You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

191 lines
9.5 KiB

%
% Flokinet.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{FlokiNET}
Based in Iceland, governed under Icelandic law.
Looks very good. They look like the most privacy respecting ISP in the world,
at least that I have seen, including Havenco.
%\begin{commentbox} % OK
%\begin{commentbox}{FlokiNET description, from their website} % OK
%\begin{paperbox}{FlokiNET description, from their website}
FlokiNET was established in 2012 in Iceland to provide a safe harbor for freedom of speech, free press and whistleblower projects.
Us at FlokiNET guarantee that we will always offer our services without requiring personal information and we will never give third parties access to any data. Your local government forces you to provide an imprint on your blog? You don't want be molested because you publish something controversial?
FlokiNET provides autonomous, incorruptible and flexible solutions, optimized to help you to spread your ideas!
%\end{commentbox} % OK
%\end{paperbox}
From their About Us:
``You plan to build a whisteblowing website?
We encourage you to do so! We are able to supply secure and stable environments needed to build submission - and communication platforms.''
FlokiNET runs \gls{tor} exit and relay nodes.
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-flokinet.png}
\caption{Flokinet Website}
\label{fig:www-flokinet}
\end{figure}
Forms of payment accepted by Flokinet:
\begin{itemize}
\item Bank Transfer
\item Bitcoin
\item BlackCoin
\item DASH
\item Decred
\item Dogecoin
\item Ethereum
\item Litecoin
\item Monero
\item MoneyGram
\item Namecoin
\item Nav Coin
\item OK PAY
\item Payment Cash by Post
\item Paygol ``which supports credit card, Union Pay, SOFORT, Giropay and much more''
\item PayPal
\item Paysafe Card
\item Peercoin
\item Perfect Money
\item Potcoin
\item Startcoin
\item Vertcoin
\item Western Union
\item Zcash
\end{itemize}
The link to their Terms of Service on their register page,
\url{https://billing.flokinet.is/register.php} is 404.
The Terms of Service page is here:
\url{https://flokinet.is/en/tos.php}
Privacy policy:
\url{https://flokinet.is/en/PrivacyPolicy.php}
``FlokiNET shall keep confidential and not disclose information regarding the Customer except where this required by Icelandic law or is pre-approved by the Customer. Customer data will be always stored and transfered encrypted. Communication between our staff will be always secured and encrypted.''
``IRC (Internet Relay Chat) We do not allow IRC or IRC bots to be operated for illegal usage like botnets etc. Any account found to be in violation of this provision will be immediately suspended and/or deactivated and no refund will be issued. Adult content is not allowed on Icelandic Network.''
Their Romanian, Finnish, and Icelandic bandwidth test servers have an SSL cert that expired a month ago:
\url{https://ro.as200651.net/}
\url{https://fi.as200651.net/}
\url{https://is.as200651.net/}
Their blog has an invalid cert, and has HSTS enabled, so it isn't viewable in Chromium nor Firefox.
Fails with \texttt{(net::ERR\_CERT\_COMMON\_NAME\_INVALID}. It appears the common name
in the cert is
\url{https://www.blog.flokinet.is/}.
\begin{minted}{sh}
www.blog.flokinet.is normally uses encryption to protect your information. When Chromium tried to connect to www.blog.flokinet.is this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.blog.flokinet.is, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.
You cannot visit www.blog.flokinet.is right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
\end{minted}
To register, they want name, address, and email.
\subsubsection{Icelandic Modern Media Initiative}
IMMI - Icelandic Modern Media Initiative copied from:
\url{https://flokinet.is/en/AboutUs.php}
What is the IMMI and how is it protecting our customers?
\begin{itemize}
\item Whistleblower protections: Protection for those who step forward to reveal important matters in the public interest.
\item Source protection: Protection for anonymous sources who attempt to communicate to the public after a promise of confidentiality by a journalist or media organisation. Based on new EEA legislation.
\item Source-journalist communications protection: Protection for the communications between an anonymous source and a media organization and internally within a media organization prior to publication.
\item Limiting prior restraint: Prior restraint is coercion of a publisher, by a government authority, or through the judicial system, to prevent publication of a specific matter. While the Icelandic Constitution provides the right to freedom of expression, small modifications are needed to reduce the possibility of prior restraint.
