (your ISP gets DDoS'd) | Provider-grade | | Disclosure under court order | Limited (you're served personally) | Provider can be compelled | ## When home self-hosting is the right answer - **Personal-only workloads** with no public internet exposure — e.g. local backup server, family Plex, internal Nextcloud reachable only via VPN. - **Hardware experimentation** where you want full control of the box. - **Workloads that need a lot of disk** (many TB) and wouldn't fit in a budget VPS. - **Local-area-only services** for your household. - **You're an operator who values "no third party in the path" above all else**. ## When offshore VPS is the right answer - **Anything internet-facing** — websites, services, applications others access. - **Workloads requiring uptime** — your residential power / ISP isn't reliable enough for production. - **Workloads where your home IP shouldn't be public** — anything that publishes content to the internet ties your address to that content. - **Workloads that benefit from jurisdiction shifting** — DMCA, copyright, legal pushback. - **Workloads needing high bandwidth** — DC-grade ports beat residential cable. ## Why home hosting fails for public services The most common newcomer mistake: hosting a public website on a Raspberry Pi at home. What actually happens: - Your residential IP is now public via DNS — visible to anyone scanning your block. - Your ISP's reverse DNS, abuse contact and address are linked to your home. - Court orders for disclosure go to your residential ISP — easier to compel than offshore providers. - Bandwidth is rate-limited or capped — first popular post can blow your monthly cap. - Power outage = service down. - DDoS attacks target your home IP — your whole household's internet goes down. - Your ISP may terminate residential service for "running a server" (TOS violation in many residential contracts). For *consumed* content (Plex for the family, Nextcloud for personal sync), none of this matters. For *served* content (a website, a Mastodon instance, a Matrix homeserver), all of it does. ## The hybrid pattern What most experienced operators settle on: - **At home**: a NAS / mini-server for personal-only stuff (file backup, Plex, internal tools). Reachable only via VPN (Tailscale, WireGuard) — never directly from clearnet. - **Offshore VPS**: anything publicly reachable (Mastodon, Vaultwarden, Nextcloud-as-public-cloud, websites). This gives you: - Hardware control where it matters. - Public exposure isolated to operators-control infrastructure. - Jurisdictional flexibility for the public-facing layer. - No residential IP / address exposed to the internet. ## Cost comparison For a typical "I want to self-host my services" setup: **Home only (3 services, no offshore)**: - Mini-PC: $300 one-time. - Electricity: ~$5/month for a low-power mini-PC running 24/7. - ISP upgrade to a static IP: ~$10-30/month at most ISPs. - Domain: $1.25/month. - **Total: ~$20-40/month + $300 one-time, plus your home IP / address exposed**. **Hybrid (home for personal, offshore for public)**: - Mini-PC at home (Plex, backup): $300 one-time + $5/month. - Offshore VPS (HostHatch IS entry, $2/mo) for public services. - Domain: $1.25/month. - **Total: ~$8/month + $300 one-time, no residential IP exposure**. ## Practical recommendations - **For personal-only stuff** (file backup, Plex, internal tools): home is great. - **For anything with public exposure**: offshore VPS, period. - **For sensitive personal data**: encrypt at rest with FDE on the home server, encrypt at rest on the offshore VPS, sync between them via a service you control (Syncthing). - **For Tor hidden services**: offshore is better even though Tor hides your IP — your home connection still ties you to the service operationally. ## Related - [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero) - [How to host Nextcloud anonymously](/guides/host-nextcloud) - [How to host Vaultwarden anonymously](/guides/host-vaultwarden) --- # DMCA-ignored hosting vs decentralized storage (Filecoin, Storj, Arweave) (2026) URL: https://notdmca.org/guides/dmca-ignored-vs-decentralized-storage --- title: "DMCA-ignored hosting vs decentralized storage (Filecoin, Storj, Arweave) (2026)" slug: "dmca-ignored-vs-decentralized-storage" summary: "Comparing DMCA-ignored hosting to blockchain-backed decentralized storage networks (Filecoin, Storj, Arweave, Sia). They're not substitutes — decentralized storage is read-only file storage; DMCA-ignored hosting runs full applications. Detailed trade-off analysis." intent: "decentralized storage filecoin arweave vs hosting" related_providers: ["flokinet","buyvm"] related_guides: ["dmca-ignored-vs-ipfs"] last_updated: "2026-05-12" order: 44 --- ## TL;DR - **Decentralized storage** (Filecoin, Storj, Arweave, Sia, Swarm) is for **immutable file storage** distributed across many independent nodes. Best for: long-term archives, NFT assets, static-content backup. - **DMCA-ignored hosting** is for **running services** (databases, application servers, dynamic content). Best for: websites, applications, anything with users and state. They solve adjacent but different problems. Most credible 2026 architectures use both: hosting for the application + decentralized storage for the long-tail archival layer. ## What each provides | Property | Decentralized storage | DMCA-ignored hosting | |---------------------------------------|----------------------------------|------------------------------| | Run an application server | — | ✓ | | Run a database | — | ✓ | | Store immutable files | ✓ | ✓ (without immutability) | | Survive a single-node takedown | ✓ (if well-replicated) | — (one host can be pulled) | | Pay with crypto | ✓ (native) | ✓ (provider-dependent) | | Operator anonymity | High (publisher anonymous to network) | Provider-dependent | | First-byte latency | Slow (network retrieval) | Fast (origin direct) | | Long-term cost | Variable, often higher | Predictable monthly | | Discoverable via URL | Via gateway / IPFS-style hash | ✓ (native HTTP) | | Censorship resistance | Very high (no operator to compel) | Medium (host-dependent) | ## The major networks - **Filecoin** — incentivized IPFS layer; storage providers paid in FIL for proving long-term storage. - **Storj** — distributed S3-compatible storage on volunteer nodes. - **Arweave** — pay-once, store-forever model. Single payment funds permanent storage. - **Sia** — decentralized cloud storage, lower-level than Filecoin / Storj. - **Swarm** — Ethereum-adjacent storage layer. Each has different cost / persistence / API characteristics. ## When decentralized storage is the right answer - **Long-term immutable archives** — historical documents, leaked data, research papers. - **NFT asset storage** — content-addressed by design; permanent storage matters. - **Backup of static content** — pin your important files on Arweave; you have a perpetual copy. - **Censorship-resistant publishing of fixed-content** — once published and replicated, very hard to take down. - **Operator anonymity for the *content*** — the publisher can disappear after publishing; the network keeps the content. ## When DMCA-ignored hosting is the right answer - **Anything with users / state / sessions** — chat apps, social networks, e-commerce, SaaS. - **Anything with a database** — Postgres / MySQL / Redis don't run "on Filecoin". - **Latency-sensitive content** — decentralized retrieval is much slower than direct origin. - **Anything that needs URLs people can remember** — `bafy...` hashes don't humanize. ## When to combine The pattern: **DMCA-ignored hosting for the application + decentralized storage for the long-tail archival layer.** Example for an investigative journalism site: 1. **Application** (CMS, editorial workflow, comments) at FlokiNET. 2. **Static published articles** rendered to HTML and pinned on Filecoin (via a pinning service like Estuary) for permanent archival. 3. **NFT-style permanence** for landmark investigations: Arweave one-time-payment for "this article will exist forever". 4. **DNSLink** at the domain pointing to the latest content hash for archival lookup. Result: even if the FlokiNET host is pulled, the historical articles remain accessible from the decentralized layer indefinitely. ## Cost reality Decentralized storage is often **more expensive** than DMCA-ignored VPS storage at modest scales, despite the marketing: - **Arweave** (pay-once, store-forever) is currently around $5-15 per GB depending on AR token price. For 1 TB that's $5,000-$15,000 upfront. - **Filecoin** is competitive for storage but expensive for retrieval; well-suited to write-once-read-rarely. - **Storj** prices comparably to S3 (~$4/TB/month) and is more practical for active workloads. - **DMCA-ignored VPS storage** ([BuyVM Block Storage](/providers/buyvm)) is ~$5/256GB/month = $20/TB/month — expensive vs Storj for pure storage but includes server-side application capability. For most operators: store the application data at the offshore host, pin a static archival copy on a decentralized network for permanence. ## Operational pitfalls - **Pinning services**: most decentralized networks require active pinning. If you pin via a service that goes away, your content can fall off the network. Use multiple pinning services. - **Token price volatility**: cost calculations in FIL / AR / STORJ can swing wildly month to month. - **Retrieval latency**: end-user access via gateways can be unacceptable for active content. - **Discoverability**: nobody types `bafy...` URLs. You still need DNS / human-readable URLs hosted somewhere. ## Related - [DMCA-ignored hosting vs IPFS](/guides/dmca-ignored-vs-ipfs) - [How to choose a DMCA-ignored host](/guides/choose-dmca-ignored-host) - [BuyVM Block Storage](/providers/buyvm) — closest commodity equivalent --- ## ARTICLES # The state of DMCA-ignored hosting in 2026 URL: https://notdmca.org/articles/state-of-2026 --- title: "The state of DMCA-ignored hosting in 2026" slug: "state-of-2026" summary: "An editorial assessment of the DMCA-ignored, no-KYC and offshore hosting landscape as of May 2026: which jurisdictions are gaining strength, which providers consolidated, what changed under the EU DSA, what the long-term trajectory looks like." last_updated: "2026-05-13" type: "essay" order: 1 --- ## TL;DR The 2026 landscape is **structurally healthier than 2020 but politically more contested**. More providers, more jurisdictional choices, more credible Monero support. But also: more EU-side pressure (DSA), more US payment-processor deplatforming, more regulator-driven front-end takedowns of Web3 / crypto projects. Net-net, a typical operator has more options *and* more complexity to navigate than five years ago. ## What got better since 2020 **Monero adoption among hosts**. In 2020, Monero was a checkbox on a few niche providers' payment pages. In 2026 it is the headline crypto on the privacy-focused providers ([XMRHost](/providers/xmrhost) ships a Monero-first checkout flow by design; [SilentHosts](/providers/silenthosts) accepts Monero across its full product line; [Privex](/providers/privex), [Njalla](/providers/njalla), [FlokiNET](/providers/flokinet) all support XMR as a first-class option) and supported on request at most others. The [/payments/monero](/payments/monero) filter view in this directory is meaningfully populated. **Multi-jurisdictional providers**. FlokiNET pioneered the "pick your DC's jurisdiction" model in the early-2010s; HostHatch generalized it across 15+ locations; HostSailor and Shinjiru offer multi-country options. For an operator who wants jurisdictional flexibility under one billing relationship, this is solved. **Owns-on-behalf domain registration**. Njalla validated the model in 2017 and remains the dominant operator. A handful of niche services have copied it; none have matched the scale or polish. Adjacent to the owns-on-behalf model, **crypto-only registrars** have emerged ([BunkerDomains](/providers/bunkerdomains) is the cleanest example) that remove the fiat-rail at checkout without taking on Njalla's full proxy-registrant responsibility — a useful middle position. **Iceland's brand strength**. The IMMI legacy combined with multiple long-running providers (1984, FlokiNET, OrangeWebsite) gives Iceland a reliable position as the default "where do I host this" answer. It is not the cheapest option, but for the publishing layer it is now the default. **Transparency reports become normal**. Infomaniak, Njalla and others publish quantified takedown / disclosure data. This is a meaningful change from a decade ago when "trust us" was the standard answer. ## What got worse **EU Digital Services Act pressure**. The DSA's notice-and-action regime and platform-due-diligence obligations have raised the compliance load for EU-based hosts. Providers in the Netherlands, Sweden and Romania now face procedural obligations that did not exist in 2020. The structural pushback (Iceland and Switzerland are not in scope) means the **non-EU European jurisdictions are relatively more attractive** in 2026 than they were in 2020. **Payment-processor deplatforming**. Visa / Mastercard / PayPal have all tightened policies on adult, crypto, gambling, and politically-controversial categories. For operators in those categories, **crypto is increasingly mandatory at the customer-payment layer** (not just the hosting-payment layer). **Cloudflare-as-monoculture risk**. Cloudflare has dropped customers for non-DMCA reasons several times in the past five years. It is more visibly a content-policy actor than in 2020, and operators relying on Cloudflare as their only edge layer are exposed to single-vendor risk. **Web3 front-end takedowns**. Several US regulators have leaned on hosting providers and registrars to remove front-ends of allegedly-non-compliant DeFi protocols. This is a new attack surface and one that the offshore-hosting community is still building defenses for. **ccTLD identity requirements**. Several ccTLD registries (`.is`, `.fr`, `.de`, `.ca`) have tightened identity requirements for registrants. The "anonymous ccTLD" path is less open than it was. ## What stayed the same - gTLDs (`.com`, `.net`, `.org`, `.xyz`) still allow anonymous registration. - The Iceland / Sweden / Netherlands / Romania cluster remains the European default. - BuyVM remains the most-recommended low-end VPS in the LowEndTalk-adjacent community. - Tor + Monero + offshore VPS remains the strongest available stack for individual-operator anonymity. ## Where the trajectory is going **Toward more compartmentalization**. The 2020 default was "pick one privacy-friendly host and put everything there." The 2026 default is closer to "pick three providers across three jurisdictions, with a documented migration playbook." The cost of a single-provider failure has grown; the cost of multi-provider operations has shrunk (better automation, more crypto-friendly checkout). The counter-trend is full-stack offshore vendors like [SilentHosts](/providers/silenthosts) that consolidate the registrar + shared + VPS + dedicated layers under one no-KYC account — useful for small-team operators who can't manage three relationships. **Toward more explicit jurisdiction-first thinking**. Operators are increasingly making the **jurisdiction choice first** and the provider choice second. Providers that publish their jurisdictional and procedural posture (Infomaniak's transparency report; FlokiNET's per-DC AUP) are gaining share over those that lean on offshore-marketing-as-vibes. **Toward less reliance on US infrastructure**. The combination of DMCA, DSA-extraterritorial-reach, and US-payment-processor pressure is making US-based "permissive" hosts less viable for operators who started using them as a compromise. The compromise is worse in 2026 than it was; the alternatives are better. **Toward more credible non-Western diversification**. Malaysia (Shinjiru), Moldova (AlexHost), and to a lesser extent Eastern European non-EU options are becoming standard parts of multi-jurisdiction stacks. Not as the primary location for most operators, but as a real backup tier. ## What we'd like to see in 2027 - More providers offering **owns-on-behalf** registration beyond Njalla. - More published transparency reports. - Better **per-DC jurisdiction transparency** at multi-country providers (HostHatch is good; many are not). - **Standardized abuse / takedown response APIs** so operators can integrate provider takedown handling into their own incident management. - More **non-Western legitimate offshore options** (currently the choice is essentially Malaysia or various less-credible operations). ## Methodology note This essay is editorial; the trajectory claims reflect the editors' read of public information as of May 2026. The provider-by-provider data underlying the claims is in the [providers directory](/providers) with sources cited per page. The methodology behind ranking and selection is at [/methodology](/methodology). --- # Hosting-incident timeline: notable raids, takedowns and pushbacks URL: https://notdmca.org/articles/incident-timeline --- title: "Hosting-incident timeline: notable raids, takedowns and pushbacks" slug: "incident-timeline" summary: "A curated, dated timeline of publicly-known incidents involving DMCA-ignored, no-KYC and offshore hosting providers — police raids, court orders, deplatformings, public legal pushbacks. Useful for assessing real-world track records when picking a host." last_updated: "2026-05-12" type: "timeline" order: 2 --- ## About this timeline This is a curated, dated list of publicly-known incidents involving providers in our directory or directly-relevant adjacent providers. It exists because **track record under pressure** is one of the most useful signals when picking a privacy-focused host, and that information is otherwise scattered. Inclusion criteria: - Publicly reported in mainstream press, court records, or the operator's own public statement. - Material to assessing the provider's posture (a routine DMCA notice is not material; a coordinated multi-day takedown attempt is). - Either resolved or fully public — we don't include rumors or unverified claims. If you spot an inaccuracy or want to suggest an addition, see the [legal page](/legal). --- ## 2026 **February 2026 — EU DSA enforcement actions begin landing on offshore-marketed hosts.** Several Netherlands-based hosts (not all in our directory) received their first formal DSA-format notice-and-action requests. The procedural responses observed have generally required the requester to refile in formally complete form; no high-profile pulls of legitimate content have been publicly reported. --- ## 2025 **Q3 2025 — Privex onboards Monero as default at multiple datacenters.** Brought the directory's count of true "Monero-first" providers to three (Njalla, FlokiNET, Privex). **Q2 2025 — HostSailor expands to a second Netherlands datacenter.** Maintaining Romania as primary, the secondary NL DC gives existing customers an EU-routing failover. --- ## 2024 **Q4 2024 — EU DSA fully in force.** Material change in the regulatory environment for EU-based providers. Iceland, Switzerland, Norway, Moldova relatively more attractive as a result. --- ## 2022 **September 2022 — Cloudflare drops Kiwi Farms.** A high-profile non-DMCA deplatforming by a major edge provider, repeatedly cited as a reference case for "do not rely on Cloudflare as your only edge layer." Demonstrated that Cloudflare's content-policy criteria can override its standard safe-harbor posture. **Throughout 2022 — Increased payment-processor pressure on adult-content sites.** Visa and Mastercard tightened adult-merchant policies; pressure cascaded to hosts of large adult sites. Several mainstream-host pulls observed. --- ## 2017 **April 2017 — Njalla launches.** Peter Sunde and team introduce the owns-on-behalf domain registration model. Validated the concept that the registrar can be the registrant on the customer's behalf, materially harder for adversaries to compel transfers. --- ## 2014 **April 2014 — CJEU invalidates the EU Data Retention Directive (Digital Rights Ireland).** Bahnhof's pre-existing public refusal to log under the directive is retroactively vindicated. Romania subsequently strikes down its national data-retention law. **Throughout 2014 — Sweden's Pirate Bay raid era continues.** PRQ continues operating and remains a credible host for free-speech-positioned projects. --- ## 2010 **January 2010 — Iceland's IMMI parliamentary resolution.** Sets out the agenda for Iceland-as-press-freedom-haven; many components subsequently implemented over the following years. Becomes the structural reason Iceland is the most-cited DMCA-ignored hosting jurisdiction. --- ## 2009 **Throughout 2009 — Bahnhof publicly refuses to log under EU Data Retention Directive.** Public legal pushback against EU rules; subsequently vindicated by the CJEU in 2014. **OrangeWebsite founded.** Iceland-based explicit free-speech host begins operating. --- ## 2008 **WikiLeaks moves to Bahnhof's Pionen datacenter (Stockholm).** The former nuclear-bunker datacenter becomes one of the most photographed and discussed pieces of "free-speech infrastructure" in the world. --- ## 2006 **1984 Hosting founded** (Iceland). The longest-running explicitly privacy-focused Icelandic host begins operating as a cooperative. --- ## 2004 **PRQ founded** (Sweden) by Pirate Bay co-founders Gottfrid Svartholm and Fredrik Neij. Begins what becomes one of the longest free-speech-host track records on the internet. --- ## Earlier history - **1998**: Shinjiru (Malaysia) founded — among the earliest explicitly offshore-marketed hosts. - **1994**: Bahnhof and Infomaniak both founded — long-running European ISPs that later became reference points for privacy-friendly hosting. --- ## What this timeline cannot show - **Routine DMCA notices** (millions per year, not material per-incident). - **Non-public incidents** — providers handle most issues without press coverage. - **Operator-side migrations** — when an operator quietly moves between hosts after pressure, it rarely makes news. For real-time / forward-looking changes to the directory itself, see [/updates](/updates). --- # Best Monero VPS 2026: XMRHost vs Privex vs Njalla vs FlokiNET vs SilentHosts URL: https://notdmca.org/articles/monero-vps-comparison-2026 --- title: "Best Monero VPS 2026: XMRHost vs Privex vs Njalla vs FlokiNET vs SilentHosts" slug: "monero-vps-comparison-2026" summary: "Head-to-head comparison of the five Monero-accepting VPS providers worth shortlisting in 2026: XMRHost, Privex, Njalla VPS, FlokiNET and SilentHosts. Checkout flow, jurisdiction, no-KYC posture, pricing and the right pick by use case." last_updated: "2026-05-13" type: "report" order: 2 --- ## Quick answer For a VPS paid in Monero in 2026: - **XMRHost** — top pick. Monero-first by design — the checkout flow is built for XMR rather than retrofitted from a card-payments backend. Offshore VPS / dedicated; no-KYC; takedown-resistant jurisdictions. - **SilentHosts** — runner-up. Full-stack offshore vendor (registrar + shared + VPS + dedicated) under one no-KYC, crypto-first account. Monero accepted across every product. Best when you want one vendor for the whole stack paid in XMR. - **Privex** — crypto-only by design, multi-jurisdiction (SE / FI / CZ / US). Long-standing reputation in the crypto-native community. - **Njalla** — deposit-balance model: top up in XMR once, then spend on VPS or domains. Best when you also want the registrar at the same vendor. - **FlokiNET** — explicit free-speech AUP, multi-country (IS / RO / FI / NL), Monero alongside Bitcoin Lightning and cash by mail. Score-sorted (weighted by privacy + DMCA-resistance + reliability + value + support): | Rank | Provider | Overall | DMCA policy | Datacenters | Entry VPS | |------|----------|---------|-------------|-------------|-----------| | 1 | [SilentHosts](/providers/silenthosts) | 9.60 | ignore | IS / CH / NL / RO / MD / BG / RU / PA | $32/mo (2 vCPU / 4 GB / 60 GB) | | 2 | [XMRHost](/providers/xmrhost) | 9.275 | ignore | IS / RO | $16/mo (2 vCPU / 4 GB) | | 3 | [FlokiNET](/providers/flokinet) | 8.50 | ignore | IS / RO / FI / NL | ~€5–6/mo | | 4 | [Privex](/providers/privex) | TBV | resist | SE / FI / CZ / US | ~$8/mo | | 5 | [Njalla](/providers/njalla) | 8.10 | resist | SE / NL | ~€15/mo | ## Why this comparison matters Monero (XMR) is the only widely-accepted cryptocurrency where sender, receiver and amount are hidden by default at the protocol layer (ring signatures + stealth addresses + RingCT). For paying a hosting provider without leaving a chain-analysable trail, it is materially stronger than Bitcoin. But not every provider that "accepts Monero" treats it as a first-class option. Some retrofit XMR onto a card-payments backend, surface higher confirmation thresholds, or quote prices in fiat with a per-invoice conversion. The checkout experience matters because the difference between "XMR works at this provider" and "XMR is the default at this provider" affects how much friction you carry every renewal. This page ranks the five providers in the directory where Monero is a documented, advertised payment method — not "accepted on request" — and compares them on the axes that matter for an operator who has chosen XMR. ## XMRHost — Monero-first by design [XMRHost](/providers/xmrhost) is the only provider in the directory whose brand identity is "Monero hosting." The checkout flow is built for XMR rather than adapted. There is no card or PayPal option ("card2crypto" is explicitly not offered). Payment in Bitcoin (on-chain and Lightning), Litecoin, Ethereum and USDT is accepted as secondary options; **cash by mail is available case-by-case**. Infrastructure is in **Iceland and Romania**. The product catalog is unusual: alongside generic VPS, there are dedicated plans for **Tor hidden services ($20/mo for tor-1), I2P nodes ($16/mo for i2p-1), and Lokinet exits ($27/mo for lokinet-1)** — designed for operators running privacy-network infrastructure rather than general-purpose hosting. **Strengths** - **Checkout designed for XMR**: no retrofit, no fiat-rail anywhere in the funnel. - **Iceland + Romania** datacenters — non-DMCA jurisdictions. - **Specialised Tor / I2P / Lokinet plans** — one of the only providers in the directory with this product line. - **No-KYC**: email-only signup, no government ID requested or stored. - **Cash by mail accepted** case-by-case as a fallback. - **Tor signup supported**. **Trade-offs** - Narrower product set than Njalla or SilentHosts — VPS and dedicated only, no shared hosting or registrar. - Entry VPS is $16/mo (2 vCPU / 4 GB) — more expensive than FlokiNET or Privex per spec. - DDoS protection not advertised in the entry tier. **Best for**: operators whose payment is Monero specifically, not "any crypto," or operators running Tor / I2P / Lokinet infrastructure who want a vendor with explicit product plans for those workloads. ## SilentHosts — Monero across an 8-jurisdiction footprint [SilentHosts](/providers/silenthosts) is broader geographically than any other vendor in this list: **8 datacenters** in Iceland, Switzerland, the Netherlands, Romania, Moldova, Bulgaria, Russia and Panama. Monero is one of 11+ accepted cryptocurrencies (BTC, XMR, Bitcoin Lightning, ETH, USDT, USDC, LTC, DASH, ZEC, SOL, TON). VPS-2 (2 vCPU AMD EPYC / 4 GB DDR4 ECC / 60 GB NVMe SSD / 3 TB bandwidth) is **$32/mo** with a **10 Gbps DDoS shield** and a **99.99% uptime SLA** included on every plan. **Strengths** - **8-jurisdiction footprint** — broadest in this list. Pick your jurisdiction at order time. - **Monero accepted across 11+ cryptocurrencies** — broadest crypto basket. - **DDoS protection (10 Gbps) included** on every plan, not as a paid add-on. - **99.99% uptime SLA** published. - **No-KYC**: "Sign up with just an email. No ID, no address, no phone number required." **Trade-offs** - Entry VPS is **$32/mo** — more expensive than XMRHost ($16), FlokiNET (~€5–6), Privex (~$8) at the entry tier. - Not a registrar — bring your own domain (see [BunkerDomains](/providers/bunkerdomains)). - Newer than Privex, Njalla and FlokiNET. **Best for**: operators who want **multi-jurisdiction failover at a single vendor**, paid in XMR, with DDoS shielding included by default. ## Privex — the longest-running crypto-only VPS [Privex](/providers/privex) was built for the crypto community since 2017. It is **crypto-only by design** — fiat is not an option at signup. This removes a class of operational mistakes (accidentally paying with a card that links to your identity). Multi-jurisdiction across Sweden, Finland, the Czech Republic and the US (avoid the US location for takedown resistance). **Strengths** - **Track record**: 8+ years of operation under the same crypto-only posture. - **Multi-jurisdiction**: SE / FI / CZ for takedown-resistance; US for value. - **Broader crypto basket**: Monero, Bitcoin Lightning, Hive, EOS and others. **Trade-offs** - DMCA policy is "resist" rather than "ignore" — Privex evaluates complaints rather than dismissing them by default. - US location is DMCA-bound; pick a European DC. **Best for**: operators who prioritize **track record** and **multi-DC choice** over Monero-first branding. If you're picking between XMRHost (Monero-first, newer) and Privex (multi-crypto, longer history), Privex is the safer pick if longevity matters more than checkout polish. ## Njalla — Monero on the deposit-balance model [Njalla](/providers/njalla) uses a deposit-balance model: you top up your account in Monero (or Bitcoin Lightning, or cash by mail), and then spend the balance on VPS or domains. This is operationally useful because it **separates the payment transaction from the service transaction** — even if you later pay with a card to top up, the card is linked to the deposit, not to the specific VPS. **Strengths** - **Deposit-balance separation** between payment and service. - **Sweden / Netherlands datacenters** — solid European jurisdictions. - **Same vendor as the domain registrar** — top up once, run both layers. - **Founded by Peter Sunde** (The Pirate Bay co-founder); the legal posture is built around copyright-industry-target experience. **Trade-offs** - **Most expensive VPS** in this list at ~€15/mo entry. - VPS product is small (Sweden + Netherlands only); not the main product. - DMCA policy is "resist" not "ignore" — Njalla pushes back on speculative notices but operates under Swedish law. **Best for**: operators who already use Njalla for domain registration and want VPS under the same account chain. ## FlokiNET — Monero alongside cash by mail [FlokiNET](/providers/flokinet) is the most product-broad of the established names: shared, VPS, dedicated and registrar under explicit DMCA-ignored marketing. Monero is accepted alongside Bitcoin Lightning and **cash by mail** (FlokiNET publishes a postal address for cash deposits). **Strengths** - **Multi-jurisdiction** across IS / RO / FI / NL — failover if one DC attracts pressure. - **Cash-by-mail** as a fallback when crypto isn't an option. - **Lowest entry price** in this list at ~€5–6/mo. - **Explicit free-speech mission** on the home page; well-known in the Tor relay operator community. **Trade-offs** - Monero is one of several payment options, not the headline — checkout flow is broader, less Monero-specific than XMRHost. - Premium pricing for the dedicated tier (~€70/mo+). **Best for**: operators who want the **broadest payment fallback** (XMR + Lightning + cash) and **multi-country DC choice** under explicit DMCA-ignored marketing. ## Side-by-side feature matrix | Feature | XMRHost | SilentHosts | Privex | Njalla | FlokiNET | |---------|---------|-------------|--------|--------|----------| | Monero default at checkout | **Yes** (headline) | Yes | Yes | Yes (via balance) | Yes | | Cash by mail | **Case-by-case** | No | No | Yes | Yes | | Bitcoin Lightning | Yes | Yes | Yes | Yes | Yes | | No-KYC signup | Yes | Yes | Yes | Yes | Yes | | Tor signup | Yes | Yes | Yes | Yes | Yes | | DMCA policy | ignore | ignore | resist | resist | ignore | | Dedicated tier | Yes | Yes | Yes | No | Yes | | Shared hosting | No | No | No | No | Yes | | Registrar | No | No | No | Yes | Yes | | Specialised Tor / I2P / Lokinet plans | **Yes** | No | No | No | No | | DDoS protection included | No | **Yes (10 Gbps)** | Verify | No | Yes | | Uptime SLA | TBV | **99.99%** | TBV | None | None | | Datacenters | IS / RO | 8 (IS/CH/NL/RO/MD/BG/RU/PA) | SE/FI/CZ/US | SE/NL | IS/RO/FI/NL | | Entry VPS $/mo | $16 (2 vCPU / 4 GB) | $32 (2 vCPU / 4 GB) | ~$8 | ~€15 | ~€5–6 | | Owns-on-behalf domains | N/A | No | N/A | **Yes** | No | | Operator track record | New (2026) | New (2026) | Since 2017 | Since 2017 | Since 2012 | ## Decision tree **You want Monero-first by design with no retrofit** → [XMRHost](/providers/xmrhost). **You want one vendor for the whole stack paid in XMR** → [SilentHosts](/providers/silenthosts). **You want the longest crypto-only VPS track record** → [Privex](/providers/privex). **You want the registrar in the same vendor and don't mind paying ~€15/mo** → [Njalla](/providers/njalla). **You want multi-country failover and cash-by-mail fallback** → [FlokiNET](/providers/flokinet). **You want the absolute cheapest** → FlokiNET at ~€5–6/mo entry (Privex at ~$8/mo is close). ## How to acquire and pay For each of the above, the operational pattern is the same: 1. **Acquire XMR** through a path that doesn't link to your real identity. Best: P2P via LocalMonero with cash-in-person. Acceptable: no-KYC swap from BTC you control. Avoid: KYC-exchange withdrawal. 2. **Sign up over Tor** with a throwaway email. No real name; no real-name email aliases. 3. **Pay the invoice** from a Monero wallet that has not previously touched your real identity. Wait for the required confirmations. 4. **Harden the VPS**: deploy your own SSH key, enable full-disk encryption if possible, disable host-side telemetry. Full step-by-step: [How to buy an anonymous VPS with Monero](/guides/anonymous-vps-monero). ## Related - [Anonymous VPS with Monero — full playbook](/guides/anonymous-vps-monero) - [/payments/monero](/payments/monero) — live filter view of every Monero-accepting provider in the directory - [/best/monero-vps](/best/monero-vps) — editorial ranking - [XMRHost full review](/providers/xmrhost) - [SilentHosts full review](/providers/silenthosts) - [Privex full review](/providers/privex) --- # Anonymous registrar comparison 2026: Njalla vs BunkerDomains vs 1984 Hosting vs FlokiNET URL: https://notdmca.org/articles/anonymous-registrar-comparison-2026 --- title: "Anonymous registrar comparison 2026: Njalla vs BunkerDomains vs 1984 Hosting vs FlokiNET" slug: "anonymous-registrar-comparison-2026" summary: "Head-to-head comparison of the anonymous-friendly domain registrars worth shortlisting in 2026: Njalla (owns-on-behalf), BunkerDomains (Seychelles crypto-only), 1984 Hosting (ICANN-accredited Icelandic), FlokiNET (bundled with hosting). Models, payment posture, WHOIS treatment, the right pick by use case." last_updated: "2026-05-13" type: "report" order: 3 --- ## Quick answer For an anonymous domain registration in 2026: - **Njalla** — top pick for **owns-on-behalf** model. Registers the domain in *its* name on your behalf — your identity never appears in WHOIS at all. Accepts Monero, Bitcoin Lightning, cash by mail. ~€15/yr for `.com`. - **BunkerDomains** — top pick for **Seychelles crypto-only registrar**. No card, no PayPal. Free WHOIS privacy on every supported TLD. `.com` from $12.99/yr; "0 DMCA notices acted upon" track record. - **1984 Hosting** — ICANN-accredited Icelandic registrar since 2006. Standard WHOIS privacy; full Iceland-jurisdiction stack. ~€19/yr for `.com`. - **FlokiNET** — Iceland-based registrar bundled with the rest of FlokiNET's product line. Standard WHOIS privacy; ~€18/yr for `.com`. ## Two distinct anonymity models Before picking a registrar, it matters which **anonymity model** you need. They are not the same. ### Model A — WHOIS privacy (proxy registration) You give your real data to the registrar; the registrar substitutes its own proxy data in public WHOIS records. Your identity is hidden from public lookup but **on file with the registrar**. Disclosable under court order, ICANN dispute proceedings, or law-enforcement request. **Available from**: BunkerDomains (free, Seychelles), 1984 Hosting, FlokiNET, and most modern commercial registrars (Porkbun, Namecheap). **Anonymity quality**: medium. Stops casual lookup; does not stop subpoenas. ### Model B — Owns-on-behalf (proxy ownership) The registrar registers the domain in **its own name** as the registrant of record, and grants you contractual usage rights. You are not the registrant; you are a customer with a license. Your identity is not on file with the registrant anywhere. **Available from**: Njalla (the canonical example). **Anonymity quality**: high. To compel transfer or seizure, an adversary must convince the proxy registrar — not you, not your registrar in your home jurisdiction, not a US-bound registry. The right pick depends on which model fits your threat model. Most operators are well-served by Model A; specific high-friction use cases (journalism with hostile civil litigants, activist orgs in jurisdictions with weak rule of law) benefit from Model B. ## Njalla — the owns-on-behalf canonical [Njalla](/providers/njalla) validated the owns-on-behalf model in 2017 and remains the dominant operator. The company is incorporated in **Nevis** (Saint Kitts and Nevis) with operations in **Sweden**, founded by Peter Sunde (The Pirate Bay co-founder). **Strengths** - **You never appear in WHOIS** because you are not the registrant. - **Accepts Monero, Bitcoin Lightning, cash by mail** alongside card/PayPal (cards are processed but reduce anonymity). - **Track record under copyright-industry pressure** — Sunde has been a target for two decades; the legal posture is built around that. - **VPS bundled** for operators who want domain + small VPS under one account. **Trade-offs** - **Premium pricing**: ~€15/year for `.com`, ~50% above market — the premium pays for the proxy-ownership model. - **TLD coverage** is broad but not complete; some country-code TLDs aren't available because the registry won't allow proxy registration. - **Not "bulletproof"**: Njalla complies with binding Swedish court orders and pulls material illegal under Swedish law. **Best for**: operators where **WHOIS exposure is the dominant risk** — journalism, activist collectives, controversial-but-legal personal sites, leaks platforms. ## BunkerDomains — the Seychelles crypto-only registrar [BunkerDomains](/providers/bunkerdomains) is a **Seychelles-incorporated** registrar positioned for operators who want a Model A registrar with **no fiat rail at checkout**. The product set is narrow on purpose: domain registration only, with **free WHOIS privacy on every TLD that allows it**, no-KYC signup, and crypto-only payment. Signup is intentionally minimal: **email + pseudo + password**. No government ID, no postal address, no phone number. The published track record is **"0 DMCA notices acted upon"** — the operator states "we literally don't reply." **Pricing examples (May 2026)**: `.com` from $12.99/yr, `.xyz` $9.99, `.ru` $7.99, `.io` $39.99, `.is` $79.99, `.ai` $89.99. Every order includes free WHOIS privacy, anycast DNS on 8 nameservers, email forwarding (5 aliases), URL forwarding, DNSSEC, registrar lock and ID protection. **Accepted crypto**: BTC, XMR, USDT, ETH, LTC, TRX, BCH, BNB, DOGE, SOL and others (via OxaPay). **Strengths** - **Seychelles incorporation** — outside the US DMCA regime, outside the EU DSA. - **Crypto-only**: no card or PayPal anywhere in the funnel. - **Free WHOIS privacy on every supported TLD** — included by default at no extra cost. - **No-KYC**: email + pseudo + password is the entire signup. - **Comprehensive free add-ons**: anycast DNS, email forwarding, URL forwarding, DNSSEC, registrar lock. - **$12.99/yr `.com`** — competitive with mainstream registrars despite the privacy posture. **Trade-offs** - **Not owns-on-behalf**: you are the registrant on file; WHOIS shows the privacy proxy. Subpoena-disclosable under Seychelles court order. - **Domains-only product**: no bundled VPS or shared hosting. Bring your own. - **Newer than Njalla and 1984** — less third-party reporting as of May 2026. **Best for**: operators who **don't need owns-on-behalf** but want to **remove the fiat-rail vulnerability** at the registrar layer under a Seychelles-incorporated registrar that publishes a zero-DMCA-actions track record. ## 1984 Hosting — the ICANN-accredited Icelandic veteran [1984 Hosting](/providers/1984hosting) has been operating since 2006 under an explicit civil-liberties mission (the name is a nod to Orwell). It is an **ICANN-accredited registrar** offering gTLD registration with standard WHOIS privacy, plus the full hosting stack (shared, VPS, dedicated, email) from Icelandic data centers. **Strengths** - **ICANN-accredited**: formal status, recourse paths, broad TLD coverage. - **Iceland jurisdiction** for the entire stack. - **Cooperative ownership** structure makes it harder to acquire than VC-backed competitors. - **Two decades of operation** — by far the longest track record in the no-DMCA-jurisdiction space. **Trade-offs** - **Standard WHOIS privacy**, not owns-on-behalf. - **`.is` ccTLD cannot be registered anonymously** (ISNIC requires Icelandic kennitala). - **Mid-market pricing** at ~€19/year for `.com` with privacy. **Best for**: operators who want the **most-formalized Icelandic registrar** with a long operational history. If "I want my registrar in Iceland with broad TLD coverage and standard WHOIS privacy" is the brief, 1984 is the conservative pick. ## FlokiNET — registrar bundled with explicit free-speech hosting [FlokiNET](/providers/flokinet) offers domain registration alongside its shared / VPS / dedicated tiers. WHOIS privacy is provided for gTLDs. **Strengths** - **Explicit free-speech AUP** for the whole product line — useful when you want the registrar in the same place as the publishing layer. - **Multi-jurisdiction hosting**: IS / RO / FI / NL. - **Monero and cash by mail** accepted. **Trade-offs** - **Standard WHOIS privacy** only — not owns-on-behalf. - **Mid-market pricing** at ~€18/year for `.com`. **Best for**: operators already using FlokiNET for hosting who want to consolidate the registrar at the same vendor. ## Side-by-side feature matrix | Feature | Njalla | BunkerDomains | 1984 Hosting | FlokiNET | |---------|--------|---------------|--------------|----------| | Owns-on-behalf | **Yes** | No | No | No | | WHOIS privacy (standard) | N/A | **Yes, free on every TLD** | Yes | Yes | | No-KYC signup | Yes | Yes (email + pseudo + password) | Yes | Yes | | Crypto-only checkout | No (card available) | **Yes** | No | No | | Monero accepted | Yes | Yes (first-class) | Yes | Yes | | Cash by mail | **Yes** | No | No | Yes | | ICANN-accredited | No (proxy registrant) | TBV | **Yes** | TBV | | Hosting bundled | Small VPS | No | Full stack | Full stack | | .com / year | ~€15 | **$12.99** | ~€19 | ~€18 | | Free add-ons | Deposit balance, VPS | **DNS, email fwd, URL fwd, DNSSEC, registrar lock** | Hosting bundle | Hosting bundle | | Founded | 2017 | TBV | 2006 | 2012 | | Jurisdiction | Nevis / Sweden | **Seychelles** | Iceland | Iceland (multi-DC) | ## Decision tree **You need WHOIS-invisibility (your name must never be on file as registrant)** → [Njalla](/providers/njalla). The only owns-on-behalf option at scale. **You want a Model A registrar with no card / PayPal trace** → [BunkerDomains](/providers/bunkerdomains). Crypto-only checkout closes the fiat-rail leak. **You want the registrar bundled with offshore hosting under one vendor** → [1984 Hosting](/providers/1984hosting) or [FlokiNET](/providers/flokinet) — both bundle registrar + hosting. **You want an ICANN-accredited Icelandic registrar with the longest track record** → [1984 Hosting](/providers/1984hosting). **You're already using FlokiNET for hosting** → [FlokiNET](/providers/flokinet) for consistency. ## TLDs you can and cannot register anonymously Regardless of which registrar you pick, the **registry's policy** for the TLD governs whether anonymous registration is possible at all: | TLD | Anonymous? | Note | |---|---|---| | `.com`, `.net`, `.org`, `.xyz`, `.info` | Yes | gTLD; both anonymity models available | | `.io`, `.co`, `.me`, `.cc`, `.tv` | Yes | gTLD-equivalent in privacy treatment | | `.is` | No (foreign) | ISNIC requires Icelandic kennitala | | `.fr`, `.de`, `.it`, `.es` | Restricted | Registry requires verifiable EU/local resident | | `.us` | No | NTIA bans WHOIS privacy on `.us` | | `.ca` | Restricted | Requires Canadian presence | | `.eu` | Restricted | Requires EU residency / establishment | **`.com` remains the safest pick for anonymous registration in 2026** despite the price premium. ## Payment hygiene applies regardless Whichever registrar you pick, the payment hygiene is the same: 1. Sign up **over Tor** with a throwaway email. 2. Pay in **Monero** (preferred), Bitcoin (on-chain or Lightning), or **cash by mail** where available. 3. If you must use a card, make sure the registrar's model **separates payment from service** (Njalla's deposit-balance is one such design). 4. Never pay with a card / PayPal that links to your real-name identity. Full guide: [How to register a domain anonymously in 2026](/guides/anonymous-domain-registration). ## Related - [/guides/anonymous-domain-registration](/guides/anonymous-domain-registration) — full step-by-step playbook - [/best/anonymous-registrar](/best/anonymous-registrar) — editorial ranking - [/categories/domains](/categories/domains) — every registrar in the directory - [Njalla review](/providers/njalla) - [BunkerDomains review](/providers/bunkerdomains) - [FlokiNET review](/providers/flokinet) - [1984 Hosting review](/providers/1984hosting) --- # Offshore VPS showdown 2026: SilentHosts vs BulletHost vs FlokiNET vs HostHatch vs BuyVM Luxembourg URL: https://notdmca.org/articles/offshore-vps-showdown-2026 --- title: "Offshore VPS showdown 2026: SilentHosts vs BulletHost vs FlokiNET vs HostHatch vs BuyVM Luxembourg" slug: "offshore-vps-showdown-2026" summary: "Head-to-head comparison of the five offshore VPS providers worth shortlisting in 2026 for DMCA-resistant, no-KYC, crypto-friendly compute: SilentHosts, BulletHost, FlokiNET, HostHatch, BuyVM Luxembourg. Jurisdictional posture, payment, pricing and use-case fit." last_updated: "2026-05-13" type: "report" order: 4 --- ## Quick answer For an offshore VPS in 2026 with no-KYC signup and DMCA-resistant policy: - **SilentHosts** — top pick for **broadest multi-jurisdiction footprint** (8 datacenters: IS / CH / NL / RO / MD / BG / RU / PA, every plan with 10 Gbps DDoS + 99.99% SLA). - **BulletHost** — top pick for **Russia / Belarus / Kazakhstan jurisdictions** with the strongest DDoS protection (100 Gbps standard, 200 Gbps on ds-pro). - **FlokiNET** — top pick for **multi-country Western European failover** (IS / RO / FI / NL) with the longest explicit-free-speech-marketing track record. - **HostHatch** — top pick for **value per spec** (~$2/mo annual prepay) with broad non-US datacenter choice. - **BuyVM Luxembourg** — top pick for **lowest absolute price** in a non-US datacenter, with a 14-year track record. Avoid the US locations. Score-sorted (weighted by privacy + DMCA-resistance + reliability + value + support): | Rank | Provider | Overall | DMCA policy | Datacenters | Entry VPS | |------|----------|---------|-------------|-------------|-----------| | 1 | [SilentHosts](/providers/silenthosts) | 9.60 | ignore | IS / CH / NL / RO / MD / BG / RU / PA | $32/mo (2 vCPU / 4 GB / 60 GB + 10 Gbps DDoS) | | 2 | [BulletHost](/providers/bullethost) | 9.275 | ignore | RU / BY / KZ | $19/mo (2 vCPU / 4 GB / 60 GB + 100 Gbps DDoS) | | 3 | [FlokiNET](/providers/flokinet) | 8.50 | ignore | IS / RO / FI / NL | ~€5–6/mo | | 4 | [BuyVM (Luxembourg)](/providers/buyvm) | 7.375 | partial | US-NY/NV/FL, LU | ~$2/mo | | 5 | [HostHatch](/providers/hosthatch) | TBV | partial | 15+ global | ~$2/mo | ## Why these five The directory contains many more than five VPS providers; this article shortlists the five that consistently come up in operator decisions when the brief is "offshore VPS, no-KYC, accepts crypto, won't auto-pull on a DMCA notice." The cluster spans: - **Two operator-owned newcomers** (SilentHosts, BulletHost) that score high on privacy + DMCA-resistance because they're built around those axes. - **One veteran multi-country free-speech vendor** (FlokiNET, since 2012). - **Two value-tier vendors with mixed jurisdictions** (BuyVM since 2010, HostHatch since 2011) that have content-permissive AUPs in their non-US locations. Other providers in the directory (Privex, Njalla VPS, 1984 Hosting VPS, OrangeWebsite VPS, etc.) are covered in their own pages and head-to-head comparisons — this article focuses on the **pure-VPS-shopping** decision. ## SilentHosts — 8-jurisdiction footprint under one vendor [SilentHosts](/providers/silenthosts) is the broadest geographically of the five: **8 datacenters** across Iceland, Switzerland, the Netherlands, Romania, Moldova, Bulgaria, Russia and Panama. Plans are uniform across locations — pick your jurisdiction at order time. Entry VPS-2 is **$32/mo** (2 vCPU AMD EPYC / 4 GB DDR4 ECC / 60 GB NVMe SSD / 3 TB bandwidth) with **10 Gbps DDoS shield** and a **99.99% uptime SLA** included on every plan. **Strengths** - **8-jurisdiction footprint** in a single vendor — broadest in this list. - **Crypto-only checkout** across 11+ cryptocurrencies (BTC, XMR, Bitcoin Lightning, ETH, USDT, USDC, LTC, DASH, ZEC, SOL, TON). - **DDoS protection (10 Gbps) included** on every plan, not as a paid add-on. - **99.99% uptime SLA** published. - **No-KYC**: "Sign up with just an email. No ID, no address, no phone number required." **Trade-offs** - **Entry price $32/mo** — more expensive than FlokiNET (~€5–6) or HostHatch (~$2) at the entry tier. - VPS / dedicated only; not a registrar — bring your own domain. - Newer than FlokiNET, BuyVM and HostHatch. **Best for**: operators who want **multi-jurisdiction failover at a single vendor** with DDoS shielding included by default and an SLA on paper. ## BulletHost — Russia / Belarus / Kazakhstan jurisdictions [BulletHost](/providers/bullethost) operates infrastructure in **Russia (Moscow + St Petersburg)**, **Belarus (Minsk)** and **Kazakhstan (Almaty)**. The jurisdictional posture is distinctive in this directory — addressing a different threat model where the operator wants infrastructure **outside the US/EU mutual-legal-assistance pipeline entirely**. Entry VPS-2 is **$19/mo** (2 vCPU / 4 GB DDR4 ECC / 60 GB NVMe SSD, St Petersburg). Dedicated tiers from **$99/mo** (ds-lite), with an **"anonymous dedicated" tier ds-anon-mid at $199/mo** — a stronger-anonymity product configuration on top of the same no-KYC base. Per the published TOS: **"No government ID is required for standard signup. Operator does not perform customer-side identity verification on the standard catalog tiers."** **Strengths** - **RU / BY / KZ jurisdictions** — outside the US DMCA regime, outside aggressive EU enforcement, outside the standard Western mutual-legal-assistance pipeline. - **100 Gbps DDoS shield** on standard tiers, **200 Gbps on ds-pro** — strongest DDoS protection in this list. - **Crypto-only checkout via self-hosted BTCPay** (BTC, USDT-TRC20, XMR) — no third-party payment processor. - **72-hour provisioning SLA**: if BulletHost misses the deploy window, the first month is on the operator. - **No KYC at signup** across the entire catalog (per TOS) — VPS and dedicated alike. **Trade-offs** - RU / BY / KZ jurisdictions carry distinct geopolitical considerations vs Western European offshore options — pick this provider when those are the right jurisdictions for your threat model. - Bring your own domain (see [BunkerDomains](/providers/bunkerdomains)). **Best for**: operators whose threat model is best served by **RU / BY / KZ infrastructure** specifically — outside Western legal-assistance frameworks — with industry-leading DDoS protection on every tier and no KYC at signup. ## FlokiNET — multi-country free-speech veteran [FlokiNET](/providers/flokinet) is the longest-running provider in this list that explicitly markets a free-speech / DMCA-ignored posture rather than just tolerating it. Founded in **2012** in Iceland, expanded to **Romania**, **Finland**, and the **Netherlands** for jurisdictional options. **Strengths** - **Explicit free-speech mission** on the home page. - **Multi-jurisdiction failover** — if Romania attracts pressure, move to Iceland or Finland under the same provider. - **Cash by mail** alongside Monero, Bitcoin Lightning and other crypto. - **Long-standing reputation** in privacy / opsec circles and on Tor-Project-recommended-ISPs lists. - **DDoS protection** included; bandwidth tiers suitable for streaming. **Trade-offs** - **Premium pricing** vs HostHatch and BuyVM (~€5–6/mo entry vs ~$2/mo). - Marketing-aggressive in a way that attracts attention compared to quiet competence (Bahnhof, Infomaniak). **Best for**: operators who want the **broadest jurisdictional safety net** and an **explicit AUP** that names free-speech use cases. Default pick when the offshore-marketing voice matters. ## HostHatch — global VPS at the cheapest annual prepay [HostHatch](/providers/hosthatch) is a long-running global KVM VPS provider (since 2011) with 15+ datacenter locations including **Iceland, Romania, Finland, the Netherlands and Sweden**. Annual prepay can bring the entry tier to ~$2/mo. **Strengths** - **Cheapest annual prepay** in the offshore-jurisdictions cluster. - **Broadest non-US datacenter choice** — pick your jurisdiction at order time. - **Crypto accepted broadly**; no-KYC signup functionally available. **Trade-offs** - **Less aggressive privacy marketing** than FlokiNET — operationally similar but no explicit free-speech AUP. - **DMCA policy varies by datacenter**; not a uniform stance. - **Less customer support polish** than the more managed-hosting-style vendors. **Best for**: operators who want **value per spec** combined with **broad non-US DC choice** and don't need an explicit DMCA-ignored marketing posture. ## BuyVM Luxembourg — value-tier with a 14-year track record [BuyVM](/providers/buyvm) (operated by Frantech Solutions, Canada) has been running KVM VPS since 2010. The US datacenters are DMCA-bound; the **Luxembourg location** is the takedown-resistant pick. **Strengths** - **Lowest absolute entry price** at ~$2/mo for the Slice 1024 tier. - **14 years of operation** under the same brand — among the most-recommended low-end VPS hosts in the LowEndTalk / opsec community. - **Content-permissive** AUP; has hosted projects rejected by mainstream providers. - **DDoS protection** included. **Trade-offs** - **Pick the Luxembourg DC, not US** — US infrastructure is fully DMCA-bound regardless of operator stance. - **Monero is not advertised as first-class** — Bitcoin, Lightning, Litecoin, Ethereum and card. Verify XMR at checkout. - **DMCA policy is "partial"** — BuyVM evaluates complaints; it is not a true DMCA-ignored vendor in the FlokiNET sense. **Best for**: operators whose dominant concern is **lowest possible $/spec** combined with crypto-friendly checkout, willing to handle the US-vs-Luxembourg datacenter choice carefully. ## Side-by-side feature matrix | Feature | SilentHosts | BulletHost | FlokiNET | HostHatch | BuyVM (LU) | |---------|-------------|------------|----------|-----------|------------| | DMCA policy | ignore | ignore | ignore | partial | partial | | Datacenters | **IS/CH/NL/RO/MD/BG/RU/PA (8)** | RU/BY/KZ | IS/RO/FI/NL | 15+ global | LU + US | | No-KYC signup | **Yes (all tiers)** | **Yes (all tiers per TOS)** | Yes | Yes | Yes | | Monero accepted | **Yes** | **Yes** | Yes | Yes (broad) | Verify at checkout | | Cash by mail | No | No | **Yes** | No | No | | Bitcoin Lightning | Yes | No | Yes | Yes | Yes | | DDoS protection | **10 Gbps standard** | **100 Gbps standard / 200 Gbps ds-pro** | Yes | Verify per DC | Yes | | Uptime SLA | **99.99%** | 72h deploy SLA | None | None | None | | Entry VPS $/mo | $32 | $19 | ~€5–6 | **~$2** | **~$2** | | Dedicated tier | Yes | Yes ($99+; anon-config $199+) | Yes (~€70+) | Yes | Yes (~$65+) | | Shared hosting | No | No | Yes | No | No | | Registrar bundled | No | No | Yes | No | No | | Tor signup supported | Yes | Yes | Yes | Yes | Yes | | Operator track record | New (2026) | New (2026) | Since 2012 | Since 2011 | Since 2010 | ## Decision tree **You want the broadest multi-jurisdiction footprint at a single vendor (8 datacenters across IS / CH / NL / RO / MD / BG / RU / PA)** → [SilentHosts](/providers/silenthosts). **You want Russia / Belarus / Kazakhstan jurisdictions specifically with 100 Gbps+ DDoS** → [BulletHost](/providers/bullethost). **You want multi-country failover under explicit free-speech marketing** → [FlokiNET](/providers/flokinet). **You want the cheapest annual prepay across many non-US locations** → [HostHatch](/providers/hosthatch). **You want a 14-year operator track record at $2/mo entry** → [BuyVM Luxembourg](/providers/buyvm) — but actively avoid the US datacenters. **You want Monero-first specifically** → see also [XMRHost](/providers/xmrhost) in the [Monero VPS comparison](/articles/monero-vps-comparison-2026). ## What about the others? The directory has more VPS providers — the most-asked-about exclusions from this shortlist: - **[Privex](/providers/privex)** — covered in the [Monero VPS comparison](/articles/monero-vps-comparison-2026). Crypto-only signup; multi-juris (SE/FI/CZ/US). - **[Njalla VPS](/providers/njalla)** — small VPS bundled with the canonical owns-on-behalf registrar. ~€15/mo entry; covered in the [registrar comparison](/articles/anonymous-registrar-comparison-2026). - **[1984 Hosting VPS](/providers/1984hosting)** — Iceland-only conservative Icelandic stack; ICANN-accredited cooperative since 2006. - **[OrangeWebsite VPS](/providers/orangewebsite)** — Iceland-only managed shared / VPS / dedicated with explicit DMCA-ignored marketing since 2009. - **[AbeloHost](/providers/abelohost)**, **[HostSailor](/providers/hostsailor)**, **[AlexHost](/providers/alexhost)**, **[Shinjiru](/providers/shinjiru)**, **[PRQ](/providers/prq)**, **[Bahnhof](/providers/bahnhof)**, **[Infomaniak](/providers/infomaniak)**, **[TerraHost](/providers/terrahost)** — covered in their own pages and in [/best](/best). For the full live ranking, see [/providers](/providers) sorted by overall score. ## How to acquire and pay Whichever vendor you pick, the operational pattern is the same: 1. **Sign up over Tor** with a throwaway email. 2. **Pay in Monero** (preferred), Bitcoin Lightning, or **cash by mail** where available. 3. **Harden the VPS**: full-disk encryption, your own SSH key, disabled host telemetry. 4. **Test the migration path** before you need it — rehearse moving to a second jurisdiction at a second vendor. Full step-by-step: [How to buy an anonymous VPS with Monero](/guides/anonymous-vps-monero). ## Related - [Best DMCA-ignored hosting in 2026 (overview)](/dmca-ignored-hosting-2026) - [Anonymous VPS with Monero — playbook](/guides/anonymous-vps-monero) - [Choose a DMCA-ignored host — decision framework](/guides/choose-dmca-ignored-host) - [/providers](/providers) — every provider in the directory, ranked - [/compare](/compare) — head-to-head comparisons including SilentHosts vs FlokiNET, BulletHost vs BuyVM, and more --- # Press-freedom hosting 2026: OffshorePress vs FlokiNET vs OrangeWebsite vs 1984 Hosting vs Bahnhof URL: https://notdmca.org/articles/press-freedom-hosting-2026 --- title: "Press-freedom hosting 2026: OffshorePress vs FlokiNET vs OrangeWebsite vs 1984 Hosting vs Bahnhof" slug: "press-freedom-hosting-2026" summary: "Comparison of the five hosting providers most worth considering for independent journalism, whistleblowing platforms and press-freedom-aligned use cases in 2026: OffshorePress, FlokiNET, OrangeWebsite, 1984 Hosting, Bahnhof. Jurisdictional posture, Tor friendliness, no-KYC support and operational fit by use case." last_updated: "2026-05-13" type: "report" order: 5 --- ## Quick answer For independent journalism, whistleblowing or press-freedom-aligned hosting in 2026: - **OffshorePress** — top pick for **press-freedom-explicit positioning**. Tor-friendly, no-KYC, Monero accepted; marketing voice directly aligned with newsroom and journalism use cases. - **FlokiNET** — top pick for **multi-country failover under free-speech marketing**. IS / RO / FI / NL; well-known in the Tor relay operator community. - **OrangeWebsite** — top pick for **Iceland-only managed shared hosting** with 15+ years of explicit free-speech branding. - **1984 Hosting** — top pick for **ICANN-accredited Icelandic cooperative** with the longest track record in the no-DMCA-jurisdiction space. - **Bahnhof** — top pick for **reliability + jurisdiction** at the cost of real-name signup. Hosted WikiLeaks at the Pionen bunker; refused EU data retention. ## Why this is its own category Independent journalism and whistleblowing platforms have a specific set of needs that distinguish them from generic offshore hosting: 1. **Resistance to automated DMCA campaigns** against investigations that quote rightsholders' content. 2. **Resistance to civil-litigation pressure** from well-resourced subjects (corporations, billionaires) using SLAPP-style actions. 3. **Tor-friendly operations** for source-intake (SecureDrop) and reader privacy. 4. **No-KYC signup** for operators whose identity exposure could endanger sources. 5. **Multi-jurisdiction failover** so a successful pressure campaign in one country doesn't kill the publication. 6. **Stable long-term relationship** — newsrooms move slowly; mid-project deplatforming is a real cost. Generic value-tier offshore (HostHatch, BuyVM, AlexHost) is fine for personal projects but underserves these requirements. The five providers below are picked specifically for press-freedom use cases. ## OffshorePress — press-freedom by design, Iceland + Switzerland [OffshorePress](/providers/offshorepress) is positioned explicitly around **independent media and press-freedom use cases**. Infrastructure lives in **Iceland (Reykjavik, via Síminn)** and **Switzerland (Zurich, via Init7)** — two jurisdictions outside the US DMCA regime and outside aggressive EU enforcement, both with strong constitutional press-freedom traditions. Entry VPS-1 is **$8/mo** (1 vCPU AMD EPYC / 2 GB DDR4 ECC / 25 GB NVMe SSD). Higher tiers: VPS-2 $16/mo, VPS-4 $32/mo, VPS-8 $64/mo. Crypto-only checkout (Monero, Bitcoin Lightning, on-chain Bitcoin). The operator's published policy: "**No DMCA forwarding — foreign takedown notices have no procedural standing in the operating jurisdictions.**" **Strengths** - **Iceland + Switzerland** — two of the strongest press-freedom jurisdictions in Europe, both non-EU. - **No DMCA forwarding** as a published policy — not just "we ignore," but procedural justification. - **Crypto-only checkout** — no card or PayPal anywhere. - **No-KYC**: "No KYC at any step of the order." - **Modern hardware stack**: AMD EPYC + DDR4 ECC + NVMe SSD even at the $8/mo entry tier. **Trade-offs** - Newer than FlokiNET, OrangeWebsite, 1984 and Bahnhof — less third-party reporting as of May 2026. - VPS / dedicated only; not a registrar (bring your own domain). **Best for**: independent newsrooms, leak platforms, investigative-journalism sites that want a vendor whose AUP and marketing match the use case, with infrastructure in **both Iceland and Switzerland** for cross-jurisdiction failover. ## FlokiNET — multi-country free-speech veteran [FlokiNET](/providers/flokinet) is the longest-running provider with an explicit free-speech mission on its home page. Founded in **2012** in Iceland, with infrastructure also in **Romania**, **Finland** and the **Netherlands**. **Strengths** - **Multi-jurisdiction failover** — move within the same provider if one DC attracts pressure. - **Explicit free-speech AUP** that names the use cases. - **Well-known in the Tor relay operator community**; listed on Tor-Project-recommended-ISPs resources. - **Cash by mail** accepted alongside Monero and Bitcoin Lightning. **Trade-offs** - Premium pricing vs value-tier hosts. - "Free-speech-aggressive" marketing voice that attracts attention compared to quieter alternatives. **Best for**: newsrooms and platforms where **multi-country failover** is part of the resilience plan. If a Romanian DC attracts pressure, you migrate to Iceland or Finland under the same provider. ## OrangeWebsite — Iceland-only explicit free-speech [OrangeWebsite](/providers/orangewebsite) has positioned itself as a free-speech host since launch in **2009**. Iceland-only infrastructure; the marketing pitch is direct: pages titled *"Free speech hosting"* and *"DMCA policy"* sit prominently on the site. **Strengths** - **15+ years of stable free-speech branding** under Icelandic law. - **Shared hosting tier** suitable for non-technical operators (WordPress, Joomla, etc.). - **DDoS protection** and 99.9% uptime SLA published. - **Iceland-only** — no US/EU subsidiary that could be pressured. **Trade-offs** - Iceland-only (no failover within the same provider). - Higher per-bandwidth cost than NL or RO alternatives. - Monero is not the headline option — Bitcoin / Litecoin / other crypto. **Best for**: operators who want **a one-line answer** to "do you ignore DMCA?" in marketing copy, with a published policy to that effect, and who don't need multi-country failover at the same vendor. ## 1984 Hosting — the ICANN-accredited Icelandic cooperative [1984 Hosting](/providers/1984hosting) has operated since **2006** under an explicit civil-liberties mission. It is an **ICANN-accredited registrar** offering the full hosting stack (shared, VPS, dedicated, email) from Icelandic data centers, on a cooperative ownership model. **Strengths** - **Almost two decades of operation** — by far the longest track record in this list. - **Cooperative ownership** makes the company harder to acquire and pivot away from its mission. - **Full stack**: domain + shared + VPS + dedicated + email under one Icelandic-jurisdiction relationship. - **ICANN-accredited registrar** with broad TLD coverage. **Trade-offs** - More conservative legal posture than FlokiNET — does not publish a one-line "we ignore DMCA" pledge; instead frames as "Iceland is the relevant legal forum." - Iceland-only (no failover within the same provider). - Mid-market pricing. **Best for**: long-lived publications that want the **most-formalized Icelandic stack** under cooperative ownership, where stability and procedural rigor matter more than maximum permissiveness. ## Bahnhof — reliability + jurisdiction at the cost of KYC [Bahnhof](/providers/bahnhof) is a Swedish ISP and data-center operator since **1994** — famous for hosting WikiLeaks at the **Pionen bunker** datacenter and for publicly refusing EU data retention obligations. **Strengths** - **Unmatched legal track record**: hosted WikiLeaks; refused data retention; defended customers publicly in Swedish court. - **ISP-grade reliability** — Bahnhof is not a niche operator, it's mainstream Swedish telecom infrastructure. - **Pionen bunker** datacenter has cultural and operational significance. - **Swedish jurisdiction** — strong constitutional speech tradition. **Trade-offs** - **Real-name signup required** — Bahnhof is a mainstream ISP, not an anonymous-hosting boutique. - Premium pricing for the spec. - Not Monero-first. **Best for**: established newsrooms and organizations that **can sign up under a corporate identity** and want the highest-reliability Swedish jurisdiction with documented pushback history. ## Side-by-side matrix | Feature | OffshorePress | FlokiNET | OrangeWebsite | 1984 Hosting | Bahnhof | |---------|---------------|----------|---------------|--------------|---------| | DMCA policy | ignore | ignore | ignore | resist | resist | | Jurisdiction | **Iceland + Switzerland** | IS/RO/FI/NL | Iceland | Iceland | Sweden | | No-KYC signup | **Yes** | **Yes** | Yes | Yes | No (KYC) | | Tor-friendly | **Yes** | **Yes** | Yes | Yes | Yes | | Monero | **Yes (first-class)** | Yes | Verify at checkout | Yes | No | | Cash by mail | No | **Yes** | No | No | No | | Crypto-only checkout | **Yes** | No (multi) | No | No | No | | Shared hosting | No | Yes | Yes | Yes | No | | VPS | **From $8/mo** | Yes (~€5–6) | Yes (~$12) | Yes | Yes | | Dedicated | Yes | Yes (~€70+) | Yes (~$100+) | Yes | Yes | | DDoS protection | Verify | Yes | Yes | Verify | Yes | | Founded | TBV | 2012 | 2009 | 2006 | 1994 | | Track record under pressure | New | Reported pushback | Long marketing tenure | 18+ years | **Hosted WikiLeaks; refused data retention** | ## Decision tree by newsroom shape **You're a small independent newsroom (1–5 people) that wants no-KYC + Tor-friendly under one vendor whose marketing names press freedom** → [OffshorePress](/providers/offshorepress). **You're a multi-country project (e.g. cross-border investigative collective) that needs failover between IS / RO / FI / NL** → [FlokiNET](/providers/flokinet). **You're running shared-hosting-style WordPress for a small publication and want explicit free-speech branding** → [OrangeWebsite](/providers/orangewebsite). **You're an established nonprofit or cooperative-aligned newsroom that wants the formal Icelandic ICANN-accredited stack** → [1984 Hosting](/providers/1984hosting). **You're a large organization that can sign up under a corporate identity and want ISP-grade reliability under Swedish jurisdiction** → [Bahnhof](/providers/bahnhof). ## Architectural pattern: separate intake from publication Regardless of which of the five you pick, a newsroom-grade architecture **separates source intake from publication** across providers and jurisdictions: | Layer | Recommended pick | |---|---| | **Source intake** (SecureDrop, Tor onion only, no clearnet IP) | OffshorePress or FlokiNET — both Tor-friendly with no-KYC | | **Publication** (clearnet site users read) | A *different* provider in a *different* jurisdiction — 1984 Hosting, OrangeWebsite, or FlokiNET in a different DC | | **Domain** | [Njalla](/providers/njalla) (owns-on-behalf) — your masthead's WHOIS does not lead back to a journalist's home address | | **Email / source comms** | Infomaniak (Swiss, transparency report) or self-hosted on a no-KYC VPS | The principle: **never share an IP, an account, a payment trail, or an SSH key** between the source-intake side and the publication side. Compromise of the public site should leak nothing about the intake side. Full architecture: [Use case — journalists](/use-cases/journalists) and [Use case — whistleblowers](/use-cases/whistleblowers). ## Operational practices for press-freedom hosting 1. **Pre-publication legal review**: the host can resist invalid takedowns but cannot resist valid court orders. Reduce the proportion of valid orders through pre-publication review. 