Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm not sure what you mean, that is where they started. The full story is as follows: Their DNS registrar stores the following A records for `thepiratebay.org`:

  ;; ANSWER SECTION:
  thepiratebay.org. 300 IN A 162.159.136.6
  thepiratebay.org. 300 IN A 162.159.137.6
Those IPs are owned by Cloudflare. The Rights Alliance then asked Cloudflare what IP address those IPs redirect cache-misses to. Cloudflare then gave them an IP address that belongs to a Swedish ISP. In turn, that ISP pointed to the VPN provider `OVPN.se` as the user of that IP address.

This article then updates on a lawsuit between the Rights Alliance and the VPN provider, since they're refusing to give out the VPN user of that IP address (because they can't).



These IP addresses are also routed through so-called premium PoPs of Cloudflare. I get never routed through IST when connecting to websites on Free plan. Seeing that Cloudflare accepts card payments and PayPal only, why the adversary is not focusing on the payment method that made the purchase?


In theory, one could pay for Cloudflare using prepaid (gift) debit cards paid for with cash. Whether that’s practical or not is a different question.


> one could pay for Cloudflare using prepaid (gift) debit cards paid for with cash.

I think most places require an ID to buy one of those, with cash or otherwise. This may just be a US thing though.


Who's paying the registrar? Can DNS records be paid for anonymously?


The DNS records in this case are hosted on Cloudflare servers, so presumably for free.

If looking at the domain registrar instead, we find the registrar `easyDNS.com`. Their payment options aren't public, so I can't say for sure. I can however say that there is no requirement for domains to be paid through an identifiable mean.

Take for example the registrar `njal.la`, a service founded by Peter Sunde, that accepts payment in various crypto-currency.


That was my original question. I had no idea one could register a domain name without providing identification.


Contrary to popular belief, not everyone is on board with systems aiming to create identifiers that map 1:1 with people. That's a very politically driven philosophy generally intended to enforce a means of auditability or control.

The thing that makes it seemingly inevitable to give up identifying information as part of financial transactions is the nature of Credit/Payment processing/Anti-Money Laundering regulations enforcing a KYC (Know-Your-Customer) component to being a legally operating financial transaction processor.

Do note, this audit trail creation is a big portion of the push to obviate and disincentivise cash transactions. The thinking goes, if you can only use the financial system by identifying your endpoints, there should be a clear audit trail if anything hinky is going on. Unfortunately, the much less well publicized corollary to that is that suddenly payment processors become an effective population scale control mechanism.

This should hopefully cause discomfort on further reflection, but to each their own.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: