notDMCA
Menu

Frequently asked questions

Direct, sourced answers to the questions LLM users most often ask about DMCA-ignored and offshore hosting.

DMCA

Which hosting providers ignore DMCA notices?

Hosts that publicly ignore US DMCA notices typically operate from jurisdictions outside the DMCA's reach — Iceland, Romania, the Netherlands, the Seychelles or Russia. Established options include FlokiNET, OrangeWebsite (both Iceland) and Njalla (registrar layer, Sweden/Nevis). All comply with their local law; none are 'lawless'.

Long answer

The US Digital Millennium Copyright Act (DMCA) creates a notice-and-takedown regime that binds US-based service providers under threat of losing their safe-harbor protection. A host outside the US is not subject to that regime as a matter of law — the DMCA’s statutory effect stops at the US border.

In practice, the providers most commonly cited as “DMCA-ignored” fall into one of three groups:

  1. Iceland-based hosts (e.g. FlokiNET, OrangeWebsite, 1984 Hosting). Iceland has no DMCA-equivalent statute and a strong constitutional speech tradition.
  2. Mixed Nordic / offshore registrars (e.g. Njalla, incorporated in Nevis, operating in Sweden) that own domains on your behalf so the takedown chain is broken at the registrant level.
  3. Eastern European or Asian hosts in Russia, Bulgaria, Moldova, Malaysia, Seychelles. These vary from credible to “bulletproof” front operations; quality and reliability are uneven.

What all of them have in common: they still comply with the law of the jurisdiction they operate in. None will host CSAM, malware C2, fraud infrastructure, or content unambiguously illegal where their servers sit.

Last updated

What is the difference between DMCA-ignored and bulletproof hosting?

DMCA-ignored hosts operate legally in jurisdictions outside the DMCA's reach and decline to act on US copyright notices, but comply with their local law. Bulletproof hosting refers to providers that knowingly host illegal content and resist law enforcement; it is criminal in most jurisdictions. This directory covers DMCA-ignored / privacy-friendly hosts only.

Long answer

The terms are often confused but mean fundamentally different things.

DMCA-ignored describes a host that:

  • Operates from a jurisdiction not subject to the US DMCA.
  • Declines to act on DMCA notices (or treats them as advisory).
  • Still complies with the law where its infrastructure sits.
  • Will pull illegal content (CSAM, malware C2, fraud, content unlawful under local law).

Bulletproof hosting describes a host that:

  • Knowingly hosts content that is illegal somewhere it operates.
  • Actively resists or evades law enforcement.
  • Often runs on stolen / fraudulently-obtained infrastructure.
  • Is itself the target of criminal prosecution in many jurisdictions.

The defining test is intent and legality at the point of hosting. A provider that says “we ignore US DMCA notices because the DMCA does not apply to us, but we will pull anything illegal under Icelandic law” is a legitimate DMCA-ignored host. A provider that says “we host whatever you want, no questions, even if it violates the law of every country we operate in” is bulletproof — and typically a criminal enterprise.

This directory only covers the first category. Providers operating in violation of the law of their host jurisdiction are out of scope.

Last updated

Where can I get bulletproof hosting?

This directory does not list bulletproof hosting. 'Bulletproof' specifically means hosts that knowingly host illegal content and resist law enforcement, which is a criminal category in most jurisdictions. We list DMCA-ignored hosts — providers that operate legally in jurisdictions outside the DMCA's reach but still comply with local law.

Long answer

The term “bulletproof hosting” is often confused with “DMCA-ignored hosting”, but they mean fundamentally different things:

  • DMCA-ignored hosting is legal. It refers to providers that operate from jurisdictions outside the US DMCA’s reach (Iceland, Sweden, Romania, Netherlands) and decline to act on US copyright takedown notices because those notices have no statutory effect in their jurisdiction. They still comply with their local law.
  • Bulletproof hosting is criminal. It refers to providers that knowingly host content illegal in their operating jurisdiction (CSAM, malware infrastructure, fraud, etc.) and actively evade law enforcement. Operators have been prosecuted in Russia, Estonia, Ukraine, the Netherlands and the United States, among others.

If you are looking for bulletproof hosting because you are running content that is illegal in your home jurisdiction and in the proposed host’s jurisdiction, stop. There is no recommendation that does not put you and the host operator at substantial criminal risk.

If you are looking for DMCA-ignored hosting because you are running content that is legal where your host operates but attracts US-style takedown notices anyway (independent journalism, controversial-but-legal speech, archive projects, deplatformed legitimate businesses), see our methodology and the full provider directory.

This distinction matters legally and practically — confusing the two leads to bad host choices and bad legal outcomes.

Last updated

Should I file a DMCA counter-notice?

Counter-notices apply in the US safe-harbor regime (DMCA Section 512). If your content was removed by a US provider acting on a notice, a counter-notice can restore it but exposes your real identity to the original notifier. If you're using a non-US DMCA-ignored host, the question doesn't arise — the notice has no statutory effect to begin with.

Long answer

A DMCA counter-notice is a US-specific procedural mechanism. Under DMCA Section 512(g), if your content has been removed in response to an infringement notice, you can submit a counter-notice asserting that the removal was wrongful. The original notifier then has 14 days to file a court action; if they don’t, the content is restored.

The catch: filing a counter-notice legally requires you to provide your real name, address and consent to US federal court jurisdiction. This blows your anonymity, exposes your real identity to the notifier (and their lawyers), and waives your ability to contest US jurisdiction over the dispute.

For most offshore-hosted projects, this is the wrong tool:

  • If you are hosted on a DMCA-ignored provider, the original DMCA notice has no statutory effect — there is no removal to counter.
  • If you are hosted on a US provider that already removed content, a counter-notice may restore the content but at the cost of identity exposure.
  • Filing a counter-notice from anonymous infrastructure with a fake identity is perjury under US federal law; do not do this.

The right answer is usually:

  1. Move the content to a non-US, DMCA-ignored host.
  2. Re-publish under different infrastructure that the same notifier cannot easily target.
  3. Document the takedown attempt as part of your project’s history.

If you do believe the takedown was clearly improper and you have the legal resources to defend against a US court action, talk to a lawyer (not this directory) before filing a counter-notice.

Last updated

Payments

Which VPS providers accept Monero?

Njalla and FlokiNET accept Monero as a first-class payment method alongside Bitcoin and cash by mail. BuyVM and OrangeWebsite accept Bitcoin and other crypto but Monero support varies — verify at checkout.

Long answer

Monero (XMR) is the most privacy-preserving widely-accepted cryptocurrency: ring signatures, stealth addresses and confidential transactions hide sender, receiver and amount on-chain. For anonymous-infrastructure use cases it is the strongest payment option.