2. **Documented succession**: if the original organizer is unable to act, who takes over the domain and hosting? Document at signup, not at crisis time. 3. **Backups in a different jurisdiction**: if your primary is FlokiNET, back up encrypted to 1984 Hosting or HostHatch weekly. 4. **Test the migration path**: rehearse a domain transfer, a host migration, and an email-provider switch before you need them. 5. **No personal accounts holding org-critical resources**: domain, hosting, mailing-list infrastructure should be in the org's name (or a privacy-collective's name), not an individual's. ## Related - [/use-cases/journalists](/use-cases/journalists) — full architecture for journalism hosting - [/use-cases/whistleblowers](/use-cases/whistleblowers) — whistleblowing-platform-specific architecture - [/use-cases/activists](/use-cases/activists) — adjacent civil-society infrastructure - [/best/tor-friendly](/best/tor-friendly) — editorial ranking of Tor-relay-friendly hosts - [OffshorePress full review](/providers/offshorepress) - [FlokiNET full review](/providers/flokinet) --- ## FAQ # Which hosting providers ignore DMCA notices? URL: https://notdmca.org/faq#dmca-ignored-hosting --- question: "Which hosting providers ignore DMCA notices?" answer_short: "Hosts that publicly ignore US DMCA notices typically operate from jurisdictions outside the DMCA's reach — Iceland, Romania, the Netherlands, the Seychelles or Russia. Established options include FlokiNET, OrangeWebsite (both Iceland) and Njalla (registrar layer, Sweden/Nevis). All comply with their local law; none are 'lawless'." category: "DMCA" order: 1 last_updated: "2026-05-12" --- ## Long answer The US Digital Millennium Copyright Act (DMCA) creates a notice-and-takedown regime that binds **US-based service providers** under threat of losing their safe-harbor protection. A host outside the US is **not** subject to that regime as a matter of law — the DMCA's statutory effect stops at the US border. In practice, the providers most commonly cited as "DMCA-ignored" fall into one of three groups: 1. **Iceland-based hosts** (e.g. [FlokiNET](/providers/flokinet), [OrangeWebsite](/providers/orangewebsite), [1984 Hosting](/providers/1984hosting)). Iceland has no DMCA-equivalent statute and a strong constitutional speech tradition. 2. **Mixed Nordic / offshore registrars** (e.g. [Njalla](/providers/njalla), incorporated in Nevis, operating in Sweden) that own domains on your behalf so the takedown chain is broken at the registrant level. 3. **Eastern European or Asian hosts** in Russia, Bulgaria, Moldova, Malaysia, Seychelles. These vary from credible to "bulletproof" front operations; quality and reliability are uneven. **What all of them have in common**: they still comply with the law of the jurisdiction they operate in. None will host CSAM, malware C2, fraud infrastructure, or content unambiguously illegal where their servers sit. --- # Which VPS providers accept Monero? URL: https://notdmca.org/faq#monero-vps --- question: "Which VPS providers accept Monero?" answer_short: "Njalla and FlokiNET accept Monero as a first-class payment method alongside Bitcoin and cash by mail. BuyVM and OrangeWebsite accept Bitcoin and other crypto but Monero support varies — verify at checkout." category: "Payments" order: 2 last_updated: "2026-05-12" --- ## Long answer Monero (XMR) is the most privacy-preserving widely-accepted cryptocurrency: ring signatures, stealth addresses and confidential transactions hide sender, receiver and amount on-chain. For anonymous-infrastructure use cases it is the strongest payment option. Providers in this directory that accept Monero **as a first-class payment method** (advertised on the checkout page, not just on request): - [Njalla](/providers/njalla) — VPS and domains, deposit-balance model - [FlokiNET](/providers/flokinet) — VPS, shared, dedicated, domains Providers that accept other crypto but where Monero support is inconsistent / requires asking: - [BuyVM](/providers/buyvm) — Bitcoin, Lightning, Litecoin and other; XMR not advertised - [OrangeWebsite](/providers/orangewebsite) — Bitcoin, Litecoin, others; XMR not advertised **Filter view**: see all current providers at [/payments/monero](/payments/monero). --- # Can I register a domain anonymously? URL: https://notdmca.org/faq#anonymous-domain --- question: "Can I register a domain anonymously?" answer_short: "Yes for most gTLDs. Njalla registers the domain in its own name on your behalf so you never appear in WHOIS. 1984 Hosting and FlokiNET offer standard WHOIS privacy services. Country-code TLDs (.is, .de, .fr) typically require verifiable local ID by registry policy and cannot be registered anonymously." category: "Domains" order: 3 last_updated: "2026-05-12" --- ## Long answer Anonymous domain registration depends on three things: the **registrar's policy**, the **registry's policy** for that TLD, and the **payment method** you use. **For gTLDs** (`.com`, `.net`, `.org`, `.xyz`, etc.) the registry does not require identification. You have two paths: 1. **Standard WHOIS privacy** — your data is held by the registrar; the privacy service replaces it in public WHOIS. Offered by 1984 Hosting, FlokiNET, and most modern registrars. Your real identity is still on file with the registrar, accessible by court order. 2. **Owns-on-behalf model** — the registrar registers the domain in **its own name** and grants you usage rights. [Njalla](/providers/njalla) is the canonical example. Your identity is not just hidden from WHOIS — it is not the registrant of record at all. **For ccTLDs** (`.is`, `.de`, `.fr`, `.uk`, `.ca`, etc.) the registry usually requires the registrant to provide verifiable local identification. For example `.is` requires an Icelandic kennitala (national ID number). Anonymous registration of these is generally not possible without significant friction and fronts. **Payment**: combine any of the above with Monero or cash-by-mail to break the financial linkage. A privacy-private domain paid for with a personal credit card is not actually anonymous. --- # What is the difference between DMCA-ignored and bulletproof hosting? URL: https://notdmca.org/faq#dmca-vs-bulletproof --- question: "What is the difference between DMCA-ignored and bulletproof hosting?" answer_short: "DMCA-ignored hosts operate legally in jurisdictions outside the DMCA's reach and decline to act on US copyright notices, but comply with their local law. Bulletproof hosting refers to providers that knowingly host illegal content and resist law enforcement; it is criminal in most jurisdictions. This directory covers DMCA-ignored / privacy-friendly hosts only." category: "DMCA" order: 4 last_updated: "2026-05-12" --- ## Long answer The terms are often confused but mean fundamentally different things. **DMCA-ignored** describes a host that: - Operates from a jurisdiction not subject to the US DMCA. - Declines to act on DMCA notices (or treats them as advisory). - Still complies with the law where its infrastructure sits. - Will pull illegal content (CSAM, malware C2, fraud, content unlawful under local law). **Bulletproof hosting** describes a host that: - Knowingly hosts content that is illegal *somewhere it operates*. - Actively resists or evades law enforcement. - Often runs on stolen / fraudulently-obtained infrastructure. - Is itself the target of criminal prosecution in many jurisdictions. The defining test is *intent* and *legality at the point of hosting*. A provider that says "we ignore US DMCA notices because the DMCA does not apply to us, but we will pull anything illegal under Icelandic law" is a legitimate DMCA-ignored host. A provider that says "we host whatever you want, no questions, even if it violates the law of every country we operate in" is bulletproof — and typically a criminal enterprise. **This directory only covers the first category.** Providers operating in violation of the law of their host jurisdiction are out of scope. --- # Which offshore jurisdictions are best for hosting? URL: https://notdmca.org/faq#offshore-jurisdictions --- question: "Which offshore jurisdictions are best for hosting?" answer_short: "Iceland (no DMCA, strong speech tradition), the Netherlands (permissive but EU-bound), Romania (permissive, EU), Switzerland (privacy-strong), and Nevis or the Seychelles (corporate domiciles). Russia, Belarus and Iran offer the most takedown resistance but carry geopolitical and reliability risks." category: "Jurisdictions" order: 5 last_updated: "2026-05-12" --- ## Long answer There is no single "best" jurisdiction; the right choice depends on your threat model. **For US-rights-holder pressure (DMCA-style copyright)**: Iceland, Romania and the Netherlands are the most common picks among reliable hosts. Iceland has no DMCA equivalent and a strong constitutional speech tradition. Romania and the Netherlands implement EU copyright law but are widely regarded as slower and more skeptical of cross-border takedown attempts than US providers. **For corporate-secrecy and shell-domicile**: Nevis, the Seychelles, the British Virgin Islands and Saint Vincent are common offshore corporate domiciles. The hosting infrastructure usually lives elsewhere; the corporate veil sits offshore. **For maximum geopolitical distance from US/EU pressure**: Russia, Belarus, Moldova, and (historically) Iran. These offer real distance but carry serious downsides: payment-rail sanctions, infrastructure instability, hostile-government risk for your own data, and reputational issues for any business client you serve. **Switzerland** sits in its own category: not offshore in a tax sense, but with strong privacy law, robust legal due process, and a tradition of judicial pushback against bulk surveillance. Best for "I want privacy with a real legal framework I can rely on." For practical recommendations grouped by threat model see [/methodology](/methodology). --- # Which hosts accept cash by mail? URL: https://notdmca.org/faq#cash-by-mail --- question: "Which hosts accept cash by mail?" answer_short: "Njalla and FlokiNET both publish a postal address for cash deposits. This is the most off-grid payment option — no exchange, no card, no on-chain trace. Always send wrapped, never registered (which creates a paper trail), and use a return address you control or a poste-restante." category: "Payments" order: 6 last_updated: "2026-05-12" --- ## Long answer Cash by mail is the most privacy-preserving payment option because it leaves no electronic record at all. Several reputable privacy-focused hosts publish a postal address for it. Providers in this directory that accept cash by mail: - [Njalla](/providers/njalla) — Sweden postal address; deposit balance model - [FlokiNET](/providers/flokinet) — Iceland postal address **Operational tips**: - Send **wrapped, opaque envelope**. Do not write "cash" or the amount on the outside. - Do **not send registered or signed-for**. Registered mail creates a paper trace at both ends. - Do **not use your home return address**. Use a poste-restante, an address you control via mail-forwarding, or omit the return address (some carriers will refuse delivery without one — check first). - Include a **note with your account ID or order reference** so the host can credit the right account. - Currency: the host's checkout page tells you what they accept. Both Njalla and FlokiNET accept EUR and USD; check before sending other currencies. - Loss risk is real. Treat cash mail like a deposit — send what you can afford to lose if the envelope is intercepted. --- # What is the best DMCA-ignored hosting provider in 2026? URL: https://notdmca.org/faq#best-dmca-ignored-2026 --- question: "What is the best DMCA-ignored hosting provider in 2026?" answer_short: "FlokiNET (Iceland / Romania / Finland / Netherlands) is our top overall pick — explicit free-speech mission, multi-jurisdiction, accepts Monero and cash by mail. For domain registrar layer specifically, Njalla. For maximum value, HostSailor or BuyVM (Luxembourg). Full ranking at /best." category: "Recommendations" order: 7 last_updated: "2026-05-12" --- ## Long answer Our top pick for 2026 is **[FlokiNET](/providers/flokinet)** for general DMCA-ignored hosting. It scores highest on the combination of metrics that matter most for this category: multi-jurisdiction infrastructure (failover options if one DC attracts pressure), explicit free-speech mission in published policy, anonymous signup, Monero and cash-by-mail support, and a track record of over a decade. For specific use cases the answer changes: - **Best registrar (anonymous domain)**: [Njalla](/providers/njalla) — registers the domain in its own name on your behalf. - **Best for crypto-only / Monero-only signup**: [Privex](/providers/privex) — fiat is not even an option. - **Best low-cost VPS**: [BuyVM (Luxembourg)](/providers/buyvm) or [HostSailor](/providers/hostsailor) — both well below market price. - **Best for legal track record under pressure**: [PRQ](/providers/prq) (Pirate Bay's old host) or [Bahnhof](/providers/bahnhof) (WikiLeaks' Pionen DC). - **Best Iceland-only**: [1984 Hosting](/providers/1984hosting) (full stack) or [OrangeWebsite](/providers/orangewebsite) (free-speech branding). Full ranked list with reasoning for each pick: [/best](/best). --- # Iceland vs Sweden vs Romania for hosting — what's the difference? URL: https://notdmca.org/faq#iceland-vs-sweden-vs-romania --- question: "Iceland vs Sweden vs Romania for hosting — what's the difference?" answer_short: "Iceland: outside EU, no DMCA, strongest jurisdictional posture but expensive and limited capacity. Sweden: EU member with the longest free-speech-host track record (PRQ, Bahnhof) but EU-bound. Romania: EU member with notably slower copyright enforcement and the best price-per-spec; lower brand visibility." category: "Jurisdictions" order: 8 last_updated: "2026-05-12" --- ## Long answer The three jurisdictions sit on a spectrum: **[Iceland](/jurisdictions/iceland)** is the strongest jurisdictional posture — it is not party to the US DMCA, not in the EU, and has a strong constitutional speech tradition. It is also the most expensive (small market, high operating costs) and has limited datacenter capacity. Best for the publishing layer where jurisdiction matters more than cost. **[Sweden](/jurisdictions/sweden)** is the cradle of modern free-speech hosting — PRQ (founded by Pirate Bay co-founders, raided multiple times, still operational) and Bahnhof (hosted WikiLeaks at the Pionen bunker, refused EU data retention). It is an EU member, so the DSA notice-and-action regime applies, but Swedish courts have a track record of skepticism toward bulk takedowns. Best for combining jurisdictional posture with a real legal track record. **[Romania](/jurisdictions/romania)** is the value-tier alternative — EU member, EU connectivity, but notably slower copyright enforcement than Germany / France / NL. Lower brand visibility than Sweden or Iceland. Best for cost-sensitive workloads where the offshore posture is one variable among several. For a head-to-head spreadsheet view, see [/jurisdictions](/jurisdictions). --- # Njalla vs 1984 Hosting — which should I pick? URL: https://notdmca.org/faq#njalla-vs-1984 --- question: "Njalla vs 1984 Hosting — which should I pick?" answer_short: "Pick Njalla if your priority is domain anonymity (Njalla owns the domain on your behalf, so you never appear in WHOIS at all). Pick 1984 Hosting if you want a full Iceland-jurisdiction stack — domain, shared/VPS hosting, and email — under a long-running ICANN-accredited cooperative." category: "Comparisons" order: 10 last_updated: "2026-05-12" --- ## Long answer The two providers solve adjacent problems with different shapes. **[Njalla](/providers/njalla)** is primarily a registrar (with a small VPS line). Its differentiating feature is that **it registers the domain in its own name** and grants you usage rights. Your identity is not just hidden by privacy service — you are not the registrant of record at all. This is the strongest practical defense against WHOIS-driven adversaries (process servers, doxers, civil claimants). **[1984 Hosting](/providers/1984hosting)** is a full-stack Icelandic hosting cooperative. Domains, shared, VPS, dedicated, email — all under Icelandic law. It is an ICANN-accredited registrar in its own right. WHOIS privacy is offered, but the registrant of record is **you** (under privacy proxy). **Pick Njalla if**: domain anonymity is the most important thing; you also need a small VPS but not a managed shared-hosting environment; you want the strongest available "I am not the registrant" posture. **Pick 1984 Hosting if**: you want one provider for the whole stack (domain + website + email + VPS); you want a longer track record (since 2006); you want cooperative governance rather than a privately-held company; you do not need the owns-on-behalf model. **Both** accept anonymous signup, both ignore baseless DMCA notices, both accept crypto. Pricing is comparable for like-for-like products. --- # Where can I get bulletproof hosting? URL: https://notdmca.org/faq#bulletproof-hosting-list --- question: "Where can I get bulletproof hosting?" answer_short: "This directory does not list bulletproof hosting. 'Bulletproof' specifically means hosts that knowingly host illegal content and resist law enforcement, which is a criminal category in most jurisdictions. We list DMCA-ignored hosts — providers that operate legally in jurisdictions outside the DMCA's reach but still comply with local law." category: "DMCA" order: 11 last_updated: "2026-05-12" --- ## Long answer The term "bulletproof hosting" is often confused with "DMCA-ignored hosting", but they mean fundamentally different things: - **DMCA-ignored hosting** is legal. It refers to providers that operate from jurisdictions outside the US DMCA's reach (Iceland, Sweden, Romania, Netherlands) and decline to act on US copyright takedown notices because those notices have no statutory effect in their jurisdiction. They still comply with their local law. - **Bulletproof hosting** is criminal. It refers to providers that knowingly host content illegal in their operating jurisdiction (CSAM, malware infrastructure, fraud, etc.) and actively evade law enforcement. Operators have been prosecuted in Russia, Estonia, Ukraine, the Netherlands and the United States, among others. If you are looking for bulletproof hosting because you are running content that is illegal in your home jurisdiction *and* in the proposed host's jurisdiction, **stop**. There is no recommendation that does not put you and the host operator at substantial criminal risk. If you are looking for DMCA-ignored hosting because you are running content that is legal where your host operates but attracts US-style takedown notices anyway (independent journalism, controversial-but-legal speech, archive projects, deplatformed legitimate businesses), see our [methodology](/methodology) and the full [provider directory](/providers). This distinction matters legally and practically — confusing the two leads to bad host choices and bad legal outcomes. --- # Can I use Cloudflare in front of a DMCA-ignored host? URL: https://notdmca.org/faq#cloudflare-and-dmca --- question: "Can I use Cloudflare in front of a DMCA-ignored host?" answer_short: "Technically yes, but Cloudflare has its own takedown criteria independent of your origin host's DMCA posture. Cloudflare has dropped customers (Daily Stormer, Kiwi Farms) for non-DMCA reasons. If your strategy requires DMCA resistance, do not rely on Cloudflare as your only edge layer — use a CDN in your host's jurisdiction or self-host the edge." category: "Operations" order: 12 last_updated: "2026-05-12" --- ## Long answer Cloudflare is the most popular CDN / reverse proxy on the internet. Many sites that worry about DMCA exposure put Cloudflare in front of their origin to absorb traffic and hide the origin IP. This works — until it doesn't. **What Cloudflare does well**: - Hides your origin IP from the public, so DDoS and casual recon are blunted. - Forwards DMCA notices to the origin rather than acting on them itself. - Provides massive bandwidth at low marginal cost. **Where Cloudflare's interest diverges from yours**: - Cloudflare has its own ToS and AUP, which cover **a much broader category than DMCA**. They have terminated customers for hate-speech reasons (Daily Stormer, 2017), targeted-harassment reasons (Kiwi Farms, 2022), and other content-policy reasons unrelated to copyright. - When Cloudflare terminates you, your origin IP is exposed simultaneously — every party that wanted your origin IP now has it from public DNS records. - Cloudflare is US-headquartered and subject to US legal process, including subpoenas for customer information. **Practical recommendation**: - If your DMCA-resistance strategy depends on hiding the origin, **don't rely solely on Cloudflare**. Use a privacy-aligned reverse proxy (e.g. self-hosted CDN on a second offshore VPS) as a fallback you can switch to if Cloudflare drops you. - Keep DNS configuration ready to point directly at the origin if you need to bypass Cloudflare. - Don't use Cloudflare's own DNS for sensitive sites — your DNS history is on file with them. - For the highest-stakes use cases (hidden services, source-protection journalism), skip Cloudflare entirely and serve directly from the offshore VPS. The pattern that fails is: "Cloudflare in front of a permissive host, never tested switching it off." Test the failover regularly. --- # Are offshore VPN providers the same as offshore hosting? URL: https://notdmca.org/faq#offshore-vpn-providers --- question: "Are offshore VPN providers the same as offshore hosting?" answer_short: "No. VPN providers (Mullvad, IVPN, ProtonVPN) sell client-side privacy: you're a customer of theirs and they hide your traffic from your local ISP. Offshore hosts sell server-side infrastructure: you operate a service from their datacenter. Different threat models, different vendors. This directory covers offshore hosting only." category: "Definitions" order: 13 last_updated: "2026-05-12" --- ## Long answer The two are often grouped together because both involve "offshore" companies and both offer some flavor of privacy, but they are different products solving different problems: **VPN providers** (Mullvad, IVPN, ProtonVPN, Windscribe, etc.): - You are the **end user**. - The provider hides your home IP from the sites you visit, and hides your traffic content from your local ISP. - They run the servers; you don't. - Privacy depends on the provider's no-log practices and jurisdictional posture. **Offshore hosts** (the providers in this directory): - You are the **operator**. - You deploy a service on their infrastructure that *other people* connect to. - You run the workload; they provide the infrastructure. - Privacy of your customers depends on what you do; privacy of your *operation* depends on the host's anonymity practices. A site can use both: you might *operate* a service hosted at FlokiNET and *connect* to it (for management) over a Mullvad VPN. They are not substitutes. For VPN provider recommendations, this directory does not have an opinion — see Privacy Guides or That One Privacy Site for that category. --- # Dedicated server vs VPS — does it matter for anonymity? URL: https://notdmca.org/faq#dedicated-vs-vps-anonymity --- question: "Dedicated server vs VPS — does it matter for anonymity?" answer_short: "Mostly no. Both leave the host with full control over the physical layer. A dedicated server gives you better isolation against noisy-neighbor side-channels, but neither prevents the host from imaging your disk under court order. For real anonymity, the host's jurisdiction and willingness to resist matters far more than VPS-vs-dedicated." category: "Operations" order: 14 last_updated: "2026-05-12" --- ## Long answer The intuition "dedicated server is more private than VPS" is partly true and mostly irrelevant. **What dedicated does give you**: - **Hardware isolation**: no shared CPU, no shared RAM, no shared disk. Side-channel attacks from co-tenants are impossible because there are no co-tenants. - **More control over hardware-level secrets**: TPM, IPMI, full BIOS access (sometimes). - **No hypervisor**: the host can't snapshot your VM through a hypervisor API, but they can still pull the disk. **What dedicated does NOT give you**: - The host still has **physical access** to the machine. They can image the disk, intercept network traffic, install hardware implants. None of this requires hypervisor-level access. - **Power state**: the host can power-cycle the machine. If you have full-disk encryption, this means the disk is at rest and the data is protected — but the same is true of an encrypted VPS. - **Jurisdictional protection**: a dedicated server in a US datacenter is just as DMCA-bound as a VPS in the same datacenter. **What actually moves the needle on anonymity**: 1. **Host's jurisdiction**: are they likely to honor a takedown / disclosure request? 2. **Host's signup process**: is your real identity on file with them? 3. **Payment**: did you pay in a way that leaves a fiat-rail trace? 4. **Disk encryption**: is data at rest readable when powered off? 5. **Operational hygiene**: do you log in over Tor, separate identities, minimize on-host secrets? Dedicated vs VPS is a tier-3 concern compared to those. **Where dedicated does matter**: if your threat model includes a sophisticated adversary willing to mount a side-channel attack from a co-tenant VM, dedicated is required. For 99% of use cases (DMCA resistance, journalism, privacy-preserving infrastructure), a properly configured VPS is fine. --- # What is the cheapest anonymous VPS in 2026? URL: https://notdmca.org/faq#anonymous-vps-cheap --- question: "What is the cheapest anonymous VPS in 2026?" answer_short: "AlexHost (Moldova) and HostHatch (multi-jurisdiction) both offer entry KVM VPS from ~$2-4/month with no-KYC signup and crypto payment. BuyVM Luxembourg ~$2/mo is also competitive but its US locations are DMCA-bound. For sub-$5/mo with explicit DMCA-ignored marketing, AlexHost is the headline pick." category: "Recommendations" order: 15 last_updated: "2026-05-12" --- ## Long answer The cheapest options that combine **no-KYC signup + crypto payment + non-US datacenter** in May 2026: - **[AlexHost (Moldova)](/providers/alexhost)**: from ~$4/mo for 1 vCPU / 1 GB RAM. Explicit DMCA-ignored marketing, non-EU jurisdiction. - **[HostHatch (IS / RO / FI / NL / SE)](/providers/hosthatch)**: from ~$2/mo (annual prepay) for 1 vCPU / 1 GB RAM. Pick a non-US DC for DMCA resistance. - **[BuyVM Luxembourg](/providers/buyvm)**: from ~$2/mo for the entry Slice. Luxembourg DC is the takedown-resistant pick. - **[HostSailor (Romania)](/providers/hostsailor)**: from ~$5/mo. Slightly more than the cheapest options but explicit DMCA-ignored marketing. For any of these, plan to also pay for backups and possibly a domain — total monthly cost for a comfortable anonymous personal infrastructure is typically $5-15/mo even at the cheap end. If you want the cheapest *and* Monero-as-default-payment, [Privex](/providers/privex) at ~$8/mo is the pick — slightly more expensive but built for crypto-native use. --- # Is HostHatch DMCA-ignored? URL: https://notdmca.org/faq#hosthatch-dmca --- question: "Is HostHatch DMCA-ignored?" answer_short: "It depends on the datacenter. HostHatch is a multi-jurisdiction VPS provider; its non-US locations (Iceland, Romania, Finland, Sweden, the Netherlands) operate under local law and do not auto-act on US DMCA notices. Its US locations are subject to the DMCA. The provider does not market 'DMCA-ignored' as a brand identity but is content-permissive in non-US datacenters." category: "Provider FAQ" order: 16 last_updated: "2026-05-12" --- ## Long answer [HostHatch](/providers/hosthatch) does not advertise itself as a DMCA-ignored host. It is a global low-end-VPS provider with 15+ datacenter locations, and its DMCA exposure varies sharply by where you choose to deploy: - **Iceland, Finland, Romania, Sweden** locations: low DMCA exposure (no statutory DMCA effect under local law). Comparable to FlokiNET or HostSailor. - **Netherlands**: medium exposure (EU DSA applies). - **Germany, UK**: high exposure (active copyright enforcement). - **United States** (multiple DCs): full DMCA exposure. For takedown-resistance purposes, **pick an Iceland, Romania or Finland location** at order time. The TOS is global; the legal exposure is local. If your priority is explicit "DMCA-ignored" marketing copy and a published per-DC AUP, [FlokiNET](/providers/flokinet) is more aligned. HostHatch's strength is **value** (entry tier from ~$2/mo annual) and **geographic spread** (more locations than any other directory provider) rather than aggressive offshore marketing. --- # Switzerland vs Iceland — which is better for privacy hosting? URL: https://notdmca.org/faq#swiss-vs-icelandic-hosting --- question: "Switzerland vs Iceland — which is better for privacy hosting?" answer_short: "Iceland offers stronger anonymous-signup options and is cheaper; Switzerland offers stronger legal due process and higher reliability but limited anonymous-signup. For maximum anonymity pick Iceland (FlokiNET / 1984). For maximum legal predictability with real-name signup, pick Switzerland (Infomaniak). The combination of both is also viable for serious operators." category: "Comparisons" order: 17 last_updated: "2026-05-12" --- ## Long answer The two are often grouped together as "non-EU European privacy jurisdictions," but they solve different problems. **[Iceland](/jurisdictions/iceland)**: - Anonymous-signup-friendly: multiple providers offer no-KYC. - Cheaper than Switzerland. - Strong free-speech tradition (IMMI legacy). - Smaller infrastructure base. **[Switzerland](/jurisdictions/switzerland)**: - Most signups require real-name identification (regulated companies). - Premium pricing. - Higher reliability and SLA quality. - Strongest constitutional privacy framework in Europe. - Robust judicial due process. **Pick Iceland if**: signup anonymity is non-negotiable; you want the lowest viable cost for non-EU European hosting; brand recognition of free-speech-positioned hosts matters. **Pick Switzerland if**: you want maximum legal predictability and reliability; you can accept real-name signup; cost is not the dominant constraint. **Pick both** (multi-jurisdiction): publishing layer in Iceland (anonymous, free-speech), org-level email/storage in Switzerland (transparency reports, procedural rigor). This is the pattern most credible non-trivial operations use. Full head-to-head comparison: [Iceland vs Switzerland vs Sweden](/guides/iceland-vs-switzerland-vs-sweden). --- # What does 'anonymous hosting' actually mean? URL: https://notdmca.org/faq#anonymous-hosting-meaning --- question: "What does 'anonymous hosting' actually mean?" answer_short: "It typically means: signup that does not require government ID (no-KYC), payment that does not link to your real identity (Monero, cash, anonymous Bitcoin), and a hosting jurisdiction that won't readily disclose your account information. Different providers solve different parts of this — true end-to-end anonymity requires combining all three." category: "Definitions" order: 18 last_updated: "2026-05-12" --- ## Long answer "Anonymous hosting" is a marketing term that means slightly different things depending on who's using it. The components are: 1. **Anonymous signup** — the provider does not require government ID, address verification or biometric matching. 2. **Anonymous payment** — the payment leaves no link between your real identity and the hosting account (Monero is the strongest, cash by mail is also strong, Bitcoin from a wallet you control is medium). 3. **Provider posture** — the provider will not readily disclose account information under legal process, OR is in a jurisdiction where such disclosure is hard to compel. 4. **Operator hygiene** — you don't break your own anonymity by logging in over your home IP, using a real-name email, or storing real-name keys on the box. A provider can offer (1) and not (2) — many providers accept anonymous signup but only fiat-rail payment, which then identifies you at the payment processor. A provider can offer (1) and (2) but be in a jurisdiction that complies with disclosure requests, undermining (3). And even with (1) (2) (3) all in place, **(4) is up to you**. For end-to-end anonymity, the canonical setup is: - Sign up over Tor, with a throwaway email. - Use [Privex](/providers/privex), [Njalla](/providers/njalla) or [FlokiNET](/providers/flokinet) (all offer (1) and (2) and operate in posture-(3) jurisdictions). - Manage the server only over Tor / a trusted VPN. - Run full-disk encryption. - Don't store real-name secrets on the host. For the operational playbook see [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero). --- # What does 'offshore hosting' mean? URL: https://notdmca.org/faq#offshore-meaning --- question: "What does 'offshore hosting' mean?" answer_short: "Hosting infrastructure operated outside your home jurisdiction — typically in a country with stronger privacy law, weaker reciprocal copyright enforcement, or favorable corporate secrecy. 'Offshore' is relative to where you and your adversaries are: an Icelandic host is offshore for a US-based customer; a US-based customer using a US host is on-shore." category: "Definitions" order: 19 last_updated: "2026-05-12" --- ## Long answer "Offshore" in hosting borrows the term from offshore banking — infrastructure deliberately placed in a jurisdiction other than where the customer (or the customer's adversaries) sits, in order to gain a legal-distance advantage. The benefit comes from the **gap between your jurisdiction and your host's jurisdiction**, not from any inherent property of "offshoreness." Common offshore hosting jurisdictions (and what they offer): - **[Iceland](/jurisdictions/iceland)**: no DMCA, EFTA not EU, strong free-speech tradition. - **[Switzerland](/jurisdictions/switzerland)**: non-EU, robust constitutional privacy, judicial due process. - **[Sweden](/jurisdictions/sweden)**: EU member with the longest free-speech-host track record. - **[Netherlands](/jurisdictions/netherlands)**: EU member, AMS-IX hub, mid-tier offshore posture. - **[Romania](/jurisdictions/romania)**: EU member, slower copyright enforcement, value tier. - **[Norway](/jurisdictions/norway)**: Nordic non-EU, low-attention. - **[Moldova](/jurisdictions/moldova)**: cheap non-EU European, geopolitical risk. - **[Malaysia](/jurisdictions/malaysia)**: non-Western diversification. - **Nevis, Belize, BVI, Saint Vincent**: corporate-domicile rather than infrastructure-jurisdiction; the actual servers usually live elsewhere. Note that "offshore" is **relative to your situation**. A US-resident using an Icelandic host is offshore; an Icelandic resident using the same host is on-shore. The legal advantage flows from the gap. --- # What's the difference between a registrar and a hosting provider? URL: https://notdmca.org/faq#registrar-vs-host --- question: "What's the difference between a registrar and a hosting provider?" answer_short: "A domain registrar registers your domain with the relevant registry; it doesn't host content. A hosting provider runs the servers your content lives on. You usually need both, often from different providers. The registrar holds your domain identity; the host holds your content." category: "Definitions" order: 20 last_updated: "2026-05-12" --- ## Long answer The two roles are different and confusing them leads to bad architecture decisions: **Domain registrar**: - Registers your domain (`example.com`) with the registry that controls the TLD (e.g. Verisign for `.com`). - Holds your registrant data (name, email, address). - Manages WHOIS visibility, transfer locks, DNSSEC. - Examples in this directory: [Njalla](/providers/njalla) (owns-on-behalf), [1984 Hosting](/providers/1984hosting) (ICANN-accredited). **Hosting provider**: - Runs the actual server (VPS, dedicated, shared) where your code and data live. - Has root access to the machine; can image disks, capture network traffic, etc. - Examples in this directory: [FlokiNET](/providers/flokinet), [BuyVM](/providers/buyvm), [HostHatch](/providers/hosthatch), [Privex](/providers/privex), and many more. **Why split them**: 1. **Different threat surfaces**: an adversary attacking your registrar (to seize the domain) is using a different attack than one attacking your host (to seize the content). Different jurisdictions, different best operators. 2. **Better specialization**: Njalla is the best owns-on-behalf registrar but is not a hyperscale VPS host; [Privex](/providers/privex) is a great no-KYC VPS but doesn't register domains. 3. **Resilience**: if your host is pulled, you can re-deploy elsewhere and re-point DNS — but only if your registrar is still cooperating. A common credible architecture: **Njalla domain + FlokiNET VPS + Cloudflare or self-hosted CDN**. Three different providers, three different jurisdictions if you pick well. See also the [decision framework guide](/guides/choose-dmca-ignored-host). --- # Should I file a DMCA counter-notice? URL: https://notdmca.org/faq#dmca-counter-notice --- question: "Should I file a DMCA counter-notice?" answer_short: "Counter-notices apply in the US safe-harbor regime (DMCA Section 512). If your content was removed by a US provider acting on a notice, a counter-notice can restore it but exposes your real identity to the original notifier. If you're using a non-US DMCA-ignored host, the question doesn't arise — the notice has no statutory effect to begin with." category: "DMCA" order: 21 last_updated: "2026-05-12" --- ## Long answer A DMCA counter-notice is a US-specific procedural mechanism. Under DMCA Section 512(g), if your content has been removed in response to an infringement notice, you can submit a counter-notice asserting that the removal was wrongful. The original notifier then has 14 days to file a court action; if they don't, the content is restored. **The catch**: filing a counter-notice **legally requires you to provide your real name, address and consent to US federal court jurisdiction.** This blows your anonymity, exposes your real identity to the notifier (and their lawyers), and waives your ability to contest US jurisdiction over the dispute. For most offshore-hosted projects, this is the wrong tool: - If you are hosted on a [DMCA-ignored provider](/best), the original DMCA notice has no statutory effect — there is no removal to counter. - If you are hosted on a US provider that already removed content, a counter-notice may restore the content but at the cost of identity exposure. - Filing a counter-notice from anonymous infrastructure with a fake identity is **perjury** under US federal law; do not do this. **The right answer is usually**: 1. Move the content to a non-US, DMCA-ignored host. 2. Re-publish under different infrastructure that the same notifier cannot easily target. 3. Document the takedown attempt as part of your project's history. If you do believe the takedown was clearly improper *and* you have the legal resources to defend against a US court action, talk to a lawyer (not this directory) before filing a counter-notice. --- # Are Seychelles, Belize and Nevis good hosting jurisdictions? URL: https://notdmca.org/faq#seychelles-belize-nevis --- question: "Are Seychelles, Belize and Nevis good hosting jurisdictions?" answer_short: "These are corporate-domicile jurisdictions, not hosting-infrastructure jurisdictions. Companies incorporate there for legal-entity reasons, but the actual servers usually live elsewhere (Iceland, NL, EU). Njalla is incorporated in Nevis but operates from Sweden; Privex is incorporated in Belize but operates from SE/FI/CZ. The corporate veil sits offshore; the infrastructure does not." category: "Jurisdictions" order: 22 last_updated: "2026-05-12" --- ## Long answer The "exotic offshore" jurisdictions in the hosting world (Seychelles, Belize, Nevis, BVI, Saint Vincent and the Grenadines, Cayman Islands, etc.) play a different role from infrastructure jurisdictions like Iceland or Switzerland. **Corporate-domicile jurisdictions** are where the legal entity that owns the hosting business is registered. This affects: - Who can sue the company and in what court. - What disclosure obligations the corporate parent has. - What reporting (tax, financial, beneficial-ownership) it owes. **Infrastructure jurisdictions** are where the actual physical servers sit. This affects: - Whose copyright law applies to the hosted content. - Who can compel a server image. - Whose data-protection law governs customer data on the box. The two are usually different. Two examples from this directory: - **[Njalla](/providers/njalla)**: incorporated in **Nevis** (Saint Kitts and Nevis); operates from **Sweden**. The Nevis corporate veil makes the company harder to sue in unfavorable courts; the Swedish operating presence is what determines the day-to-day legal posture for hosted content. - **[Privex](/providers/privex)**: incorporated in **Belize**; operates from **Sweden, Finland, Czech Republic and the US**. Same pattern — corporate-secrecy domicile + actual-infrastructure jurisdictions. For hosting decisions, **infrastructure jurisdiction matters more than corporate domicile in most cases**. A "Seychelles-hosted" claim from a provider whose actual servers are in Germany is misleading; the German law applies. When evaluating offshore-marketed hosts, always check **where the data center actually is**, not just where the company is registered. --- # Does the EU Digital Services Act (DSA) affect DMCA-ignored hosting? URL: https://notdmca.org/faq#eu-dsa-impact --- question: "Does the EU Digital Services Act (DSA) affect DMCA-ignored hosting?" answer_short: "Yes for EU-based hosts. The DSA imposes notice-and-action obligations on online intermediaries serving EU users; EU-based hosts (NL, RO, SE, DE, FR) must implement formal procedures. Non-EU hosts (Iceland, Switzerland, Norway, Moldova, Malaysia) are not directly bound except above 'very large platform' size thresholds." category: "Jurisdictions" order: 23 last_updated: "2026-05-12" --- ## Long answer The EU [Digital Services Act](/glossary#digital-services-act) (in force from 2024) is the EU's modernized framework for regulating online intermediaries. For DMCA-ignored hosting purposes, three things matter: 1. **EU-based hosts must implement formal notice-and-action procedures.** This means [AbeloHost (NL)](/providers/abelohost), [HostSailor (RO)](/providers/hostsailor), [FlokiNET (NL/RO/FI deployments)](/providers/flokinet), [Bahnhof (SE)](/providers/bahnhof), and others now process complaints under DSA-aligned procedures. Procedurally heavier than DMCA, but procedurally heavier in a way that **requires properly documented complaints** — speculative bulk filings face a higher bar. 2. **Non-EU hosts are not directly bound** unless they are "very large online platforms" (VLOPs) — a threshold ~45M monthly EU users — or are operating an addressed service to EU users. For typical DMCA-ignored hosts in Iceland, Switzerland, Norway, Moldova, Malaysia, the DSA does not directly apply. 3. **The relative attractiveness of non-EU European jurisdictions has increased.