\item Protection of intermediaries (Internet service providers): Immunity for "mere conduits", ISPs and telecommunications carriers.
\item Protection from "libel tourism" and other extrajudicial abuses: Non-observance of foreign judgments that violate Icelandic freedom of expression protection, and the ability to file a counter-suit in Iceland against a party who engages in a calculated attempt to suppress the speech freedoms of an Icelandic entity.
\item Statute of limitations on publishing liabilities: Recent rulings in Europe maintain that for Internet publications, each page view is publication afresh, regardless of how long ago the material was first released. This has resulted in the silent removal of investigative newspaper stories, including those over five years old, from the online archives of the Guardian and other major newspapers.
\item Process protections: The majority of legal suits related to publishing settle before final judgment. Hence the court process itself must ensure that it is not used to suppress speech through unequal access to justice, subpoenas, or other interlocutory motions. Process protections (called anti-SLAPP laws in the US) permit a judge to declare the matter a free speech related case, at which point protections are activated to prevent such abuses.
\end{itemize}
More info: \url{https://en.immi.is/}
\subsubsection{FlokiNET Restrictions}
This is restricted:
\begin{itemize}
\item Anything than can result in Spamhaus listing.
\item Phishing Sites / Scam Sites (ex: Ebay/Paypal,CC/Password Scam sites).
\item Mailbombers or any sort of spam sites.
\item \Gls{ddos} originations.
\item Spam email.
\item Netscan / Hack programs and archives.
\item Malicious Scripts (ex: originate \gls{ddos} attacks or hack attempts).
\item Botnet/Doorway/Carding.
\item Childporn.
\item Fraud Websites/Forums.
\item Any kind of adult content is not allowed on our location Iceland.
\end{itemize}
\subsection{FlokiNET Pros}
FlokiNET Pros:
\begin{itemize}
\item The entire reason for FlokiNET to exist is to help people publish in repressive environments.
\item Strong dedication to privacy.
\item Based in Iceland.
\item \Glspl{dedicatedserver} aren't too expensive.
\item Romanian VPS is OpenVZ and \gls{kvm}.
\item Finnish VPS is \gls{kvm}.
\item Has private domain registration services.
\item \Gls{colocation} available.
\item ``FlokiNET is proud to be completly \gls{tor} Project logo-friendly. Feel free to host a \gls{tor}-node with us!''
\item ``\Gls{ddos} mitigation cloud has 950 Gbps filtering capacity.''
\item Finland and Iceland are free speech friendlier countries.
\item Has good, optional higher level SLAs that are inexpensive.
\item Has Debian 9 available for \gls{kvm}.
\item Maximum balance is €15000.00EUR.
\item Strong dedication to \gls{tor}.
\item Creates apparently random username for login.
\item Debian 9 version installed was (nearly) up to date.
\item Uses \gls{kvm}.
\end{itemize}
\subsection{FlokiNET Cons}
FlokiNET Cons:
\begin{itemize}
\item Iceland Virtual Private Server uses VMWare.
\item \Glspl{dedicatedserver} look like older HP models.
\item Bandwidth is OK, but not great as they are on a remote island.
\item VoIP URL is 404 \url{https://flokinet.is/en/learnsecurevoip.php}.
\item Uses WHMCS for account services management (non-free software).
\item After doing PayPal payment, it says payment was successful, but invoice says ``Unpaid''.
\item The invalid SSL certificates and 404 pages possibly point to poor security practices, overall.
\item VPS are deployed manually and \emph{not deployed on weekends!}
\item Someone was left logged in on the console, on first login:
\begin{minted}{sh}
# w
04:40:52 up 2:17, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
is4423 tty1 - 02:24 2:16m 0.17s 0.08s -bash
\end{minted}
\item By default in the \gls{kvm}, they set the nameservers to Google's
\texttt{8.8.8.8} and \texttt{8.8.4.4}.
% \item In the \gls{kvm}, you get a NAT'd IP address, not a real one.
\end{itemize}
\subsection{FlokiNET Unknown}
\begin{itemize}
\item \gls{ipmi} on \glspl{dedicatedserver}?
\item The IP in \texttt{/etc/hosts} for the hostname wasn't the same as used for SSH.
Either a mistake or \gls{firewall} forwarded for security (???). Appears to be mistake.
\end{itemize}