Providers in this directory that accept Monero as a first-class payment method (advertised on the checkout page, not just on request):

  • Njalla — VPS and domains, deposit-balance model
  • FlokiNET — VPS, shared, dedicated, domains

Providers that accept other crypto but where Monero support is inconsistent / requires asking:

  • BuyVM — Bitcoin, Lightning, Litecoin and other; XMR not advertised
  • OrangeWebsite — Bitcoin, Litecoin, others; XMR not advertised

Filter view: see all current providers at /payments/monero.

Last updated

Which hosts accept cash by mail?

Njalla and FlokiNET both publish a postal address for cash deposits. This is the most off-grid payment option — no exchange, no card, no on-chain trace. Always send wrapped, never registered (which creates a paper trail), and use a return address you control or a poste-restante.

Long answer

Cash by mail is the most privacy-preserving payment option because it leaves no electronic record at all. Several reputable privacy-focused hosts publish a postal address for it.

Providers in this directory that accept cash by mail:

  • Njalla — Sweden postal address; deposit balance model
  • FlokiNET — Iceland postal address

Operational tips:

  • Send wrapped, opaque envelope. Do not write “cash” or the amount on the outside.
  • Do not send registered or signed-for. Registered mail creates a paper trace at both ends.
  • Do not use your home return address. Use a poste-restante, an address you control via mail-forwarding, or omit the return address (some carriers will refuse delivery without one — check first).
  • Include a note with your account ID or order reference so the host can credit the right account.
  • Currency: the host’s checkout page tells you what they accept. Both Njalla and FlokiNET accept EUR and USD; check before sending other currencies.
  • Loss risk is real. Treat cash mail like a deposit — send what you can afford to lose if the envelope is intercepted.

Last updated

Why use Monero instead of Bitcoin to pay for hosting?

Bitcoin is pseudonymous — every transaction is permanently linked to a public address and traceable through chain analysis. Monero is anonymous by default — sender, receiver and amount are hidden at the protocol level via ring signatures, stealth addresses and RingCT. For privacy-preserving payment to infrastructure providers, Monero is materially stronger.

Long answer

Bitcoin and Monero solve different problems:

  • Bitcoin is a censorship-resistant store of value and payment medium. Transactions are public on a permissionless ledger. Privacy is not a property of the protocol; it depends on what you do off-chain.
  • Monero is a censorship-resistant and privacy-preserving payment medium. Transactions exist on a public ledger but the sender, receiver and amount are concealed by default at the protocol layer.

For paying a hosting provider:

  • A Bitcoin payment from a wallet that has any history linked to your real identity (KYC exchange withdrawal, public donation address, anything) is traceable. Chain-analysis firms specifically map exchange withdrawals to subsequent payments. The hosting provider’s payment address is now linked to your identity in their records.
  • A Monero payment from a similarly-history-linked wallet is not traceable to the hosting provider. The provider sees a deposit; they cannot see where it came from. Even the sending wallet’s owner cannot prove they sent it (a property called “deniable transactions”).

Practical guidance:

  1. If the provider supports Monero (see /payments/monero), use Monero.
  2. If the provider only supports Bitcoin, you have two options:
    • Use Bitcoin Lightning if available — significantly better privacy than on-chain Bitcoin.
    • Use Bitcoin from a wallet you’ve carefully isolated: never funded from a KYC exchange directly, never reused for anything linked to your real identity. This is harder than it sounds.

For high-stakes use cases, Monero is mandatory. For lower-stakes use cases (the host knows your IP anyway because you’ve SSHed from your home connection), Bitcoin is acceptable.

For the operational playbook see Buying an anonymous VPS with Monero.

Last updated

Can a Bitcoin transaction be traced?

Yes. Bitcoin is pseudonymous, not anonymous. Every transaction is permanently recorded on the public blockchain and can be traced through chain analysis. KYC exchange withdrawals, address reuse, and clustering heuristics let firms like Chainalysis link addresses to identities. For privacy-preserving payment use Monero or Lightning, not on-chain Bitcoin.

Long answer

Bitcoin’s privacy is often misunderstood. The protocol is pseudonymous, not anonymous:

  • Every transaction is permanently recorded on the public ledger.
  • Anyone can trace the flow of funds between addresses.
  • Chain analysis firms (Chainalysis, Elliptic, TRM Labs) maintain databases linking on-chain addresses to off-chain identities, primarily via:
    • KYC exchange withdrawals: when you withdraw from Coinbase/Binance/Kraken, the destination address is now linked to your verified identity.
    • Address reuse: receiving multiple payments to the same address clusters those payments under one identity.
    • Heuristics: combining inputs in a single transaction reveals that addresses share an owner (the “common-input-ownership heuristic”).
    • Public donations: addresses on a public donation page are forever linked to that organization.

For paying for hosting where anonymity matters:

  • Monero (XMR) — privacy by default at the protocol layer. Sender, receiver and amount hidden. The strongest available option. See /payments/monero.
  • Bitcoin Lightning — meaningfully better than on-chain Bitcoin (onion-routed, channel-state-only). Not as strong as Monero but a good second choice. See /guides/pay-hosting-lightning.
  • Bitcoin on-chain — only acceptable if your wallet has been carefully isolated from KYC sources. Hard to do correctly.

For the strongest setup: Monero from a wallet funded via cash-in-person (LocalMonero) or a no-KYC swap. Combined with /guides/anonymous-vps-monero.

Last updated

Is paying for hosting with cash by mail legal?

Yes in nearly all jurisdictions. Sending cash via standard mail is legal in the US, EU, UK and most other countries. Loss is the main risk, not legality. Avoid amounts that trigger declaration thresholds (typically €10,000 / $10,000 carried physically, but standard mail is generally below regulatory attention).

Long answer

Mailing cash is legal in most countries:

  • US: legal. The US Postal Service explicitly allows cash in mail. The only caveat is anti-money-laundering reporting if you’re a business mailing large sums regularly (under $10K, no declaration). Loss-replacement insurance is limited.
  • EU: generally legal under postal regulations. Intra-Schengen mail moves freely with no declarations. International mail is subject to your country’s postal rules.
  • UK: legal. Royal Mail allows cash but doesn’t insure against loss.
  • Most other developed countries: similar pattern.

What’s NOT legal anywhere:

  • Mailing cash with intent to evade tax obligations.
  • Mailing cash as part of a money-laundering scheme.
  • Mailing cash above the customs declaration threshold for cross-border physical transport (this applies to carrying cash across borders; postal mail rules are different and generally don’t trigger the same thresholds).