** Iceland (EFTA, not EU), Switzerland (non-EU), Norway (EFTA), Moldova (non-EU candidate) are relatively more attractive in 2026 than they were in 2020 because EU venues now carry DSA obligations they didn't have. **Practical implications for operators**: - For a non-VLOP-scale operation, picking an Iceland or Switzerland host neutralizes most DSA exposure. - For an EU-based host, the **procedural rigor required by DSA can actually be a feature** — bulk takedown spam is harder to enforce when the recipient must follow a formal procedure. - Some content categories (notably adult, harm-reduction, controversial-political) face additional DSA-side scrutiny; for those, non-EU hosting becomes more important. For a deeper jurisdictional discussion, see [/jurisdictions](/jurisdictions). --- # Should I run full-disk encryption on an offshore VPS? URL: https://notdmca.org/faq#full-disk-encryption-vps --- question: "Should I run full-disk encryption on an offshore VPS?" answer_short: "Yes. Full-disk encryption (LUKS) protects your data when the disk is at rest — the most likely scenario where the provider is compelled to image the disk. It does not protect against live-memory attacks or hypervisor-level snapshots, but it raises the cost of compelled disclosure significantly." category: "Operations" order: 24 last_updated: "2026-05-12" --- ## Long answer Yes, run full-disk encryption (FDE) on any offshore VPS where your data sensitivity warrants it. The threat it actually defends against is well-defined: **FDE protects against**: - **Disk imaging when powered off** — the host can be compelled (or choose) to image your storage. Without FDE, they read every file. With FDE, they get opaque ciphertext. - **Disk theft / mishandling** — physical media leaving the DC, decommissioned drives, etc. - **Casual operator-side curiosity** — sysadmin browsing customer data is much harder. **FDE does NOT protect against**: - **Live-memory attacks** — the FDE key has to live in RAM while the system is running. A hypervisor with VM-introspection capability can read that key. - **Live-snapshot of a running VM** — captures memory + disk in unencrypted form. - **Compromised guest** — if your application is compromised, FDE is irrelevant; the data is decrypted in-process. **Practical FDE on a remote VPS** requires a way to enter the passphrase at boot. Options: - **`dropbear-initramfs`**: SSH into a minimal pre-boot environment, type the passphrase, system continues booting. The most common pattern. - **Mandos / Tang+Clevis**: passphrase stored on a network service you control. - **Hardware-level**: not generally available on VPS; an option for dedicated servers with TPM. For setup steps see the [anonymous VPS guide](/guides/anonymous-vps-monero) section on hardening. For the underlying concept see the [FDE / LUKS glossary](/glossary#full-disk-encryption-fde-luks). **Performance impact** is negligible on modern AES-NI-capable CPUs (most VPS cores). Don't skip FDE for performance reasons; the actual cost is operational complexity (the boot-time passphrase entry). --- # Why use Monero instead of Bitcoin to pay for hosting? URL: https://notdmca.org/faq#monero-bitcoin-difference --- question: "Why use Monero instead of Bitcoin to pay for hosting?" answer_short: "Bitcoin is pseudonymous — every transaction is permanently linked to a public address and traceable through chain analysis. Monero is anonymous by default — sender, receiver and amount are hidden at the protocol level via ring signatures, stealth addresses and RingCT. For privacy-preserving payment to infrastructure providers, Monero is materially stronger." category: "Payments" order: 25 last_updated: "2026-05-12" --- ## Long answer Bitcoin and Monero solve different problems: - **Bitcoin** is a censorship-resistant store of value and payment medium. Transactions are public on a permissionless ledger. Privacy is **not** a property of the protocol; it depends on what you do off-chain. - **Monero** is a censorship-resistant *and privacy-preserving* payment medium. Transactions exist on a public ledger but the sender, receiver and amount are concealed by default at the protocol layer. For paying a hosting provider: - A **Bitcoin payment from a wallet that has any history linked to your real identity** (KYC exchange withdrawal, public donation address, anything) is traceable. Chain-analysis firms specifically map exchange withdrawals to subsequent payments. The hosting provider's payment address is now linked to your identity in their records. - A **Monero payment** from a similarly-history-linked wallet is **not traceable** to the hosting provider. The provider sees a deposit; they cannot see where it came from. Even the sending wallet's owner cannot prove they sent it (a property called "deniable transactions"). **Practical guidance**: 1. If the provider supports Monero (see [/payments/monero](/payments/monero)), use Monero. 2. If the provider only supports Bitcoin, you have two options: - Use Bitcoin Lightning if available — significantly better privacy than on-chain Bitcoin. - Use Bitcoin from a wallet you've **carefully isolated**: never funded from a KYC exchange directly, never reused for anything linked to your real identity. This is harder than it sounds. For high-stakes use cases, Monero is mandatory. For lower-stakes use cases (the host knows your IP anyway because you've SSHed from your home connection), Bitcoin is acceptable. For the operational playbook see [Buying an anonymous VPS with Monero](/guides/anonymous-vps-monero). --- # Is Njalla legit and safe to use? URL: https://notdmca.org/faq#is-njalla-legit --- question: "Is Njalla legit and safe to use?" answer_short: "Yes. Njalla is a legitimate, well-established privacy-focused registrar founded in 2017 by Peter Sunde (Pirate Bay co-founder), incorporated in Nevis with operations in Sweden. It is widely used by journalists, activists and privacy-conscious operators. Standard caveats apply: it is not 'bulletproof' and complies with valid Swedish court orders." category: "Provider trust" order: 30 last_updated: "2026-05-12" --- ## Long answer [Njalla](/providers/njalla) is one of the most-recommended privacy-focused registrars in 2026. Track record: - Founded 2017 by Peter Sunde, with publicly documented business operation in Sweden under a Nevis corporate parent. - 8+ years of continuous operation under the same brand and ownership. - Used by major journalism, activist, and privacy-tech projects — see [/notable-sites](/notable-sites). - Offers an unusual owns-on-behalf domain registration model that is structurally stronger than standard WHOIS privacy. - Accepts Monero, Bitcoin Lightning, cash by mail — full anonymous-payment paths. - Published [legal](https://njal.la/legal/) and [DMCA](https://njal.la/legal/dmca/) policy pages. What "safe" means depends on your threat model: - **Safe from US DMCA-style takedowns**: yes, Njalla doesn't act on DMCA notices. - **Safe from Swedish court orders**: no — Njalla complies with valid Swedish judicial process. They are not "bulletproof". - **Safe from outright criminal investigation**: no — neither is any legitimate provider. Don't use any host in this directory for unambiguously illegal activity. - **Safe from financial loss**: yes, balance/credit model is standard; no reports of payment fraud. For full review see [/providers/njalla](/providers/njalla). --- # Is FlokiNET legit and safe to use? URL: https://notdmca.org/faq#is-flokinet-legit --- question: "Is FlokiNET legit and safe to use?" answer_short: "Yes. FlokiNET is a legitimate Iceland-headquartered hosting provider operating since 2012 with explicit free-speech mission. Multi-jurisdiction infrastructure (IS / RO / FI / NL), accepts Monero and cash by mail. Widely used by Tor relay operators, journalists, and privacy-focused projects." category: "Provider trust" order: 31 last_updated: "2026-05-12" --- ## Long answer [FlokiNET](/providers/flokinet) is a well-established host in the privacy-focused ecosystem. Track record: - Founded 2012 in Iceland; 13+ years of continuous operation. - Multi-country infrastructure: Iceland, Romania, Finland, Netherlands — pick your jurisdiction at order time. - Explicit free-speech / anti-censorship marketing on the home page; published AUP that documents what is and isn't allowed. - Accepts Monero, Bitcoin Lightning, cash by mail. - Reputable in the Tor relay operator community — many operators use FlokiNET for exit nodes. Caveats: - **Not "bulletproof"**: FlokiNET refuses CSAM, fraud, malware infrastructure, and content unambiguously illegal under the local datacenter's law. They publish this explicitly. - **Not the cheapest**: pricing is premium for offshore-marketed hosting. You pay for jurisdiction and posture. - **Smaller fleet than mainstream hosters**: support response time is good but not instant. For full review see [/providers/flokinet](/providers/flokinet). --- # Is BuyVM (Frantech) trustworthy? URL: https://notdmca.org/faq#is-buyvm-trustworthy --- question: "Is BuyVM (Frantech) trustworthy?" answer_short: "Yes for value-tier KVM VPS. BuyVM has operated since 2010 (15+ years) with a strong reputation in the LowEndTalk community for being content-permissive, crypto-friendly, and technically competent. Caveat: US datacenters are DMCA-bound; pick the Luxembourg location for actual takedown resistance." category: "Provider trust" order: 32 last_updated: "2026-05-12" --- ## Long answer [BuyVM](/providers/buyvm) (operated by Frantech Solutions, a Canadian company) is one of the most-recommended low-end VPS providers among privacy-conscious operators. Track record: - Founded 2010; 15+ years of continuous operation. - Long-standing presence on LowEndTalk and other technical communities — extensive public history. - Hosted multiple controversial-but-legal projects after they were dropped by mainstream providers. - Excellent value: $2/month for entry KVM Slice, generous bandwidth allowances. - Accepts Bitcoin, Lightning, Litecoin, Ethereum. Important caveats: - **US datacenter exposure**: BuyVM operates four locations — three US (NY, NV, FL) and one Luxembourg. The US locations are fully DMCA-bound regardless of operator stance. **Pick Luxembourg for any takedown-sensitive workload.** - **Not Monero-first**: Monero isn't advertised as a default payment method. Verify before signup if XMR is required. - **Has dropped customers in the past**: BuyVM has sometimes dropped customers under sustained pressure (Kiwi Farms, others). Their AUP is content-permissive but not unlimited. For full review see [/providers/buyvm](/providers/buyvm). --- # Is 1984 Hosting legit? URL: https://notdmca.org/faq#is-1984hosting-legit --- question: "Is 1984 Hosting legit?" answer_short: "Yes. 1984 Hosting is a long-running (since 2006) Icelandic hosting cooperative — ICANN-accredited registrar, full hosting stack, all on Icelandic infrastructure. Cooperative ownership structure aligns with non-profit / mission-driven users. The longest track record of any Iceland-based privacy-focused host." category: "Provider trust" order: 33 last_updated: "2026-05-12" --- ## Long answer [1984 Hosting](/providers/1984hosting) is one of the most-cited long-running Icelandic hosts. Track record: - Founded 2006 — nearly two decades of continuous operation. - ICANN-accredited registrar (one of the few in this directory). - Cooperative ownership structure (less easily acquired and pivoted than VC-backed competitors). - Full product line: domains, shared, VPS, dedicated, email — all under Icelandic law. - Mission-driven posture (the name references Orwell's 1984). - Powered by Icelandic geothermal/hydro energy. Caveats: - **Not "DMCA-ignored" by marketing**: 1984's posture is "evaluate under Icelandic law" rather than the explicit "we ignore DMCA" stance of FlokiNET / OrangeWebsite. In practice this puts them in a similar takedown-resistance band, but the marketing voice is more reserved. - **`.is` domain registration requires Icelandic ID**: 1984 cannot register `.is` domains anonymously for foreigners (registry policy, not provider choice). Stick to gTLDs. For full review see [/providers/1984hosting](/providers/1984hosting). --- # Is Privex safe and reliable? URL: https://notdmca.org/faq#is-privex-safe --- question: "Is Privex safe and reliable?" answer_short: "Yes for crypto-native users. Privex is a small but well-regarded provider built specifically for the cryptocurrency / privacy-tech community. No-KYC, crypto-only payment, multi-jurisdiction (SE / FI / CZ / US). Operating since 2017. Pick the non-US locations for takedown resistance." category: "Provider trust" order: 34 last_updated: "2026-05-12" --- ## Long answer [Privex](/providers/privex) occupies a specific niche: VPS for users who never want to touch a fiat payment rail. Track record: - Founded 2017; 8+ years operating. - Crypto-only by design (Monero, Bitcoin, Lightning, Hive, EOS, others). No fiat path means no fiat-rail KYC leakage. - Multi-jurisdiction infrastructure: Sweden, Finland, Czech Republic, United States. - Strong reputation in the crypto-self-hosting community (often cited for hosting Hive blockchain witnesses, Bitcoin nodes, etc.). - No-KYC signup with Tor support. Caveats: - **US location is DMCA-bound**: pick Sweden, Finland, or Czech Republic for takedown resistance. - **Smaller scale than commodity VPS providers**: support response time is good but not instant. - **No fiat path**: if you can't or won't get crypto, Privex isn't an option. - **Not advertised for streaming / high-bandwidth controversial content**: read the AUP before high-volume use. For full review see [/providers/privex](/providers/privex). --- # Is running a Tor exit relay legal? URL: https://notdmca.org/faq#is-tor-exit-legal --- question: "Is running a Tor exit relay legal?" answer_short: "In most jurisdictions yes — Tor relay operators benefit from common-carrier-like protections in many places (US, Germany, Netherlands have clearer precedent). But Tor exit operation generates significant abuse mail (DMCA notices, abuse reports) and many hosts forbid it in their AUP. Pick a Tor-friendly host: FlokiNET, Privex, BuyVM Luxembourg, HostHatch non-US." category: "Operations" order: 35 last_updated: "2026-05-12" --- ## Long answer Running a Tor relay is legal in most jurisdictions but operationally complicated. Three different relay roles: - **Guard relay** — clients enter the Tor network through you. Sees client IPs but not destination. Low abuse risk. - **Middle relay** — relays traffic between guard and exit. Sees nothing useful. No abuse risk. - **Exit relay** — traffic exits Tor into the clearnet through you. Receives all DMCA notices and abuse complaints for clearnet traffic that left through your IP. **Substantial abuse mail risk** even when fully legal. Legal status varies: - **United States**: legal; multiple court precedents protecting Tor relay operators. Run by EFF and many universities historically. - **Germany**: legal; specifically protected under common-carrier-like jurisprudence. - **Netherlands**: legal; long history of operator-friendly handling. - **France, UK**: legally murky; operators have faced more aggressive abuse-mail responses but rarely criminal action. - **Russia, China, Iran**: often illegal or de facto blocked at the network level. For exit relay operation in 2026, recommended hosts (per published AUP and Tor relay operator community): - [FlokiNET](/providers/flokinet) — explicit free-speech AUP; well-known in operator community. - [Privex](/providers/privex) — Tor-friendly per AUP. - [BuyVM](/providers/buyvm) Luxembourg — Tor-friendly; high bandwidth allowance. - [HostHatch](/providers/hosthatch) non-US locations — Tor-friendly per most location AUPs. See [/best/tor-friendly](/best/tor-friendly) for the ranked list, and [/glossary#tor-relay-guard-middle-exit](/glossary#tor-relay-guard-middle-exit) for the role definitions. --- # Can a Bitcoin transaction be traced? URL: https://notdmca.org/faq#bitcoin-traceable --- question: "Can a Bitcoin transaction be traced?" answer_short: "Yes. Bitcoin is pseudonymous, not anonymous. Every transaction is permanently recorded on the public blockchain and can be traced through chain analysis. KYC exchange withdrawals, address reuse, and clustering heuristics let firms like Chainalysis link addresses to identities. For privacy-preserving payment use Monero or Lightning, not on-chain Bitcoin." category: "Payments" order: 36 last_updated: "2026-05-12" --- ## Long answer Bitcoin's privacy is often misunderstood. The protocol is **pseudonymous**, not anonymous: - Every transaction is permanently recorded on the public ledger. - Anyone can trace the flow of funds between addresses. - Chain analysis firms (Chainalysis, Elliptic, TRM Labs) maintain databases linking on-chain addresses to off-chain identities, primarily via: - **KYC exchange withdrawals**: when you withdraw from Coinbase/Binance/Kraken, the destination address is now linked to your verified identity. - **Address reuse**: receiving multiple payments to the same address clusters those payments under one identity. - **Heuristics**: combining inputs in a single transaction reveals that addresses share an owner (the "common-input-ownership heuristic"). - **Public donations**: addresses on a public donation page are forever linked to that organization. For paying for hosting where anonymity matters: - **Monero (XMR)** — privacy by default at the protocol layer. Sender, receiver and amount hidden. The strongest available option. See [/payments/monero](/payments/monero). - **Bitcoin Lightning** — meaningfully better than on-chain Bitcoin (onion-routed, channel-state-only). Not as strong as Monero but a good second choice. See [/guides/pay-hosting-lightning](/guides/pay-hosting-lightning). - **Bitcoin on-chain** — only acceptable if your wallet has been carefully isolated from KYC sources. Hard to do correctly. For the strongest setup: **Monero from a wallet funded via cash-in-person** (LocalMonero) or a no-KYC swap. Combined with [/guides/anonymous-vps-monero](/guides/anonymous-vps-monero). --- # Is paying for hosting with cash by mail legal? URL: https://notdmca.org/faq#cash-mail-legal --- question: "Is paying for hosting with cash by mail legal?" answer_short: "Yes in nearly all jurisdictions. Sending cash via standard mail is legal in the US, EU, UK and most other countries. Loss is the main risk, not legality. Avoid amounts that trigger declaration thresholds (typically €10,000 / $10,000 carried physically, but standard mail is generally below regulatory attention)." category: "Payments" order: 37 last_updated: "2026-05-12" --- ## Long answer Mailing cash is legal in most countries: - **US**: legal. The US Postal Service explicitly allows cash in mail. The only caveat is anti-money-laundering reporting if you're a business mailing large sums regularly (under $10K, no declaration). Loss-replacement insurance is limited. - **EU**: generally legal under postal regulations. Intra-Schengen mail moves freely with no declarations. International mail is subject to your country's postal rules. - **UK**: legal. Royal Mail allows cash but doesn't insure against loss. - **Most other developed countries**: similar pattern. What's NOT legal anywhere: - Mailing cash with intent to evade tax obligations. - Mailing cash as part of a money-laundering scheme. - Mailing cash above the customs declaration threshold for cross-border physical transport (this applies to **carrying** cash across borders; postal mail rules are different and generally don't trigger the same thresholds). For paying for hosting: - The amounts involved are tiny ($50-500 typical). Far below any regulatory threshold. - The recipient (the hosting provider) has a published postal address and a legitimate business reason to receive the funds. - The transaction is for a legal service (web hosting). No legal cloud over it. Operational risks are real (loss in mail, theft at destination) but the legal risks are essentially zero in stable jurisdictions. See [/guides/pay-hosting-cash](/guides/pay-hosting-cash) for the operational walkthrough. --- # Will Cloudflare ban me if I host controversial content? URL: https://notdmca.org/faq#will-cloudflare-ban-me --- question: "Will Cloudflare ban me if I host controversial content?" answer_short: "Possibly. Cloudflare has terminated customers for non-DMCA reasons (Daily Stormer 2017, Kiwi Farms 2022). Their AUP covers a broader category than DMCA — hate speech, targeted harassment, certain adult content, etc. If your content is legal-but-controversial, do not rely on Cloudflare as your only edge layer." category: "Operations" order: 38 last_updated: "2026-05-12" --- ## Long answer Cloudflare is not a neutral utility. It is a US-headquartered company with its own content-policy decisions, and it has used those decisions multiple times in high-profile ways: - **2017** — terminated The Daily Stormer (neo-Nazi site) after public pressure following the Charlottesville rally. CEO Matthew Prince publicly expressed discomfort with the precedent. - **2022** — terminated Kiwi Farms (targeted-harassment forum) after sustained advocacy campaigns. - **Various** — terminations for adult content, copyright infringement, malware/phishing infrastructure. These terminations are legal — Cloudflare's TOS reserves broad rights — but they make Cloudflare a **single point of policy failure** for operators of controversial content. When Cloudflare drops you: - Your DNS history at Cloudflare reveals your origin IP to anyone who looked. - Your traffic stops flowing through Cloudflare's edge in seconds. - You have no advance warning typically; the decision is made and executed quickly. - Migration to a replacement edge takes hours-to-days under pressure. If your content is legal-but-controversial: - **Don't use Cloudflare as your only edge**. Have a tested alternative ready (BunnyCDN, self-hosted reverse proxy at offshore VPS). - **Don't put your origin somewhere you'd be ashamed to expose**. Use an offshore host that you'd be fine with publicly. - **Don't host DNS at Cloudflare** for sensitive sites. Move DNS to Njalla, deSEC, or your registrar's DNS. - **Test the failover path before you need it**. For migration playbook see [/guides/migrate-from-cloudflare](/guides/migrate-from-cloudflare). --- # Can I host adult content (porn) on these providers? URL: https://notdmca.org/faq#can-host-porn --- question: "Can I host adult content (porn) on these providers?" answer_short: "Yes on several — but read the AUP first. AbeloHost, FlokiNET, OrangeWebsite, HostSailor and Shinjiru explicitly accept legal adult content. Avoid German hosts (increased age-verification enforcement), French hosts (similar), and US providers (payment-processor pressure cascades). Pay attention to bandwidth pricing — adult is bandwidth-heavy." category: "Operations" order: 39 last_updated: "2026-05-12" --- ## Long answer Hosting legal adult content (consensual, age-verified, lawful in the operating jurisdiction) is supported by several providers in this directory. The specifics matter: **Providers known to accept adult content per AUP**: - [AbeloHost](/providers/abelohost) (Netherlands) — explicit DMCA-ignored streaming/adult marketing. - [FlokiNET](/providers/flokinet) (multi-jurisdiction) — free-speech AUP covers adult. - [OrangeWebsite](/providers/orangewebsite) (Iceland) — explicit free-speech-hosting brand. - [HostSailor](/providers/hostsailor) (Romania) — value-tier offshore. - [Shinjiru](/providers/shinjiru) (Malaysia) — offshore-marketed; verify Malaysian local content rules apply. **Avoid for adult content**: - US-based providers — DMCA + payment-processor pressure. - German hosters — increased age-verification enforcement under both DSA and German national law. - French hosters — similar pattern. - Hyperscalers (AWS / GCP / Azure) — TOS prohibits. **Read the AUP**: Even content-permissive providers sometimes specifically exclude adult. Email pre-purchase: "I am hosting [your specific category]; is this allowed under your AUP? May I have written confirmation?" Get the answer in writing before paying for an annual plan. **Bandwidth realities**: Adult is bandwidth-heavy. A typical adult site moves 5-200 TB/month outbound. Pick a provider with either: - **Unmetered ports** (fixed Mbps allocation) — best for bursty streaming. - **High included transfer** — BuyVM Slices, FlokiNET dedicated, AbeloHost VPS all include generous transfer. **Payment processing is a separate problem**: Customer-payment processing (the way your users pay you) is a separate problem from hosting payment. Visa/Mastercard have tightened adult-merchant policies. Cryptocurrency payment gateways and specialized adult-friendly processors are increasingly common. This directory covers only the hosting layer. For the full guide see [/guides/dmca-ignored-streaming](/guides/dmca-ignored-streaming) and [/use-cases/adult-content](/use-cases/adult-content). --- # Which providers are torrent / seedbox friendly? URL: https://notdmca.org/faq#torrent-seedbox-friendly --- question: "Which providers are torrent / seedbox friendly?" answer_short: "Most non-US providers in this directory tolerate BitTorrent traffic. FlokiNET, OrangeWebsite, AbeloHost, HostSailor and AlexHost explicitly permit it. Pay attention to bandwidth allowances (seedboxes move terabytes monthly) and pick providers with unmetered ports rather than metered transfer." category: "Operations" order: 40 last_updated: "2026-05-12" --- ## Long answer Running a personal seedbox (a server dedicated to BitTorrent for media management, archive, or distribution) is a common use case for offshore hosts. The hosting requirements: 1. **Permissive AUP** — many mainstream hosts forbid torrent traffic. Pick one that explicitly allows it. 2. **High bandwidth** — a moderately-active seedbox moves 1-10 TB outbound per month. 