Internet Free Speech
This used to be uncontroversial.
Writing “turn of the century” sure makes me feel old, but it’s important to remember that around the year 2000, it was generally believed that the internet was inherently a force of good because it was going to enable free speech.
People were aware that media was centralized around too few companies and diversity of opinion was needed, but it was thought that this problem would be short lived because the media would eventually be replaced by the internet.
Today, this thinking is sadly quite rare. Most online culture does not consider freedom of expression to be an important value at all, and instead focuses on hand-wavy feel-good terms like “trust”, “safety” and “moderation”. Of course the majority of said moderation essentially boils down to high-school grade inter-personal drama.
As someone who deals in ideas, there aren’t many thoughts that I consider off limits. So a lot of what I read and write online is what some people would call “extremist”. Puzzlingly, I’ve never encountered the issues with censorship or de-platforming which seem to dog other people. I’ve developed a hypothesis that there’s another social element which drives certain people and platforms to become targets for cancelling and censorship. That’s not to say that censorship isn’t a problem, it’s just more of a oddity that it doesn’t really target what one would expect.
All speech is hate speech when you hate speech.
Two websites which have been the target of considerable de-platforming efforts are KiwiFarms and Gab. I am not intimately familiar with either of these websites, so my description of them might well be off-base, but I’ll do my best. KiwiFarms is, per my understanding, something of a celebrity gossip forum. A group that finds people who seek attention, and gives them … attention. Gab is a largely political discussion board which brands itself as being free speech oriented.
At current, KiwiFarms is hosted by the streaming platform Rumble, and Gab has their own hosting provider AS42651, which gets its internet from the venerable AS6939 “Hurricane Electric”. Gab has a great advantage in that they have an account with CloudFlare, allowing them to keep their actual web server IP secret - though they’re not really using it to its potential because (by running their own hosting provider) they reveal their IP addresses anyway. The reason why Gab registered their own “hosting provider” is almost certainly to be able to handle abuse complaints themselves, rather than having them go to another hosting company that might be inclined to drop them as a customer.
Recently it has come to light that Gab may have made a bit of a goof, the system number of their “hosting company” was registered in Europe - and they seem to be facing the consequences of being spread across jurisdictions.
So far this has not lead to any actual network disruptions, and this matter will probably be resolved without issue - but it’s illustrative of the fact that steps intended to improve resilience can sometimes have the opposite effect.
How to never get taken down
I concede that nothing of mine has ever so much as raised an eyebrow amongst the anti-speech crowd, so this proposal may stumble in the face of realities of people trying to shut you up. But since I have not seen anyone talking about this, I decided it’s worth writing about it anyway.
The Stack
In order to host a website, you need to figure out four components:
Domain
Servers
CDN
VPN
First you need somewhere to register your domain - wherever this is, that’s going to be your jurisdiction, so if someone is going to sue you, they’re gonna do it there. Stick to one country for your domain and your registrar. If you’re doing US, get a domain with a US-based TLD like .com, .us, .wiki, etc. If you’re doing another country, best to use that country’s TLD like .fr, .es, or .it. Make sure your registrar (Namecheap, Porkbun, etc.) is based in the SAME jurisdiction as your TLD. Don’t make the mistake of spreading infrastructure across jurisdictions!
Once you have your domain, then you need servers. Where do you host them? The answer is anywhere you want, because when you do things right, nobody is going to know where they are anyway. There is no reason for the general public to know the IP address of any of your real servers - the whole pitch by Cloudflare is that they protect you from DDoS because the attacker doesn’t know the IP of your real server, only their IPs (which are DDoS hardened).
Once you have your servers, and nobody knows where they’re hosted, then you need some kind of a CDN / proxy, a service like Cloudflare or Akamai which will stand between you and the world. It’s best to have more than one of these on-hand, so that if one of them decides to drop you as a customer, you only need update your DNS to get back running again. These services are all a faustian bargain, they’re run by intelligence agencies who want to spy on your users - but they will protect you so if you’re large scale, you don’t really have any other option. If you’re small scale, you can rent a VPS and setup your own “Cloudflare” - this just won’t scale if your service becomes big. Also VPS providers have thin margins and they don’t like customers who attract DDoS, so you should generally assume that these services will cancel you at the first sign of trouble.
Finally, you need a VPN. This is because no server is ever 100% inbound-only. You need to send password reset emails, and other little things that will leak your server’s real IP address if you don’t have a VPN. Ideally you would install a VM on your server, and all of your actual webapp would run in the VM. Then the server would force all traffic to and from the VM to go through the VPN so the webapp literally cannot know the IP of the server it runs on. Like the CDN / proxy, you should have multiple VPNs lined up, so if one of them decides to drop you as a customer, failover is relatively automatic.
Age Verification
As I’m writing this, governments throughout the western world are implementing more-or-less copy-pasted versions of the same law, which will require websites to demand ID in order to (ostensibly) protect children. Despite the claim, it’s generally believed that this is meant to suppress political and anonymous speech.
Even in this culture of relative apathy toward the principle of free expression - the policy is still being met with widespread objections across all of the jurisdictions where it’s being rolled out.
An under-appreciated point is that by passing of the same unpopular law in every country at the same time, they are effectively confessing that western democracy is a sham. There is statistically no way that such an event could occur if decisions were made the way we’re taught in civics class. But the implications of living under occupation of a secret international dictatorship is another post for another day.
The age verification rule is, in my opinion, most likely to backfire - as the most easily regulated platforms will be those large centralized platforms who gladly carry water for the regime already. The small, niche, and decentralized platforms will either lack the resources to implement verification, lack the technical capability, or insist on civil disobedience against the rule. People who don’t like doing ID verification for social media will gravitate away from the large central platforms, making narrative-control even more difficult than it already was.
Radio and Television created in the 20th century an unprecedented era of centralized social control. But despite that control, the regime had no answer to underground groups such as the Irish Republican Army. The internet, while pitched to the masses as an open communication platform, was pretty obviously conceived as a means of mass surveillance. And with the ubiquity of data-slurping smartphones, it has become extraordinarily difficult to run a terror cell. But the price they paid for this was total loss of control over public opinion.


