> The security model of Bitcoin comes from proof of work
This is not the security model, this is the consensus model. It's based on probabilistic finality, meaning that the probability that a transaction won't be reversed increases as more blocks are added on top. One major advantage of PoS is that it has "Absolute Finality" - after a certain amount of blocks, it's absolutely impossible to do a 51% attack. (See https://medium.com/mechanism-labs/finality-in-blockchain-con...)
Note that a higher hashrate does not mean more secure, it's a common falsehood. The security of bitcoin depends on the percentage of miners that are honest - this is mentioned the bitcoin whitepaper. Fortunately, the incentives align for the majority of miners to stay honest, and this is what the whitepaper predicted.
In addition, the Bitcoin proof of work is pretty much a proof of stake scheme in practice, where the stake are physical (specialized hardware and access to cheap electric power). So most of the GP's complaints about proof of stakes can be applied to bitcoin as well (“With proof of stake, the stakers only need to make an investment once in the beginning, so it results in rich get richer”).
And the biggest difference between BTC and ETH when it comes to “security” isn't “proof of work“ vs “proof of stake”, it's the fact that Vitali Buterin is alive and that there is an official centralized stewardship of ethereum, which in practice have led them to actually hard-fork the ethereum blockchain.
Proof of work is not a consensus model, it's a method to elect a block author, an incentive mechanism designed to keep miners honest.
Consensus is the process through which the network agrees on state. Examples are Nakamoto consensus (e.g. Bitcoin), BFT (e.g. Tendermind) or GRANDPA+BABE (Polkadot).
LE does in fact follow the link and use the contacts there 99.999% of the time. The site has been running fine on OVH for nearly 5 years without problem.
I've been hosting the site on OVH since 2016. The site hasn't changed much during this time, and I've been quite happy with their services until now.
A little bit about Guerrilla Mail: It its' first and foremost, an anti-spam solution. Nowhere on the website it says that's an "anonymous email" provider. In fact, the email sending feature prominently warned the user that their IP address would be included in the headers of the email sent. (The sending feature was not for anonymous email, but for the rare chance that a user needed to send an email from there or reply. Guerrilla Mail is mostly used for receiving)
The timeline for the suspension went like this:
On October 12th, I received what seemed like a canned message from the OVHCloud Abuse team, saying that my server was (quote) "used for a fraudulent activity" and threatening termination within 48 hours.
There was no further details about the nature of the "fraudulent activity". I've replied to the message asking to give more details.
On October 16, I've received a reply, but still no details about the specific case. They mentioned that, their quote: "the problem here is clearly, that your service is too easy to use for fraudulent and illegal activities. ", further threatening to shut down the service within 7 days "if the situation does not improve". They also suggested a list of measures that the site should take.
I've replied informing that most of measures that they suggested were already taken, plus some other measures including an anti-abuse policy that has worked well over the years.
On October 19, I received a reply, this time hinting that I should pay them for an additional service, their quote "Maybe you see an option in using a service which lets you customize the Whois-Record, so your contact details can be mentioned for abuse instead of ours.".
I've started to deeply consider such a service, but before I would take it up, I wanted to get more info about the alleged law enforcement requests they receive, that are never forwarded, so I've asked them for more information about these once again.
On November 2nd, I received a reply, but still no details about the specific case, or the rate of such requests, questions that I've asked previously were ignored. Again, they were offering the additional service, their quote "change of infra to have your own abuse contact in registry info".
At this stage I was ready to buy whatever they were offering. I've replied to the email with only two sentences "Is there someone I can speak with directly on your team?
Let's do a 30 minute call and reach an understanding."
On November 4th, I received a reply notifying that the server has been suspended.
Btw, if there's anyone at OVH that wants to look at the issue, it is WTLXFRCVSG.85a1
your server seems reachable through a ping.
If I understand well the situation it seems that they suggest you to acquiert your own IP address to have your own @abuse contact. I think a lot of guys report your ip to @abuse (managed by OVH, not you) about spam that why OVH react.
Yes, I was under the impression that this is what they meant. It would have been great to be able to to chat so that I could learn more about how much this would cost, but as outlined above, they decided to end the conversation.
You're right, currently the server is sitting in "rescue mode" and under OVH's instructions, I'm not allowed to swap it back to the normal hard disk boot. That's ok, I can still mount the disks manually via SSH and move everything out. So at least that's some good news - the server hasn't been seized.
The hosting bill has been paid up until December, so I'll will be looking to get a partial refund hopefully.
Anyways, gotta roll with the punches I guess. Thanks for your comment.
Nowhere on the website it says that it's an anonymous email service provider - it was an anti-spam email solution first and foremost. In fact, the email sending feature prominently warned the user that their IP address would be included in the headers of the email sent. (The sending feature was not for anonymous email, but for the rare chance that a user needed to send an email from there or reply. Guerrilla Mail is mostly used for receiving)
of course - create any website open to the public where they can message each other, and there will always be some abuse. It's unavoidable.
But what can you do? You can't police the messages for every potential form of abuse. (I've only ran an automated spam filter to make sure that the service is never used for blatant spam. I've also blanket-blocked some domains whenever I noticed a pattern in any abuse reports, and finally recipients were able to easily do a permanent block themselves). In any case, running a messaging service even more difficult if you're a small guy and not Facebook or Google.
I thought you allowed to send messages to guerilla addresses only, but you allow to send messages to the rest of the world? If you intend it only for replies, maybe check that inbox has a message that passed DKIM verification, aged no more than 4 days.
You're being naive thinking you can run an open spam service with no consequences. Maybe you don't care about abuse but the hosting does and will act on the recurring complaints.
Seriously, cut the ability to reply to emails and that should be fine.
There's no use case to send replies for an anti-spam. Never seen a registration process that required to reply to complete the registration.
Tip: The google postmaster tool can show you the reputation of your domain and how much of your outbound emails are going to spam. That shall give you an idea how well it's abused. https://www.gmail.com/postmaster/
It wasn't shutdown for spam, and the service is not a spam service but an ant-spam service.
The service has been sending out emails since about 2013. It only lets out a limited number of emails, and there's an anti abuse policy in place. The IP address always has a good reputation with Google and Microsoft, I am well aware of all the feedback loops.
I'm also one of those who switched from PHP to Go and now I have quite a bit of legacy PHP code that just works and don't have time to rewrite.
My solution:
Use a Go FastCGI client library to call PHP by talking directly to php-fpm. It saves on the HTTP request overhead and no need to run a web server. Actually, php-fpm is a decent application server itself.
Yep. Also, he had to be careful not to say anything that would suggest that having a monopoly in the OS market would somehow benefit the dominance of the content busniess, it seems like the interviews were trying him on that. I think the antitrust accusations started to simmer around then?
Interesting to note, Microsoft bought Hotmail for $400 million the following year.
Quote: "The water of the Snowy River and some of its tributaries, much of which formerly flowed southeast onto the river flats of East Gippsland, and into Bass Strait of the Tasman sea, is captured at high elevations and diverted inland ".
> They register again and again after the trial has expired
This is great! You have users who are using your product, how could you not be happy? Find out why they are not converting, perhaps your offer isn't that great for their demographic? Note that even if they didn't pay to your service, they may be your biggest fans who may recommend your product to other people. DEA users are usually tech-savvy types, they are also the kind of people who are the early adopters when it comes to tech (since they were able to figure out how a DEA works & how to use one), and are probably the ones who normal people go to get advice. Don't forget that even if not a paying customer, they are still a customer in the sense that they could review your service or refer others through word of mouth! If you're blocking DEA services, it may end up costing you more.
That's a whole lot of "what ifs". I'd rather just block people that are consuming resources and potentially affecting service levels for actual customers (or people that will actually convert). The situation you paint might be true of a very small percentage. But more often than not it's just people that want to use something without paying for it.
So don't let people use your services without paying! A trial is only a trial if it locks or stops the user from using it after a trial period. Freemium models that limits number of uses aren't a trial.
The trial does stop the user from using it after a trial period. If you want to fault anything, it's using an email address to equate to a user. Fine. I'm guilty as charged. But, it's pretty common. Most legitimate users of a service want as frictionless a setup as possible.
Ultimately, my solution was to start requiring a credit card at sign-up. Shockingly, not a single mailinator.com address was used from that point forward and my conversion rate barely changed. But, it sucks I had to do that. There were people that legitimately wanted to try the service out that were put off by requiring a credit card so early. I personally hate providing a credit card for a service I haven't even tried yet.
I appreciate your reply, but I think it's an entirely toxic mentality. My business model isn't freemium because you could game the trial process (and violate the terms of service). And I shouldn't have to grossly restrict the trial to deal with mailinator.com sign-ups. Say what you will about mailinator.com, but it was hands-down the largest source of abuse of my CI-like service. Everyone else played by the rules and enjoyed a liberal trial to get familiar with product.
This is not the security model, this is the consensus model. It's based on probabilistic finality, meaning that the probability that a transaction won't be reversed increases as more blocks are added on top. One major advantage of PoS is that it has "Absolute Finality" - after a certain amount of blocks, it's absolutely impossible to do a 51% attack. (See https://medium.com/mechanism-labs/finality-in-blockchain-con...)
Note that a higher hashrate does not mean more secure, it's a common falsehood. The security of bitcoin depends on the percentage of miners that are honest - this is mentioned the bitcoin whitepaper. Fortunately, the incentives align for the majority of miners to stay honest, and this is what the whitepaper predicted.