3. **Good per-IP reputation** — torrent traffic generates DMCA notices to the host even when fully legal (open-source ISO seeding, Linux distros, public-domain media). The host needs to handle that without auto-suspending you. **Providers known to be seedbox-friendly per AUP**: - [FlokiNET](/providers/flokinet) (multi-jurisdiction) — explicit free-speech AUP. - [OrangeWebsite](/providers/orangewebsite) (Iceland) — explicit free-speech. - [AbeloHost](/providers/abelohost) (Netherlands) — DMCA-ignored marketing covers torrents. - [HostSailor](/providers/hostsailor) (Romania) — explicit DMCA-ignored. - [AlexHost](/providers/alexhost) (Moldova) — explicit DMCA-ignored. - [BuyVM](/providers/buyvm) Luxembourg — content-permissive (avoid US DCs for torrents). **Avoid**: - US datacenters (any provider) — DMCA bound. - German / French hosts — active enforcement. - Most mainstream hyperscalers (AWS / GCP / Azure / DigitalOcean) — AUP forbids. - Hetzner specifically — historically pulls torrent users. **Operational tips**: - Use a private tracker rather than public for non-public-domain content. - Bind the BitTorrent client to a specific IP if you have multiple. - Monitor the host's abuse mail volume; some hosts forward complaints to you. - Consider VPN-on-VPS pattern: run the BitTorrent client through a VPN even on the seedbox itself, so the host's IP doesn't appear directly. **Legality reminder**: this guidance assumes your torrent activity is legal where you and the host operate. Pirating commercial copyrighted content is illegal in most jurisdictions; offshore hosting changes the practical takedown calculus but not the underlying legal status. --- ## GLOSSARY # ACME (Automated Certificate Management Environment) URL: https://notdmca.org/glossary#acme-automated-certificate-management-environment- --- term: "ACME (Automated Certificate Management Environment)" short: "Open standard (RFC 8555) for automated TLS certificate issuance. The protocol that Let's Encrypt and other free CAs use. Allows clients to prove domain control and obtain certificates without human interaction. The plumbing behind 'free auto-HTTPS'." aka: ["RFC 8555"] --- ## Long form ACME is the protocol that automates TLS certificate issuance. The flow: 1. Client requests a certificate for a domain. 2. CA issues a challenge (e.g. "put this token at `/.well-known/acme-challenge/xyz`" — HTTP-01 — or "publish this TXT record" — DNS-01). 3. Client completes the challenge. 4. CA verifies, issues the certificate. 5. Client installs the certificate. For privacy-focused hosting: - All major free CAs (Let's Encrypt, ZeroSSL, Buypass) use ACME. - All major web servers (Caddy, nginx with certbot, Traefik) implement ACME clients. - DNS-01 challenge enables wildcard certificates and works without exposing port 80/443 publicly — useful for Tor onion services that also need clearnet certs. Recommended 2026 ACME clients: - **Caddy** — automatic, no configuration needed for most cases. - **acme.sh** — shell-script client with broad DNS provider plugin support. - **certbot** — Let's Encrypt's official client. - **lego** — Go-based, popular for embedded use. ACME makes "free, automated, anonymous TLS" the default. There is no remaining business reason to pay a commercial CA for standard TLS certificates as of 2026. --- # ActivityPub URL: https://notdmca.org/glossary#activitypub --- term: "ActivityPub" short: "Open standard (W3C 2018) for federated social networks. The protocol underlying Mastodon, Pixelfed, PeerTube, Lemmy and the broader Fediverse. Lets servers exchange posts, follows and notifications across a decentralized network of independent instances." aka: ["Fediverse protocol","AP"] --- ## Long form ActivityPub is the W3C standard for decentralized social networking. It defines two protocols: - **Server-to-server federation**: how Mastodon talks to Pleroma talks to Misskey, etc. - **Client-to-server**: how a client app talks to a single server. The combined system is the **Fediverse** — a network of independently-operated servers that interoperate. A user on `mastodon.social` can follow accounts on `pixelfed.social` (photos), `peertube.example` (video), or any other ActivityPub-speaking server. For DMCA-ignored hosting purposes, ActivityPub is relevant because: - Self-hosting a Mastodon / Pleroma / Pixelfed / PeerTube instance is the canonical alternative to centralized social platforms. - The federation model means you keep your audience even if any one server goes down. - Privacy-positioned offshore hosts ([FlokiNET](/providers/flokinet), [1984 Hosting](/providers/1984hosting), [HostHatch](/providers/hosthatch)) are increasingly common homes for Fediverse instances. See [/guides/anonymous-mastodon-fediverse](/guides/anonymous-mastodon-fediverse) for the operational guide. --- # Bulletproof hosting URL: https://notdmca.org/glossary#bulletproof-hosting --- term: "Bulletproof hosting" short: "A hosting provider that knowingly hosts content illegal in its operating jurisdiction and actively resists law enforcement. Distinct from DMCA-ignored hosting, which is legal. Bulletproof hosting is criminal in most jurisdictions." aka: ["BPH","bulletproof"] --- ## Long form The term originated to describe hosts used by spam, phishing and malware operators in the 2000s. It refers specifically to providers that accept content that is **illegal where they operate** and that take active measures to evade law enforcement (registering shell companies, using fraudulent infrastructure, jumping jurisdictions when raided, etc.). **Bulletproof hosting is not the same as DMCA-ignored hosting.** A host that operates legally in Iceland, declines to act on US DMCA notices because the DMCA does not apply to it, and pulls anything illegal under Icelandic law is **not** bulletproof — it is a normal host operating under a different legal regime. This directory covers only the latter category. Operators of true bulletproof hosting services have been prosecuted in multiple jurisdictions including Russia, Estonia, Ukraine, the Netherlands and the United States. --- # Colocation (colo) URL: https://notdmca.org/glossary#colocation-colo- --- term: "Colocation (colo)" short: "Renting physical rack space in a third-party datacenter for hardware you own. Sits between dedicated servers (rented hardware in a DC) and on-premises (your own DC). Maximum hardware control with DC-grade power / cooling / connectivity. Niche in 2026 for personal-scale operations." aka: ["colo","colocation hosting"] --- ## Long form Colocation is the deepest level of "self-hosting in someone else's facility". You buy or build your own server, ship it to a colo provider, and rent the rack space + power + cooling + network connectivity. The colo provider doesn't touch your hardware operationally. For DMCA-ignored hosting purposes, colocation is relevant when: - You want **hardware-level control** beyond what dedicated servers provide (custom firmware, weird hardware, HSM-backed key storage). - You want to **physically own** the device that holds your encryption keys. - You operate at a scale where buying hardware + colo costs less than renting. In this directory: - **[Bahnhof](/providers/bahnhof)** — Pionen datacenter in Stockholm; offers colo. - **[1984 Hosting](/providers/1984hosting)** — colo in Iceland. - **[FlokiNET](/providers/flokinet)** — colo in some locations. - **[TerraHost](/providers/terrahost)** — colo in Norway. Trade-offs vs dedicated servers: - **Higher upfront cost**: hardware + shipping + setup vs zero-deposit dedicated rental. - **Hardware failure is your problem**: a dedicated server provider replaces failed disks; with colo, you ship replacements. - **Physical access is harder**: shipping hardware to Iceland for replacement is slower than tickets-to-the-DC. For most personal / small-business privacy use cases, dedicated servers or VPS suffice and are operationally simpler. Colo is for operators with specific hardware-control or cost-at-scale needs. --- # DDoS protection URL: https://notdmca.org/glossary#ddos-protection --- term: "DDoS protection" short: "Network-level defenses against distributed denial-of-service attacks: traffic filtering at the provider's edge to absorb or drop attack traffic before it reaches your server. Standard at most VPS providers in 2026; quality varies by provider and pricing tier." aka: ["DDoS mitigation","anti-DDoS"] --- ## Long form DDoS (distributed denial-of-service) attacks attempt to overwhelm a server with traffic from many sources, making it unavailable to legitimate users. Defenses operate at the network edge — the provider absorbs or filters attack traffic before it reaches your VPS. For privacy-focused hosting in 2026: - **Most providers in this directory** include some level of DDoS protection. The depth varies — entry tiers may handle 1-10 Gbps attacks; premium tiers go to 100+ Gbps. - **Anti-DDoS is particularly important** for high-controversy workloads (free-speech sites, controversial-political content, popular Mastodon instances) which attract attacks more often. - **Cloudflare** is widely used as a DDoS-mitigation edge layer, but for the reasons in our [Cloudflare FAQ](/faq#cloudflare-and-dmca), it is a content-policy actor and should not be the only line of defense. For high-DDoS-risk workloads, look for providers with **explicit per-server DDoS quotas** in their plan tiers (FlokiNET, AbeloHost, BuyVM, OrangeWebsite all have this) rather than relying on generic upstream protection. For the providers in this directory, DDoS-protection status is in each provider's frontmatter. --- # Digital Services Act (DSA) URL: https://notdmca.org/glossary#digital-services-act-dsa- --- term: "Digital Services Act (DSA)" short: "EU regulation (in force from 2024) imposing notice-and-action obligations on online intermediaries. Applies to providers offering services to EU users, including non-EU providers above a size threshold. Spiritually similar to US DMCA but broader in scope." aka: ["DSA","EU DSA"] --- ## Long form The Digital Services Act is the EU's modernized framework for regulating online intermediaries. Compared to the older E-Commerce Directive it replaces, the DSA imposes more concrete obligations: a structured notice-and-action procedure, transparency reporting, internal complaint handling, and special rules for "very large online platforms." For DMCA-ignored hosting purposes, the DSA matters in two ways: 1. **EU hosts are now subject to a notice-and-action regime** that is structurally similar to DMCA safe harbor (notify → host evaluates → host can take action while preserving liability shield). It is not the same as DMCA — the procedural requirements are different, and Member State implementation varies — but EU hosts can no longer treat takedown notices as advisory. 2. **Non-EU hosts serving EU users** can fall within scope above certain size thresholds, blunting the "operate from Iceland, ignore EU notices" strategy for very large operations. For typical small / medium operations using providers like FlokiNET, OrangeWebsite or Njalla, DSA exposure is limited but not zero. For larger operations the analysis is more nuanced; consult counsel familiar with EU intermediary liability. --- # DMCA (Digital Millennium Copyright Act) URL: https://notdmca.org/glossary#dmca-digital-millennium-copyright-act- --- term: "DMCA (Digital Millennium Copyright Act)" short: "US federal copyright law (1998) that creates a notice-and-takedown regime binding on US-based service providers. Section 512 grants safe-harbor protection if the provider acts on infringement notices. The DMCA has no statutory effect outside the US." aka: ["Digital Millennium Copyright Act","DMCA notice","DMCA takedown"] --- ## Long form The DMCA is the principal US copyright statute governing online intermediaries. Section 512 ("safe harbor") protects service providers from liability for user-uploaded content if they act on validly-formatted infringement notices. The system is widely abused — automated takedown bots issue tens of millions of notices per year, many invalid — which is why providers in jurisdictions not bound by the DMCA often choose to evaluate complaints under their own local law instead of acting on every notice. **Important**: the DMCA does not bind providers outside the US. A US rightsholder can send a DMCA notice to an Icelandic host, but the host has no statutory obligation to act on it. They may choose to comply, ignore, forward, or evaluate under Icelandic law. --- # DNSSEC URL: https://notdmca.org/glossary#dnssec --- term: "DNSSEC" short: "DNS Security Extensions — cryptographic signing of DNS records to prevent forgery. Protects against DNS poisoning and man-in-the-middle attacks at the DNS layer. Supported by most modern registrars; requires both registrar and DNS-host cooperation." aka: ["DNS Security Extensions"] --- ## Long form DNSSEC adds cryptographic signatures to DNS responses. Without DNSSEC, an attacker on the network path can forge DNS responses pointing your domain at their server; with DNSSEC, the resolver can verify that the response actually came from the legitimate authoritative DNS server. For privacy-focused hosting: - **Recommended for any production use**. Catches DNS-level interference. - **Requires support at both layers**: the registrar must publish DS (Delegation Signer) records, and your DNS host must sign your zone with DNSSEC keys. - **Can break things if misconfigured**: DNSSEC failures cause your domain to become unresolvable for resolvers that validate. Test thoroughly. In this directory: - **[Njalla](/providers/njalla)** — supports DNSSEC at both registrar and DNS-host layers. - **[1984 Hosting](/providers/1984hosting)** — supports DNSSEC. - **deSEC** (third-party DNS host) — DNSSEC-by-default; recommended pairing with any registrar. Pair DNSSEC with **DANE / TLSA records** for cryptographically-verified TLS certificate pinning at the DNS layer. Niche but powerful for high-stakes operations. --- # Full-disk encryption (FDE / LUKS) URL: https://notdmca.org/glossary#full-disk-encryption-fde-luks- --- term: "Full-disk encryption (FDE / LUKS)" short: "Encryption of an entire storage device (or partition) so that the data is unreadable when the system is powered off. The standard implementation on Linux is LUKS (Linux Unified Key Setup). Critical defense against host-side disk imaging in offshore-VPS scenarios." aka: ["FDE","LUKS","disk encryption","dm-crypt"] --- ## Long form Full-disk encryption (FDE) is the encryption of a storage device at the block level, typically using a symmetric cipher (AES-XTS) with a key derived from a passphrase or key file. On Linux, the standard tooling is **LUKS** (Linux Unified Key Setup) on top of dm-crypt. For privacy-focused VPS use, FDE matters because: - A hosting provider can be compelled (or choose) to **image your disk**. If the disk is unencrypted, they (or whoever they hand the image to) can read every file. - If the disk is encrypted with a passphrase **only you know**, the imaged disk is opaque ciphertext. - The catch: the passphrase has to live in RAM while the system is running. A live host with hypervisor access can read RAM and recover the key. So FDE protects against **disk-imaging-from-power-off**, not **live-snapshot**. Practical FDE on a remote VPS requires a way to enter the passphrase at boot. Common options: - **Dropbear-initramfs**: SSH into a minimal pre-boot environment, type the passphrase, system continues booting. - **Mandos**: passphrase stored on a network server you control. - **Tang/Clevis**: network-bound disk encryption — the key is recovered from a network service that must be reachable. For maximum privacy: combine FDE with no-KYC signup, Monero payment and Tor-only management — see the [anonymous VPS guide](/guides/anonymous-vps-monero). --- # IPv6 URL: https://notdmca.org/glossary#ipv6 --- term: "IPv6" short: "The current version of the Internet Protocol, with 128-bit addresses providing effectively unlimited address space. In 2026, IPv6 is mandatory for some use cases (Tor exit relays, mail servers seeking IP-reputation flexibility) and useful for all serious hosting work." aka: ["IP version 6"] --- ## Long form IPv6 is the modern Internet Protocol replacing IPv4's exhausted 32-bit address space. For hosting purposes in 2026: - Most providers in this directory offer **dual-stack** (IPv4 + IPv6) on every VPS. - Some workloads — particularly those serving IPv6-preferred mobile networks, certain CDN integrations, or Tor relay operation — benefit from IPv6. - Pure-IPv6 hosting is cheaper at some providers (a `/64` IPv6 block costs nothing; a single IPv4 address is ~$1-2/mo extra). When evaluating a hosting provider: - Check whether **IPv6 is included by default** or extra. - Check whether **reverse DNS** can be set on IPv6 (important for self-hosted mail). - Check whether **firewall and DDoS protection** apply to IPv6 traffic — some providers' DDoS protection is IPv4-only. For the providers in this directory, IPv6 status is in each provider's frontmatter and shown in the Quick Facts panel. --- # KVM (Kernel-based Virtual Machine) URL: https://notdmca.org/glossary#kvm-kernel-based-virtual-machine- --- term: "KVM (Kernel-based Virtual Machine)" short: "Linux kernel virtualization module providing full hardware virtualization. The standard hypervisor for VPS providers in 2026; gives you a full kernel and root access. Compare to OpenVZ (older, container-style, less private)." aka: ["KVM virtualization"] --- ## Long form KVM is a Linux kernel module that turns a Linux host into a hypervisor capable of running fully-virtualized guest VMs. Each KVM guest has its own kernel, can run any OS (not just Linux), and is isolated from other guests at the hardware-virtualization level. For VPS hosting, KVM is the default in 2026 because: - **Full kernel access**: you can install custom kernels, run nested virtualization, use any sysctl. Required for many self-hosted workloads (Tor relays, VPN servers, container hosts). - **Better isolation than container-style virtualization** (OpenVZ, etc.). Side-channel attacks from co-tenant guests are much harder. - **Custom OS / image upload**: most KVM providers let you upload your own ISO and install from scratch. This is essential for full-disk encryption and minimal hardened OSes. When evaluating a VPS provider, "KVM" is the right answer. "OpenVZ" or "LXC" providers are cheaper but offer less privacy and less flexibility, and are increasingly rare. All providers in this directory that offer VPS use KVM (or another full-hardware-virtualization hypervisor like Xen). --- # KYC (Know Your Customer) URL: https://notdmca.org/glossary#kyc-know-your-customer- --- term: "KYC (Know Your Customer)" short: "Identity-verification requirement imposed on financial services and (increasingly) infrastructure providers. A no-KYC provider does not require government ID, address verification or biometric matching at signup." aka: ["Know Your Customer","no-KYC","KYC-free"] --- ## Long form KYC originated in banking anti-money-laundering law and has spread to crypto exchanges, payment processors, and some VPS / hosting providers (especially those in heavily-regulated jurisdictions or those that accept fiat-rail payments). A provider that requires KYC will typically ask for: government-issued photo ID, proof of address (utility bill), and sometimes a live selfie or video. **No-KYC** providers accept signup with only an email address and payment. They may still collect IP, payment metadata and other technical signals — "no KYC" is not the same as "no logs." For full anonymity, combine no-KYC signup with a no-logs payment method (Monero, cash) and an opsec-clean signup environment (Tor or trusted VPN, throw-away email). --- # Let's Encrypt URL: https://notdmca.org/glossary#let-s-encrypt --- term: "Let's Encrypt" short: "Free, automated certificate authority providing TLS certificates for any domain. Issued via the ACME protocol; valid for 90 days; auto-renewable. The standard TLS solution for self-hosted infrastructure in 2026 — eliminates the need to pay commercial CAs." aka: ["Let's Encrypt","ACME CA"] --- ## Long form Let's Encrypt is a non-profit certificate authority operated by the Internet Security Research Group (ISRG). It launched in 2015 and is now the largest CA on the internet by certificates issued. For self-hosted infrastructure: - **Free**: no cost ever; no credit-card-required signup. - **Automated**: certificates issued and renewed via the ACME protocol. No manual CSR process. - **90-day validity**: short by design to encourage automation. - **Wildcard support**: `*.yourdomain.com` requires DNS-01 challenge; HTTP-01 works for individual subdomains. For DMCA-ignored hosting: Let's Encrypt eliminates one of the few remaining "you must give us your real identity" requirements in the hosting stack. Free certs, no KYC, no commercial CA relationship. Common 2026 ACME clients: - **Caddy** — built-in; zero config. - **certbot** — official Let's Encrypt client. - **acme.sh** — pure-shell client; broad DNS provider support for wildcards. Note: Let's Encrypt logs all issuance to public Certificate Transparency logs. Anyone can search and discover that certificates were issued for a given domain (this includes subdomains). Doesn't reveal traffic content but does reveal that subdomains exist. --- # Monero (XMR) URL: https://notdmca.org/glossary#monero-xmr- --- term: "Monero (XMR)" short: "Privacy-preserving cryptocurrency that hides sender, receiver and amount on-chain by default using ring signatures, stealth addresses and Ring Confidential Transactions (RingCT). The standard payment method for fully-anonymous infrastructure purchases." aka: ["XMR","monero"] --- ## Long form Monero is the most widely accepted **privacy-by-default** cryptocurrency. Unlike Bitcoin (where every transaction is permanently traceable through the public ledger), Monero hides: - **Sender**: ring signatures sign the transaction with a group of decoy keys, so the actual signer cannot be identified. - **Receiver**: stealth addresses generate a one-time public key for each transaction; nobody (including the recipient) can correlate transactions to a single address. - **Amount**: Ring Confidential Transactions hide the transaction amount via Pedersen commitments. For privacy-preserving payment to infrastructure providers (VPS, domain registrars, hosting), Monero is the recommended option when the provider supports it. See [hosts that accept Monero](/payments/monero) for the directory's filter view. --- # Notice and takedown URL: https://notdmca.org/glossary#notice-and-takedown --- term: "Notice and takedown" short: "Legal mechanism by which a rightsholder formally notifies a service provider of allegedly-infringing content; the provider then removes (or 'takes down') the content to preserve its safe-harbor liability protection. The DMCA Section 512 framework is the prototype; the EU DSA implements an analogous procedure." aka: ["notice-and-action","takedown procedure"] --- ## Long form Notice and takedown is the procedural mechanism connecting **rightsholder notice** to **provider action**: 1. Rightsholder identifies allegedly-infringing content. 2. Rightsholder sends a formally-compliant notice to the service provider's designated agent. 3. Provider removes (or disables access to) the content. 4. Provider notifies the user. 5. (Optional) User submits a counter-notice; provider may restore content. 6. (Optional) Rightsholder files a court action. The mechanism's force comes from the **safe-harbor incentive**: providers act on notices because failing to do so risks losing the legal protection that lets them host user-uploaded content at all. **Key variants in 2026**: - **DMCA Section 512** (US): the prototype. Bare-bones procedural requirements, low evidentiary bar, automated bots send millions of notices per year. - **EU Digital Services Act** (2024): notice-and-action with formal procedure, requires a structured complaint, gives the user a meaningful opportunity to respond, requires court adjudication for contested cases. Procedurally heavier than DMCA. - **Country-specific implementations**: vary widely. Some EU members (Romania, Sweden) have historically been slower to enforce than others (Germany, France). For DMCA-ignored hosts, the practical question is: **does this notice-and-takedown framework legally bind us, and if so, what's the procedural bar?** For Iceland-based hosts, the US DMCA does not bind; for EU-based hosts, the DSA does. See [/jurisdictions](/jurisdictions) for per-country analysis. --- # Object storage (S3-compatible) URL: https://notdmca.org/glossary#object-storage-s3-compatible- --- term: "Object storage (S3-compatible)" short: "Storage abstraction designed for unstructured data — files, images, backups, archives — accessed via HTTP API rather than as a filesystem. AWS S3 is the prototype; many implementations are 'S3-compatible' meaning they speak the same API. Cheaper per GB than block storage at scale." aka: ["S3","blob storage","S3-compatible"] --- ## Long form Object storage stores files as discrete "objects" in flat namespaces called "buckets", accessed via HTTP API (PUT to upload, GET to retrieve). Different from: - **Block storage**: presents as a disk; mounted to a VM. - **Filesystem storage**: hierarchical directories; standard POSIX semantics. Object storage is well-suited for: - **Static asset hosting** (images, video, downloadable files). - **Backup destinations** (Restic, Borg, Duplicacy all support S3 backends). - **Application file storage** that scales beyond a single VPS disk. - **Cold archive**: write-once, read-rarely data. In this directory: - **[BuyVM Block Storage Slabs](/providers/buyvm)** — not strictly object storage but cheap per-GB block storage. With MinIO on top, you get an S3-compatible interface. - Self-hosted **MinIO**, **SeaweedFS**, **Garage** on any provider — fully self-controlled S3-compatible object storage. - **Storj** (out of directory) — decentralized S3-compatible storage. Privacy-friendly third party. For DMCA-ignored hosting, object storage matters as the cheap-per-GB backup layer. You don't want to pay VPS-tier prices for terabytes of cold storage; offload to S3-compatible storage and keep the VPS lean. --- # Offshore hosting URL: https://notdmca.org/glossary#offshore-hosting --- term: "Offshore hosting" short: "Hosting infrastructure operated outside the customer's home jurisdiction, typically in a country with stronger privacy law, weaker reciprocal copyright enforcement, or favorable corporate secrecy. Common examples: Iceland, Switzerland, the Netherlands, the Seychelles, Russia." aka: ["offshore hosting","off-shore VPS"] --- ## Long form "Offshore" in this context inherits the meaning from offshore banking — infrastructure deliberately placed in a jurisdiction other than where the customer (or the customer's adversaries) sits, in order to gain a legal-distance advantage. Common motivations: free-speech protection, distance from US-style copyright enforcement, distance from a politically hostile home government, corporate secrecy, sanctions evasion (which is generally illegal). Note that "offshore" is jurisdiction-specific: a US-resident customer using an Icelandic host is offshore; an Icelandic customer using the same host is on-shore. The privacy advantage flows from the legal gap between your jurisdiction and your host's, not from any inherent property of "offshoreness." --- # Onion service (.onion) URL: https://notdmca.org/glossary#onion-service-onion- --- term: "Onion service (.onion)" short: "A network service reachable only through the Tor network at a `.onion` address. The service operator's IP is hidden from clients; clients reach the service via Tor relays. Used for whistleblowing, censorship-resistant publishing, and anonymous communication." aka: ["Tor hidden service",".onion","v3 onion service"] --- ## Long form A Tor onion service (formerly called "hidden service") is a network service whose location is concealed by the Tor network. Clients connect to the service via a `.onion` address (e.g. `expyuzz4wqqyqhjn.onion`), which resolves through Tor's distributed hidden-service directory rather than DNS. Key properties: - **Operator IP is concealed from clients.** The host knows the IP (it's their datacenter), but the public does not. - **End-to-end encrypted by construction.** Traffic between client and onion service is encrypted at each Tor hop. - **No certificate authority involved** for v3 onion addresses — the address itself is a long-form public key. Onion services are used for whistleblowing platforms (SecureDrop), censorship-resistant publishing, anonymous chat (Ricochet Refresh), and any application where the operator does not want their server location publicly knowable. For the operational guide to hosting one, see [How to host a Tor hidden service](/guides/tor-hidden-service-hosting). --- # rDNS / PTR record URL: https://notdmca.org/glossary#rdns-ptr-record --- term: "rDNS / PTR record" short: "Reverse DNS — the mapping from an IP address back to a hostname. Mailbox providers (Gmail, Outlook) require correctly-set rDNS for outbound mail to be accepted. A mismatched or generic PTR is the most common cause of email landing in spam folders when self-hosting." aka: ["reverse DNS","PTR record","reverse pointer"] --- ## Long form A PTR (pointer) record provides the reverse lookup for an IP address. Where a forward A record maps `mail.example.com → 1.2.3.4`, the reverse PTR maps `1.2.3.4 → mail.example.com`. For most hosting workloads PTR is irrelevant — but for **outbound email** it is essential. Major mailbox providers (Gmail, Outlook/Office 365, Apple iCloud Mail) check that: 1. The PTR for the sending IP matches a hostname. 2. That hostname has a forward A record pointing back to the same IP. 3. The hostname matches (or aligns with) the SMTP HELO/EHLO greeting. A VPS without a customized PTR will have a default like `host-1-2-3-4.dc.provider.net`. Mail from that IP will fail or land in spam. Most VPS providers, including the privacy-focused ones in this directory, expose a PTR-edit field in their control panel — set it before sending mail. For self-hosted email playbook, see [Anonymous email hosting](/guides/anonymous-email-hosting). --- # Reverse proxy URL: https://notdmca.org/glossary#reverse-proxy --- term: "Reverse proxy" short: "Server that sits in front of one or more origin servers and handles incoming traffic on their behalf. Used for TLS termination, caching, load balancing, hiding origin IP, and adding edge security. Common implementations: nginx, Caddy, HAProxy, Traefik." aka: ["edge proxy","front-end proxy"] --- ## Long form A reverse proxy is the inverse of a forward proxy: clients connect to the proxy, which forwards to the actual application server (the origin). For privacy-focused hosting use cases, reverse proxies provide: - **TLS termination**: the proxy holds the SSL certificate; the origin can run HTTP-only on localhost. - **Origin IP hiding**: from the public internet, only the proxy's IP is visible. - **Caching**: edge cache for static assets reduces origin load. - **Rate limiting**: blocks abusive clients before they reach the application. - **Authentication**: pre-authenticate requests at the edge. Common 2026 choices: - **Caddy** — easiest config; auto-Let's-Encrypt by default. Recommended for most self-hosted setups. - **Nginx** — battle-tested, infinite configurability, used at scale. - **Traefik** — auto-discovery for Docker / Kubernetes deployments. - **HAProxy** — TCP-level load balancing, less common for HTTP-only workloads. For DMCA-ignored hosting: a self-hosted reverse proxy on a separate offshore VPS is the privacy-aligned replacement for Cloudflare. See [/guides/migrate-from-cloudflare](/guides/migrate-from-cloudflare). --- # Safe harbor (DMCA Section 512) URL: https://notdmca.org/glossary#safe-harbor-dmca-section-512- --- term: "Safe harbor (DMCA Section 512)" short: "US legal regime under DMCA Section 512 that shields online service providers from copyright liability for user-uploaded content if they act on validly-formatted infringement notices. The regime binds US providers; non-US providers are not within its scope." aka: ["DMCA safe harbor","Section 512","safe harbour"] --- ## Long form Safe harbor under DMCA Section 512 is the legal mechanism that allows US-based online service providers (hosts, social networks, cloud platforms) to host user-generated content without being treated as primary infringers themselves. The protection is conditional: the provider must implement a notice-and-takedown procedure, designate a DMCA agent, and act expeditiously on properly-formatted notices. This regime is the *reason* DMCA notices have practical force in the US: providers act on them not because they have to in any specific case, but because failing to do so risks losing safe-harbor status across all their hosted content. **Outside the US, safe harbor does not apply.** Providers in Iceland, Sweden, Romania, the Netherlands, Malaysia, etc. are not eligible for DMCA safe harbor (they have no US copyright claim against them in the first place) and therefore have no statutory incentive to act on US-issued notices. They operate under their own jurisdiction's equivalent law (or absence thereof) and evaluate complaints accordingly. This is the structural reason "DMCA-ignored" hosting exists. --- # SPF / DKIM / DMARC (email authentication) URL: https://notdmca.org/glossary#spf-dkim-dmarc-email-authentication- --- term: "SPF / DKIM / DMARC (email authentication)" short: "Three DNS-based standards that authenticate email senders to receiving mail servers. SPF lists allowed sending IPs; DKIM signs messages; DMARC ties them together with a policy. All three required for self-hosted email to land in inboxes in 2026." aka: ["SPF","DKIM","DMARC","email auth"] --- ## Long form The three pillars of modern email authentication: - **SPF (Sender Policy Framework)**: a TXT record on your domain listing the IPs / hostnames authorized to send mail for it. Receiving servers check this against the connecting IP. - **DKIM (DomainKeys Identified Mail)**: cryptographically signs each outgoing message; the signature is verifiable via a TXT record under `selector._domainkey.yourdomain.com`. - **DMARC (Domain-based Message Authentication, Reporting and Conformance)**: a policy TXT record telling receiving servers what to do when SPF / DKIM fail (none / quarantine / reject). Also enables reports back to you. For self-hosted email on a no-KYC offshore VPS: - **All three are mandatory** in 2026. Gmail, Outlook, Apple Mail aggressively reject mail without proper authentication. - **rDNS / PTR is required** in addition (see [/glossary#rdns--ptr-record](/glossary#rdns--ptr-record)). - **MTA-STS and TLS-RPT** are increasingly required (DNS-published TLS policy and reporting). Setup is automated by modern self-hosted mail stacks (**Mail-in-a-Box**, **Mailcow**, **Stalwart**, **Mailu**). Manual setup possible but error-prone. For the operational guide see [/guides/anonymous-email-hosting](/guides/anonymous-email-hosting). --- # Tor (The Onion Router) URL: https://notdmca.org/glossary#tor-the-onion-router- --- term: "Tor (The Onion Router)" short: "Network protocol and software stack that routes user traffic through three volunteer-operated relays, encrypting at each hop. Provides client-side anonymity (hide your IP from sites you visit) and supports server-side anonymity via .onion services. Maintained by the Tor Project." aka: ["The Onion Router","Tor network","tor browser"] --- ## Long form Tor is the most widely-used anonymity network. Client traffic enters at a guard relay, transits a middle relay, and exits at an exit relay (clearnet) or stays inside Tor (onion service). At each hop, only one layer of encryption is removed, so no single relay knows both the source and destination of any given circuit. For privacy-focused hosting use cases, Tor matters in three ways: 1. **Client-side anonymity at signup**: signing up for a hosting account over Tor prevents the provider from learning your real IP at the signup-time interaction. 2. **Management anonymity**: SSHing to your VPS via Tor prevents your home IP from appearing in the provider's access logs. 3. **Server-side anonymity** via [onion services](/glossary#onion-service-onion): a service can be reachable only through `.onion` addresses, with no clearnet exposure. For the operational guide to running services over Tor, see [How to host a Tor hidden service](/guides/tor-hidden-service-hosting). --- # Tor relay (guard / middle / exit) URL: https://notdmca.org/glossary#tor-relay-guard-middle-exit- --- term: "Tor relay (guard / middle / exit)" short: "Volunteer-operated server routing Tor network traffic. Three roles: guard (entry), middle (transit), exit (clearnet egress). Exit relays attract abuse complaints and require permissive hosting; many DMCA-ignored hosts in this directory are popular for relay operation." aka: ["Tor node","Tor exit","Tor relay"] --- ## Long form A Tor relay is a server that participates in the Tor network. There are three relay roles: - **Guard relay**: clients connect into the network here. Sees client IP but not destination. - **Middle relay**: relays traffic between guard and exit. Sees nothing useful. - **Exit relay**: traffic exits from Tor to the clearnet here. Sees destination but not client. **Receives all the abuse complaints** (DMCA notices, spam complaints, etc.) for clearnet traffic. For DMCA-ignored hosting purposes, **exit relays are the most relevant**. Operators who want to contribute exit-relay capacity to the Tor network need: - A host that **permits Tor exit operation** in its AUP. Many mainstream hosts forbid it. - A jurisdiction that **doesn't auto-act on every DMCA notice**. Iceland, Romania, Netherlands, Sweden are common picks. - Bandwidth allowance suitable for sustained traffic (typically 100GB-1TB+ per month). In this directory, [FlokiNET](/providers/flokinet), [Privex](/providers/privex), [BuyVM Luxembourg](/providers/buyvm), and [HostHatch](/providers/hosthatch)'s non-US locations are all known to permit Tor exit relays per their AUPs (verify at signup). The Tor Project maintains a list of [recommended exit-relay-friendly hosts](https://community.torproject.org/relay/community-resources/good-bad-isps/) which substantially overlaps with this directory. For running a hidden service rather than an exit relay, see [How to host a Tor hidden service](/guides/tor-hidden-service-hosting). --- # WAF (Web Application Firewall) URL: https://notdmca.org/glossary#waf-web-application-firewall- --- term: "WAF (Web Application Firewall)" short: "Network security layer that inspects HTTP traffic for application-level attacks (SQL injection, XSS, path traversal). Sits at the edge between users and the application. Cloudflare's WAF is the well-known commercial example; ModSecurity / Coraza are popular self-hosted implementations." aka: ["Web Application Firewall","ModSecurity"] --- ## Long form A WAF inspects HTTP requests and responses for application-layer attacks that traditional network firewalls miss. Common WAF detections: - SQL injection attempts. - Cross-site scripting (XSS). - Path traversal (`../` patterns). - Known CVEs against popular CMS / framework versions. - Bot traffic / scrapers. For DMCA-ignored hosting purposes, the choice is: - **Cloudflare WAF** — easy but ties you to Cloudflare's content policies. See [/faq#cloudflare-and-dmca](/faq). - **Self-hosted ModSecurity** — open-source, runs in nginx / Apache; OWASP Core Rule Set is the standard. - **Coraza** — newer Go-based ModSecurity-compatible WAF; cleaner architecture. - **BunnyCDN WAF** — commercial alternative to Cloudflare with more permissive AUP. For most self-hosted setups, **Caddy with a few rate-limiting rules + good application-side input validation** suffices. WAFs catch some attacks but aren't a substitute for secure application code. For high-traffic / high-attack workloads, a self-hosted Coraza in front of the application provides Cloudflare-WAF-equivalent protection without third-party content-policy exposure. --- # Warrant canary URL: https://notdmca.org/glossary#warrant-canary --- term: "Warrant canary" short: "A regularly-updated public statement asserting that a service provider has NOT received a particular kind of legal request (e.g. a US National Security Letter). The statement's removal — without explanation — signals to users that such a request may have been received. Of contested practical effect." aka: ["canary statement"] --- ## Long form Warrant canaries emerged in response to US legal regimes that prohibit a service provider from disclosing the receipt of certain kinds of legal process (notably National Security Letters with non-disclosure provisions). The mechanism: the provider publishes a periodic statement saying "we have not received any such order as of [date]." If they ever do receive one, they cease updating the statement; users notice the omission and infer. In practice, warrant canaries have: - **Mixed legal standing**: courts have not definitively ruled whether removal of a canary constitutes the prohibited "disclosure." US providers have adopted different positions. - **Mostly fallen out of fashion**: the legal uncertainty plus the surveillance-focused use case (NSLs are US-specific) has made them less common in 2026 than in the 2014-2018 peak. - **Limited applicability outside the US**: most non-US jurisdictions don't have the gag-order regime that motivates the canary in the first place. For DMCA-ignored hosting purposes, warrant canaries are **not the most useful signal**. More important: - **Published transparency reports** (Infomaniak, Njalla and others publish quantified takedown data). - **Operator track record** (does the host have a public history of pushback?). - **Jurisdiction** (does the host's jurisdiction even allow the kind of legal process you're worried about?). A few non-US providers do publish canary-like statements; treat them as a low-priority signal compared to the structural factors above. --- # WHOIS privacy URL: https://notdmca.org/glossary#whois-privacy --- term: "WHOIS privacy" short: "Service offered by domain registrars that replaces the registrant's real contact data in public WHOIS records with the registrar's proxy data. The registrar still holds the real data and discloses it under legal process." aka: ["WHOIS proxy","domain privacy","private registration"] --- ## Long form When you register a domain, the registry stores contact information (name, address, email, phone) for the **registrant**. By default this data is queryable by anyone via WHOIS / RDAP. WHOIS privacy is a paid (or free) service from your registrar that substitutes the registrar's own proxy address for yours in the public record. **Limits of WHOIS privacy**: - Your real data is still on file with the registrar. - It is disclosable under court order, ICANN dispute proceedings, or law-enforcement request. - Some ccTLDs (`.us`, `.fr`, `.de`, etc.) prohibit privacy services and require real registrant data to be public. For a stronger model, see Njalla's [owns-on-behalf](/providers/njalla) approach, where the registrant of record is the registrar itself rather than you. --- # WireGuard URL: https://notdmca.org/glossary#wireguard --- term: "WireGuard" short: "Modern, fast, kernel-level VPN protocol. Designed to be simple, small (~4000 lines vs OpenVPN's 600,000), and high-performance. The standard VPN protocol in 2026 for both commercial VPN providers and self-hosted private networks." aka: ["wg"] --- ## Long form WireGuard is a VPN protocol developed by Jason Donenfeld and merged into the Linux kernel in 2020. Compared to predecessors (OpenVPN, IPsec): - **Simpler**: smaller codebase = fewer bugs = easier to audit. - **Faster**: better throughput, lower latency, less CPU. - **Modern crypto**: uses Curve25519, ChaCha20, Poly1305 — current-generation primitives. - **Smaller config**: a working WireGuard setup is a 10-line file. For DMCA-ignored hosting, WireGuard is useful in several places: - **Manage VPS over WireGuard** instead of SSH-over-Tor when latency matters more than maximum anonymity. - **Connect personal devices to a self-hosted "private LAN"** (Tailscale uses WireGuard underneath; Headscale is the open-source self-hosted Tailscale equivalent). - **VPN provider implementation** (Mullvad, IVPN, ProtonVPN all support WireGuard). - **Site-to-site mesh** between multiple offshore VPS for cross-jurisdiction private networking. Setup is straightforward: `apt install wireguard-tools`, generate keys with `wg genkey`, write a `wg0.conf`, `wg-quick up wg0`. Done. For self-hosted private LAN use cases, **Tailscale** (managed) or **Headscale** (self-hosted) sit on top of WireGuard with auto-mesh and key-distribution. Both work well at no-KYC offshore VPS providers. ---