Hi there, I’m currently looking into renting a domain from cloudflare for convenient access to my hosted services from outside my home. It seems some of the cheapest options for the domain name I want to use are country TLDs (.uk, .us). Does this bind me to their laws in any way? can anyone come at me for hosting (e.g. Illegally downloaded content) on their TLD?
Regardless, is there any reason I shouldn’t use cloudflare for this? any drawbacks I should be aware of?
Edit: I should mention I’m currently using duckdns for free and the reason I want to move is that it seems some organizations (like my university and workplace) block duckdns (for reasons beyond me).
Edit 2: So to my understanding there’s not a big one, but some risk involved, so I think I’ll pay a bit more for a non-ccTLD. Thanks everyone!
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
The short answer is no, you aren’t bound to the nation’s laws unless you have a “presence” in their jurisdiction - it could be argued that by using CloudFlare you might be subject to US law because the traffic runs through systems owned by a US company, or you are giving money to a US company by using them as a registrar. The worst they could probably do is order CloudFlare to turnover records or stop doing business with you, but still. Typically that would require lawyers and be expensive, so unless you’ve really pissed off someone with a ton of cash you are probably safe.
The actual domain itself doesn’t really bind you beyond the registration rules, which the country themselves set - typically these will allow for cancellation of the registration for any reason.
It does not, but whoever controlling those domains may have their own rules about who may use them, and terminate your account if they feel you’ve broken their rules.
One common rule is that you have to actually be a person or company in that location. I know that’s true for .eu (which was real fun for brexit), probably for .uk, but I don’t think it’s a requirement for .us.
If you really want that name, I’d pick a non-ccTLD and pay a bit more.
Thanks for the quick reply! Assuming I host a Jellyfin instance for instance (pun intended), can they actually accuse me of breaking rules without a valid login? afaik for non-users the login page is as far as they (should be able to) go. As for the domain name, I’m not actually set on one specific name, but it seemed from the few I tried that .uk and .us are consistently much cheaper (~$5/yr as opposed to ~$10/yr).
Don’t forget to turn the proxy off or risk account restrictions/warnings/termination for breaking the rules of CF.
If anyone asks you’re just hosting home videos ;) No one can bust you for that.
Any reason those $5/yr in difference are worth the risk?
It’s just that I don’t know if there even is a risk… if there’s no risk I’d rather just pay less.
There is a risk. For example, Libya seized this .ly name for violating their laws.
You aren’t beholden to any other countries laws, but such domains are the property of their respective countries and their usaging can be conditional and revoked at any time (see what happened recently with .ml domains). Personally I use a .xyz domain because it’s also very cheap, although I’ve heard that it can make you appear more “suspicious” to antivirus companies and such.
Google literally (for whatever reason) flagged my domain or subdomain as malicious.
On the subdomain I noticed it, I am running regular Jellyfin and that is hidden behind a 2FA middleware.
I reported it and it got removed but that was interesting.
Had a similar issue with Google flagging my subdomains as malicious, even though they are only used inside my network and not even reachable (much less resolvable) outside. Ive submitted multiple times and it has come back several times 🤷♂️🤦♂️
If you want to host “Linux ISOs” I’ve heard from a friend that Njalla is the best option. You don’t own the domain meaning your personaldetails aren’t published and Njalla has a good track record when it comes to protecting their customers.
Lol that’s not it, currently I’m just hosting a Jellyfin instance since streaming services seem to have been going steadily downhill for years now. But that also counts as illegal activity afaik. I wasn’t worried up until now since in my country piracy laws aren’t really enforced at all (as a kid I didn’t even know downloading content was considered illegal), but I thought maybe using a .uk TLD may mean I have to answer to them.
For personal use I’d say go with whatever and make sure your Jellyfin server has been locked down. Maybe block anything but your own country IPs as that will lower any risk of scanning. But this is pretty much not necessary for a personal instance.
If you want to share your Jellyfin it depends on how many and how much you trust those you share with. The bigger the risk, the more likely I’d be to order through Njalla and routing through a VPN or the like.
I myself just use my lastname.tld as it’s for personal use along with sharing with a few trusted friends. I do though use a ccTLD that is assigned to my country as I feel like I have a better chance at keeping my stuff secure and private.
You can use noip.com for free dynamic DNS
And if you’re concerned about whoever finding out you’re hosting illegal content you can have a WireGuard server and have everything go through it instead of being open to the web. This also has the advantage of being essentially undetectable from the outside
I used to connect through wireguard but I want to be able to use it from devices that aren’t necessarily my own, both for sharing with friends and for personal access from friends and family devices (e.g. my parents’ android tv).
Edit: Also I just tried to go on noip.com from my workplace and it seems they blocked it as well… so that’s no good.
Watch out: Country specific TLDs may be aubject to restrictions like .eu or .de requiring to live there. Some may even require an adress there.
.de doesn’t require residency but requires a local contact.
Many European registrars work around these restrictions by providing their own local proxy for your benefit (for a cost). Some examples (that also include a list of such ccTLD’s):
Thanks for correcting :)
If I remember correctly it does apply to .eu though. At least I am partially right ;)
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
[Thread #55 for this sub, first seen 16th Aug 2023, 16:15] [FAQ] [Full list] [Contact] [Source code]