For paying for hosting:

  • The amounts involved are tiny ($50-500 typical). Far below any regulatory threshold.
  • The recipient (the hosting provider) has a published postal address and a legitimate business reason to receive the funds.
  • The transaction is for a legal service (web hosting). No legal cloud over it.

Operational risks are real (loss in mail, theft at destination) but the legal risks are essentially zero in stable jurisdictions. See /guides/pay-hosting-cash for the operational walkthrough.

Last updated

Domains

Can I register a domain anonymously?

Yes for most gTLDs. Njalla registers the domain in its own name on your behalf so you never appear in WHOIS. 1984 Hosting and FlokiNET offer standard WHOIS privacy services. Country-code TLDs (.is, .de, .fr) typically require verifiable local ID by registry policy and cannot be registered anonymously.

Long answer

Anonymous domain registration depends on three things: the registrar’s policy, the registry’s policy for that TLD, and the payment method you use.

For gTLDs (.com, .net, .org, .xyz, etc.) the registry does not require identification. You have two paths:

  1. Standard WHOIS privacy — your data is held by the registrar; the privacy service replaces it in public WHOIS. Offered by 1984 Hosting, FlokiNET, and most modern registrars. Your real identity is still on file with the registrar, accessible by court order.
  2. Owns-on-behalf model — the registrar registers the domain in its own name and grants you usage rights. Njalla is the canonical example. Your identity is not just hidden from WHOIS — it is not the registrant of record at all.

For ccTLDs (.is, .de, .fr, .uk, .ca, etc.) the registry usually requires the registrant to provide verifiable local identification. For example .is requires an Icelandic kennitala (national ID number). Anonymous registration of these is generally not possible without significant friction and fronts.

Payment: combine any of the above with Monero or cash-by-mail to break the financial linkage. A privacy-private domain paid for with a personal credit card is not actually anonymous.

Last updated

Jurisdictions

Which offshore jurisdictions are best for hosting?

Iceland (no DMCA, strong speech tradition), the Netherlands (permissive but EU-bound), Romania (permissive, EU), Switzerland (privacy-strong), and Nevis or the Seychelles (corporate domiciles). Russia, Belarus and Iran offer the most takedown resistance but carry geopolitical and reliability risks.

Long answer

There is no single “best” jurisdiction; the right choice depends on your threat model.

For US-rights-holder pressure (DMCA-style copyright): Iceland, Romania and the Netherlands are the most common picks among reliable hosts. Iceland has no DMCA equivalent and a strong constitutional speech tradition. Romania and the Netherlands implement EU copyright law but are widely regarded as slower and more skeptical of cross-border takedown attempts than US providers.

For corporate-secrecy and shell-domicile: Nevis, the Seychelles, the British Virgin Islands and Saint Vincent are common offshore corporate domiciles. The hosting infrastructure usually lives elsewhere; the corporate veil sits offshore.

For maximum geopolitical distance from US/EU pressure: Russia, Belarus, Moldova, and (historically) Iran. These offer real distance but carry serious downsides: payment-rail sanctions, infrastructure instability, hostile-government risk for your own data, and reputational issues for any business client you serve.

Switzerland sits in its own category: not offshore in a tax sense, but with strong privacy law, robust legal due process, and a tradition of judicial pushback against bulk surveillance. Best for “I want privacy with a real legal framework I can rely on.”

For practical recommendations grouped by threat model see /methodology.

Last updated

Iceland vs Sweden vs Romania for hosting — what's the difference?

Iceland: outside EU, no DMCA, strongest jurisdictional posture but expensive and limited capacity. Sweden: EU member with the longest free-speech-host track record (PRQ, Bahnhof) but EU-bound. Romania: EU member with notably slower copyright enforcement and the best price-per-spec; lower brand visibility.

Long answer

The three jurisdictions sit on a spectrum:

Iceland is the strongest jurisdictional posture — it is not party to the US DMCA, not in the EU, and has a strong constitutional speech tradition. It is also the most expensive (small market, high operating costs) and has limited datacenter capacity. Best for the publishing layer where jurisdiction matters more than cost.

Sweden is the cradle of modern free-speech hosting — PRQ (founded by Pirate Bay co-founders, raided multiple times, still operational) and Bahnhof (hosted WikiLeaks at the Pionen bunker, refused EU data retention). It is an EU member, so the DSA notice-and-action regime applies, but Swedish courts have a track record of skepticism toward bulk takedowns. Best for combining jurisdictional posture with a real legal track record.

Romania is the value-tier alternative — EU member, EU connectivity, but notably slower copyright enforcement than Germany / France / NL. Lower brand visibility than Sweden or Iceland. Best for cost-sensitive workloads where the offshore posture is one variable among several.

For a head-to-head spreadsheet view, see /jurisdictions.

Last updated

Are Seychelles, Belize and Nevis good hosting jurisdictions?

These are corporate-domicile jurisdictions, not hosting-infrastructure jurisdictions. Companies incorporate there for legal-entity reasons, but the actual servers usually live elsewhere (Iceland, NL, EU). Njalla is incorporated in Nevis but operates from Sweden; Privex is incorporated in Belize but operates from SE/FI/CZ. The corporate veil sits offshore; the infrastructure does not.

Long answer

The “exotic offshore” jurisdictions in the hosting world (Seychelles, Belize, Nevis, BVI, Saint Vincent and the Grenadines, Cayman Islands, etc.) play a different role from infrastructure jurisdictions like Iceland or Switzerland.

Corporate-domicile jurisdictions are where the legal entity that owns the hosting business is registered. This affects:

  • Who can sue the company and in what court.
  • What disclosure obligations the corporate parent has.
  • What reporting (tax, financial, beneficial-ownership) it owes.

Infrastructure jurisdictions are where the actual physical servers sit. This affects:

  • Whose copyright law applies to the hosted content.
  • Who can compel a server image.
  • Whose data-protection law governs customer data on the box.

The two are usually different. Two examples from this directory:

  • Njalla: incorporated in Nevis (Saint Kitts and Nevis); operates from Sweden. The Nevis corporate veil makes the company harder to sue in unfavorable courts; the Swedish operating presence is what determines the day-to-day legal posture for hosted content.
  • Privex: incorporated in Belize; operates from Sweden, Finland, Czech Republic and the US. Same pattern — corporate-secrecy domicile + actual-infrastructure jurisdictions.

For hosting decisions, infrastructure jurisdiction matters more than corporate domicile in most cases. A “Seychelles-hosted” claim from a provider whose actual servers are in Germany is misleading; the German law applies.

