Nitter.net has disappeared(github.com) |
Nitter.net has disappeared(github.com) |
https://github.com/zedeus/nitter/issues/1150#issuecomment-18...
Extremely not-encouraging.
I didn't think much of it when I got an email with the subject "Njalla: New Message", and the body just being a link, while traveling.
This is not what I would call professional behavior by Njalla. Apparently everything they send you, including "hey try our new iOS app in the app store!", comes in the form of "Njalla: New Message <hyperlink>". So you have to click-login-read every one of those "new app in the app store!" spams in order to not miss the "hey we might suspend your domain" messages. And of course you can't write spam filtering rules for any of this since it's all forced through a browser flow instead of your mail client. Great.
And this login-to-read-the-link is with the credentials that control transfers of your domain -- heaven forbid you might not want to keep those on every machine from which you read email...
I've always wanted to own my domain anonymously and considered moving it to Njalla, but the idea that they could evaporate and I'd lose control of my domain forever put me off. Now I have another reason.
You seem to have selectively ignored everything about this discussion except "unhelpful subject line". All of Amazon's emails have a complete body with all the important text instead of just a "click link to read". Spamfiltering against this works very well.
Compare apples to apples: what do Amazon's account suspension emails look like?
https://github.com/zedeus/nitter/issues/1150#issuecomment-18...
That is extremely disturbing. Njalla is the owner-of-record (i.e. nominee) for all domains registered through them, rather than merely the registrar. If they run off with your domain you have significantly fewer options for dealing with it than with any other registrar.
I expected better than "shoot first ask questions later" from them. At least shoot while asking the questions; the owner should've had an explanation for the suspension waiting in their inbox.
Nitter should have anticipated this and planned accordingly. The law is the law. Njalla is a wonderful service but they are not outlaws. They are structured in such a way to make it more difficult to stop their customers, and they hold less data about them. But they operate within the law.
If you use their service and don’t take the adequate steps to protect your privacy, they will give away your data in accordance with the laws of the domicile they operate under.
You're jumping the gun here. The primary concern is the absurd radio silence from Njalla. Not acceptable. Once they rectify that maybe there will be other problems revealed, but at the moment them being AWOL is the issue.
> The idea behind Njalla is to make sure that your visibility to the public is minimised if you need it to be. We're not going to give your customer data out easily. However, we will help if there are legal merits to any formal government requests to our system. If you use our service in a way that affects anyones health or safety, we reserve the right to suspend your service.
Does this mean Twitter gave a very valid legal threat? Or worse, is there some Twitter content that is being mirrored that is unsavory and triggered an immediate suspension from Njalla? This is unfortunately very common for Nitter in particular [0] [1].
[0]: https://github.com/zedeus/nitter/wiki/DMCA-templates [1]: https://github.com/zedeus/nitter/issues/482
Since it mirrors all twitter content that seems almost a given.
That does not mean they're ok with illegal things... such as CSAM which was the case here. They're not a bullet proof registrar, they're meant to be private, they're not even a registrar
I've replaced 99 percent of my Twitter use with RSS now and oh my is it a more pleasant experience.
Good workaround, but not so helpful for iOS.
https://nitter.net(c/o 185.246.188.57)/something/other
I guess links would still be broken though. Maybe a browser feature for a hosts file?
GET / HTTP/2
Host: nitter.net
[…other headers]
A mainstream provider will handle this better.
He totally is responsible, the argument "i only serve it because twitter serves it" is bad in my opinion, he's still serving it, just because Twitter does it too doesn't absolve him of all responsibility
Is the certificate invalid? Is the DNS record missing? Was the IP address found, but is returning malformed answers? Is it returning nothing at all? Can I even reach any DNS servers, or is my connection to the internet itself dead?
The browser isn't telling, not even behind a "show details" button. There's only "trouble" and "an error", and some patronizing anthropomorphism with the "Hmm."
- Was the IP address found, but is returning malformed answers?
- Is it returning nothing at all?
Firefox returns "Your connection is not secure" for the first, and the raw data from the HTTP request for the others. (Or Secure Connection Failed for the second if you try to use HTTPS)
"We’re having trouble finding that site." is only ever given if the browser tries to do a DNS lookup and does not get an answer.
tbh I can totally understand why they acted this way.
1. Twitter posts something infringing and waits for it to sync to the clone.
2. Twitter removes the infringing post.
3. Copyright owner DMCAs the clone. Some little bird tells it about the infringing post.
4. After the clone does nothing, copyright owner DMCAs its infrastructure providers (ISP, DNS), who promptly kill the clone.
Given sufficiently big copyright owner (Warner Bros, etc.), providers will probably ban clone’s billing account permanently for good measure.
To avoid this scenario, all the clone needs to do is be a good citizen and respect DMCA takedown notices.
I don't see him saying that.
He said
> A funny thing to note here is that the image link, which first points at nitter.it, is a /enc/ link which only gets created by Nitter if the instance admin enables base64 link encoding for media proxying. This is not enabled for nitter.net, so I know for a fact someone copied an image from another instance (presumably nitter.it), changed the domain, and sent a complaint to Njalla.
nitter.net returns images from tweets as something like "/pic/orig/media/DP5UreOXcAEz6EI.jpg"
another instance with "base64 link encoding for media proxying" returns images from tweets as "/pic/enc/bWVkaWEvRFA1VXJlT1hjQUV6NkVJLmpwZw=="
That just means whoever got the link went to another instance first, copied the path and replaced it with nitter.net
I tried this myself, I went to another nitter instance which had "base64 link encoding for media proxying", copied the link, replaced the domain with nitter.net and it loaded the image just fine.
They're doing a decent job so far.
> Likely they didn’t even know anyone cared about this service.
Er, you do know that both Njalla and Nitter cater to the surveillance-disliking crowd, right? I would be shocked (shocked!) if there aren't multiple Njalla employees who use nitter instances daily.
Can't tell if trolling or...
What exactly is this supposed to mean?
Building your product on top of a domain that someone else owns (by design) is an inherently risky proposition. The only type of customer Njalla would attract in the first place are fringe privacy-conscious customers who begrudgingly accept this risk.
This is exactly the type of nightmare scenario their customers don't want to run into. If they don't treat these issues as a matter of urgency and don't support their customers as much as they're legally allowed to by fighting BS requests, they'll very quickly find themselves out of business. I suppose the irony of this is lost on you, "monero-xmr".
Maybe their account suspension emails are different, maybe not. I wouldn’t bet on it anyway.
Even on phone they make you respond to a text to confirm. Of anything happens (internet is not working, whatever, your bill will not be reduced).
Every extra link you must click to a third party source will remove half of your people.
It's an egregious step, imo
* https://en.m.wikipedia.org/wiki/Model_release
** https://podcasts.apple.com/us/podcast/darknet-diaries/id1296...
More importantly, are random registrar or a hosting provider capable of handling such cases? And should they? Maybe police is better equipped for that?
Hoster’s concern is that if they do nothing then they are going to feel the hammer of respective infrastructure providers, none of whom want to be fined or jailed because of some small fish like Nitter.
I would not count on police in such cases, even in a developed country. If someone, say, doxxed you with an address and a photo, what you want is for that to go away before a predator sees it. Police may not act until it is way too late.
Second, this law is precisely what makes it possible to run a social platform and not have an army of lawyers.
Without DMCA safe harbor protection, Nitter could be sued to oblivion the first time they are caught distributing infringing material. Big corporations with armies of lawyers and moderates could maybe afford the legal costs, but if you are just a few guys… you’d never run a website where people can post freely.
Under safe harbor, however, copyright owners can’t sue you, and in return you promise to timely hide content when you are notified. If you can’t be bothered to even do that, perhaps you should not run a platform focused on UGC in the first place. Everyone does it, even 4chan.
In our case, the evidence we do have is that tor is a hotbed for crime. That indicates tor is not some captive tool of the us government.
So from an opsec perspective, the question is if the level of your activity rises to the point such that a government entity would take the effort to create parallel construction. If you are not doing something that would anger the government so much, then Tor is a good smoke screen in front of your activity.
Everything is effort and probability. Given enough time and resources you will always be unmasked - always!
That being said, if the government was really interested in correlating timestamps with Tor activity, it is reasonable to assume they have that power. I assume Tor activity stands out, and every ISP might already be logging such connection events.
My point is that even if it’s true that Tor is compromised, the value of Tor as a honeypot is so great that the government has thus far refused to acknowledge they can. Because if they did, Tor would die overnight and something even stronger would replace it.
So even if you operate under the theory that Tor is compromised, it’s still vastly superior to clearnet because the value of Tor as a honeypot means most people using it for anonymity will remain anonymous.
From memory that attack involved running a huge number of exit/relay nodes and someone was able to show a massive spike in online nodes as evidence, but I can't remember who.
it is in no way true
That being said, I have no clue if they still use it. Presumably if the US government found a vulnerability in Tor, they'd either stop using it, or run some other layer of encryption on top.
You just use the information to plan "random" "oopsie we spotted you" missions