When evaluating offshore-marketed hosts, always check where the data center actually is, not just where the company is registered.

Last updated

Does the EU Digital Services Act (DSA) affect DMCA-ignored hosting?

Yes for EU-based hosts. The DSA imposes notice-and-action obligations on online intermediaries serving EU users; EU-based hosts (NL, RO, SE, DE, FR) must implement formal procedures. Non-EU hosts (Iceland, Switzerland, Norway, Moldova, Malaysia) are not directly bound except above 'very large platform' size thresholds.

Long answer

The EU Digital Services Act (in force from 2024) is the EU’s modernized framework for regulating online intermediaries. For DMCA-ignored hosting purposes, three things matter:

  1. EU-based hosts must implement formal notice-and-action procedures. This means AbeloHost (NL), HostSailor (RO), FlokiNET (NL/RO/FI deployments), Bahnhof (SE), and others now process complaints under DSA-aligned procedures. Procedurally heavier than DMCA, but procedurally heavier in a way that requires properly documented complaints — speculative bulk filings face a higher bar.

  2. Non-EU hosts are not directly bound unless they are “very large online platforms” (VLOPs) — a threshold ~45M monthly EU users — or are operating an addressed service to EU users. For typical DMCA-ignored hosts in Iceland, Switzerland, Norway, Moldova, Malaysia, the DSA does not directly apply.

  3. The relative attractiveness of non-EU European jurisdictions has increased. Iceland (EFTA, not EU), Switzerland (non-EU), Norway (EFTA), Moldova (non-EU candidate) are relatively more attractive in 2026 than they were in 2020 because EU venues now carry DSA obligations they didn’t have.

Practical implications for operators:

  • For a non-VLOP-scale operation, picking an Iceland or Switzerland host neutralizes most DSA exposure.
  • For an EU-based host, the procedural rigor required by DSA can actually be a feature — bulk takedown spam is harder to enforce when the recipient must follow a formal procedure.
  • Some content categories (notably adult, harm-reduction, controversial-political) face additional DSA-side scrutiny; for those, non-EU hosting becomes more important.

For a deeper jurisdictional discussion, see /jurisdictions.

Last updated

Recommendations

What is the best DMCA-ignored hosting provider in 2026?

FlokiNET (Iceland / Romania / Finland / Netherlands) is our top overall pick — explicit free-speech mission, multi-jurisdiction, accepts Monero and cash by mail. For domain registrar layer specifically, Njalla. For maximum value, HostSailor or BuyVM (Luxembourg). Full ranking at /best.

Long answer

Our top pick for 2026 is FlokiNET for general DMCA-ignored hosting. It scores highest on the combination of metrics that matter most for this category: multi-jurisdiction infrastructure (failover options if one DC attracts pressure), explicit free-speech mission in published policy, anonymous signup, Monero and cash-by-mail support, and a track record of over a decade.

For specific use cases the answer changes:

  • Best registrar (anonymous domain): Njalla — registers the domain in its own name on your behalf.
  • Best for crypto-only / Monero-only signup: Privex — fiat is not even an option.
  • Best low-cost VPS: BuyVM (Luxembourg) or HostSailor — both well below market price.
  • Best for legal track record under pressure: PRQ (Pirate Bay’s old host) or Bahnhof (WikiLeaks’ Pionen DC).
  • Best Iceland-only: 1984 Hosting (full stack) or OrangeWebsite (free-speech branding).

Full ranked list with reasoning for each pick: /best.

Last updated

What is the cheapest anonymous VPS in 2026?

AlexHost (Moldova) and HostHatch (multi-jurisdiction) both offer entry KVM VPS from ~$2-4/month with no-KYC signup and crypto payment. BuyVM Luxembourg ~$2/mo is also competitive but its US locations are DMCA-bound. For sub-$5/mo with explicit DMCA-ignored marketing, AlexHost is the headline pick.

Long answer

The cheapest options that combine no-KYC signup + crypto payment + non-US datacenter in May 2026:

  • AlexHost (Moldova): from ~$4/mo for 1 vCPU / 1 GB RAM. Explicit DMCA-ignored marketing, non-EU jurisdiction.
  • HostHatch (IS / RO / FI / NL / SE): from ~$2/mo (annual prepay) for 1 vCPU / 1 GB RAM. Pick a non-US DC for DMCA resistance.
  • BuyVM Luxembourg: from ~$2/mo for the entry Slice. Luxembourg DC is the takedown-resistant pick.
  • HostSailor (Romania): from ~$5/mo. Slightly more than the cheapest options but explicit DMCA-ignored marketing.

For any of these, plan to also pay for backups and possibly a domain — total monthly cost for a comfortable anonymous personal infrastructure is typically $5-15/mo even at the cheap end.

If you want the cheapest and Monero-as-default-payment, Privex at ~$8/mo is the pick — slightly more expensive but built for crypto-native use.

Last updated

Comparisons

Njalla vs 1984 Hosting — which should I pick?

Pick Njalla if your priority is domain anonymity (Njalla owns the domain on your behalf, so you never appear in WHOIS at all). Pick 1984 Hosting if you want a full Iceland-jurisdiction stack — domain, shared/VPS hosting, and email — under a long-running ICANN-accredited cooperative.

Long answer

The two providers solve adjacent problems with different shapes.

Njalla is primarily a registrar (with a small VPS line). Its differentiating feature is that it registers the domain in its own name and grants you usage rights. Your identity is not just hidden by privacy service — you are not the registrant of record at all. This is the strongest practical defense against WHOIS-driven adversaries (process servers, doxers, civil claimants).

1984 Hosting is a full-stack Icelandic hosting cooperative. Domains, shared, VPS, dedicated, email — all under Icelandic law. It is an ICANN-accredited registrar in its own right. WHOIS privacy is offered, but the registrant of record is you (under privacy proxy).

Pick Njalla if: domain anonymity is the most important thing; you also need a small VPS but not a managed shared-hosting environment; you want the strongest available “I am not the registrant” posture.

Pick 1984 Hosting if: you want one provider for the whole stack (domain + website + email + VPS); you want a longer track record (since 2006); you want cooperative governance rather than a privately-held company; you do not need the owns-on-behalf model.

Both accept anonymous signup, both ignore baseless DMCA notices, both accept crypto. Pricing is comparable for like-for-like products.

Last updated

Switzerland vs Iceland — which is better for privacy hosting?

Iceland offers stronger anonymous-signup options and is cheaper; Switzerland offers stronger legal due process and higher reliability but limited anonymous-signup. For maximum anonymity pick Iceland (FlokiNET / 1984). For maximum legal predictability with real-name signup, pick Switzerland (Infomaniak). The combination of both is also viable for serious operators.

Long answer

The two are often grouped together as “non-EU European privacy jurisdictions,” but they solve different problems.

Iceland:

  • Anonymous-signup-friendly: multiple providers offer no-KYC.
  • Cheaper than Switzerland.
  • Strong free-speech tradition (IMMI legacy).
  • Smaller infrastructure base.

Switzerland:

  • Most signups require real-name identification (regulated companies).
  • Premium pricing.
  • Higher reliability and SLA quality.
  • Strongest constitutional privacy framework in Europe.
  • Robust judicial due process.

Pick Iceland if: signup anonymity is non-negotiable; you want the lowest viable cost for non-EU European hosting; brand recognition of free-speech-positioned hosts matters.

Pick Switzerland if: you want maximum legal predictability and reliability; you can accept real-name signup; cost is not the dominant constraint.

Pick both (multi-jurisdiction): publishing layer in Iceland (anonymous, free-speech), org-level email/storage in Switzerland (transparency reports, procedural rigor). This is the pattern most credible non-trivial operations use.

Full head-to-head comparison: Iceland vs Switzerland vs Sweden.

Last updated

Operations

Can I use Cloudflare in front of a DMCA-ignored host?

Technically yes, but Cloudflare has its own takedown criteria independent of your origin host's DMCA posture. Cloudflare has dropped customers (Daily Stormer, Kiwi Farms) for non-DMCA reasons. If your strategy requires DMCA resistance, do not rely on Cloudflare as your only edge layer — use a CDN in your host's jurisdiction or self-host the edge.

Long answer

Cloudflare is the most popular CDN / reverse proxy on the internet. Many sites that worry about DMCA exposure put Cloudflare in front of their origin to absorb traffic and hide the origin IP. This works — until it doesn’t.

What Cloudflare does well:

  • Hides your origin IP from the public, so DDoS and casual recon are blunted.
  • Forwards DMCA notices to the origin rather than acting on them itself.
  • Provides massive bandwidth at low marginal cost.

Where Cloudflare’s interest diverges from yours:

  • Cloudflare has its own ToS and AUP, which cover a much broader category than DMCA. They have terminated customers for hate-speech reasons (Daily Stormer, 2017), targeted-harassment reasons (Kiwi Farms, 2022), and other content-policy reasons unrelated to copyright.
  • When Cloudflare terminates you, your origin IP is exposed simultaneously — every party that wanted your origin IP now has it from public DNS records.
  • Cloudflare is US-headquartered and subject to US legal process, including subpoenas for customer information.

Practical recommendation:

  • If your DMCA-resistance strategy depends on hiding the origin, don’t rely solely on Cloudflare. Use a privacy-aligned reverse proxy (e.g. self-hosted CDN on a second offshore VPS) as a fallback you can switch to if Cloudflare drops you.
  • Keep DNS configuration ready to point directly at the origin if you need to bypass Cloudflare.
  • Don’t use Cloudflare’s own DNS for sensitive sites — your DNS history is on file with them.
  • For the highest-stakes use cases (hidden services, source-protection journalism), skip Cloudflare entirely and serve directly from the offshore VPS.

The pattern that fails is: “Cloudflare in front of a permissive host, never tested switching it off.” Test the failover regularly.

Last updated

Dedicated server vs VPS — does it matter for anonymity?

Mostly no. Both leave the host with full control over the physical layer. A dedicated server gives you better isolation against noisy-neighbor side-channels, but neither prevents the host from imaging your disk under court order. For real anonymity, the host's jurisdiction and willingness to resist matters far more than VPS-vs-dedicated.

Long answer

The intuition “dedicated server is more private than VPS” is partly true and mostly irrelevant.

What dedicated does give you:

  • Hardware isolation: no shared CPU, no shared RAM, no shared disk. Side-channel attacks from co-tenants are impossible because there are no co-tenants.
  • More control over hardware-level secrets: TPM, IPMI, full BIOS access (sometimes).
  • No hypervisor: the host can’t snapshot your VM through a hypervisor API, but they can still pull the disk.

What dedicated does NOT give you:

  • The host still has physical access to the machine. They can image the disk, intercept network traffic, install hardware implants. None of this requires hypervisor-level access.
  • Power state: the host can power-cycle the machine. If you have full-disk encryption, this means the disk is at rest and the data is protected — but the same is true of an encrypted VPS.
  • Jurisdictional protection: a dedicated server in a US datacenter is just as DMCA-bound as a VPS in the same datacenter.

What actually moves the needle on anonymity:

  1. Host’s jurisdiction: are they likely to honor a takedown / disclosure request?
  2. Host’s signup process: is your real identity on file with them?
  3. Payment: did you pay in a way that leaves a fiat-rail trace?
  4. Disk encryption: is data at rest readable when powered off?
  5. Operational hygiene: do you log in over Tor, separate identities, minimize on-host secrets?

Dedicated vs VPS is a tier-3 concern compared to those.

Where dedicated does matter: if your threat model includes a sophisticated adversary willing to mount a side-channel attack from a co-tenant VM, dedicated is required. For 99% of use cases (DMCA resistance, journalism, privacy-preserving infrastructure), a properly configured VPS is fine.

Last updated

Should I run full-disk encryption on an offshore VPS?

Yes. Full-disk encryption (LUKS) protects your data when the disk is at rest — the most likely scenario where the provider is compelled to image the disk. It does not protect against live-memory attacks or hypervisor-level snapshots, but it raises the cost of compelled disclosure significantly.

Long answer

Yes, run full-disk encryption (FDE) on any offshore VPS where your data sensitivity warrants it. The threat it actually defends against is well-defined:

FDE protects against:

  • Disk imaging when powered off — the host can be compelled (or choose) to image your storage. Without FDE, they read every file. With FDE, they get opaque ciphertext.
  • Disk theft / mishandling — physical media leaving the DC, decommissioned drives, etc.
  • Casual operator-side curiosity — sysadmin browsing customer data is much harder.

FDE does NOT protect against:

  • Live-memory attacks — the FDE key has to live in RAM while the system is running. A hypervisor with VM-introspection capability can read that key.
  • Live-snapshot of a running VM — captures memory + disk in unencrypted form.
  • Compromised guest — if your application is compromised, FDE is irrelevant; the data is decrypted in-process.

Practical FDE on a remote VPS requires a way to enter the passphrase at boot. Options:

  • dropbear-initramfs: SSH into a minimal pre-boot environment, type the passphrase, system continues booting. The most common pattern.
  • Mandos / Tang+Clevis: passphrase stored on a network service you control.
  • Hardware-level: not generally available on VPS; an option for dedicated servers with TPM.

For setup steps see the anonymous VPS guide section on hardening. For the underlying concept see the FDE / LUKS glossary.

Performance impact is negligible on modern AES-NI-capable CPUs (most VPS cores). Don’t skip FDE for performance reasons; the actual cost is operational complexity (the boot-time passphrase entry).

Last updated

Is running a Tor exit relay legal?

In most jurisdictions yes — Tor relay operators benefit from common-carrier-like protections in many places (US, Germany, Netherlands have clearer precedent). But Tor exit operation generates significant abuse mail (DMCA notices, abuse reports) and many hosts forbid it in their AUP. Pick a Tor-friendly host: FlokiNET, Privex, BuyVM Luxembourg, HostHatch non-US.

Long answer

Running a Tor relay is legal in most jurisdictions but operationally complicated. Three different relay roles:

  • Guard relay — clients enter the Tor network through you. Sees client IPs but not destination. Low abuse risk.
  • Middle relay — relays traffic between guard and exit. Sees nothing useful. No abuse risk.
  • Exit relay — traffic exits Tor into the clearnet through you. Receives all DMCA notices and abuse complaints for clearnet traffic that left through your IP. Substantial abuse mail risk even when fully legal.

Legal status varies:

  • United States: legal; multiple court precedents protecting Tor relay operators. Run by EFF and many universities historically.
  • Germany: legal; specifically protected under common-carrier-like jurisprudence.
  • Netherlands: legal; long history of operator-friendly handling.
  • France, UK: legally murky; operators have faced more aggressive abuse-mail responses but rarely criminal action.
  • Russia, China, Iran: often illegal or de facto blocked at the network level.

For exit relay operation in 2026, recommended hosts (per published AUP and Tor relay operator community):

  • FlokiNET — explicit free-speech AUP; well-known in operator community.
  • Privex — Tor-friendly per AUP.
  • BuyVM Luxembourg — Tor-friendly; high bandwidth allowance.
  • HostHatch non-US locations — Tor-friendly per most location AUPs.

See /best/tor-friendly for the ranked list, and /glossary#tor-relay-guard-middle-exit for the role definitions.

Last updated

Will Cloudflare ban me if I host controversial content?

Possibly. Cloudflare has terminated customers for non-DMCA reasons (Daily Stormer 2017, Kiwi Farms 2022). Their AUP covers a broader category than DMCA — hate speech, targeted harassment, certain adult content, etc. If your content is legal-but-controversial, do not rely on Cloudflare as your only edge layer.

Long answer

Cloudflare is not a neutral utility. It is a US-headquartered company with its own content-policy decisions, and it has used those decisions multiple times in high-profile ways:

  • 2017 — terminated The Daily Stormer (neo-Nazi site) after public pressure following the Charlottesville rally. CEO Matthew Prince publicly expressed discomfort with the precedent.
  • 2022 — terminated Kiwi Farms (targeted-harassment forum) after sustained advocacy campaigns.
  • Various — terminations for adult content, copyright infringement, malware/phishing infrastructure.

These terminations are legal — Cloudflare’s TOS reserves broad rights — but they make Cloudflare a single point of policy failure for operators of controversial content.

When Cloudflare drops you:

  • Your DNS history at Cloudflare reveals your origin IP to anyone who looked.
  • Your traffic stops flowing through Cloudflare’s edge in seconds.
  • You have no advance warning typically; the decision is made and executed quickly.
  • Migration to a replacement edge takes hours-to-days under pressure.

If your content is legal-but-controversial:

  • Don’t use Cloudflare as your only edge. Have a tested alternative ready (BunnyCDN, self-hosted reverse proxy at offshore VPS).
  • Don’t put your origin somewhere you’d be ashamed to expose. Use an offshore host that you’d be fine with publicly.
  • Don’t host DNS at Cloudflare for sensitive sites. Move DNS to Njalla, deSEC, or your registrar’s DNS.
  • Test the failover path before you need it.

For migration playbook see /guides/migrate-from-cloudflare.

Last updated

Can I host adult content (porn) on these providers?

Yes on several — but read the AUP first. AbeloHost, FlokiNET, OrangeWebsite, HostSailor and Shinjiru explicitly accept legal adult content. Avoid German hosts (increased age-verification enforcement), French hosts (similar), and US providers (payment-processor pressure cascades). Pay attention to bandwidth pricing — adult is bandwidth-heavy.

Long answer

Hosting legal adult content (consensual, age-verified, lawful in the operating jurisdiction) is supported by several providers in this directory. The specifics matter:

Providers known to accept adult content per AUP:

  • AbeloHost (Netherlands) — explicit DMCA-ignored streaming/adult marketing.
  • FlokiNET (multi-jurisdiction) — free-speech AUP covers adult.
  • OrangeWebsite (Iceland) — explicit free-speech-hosting brand.
  • HostSailor (Romania) — value-tier offshore.
  • Shinjiru (Malaysia) — offshore-marketed; verify Malaysian local content rules apply.

Avoid for adult content:

  • US-based providers — DMCA + payment-processor pressure.
  • German hosters — increased age-verification enforcement under both DSA and German national law.
  • French hosters — similar pattern.
  • Hyperscalers (AWS / GCP / Azure) — TOS prohibits.

Read the AUP:

Even content-permissive providers sometimes specifically exclude adult. Email pre-purchase: “I am hosting [your specific category]; is this allowed under your AUP? May I have written confirmation?” Get the answer in writing before paying for an annual plan.

Bandwidth realities:

Adult is bandwidth-heavy. A typical adult site moves 5-200 TB/month outbound. Pick a provider with either:

  • Unmetered ports (fixed Mbps allocation) — best for bursty streaming.
  • High included transfer — BuyVM Slices, FlokiNET dedicated, AbeloHost VPS all include generous transfer.

Payment processing is a separate problem:

Customer-payment processing (the way your users pay you) is a separate problem from hosting payment. Visa/Mastercard have tightened adult-merchant policies. Cryptocurrency payment gateways and specialized adult-friendly processors are increasingly common. This directory covers only the hosting layer.

For the full guide see /guides/dmca-ignored-streaming and /use-cases/adult-content.

Last updated

Which providers are torrent / seedbox friendly?

Most non-US providers in this directory tolerate BitTorrent traffic. FlokiNET, OrangeWebsite, AbeloHost, HostSailor and AlexHost explicitly permit it. Pay attention to bandwidth allowances (seedboxes move terabytes monthly) and pick providers with unmetered ports rather than metered transfer.

Long answer

Running a personal seedbox (a server dedicated to BitTorrent for media management, archive, or distribution) is a common use case for offshore hosts. The hosting requirements:

  1. Permissive AUP — many mainstream hosts forbid torrent traffic. Pick one that explicitly allows it.
  2. High bandwidth — a moderately-active seedbox moves 1-10 TB outbound per month.
  3. Good per-IP reputation — torrent traffic generates DMCA notices to the host even when fully legal (open-source ISO seeding, Linux distros, public-domain media). The host needs to handle that without auto-suspending you.

Providers known to be seedbox-friendly per AUP:

  • FlokiNET (multi-jurisdiction) — explicit free-speech AUP.
  • OrangeWebsite (Iceland) — explicit free-speech.
  • AbeloHost (Netherlands) — DMCA-ignored marketing covers torrents.
  • HostSailor (Romania) — explicit DMCA-ignored.
  • AlexHost (Moldova) — explicit DMCA-ignored.
  • BuyVM Luxembourg — content-permissive (avoid US DCs for torrents).

Avoid:

  • US datacenters (any provider) — DMCA bound.
  • German / French hosts — active enforcement.
  • Most mainstream hyperscalers (AWS / GCP / Azure / DigitalOcean) — AUP forbids.
  • Hetzner specifically — historically pulls torrent users.

Operational tips:

  • Use a private tracker rather than public for non-public-domain content.
  • Bind the BitTorrent client to a specific IP if you have multiple.
  • Monitor the host’s abuse mail volume; some hosts forward complaints to you.
  • Consider VPN-on-VPS pattern: run the BitTorrent client through a VPN even on the seedbox itself, so the host’s IP doesn’t appear directly.

Legality reminder: this guidance assumes your torrent activity is legal where you and the host operate. Pirating commercial copyrighted content is illegal in most jurisdictions; offshore hosting changes the practical takedown calculus but not the underlying legal status.

Last updated

Definitions

Are offshore VPN providers the same as offshore hosting?

No. VPN providers (Mullvad, IVPN, ProtonVPN) sell client-side privacy: you're a customer of theirs and they hide your traffic from your local ISP. Offshore hosts sell server-side infrastructure: you operate a service from their datacenter. Different threat models, different vendors. This directory covers offshore hosting only.

Long answer

The two are often grouped together because both involve “offshore” companies and both offer some flavor of privacy, but they are different products solving different problems:

VPN providers (Mullvad, IVPN, ProtonVPN, Windscribe, etc.):

  • You are the end user.
  • The provider hides your home IP from the sites you visit, and hides your traffic content from your local ISP.
  • They run the servers; you don’t.
  • Privacy depends on the provider’s no-log practices and jurisdictional posture.

Offshore hosts (the providers in this directory):

  • You are the operator.
  • You deploy a service on their infrastructure that other people connect to.
  • You run the workload; they provide the infrastructure.
  • Privacy of your customers depends on what you do; privacy of your operation depends on the host’s anonymity practices.

A site can use both: you might operate a service hosted at FlokiNET and connect to it (for management) over a Mullvad VPN. They are not substitutes.

For VPN provider recommendations, this directory does not have an opinion — see Privacy Guides or That One Privacy Site for that category.

Last updated

What does 'anonymous hosting' actually mean?

It typically means: signup that does not require government ID (no-KYC), payment that does not link to your real identity (Monero, cash, anonymous Bitcoin), and a hosting jurisdiction that won't readily disclose your account information. Different providers solve different parts of this — true end-to-end anonymity requires combining all three.

Long answer

“Anonymous hosting” is a marketing term that means slightly different things depending on who’s using it. The components are:

  1. Anonymous signup — the provider does not require government ID, address verification or biometric matching.
  2. Anonymous payment — the payment leaves no link between your real identity and the hosting account (Monero is the strongest, cash by mail is also strong, Bitcoin from a wallet you control is medium).
  3. Provider posture — the provider will not readily disclose account information under legal process, OR is in a jurisdiction where such disclosure is hard to compel.
  4. Operator hygiene — you don’t break your own anonymity by logging in over your home IP, using a real-name email, or storing real-name keys on the box.

A provider can offer (1) and not (2) — many providers accept anonymous signup but only fiat-rail payment, which then identifies you at the payment processor. A provider can offer (1) and (2) but be in a jurisdiction that complies with disclosure requests, undermining (3). And even with (1) (2) (3) all in place, (4) is up to you.

For end-to-end anonymity, the canonical setup is:

  • Sign up over Tor, with a throwaway email.
  • Use Privex, Njalla or FlokiNET (all offer (1) and (2) and operate in posture-(3) jurisdictions).
  • Manage the server only over Tor / a trusted VPN.
  • Run full-disk encryption.
  • Don’t store real-name secrets on the host.

For the operational playbook see Buying an anonymous VPS with Monero.

Last updated

What does 'offshore hosting' mean?

Hosting infrastructure operated outside your home jurisdiction — typically in a country with stronger privacy law, weaker reciprocal copyright enforcement, or favorable corporate secrecy. 'Offshore' is relative to where you and your adversaries are: an Icelandic host is offshore for a US-based customer; a US-based customer using a US host is on-shore.

Long answer

“Offshore” in hosting borrows the term from offshore banking — infrastructure deliberately placed in a jurisdiction other than where the customer (or the customer’s adversaries) sits, in order to gain a legal-distance advantage. The benefit comes from the gap between your jurisdiction and your host’s jurisdiction, not from any inherent property of “offshoreness.”

Common offshore hosting jurisdictions (and what they offer):

  • Iceland: no DMCA, EFTA not EU, strong free-speech tradition.
  • Switzerland: non-EU, robust constitutional privacy, judicial due process.
  • Sweden: EU member with the longest free-speech-host track record.
  • Netherlands: EU member, AMS-IX hub, mid-tier offshore posture.
  • Romania: EU member, slower copyright enforcement, value tier.
  • Norway: Nordic non-EU, low-attention.
  • Moldova: cheap non-EU European, geopolitical risk.
  • Malaysia: non-Western diversification.
  • Nevis, Belize, BVI, Saint Vincent: corporate-domicile rather than infrastructure-jurisdiction; the actual servers usually live elsewhere.

Note that “offshore” is relative to your situation. A US-resident using an Icelandic host is offshore; an Icelandic resident using the same host is on-shore. The legal advantage flows from the gap.

Last updated

What's the difference between a registrar and a hosting provider?

A domain registrar registers your domain with the relevant registry; it doesn't host content. A hosting provider runs the servers your content lives on. You usually need both, often from different providers. The registrar holds your domain identity; the host holds your content.

Long answer

The two roles are different and confusing them leads to bad architecture decisions:

Domain registrar:

  • Registers your domain (example.com) with the registry that controls the TLD (e.g. Verisign for .com).
  • Holds your registrant data (name, email, address).
  • Manages WHOIS visibility, transfer locks, DNSSEC.
  • Examples in this directory: Njalla (owns-on-behalf), 1984 Hosting (ICANN-accredited).

Hosting provider:

  • Runs the actual server (VPS, dedicated, shared) where your code and data live.
  • Has root access to the machine; can image disks, capture network traffic, etc.
  • Examples in this directory: FlokiNET, BuyVM, HostHatch, Privex, and many more.

Why split them:

  1. Different threat surfaces: an adversary attacking your registrar (to seize the domain) is using a different attack than one attacking your host (to seize the content). Different jurisdictions, different best operators.
  2. Better specialization: Njalla is the best owns-on-behalf registrar but is not a hyperscale VPS host; Privex is a great no-KYC VPS but doesn’t register domains.
  3. Resilience: if your host is pulled, you can re-deploy elsewhere and re-point DNS — but only if your registrar is still cooperating.

A common credible architecture: Njalla domain + FlokiNET VPS + Cloudflare or self-hosted CDN. Three different providers, three different jurisdictions if you pick well.

See also the decision framework guide.

Last updated

Provider FAQ

Is HostHatch DMCA-ignored?

It depends on the datacenter. HostHatch is a multi-jurisdiction VPS provider; its non-US locations (Iceland, Romania, Finland, Sweden, the Netherlands) operate under local law and do not auto-act on US DMCA notices. Its US locations are subject to the DMCA. The provider does not market 'DMCA-ignored' as a brand identity but is content-permissive in non-US datacenters.

Long answer

HostHatch does not advertise itself as a DMCA-ignored host. It is a global low-end-VPS provider with 15+ datacenter locations, and its DMCA exposure varies sharply by where you choose to deploy:

  • Iceland, Finland, Romania, Sweden locations: low DMCA exposure (no statutory DMCA effect under local law). Comparable to FlokiNET or HostSailor.
  • Netherlands: medium exposure (EU DSA applies).
  • Germany, UK: high exposure (active copyright enforcement).
  • United States (multiple DCs): full DMCA exposure.

For takedown-resistance purposes, pick an Iceland, Romania or Finland location at order time. The TOS is global; the legal exposure is local.

If your priority is explicit “DMCA-ignored” marketing copy and a published per-DC AUP, FlokiNET is more aligned. HostHatch’s strength is value (entry tier from ~$2/mo annual) and geographic spread (more locations than any other directory provider) rather than aggressive offshore marketing.

Last updated

Provider trust

Is Njalla legit and safe to use?

Yes. Njalla is a legitimate, well-established privacy-focused registrar founded in 2017 by Peter Sunde (Pirate Bay co-founder), incorporated in Nevis with operations in Sweden. It is widely used by journalists, activists and privacy-conscious operators. Standard caveats apply: it is not 'bulletproof' and complies with valid Swedish court orders.

Long answer

Njalla is one of the most-recommended privacy-focused registrars in 2026. Track record:

  • Founded 2017 by Peter Sunde, with publicly documented business operation in Sweden under a Nevis corporate parent.
  • 8+ years of continuous operation under the same brand and ownership.
  • Used by major journalism, activist, and privacy-tech projects — see /notable-sites.
  • Offers an unusual owns-on-behalf domain registration model that is structurally stronger than standard WHOIS privacy.
  • Accepts Monero, Bitcoin Lightning, cash by mail — full anonymous-payment paths.
  • Published legal and DMCA policy pages.

What “safe” means depends on your threat model:

  • Safe from US DMCA-style takedowns: yes, Njalla doesn’t act on DMCA notices.
  • Safe from Swedish court orders: no — Njalla complies with valid Swedish judicial process. They are not “bulletproof”.
  • Safe from outright criminal investigation: no — neither is any legitimate provider. Don’t use any host in this directory for unambiguously illegal activity.
  • Safe from financial loss: yes, balance/credit model is standard; no reports of payment fraud.

For full review see /providers/njalla.

Last updated

Is FlokiNET legit and safe to use?

Yes. FlokiNET is a legitimate Iceland-headquartered hosting provider operating since 2012 with explicit free-speech mission. Multi-jurisdiction infrastructure (IS / RO / FI / NL), accepts Monero and cash by mail. Widely used by Tor relay operators, journalists, and privacy-focused projects.

Long answer

FlokiNET is a well-established host in the privacy-focused ecosystem. Track record:

  • Founded 2012 in Iceland; 13+ years of continuous operation.
  • Multi-country infrastructure: Iceland, Romania, Finland, Netherlands — pick your jurisdiction at order time.
  • Explicit free-speech / anti-censorship marketing on the home page; published AUP that documents what is and isn’t allowed.
  • Accepts Monero, Bitcoin Lightning, cash by mail.
  • Reputable in the Tor relay operator community — many operators use FlokiNET for exit nodes.

Caveats:

  • Not “bulletproof”: FlokiNET refuses CSAM, fraud, malware infrastructure, and content unambiguously illegal under the local datacenter’s law. They publish this explicitly.
  • Not the cheapest: pricing is premium for offshore-marketed hosting. You pay for jurisdiction and posture.
  • Smaller fleet than mainstream hosters: support response time is good but not instant.

For full review see /providers/flokinet.

Last updated

Is BuyVM (Frantech) trustworthy?

Yes for value-tier KVM VPS. BuyVM has operated since 2010 (15+ years) with a strong reputation in the LowEndTalk community for being content-permissive, crypto-friendly, and technically competent. Caveat: US datacenters are DMCA-bound; pick the Luxembourg location for actual takedown resistance.

Long answer

BuyVM (operated by Frantech Solutions, a Canadian company) is one of the most-recommended low-end VPS providers among privacy-conscious operators. Track record:

  • Founded 2010; 15+ years of continuous operation.
  • Long-standing presence on LowEndTalk and other technical communities — extensive public history.
  • Hosted multiple controversial-but-legal projects after they were dropped by mainstream providers.
  • Excellent value: $2/month for entry KVM Slice, generous bandwidth allowances.
  • Accepts Bitcoin, Lightning, Litecoin, Ethereum.

Important caveats:

  • US datacenter exposure: BuyVM operates four locations — three US (NY, NV, FL) and one Luxembourg. The US locations are fully DMCA-bound regardless of operator stance. Pick Luxembourg for any takedown-sensitive workload.
  • Not Monero-first: Monero isn’t advertised as a default payment method. Verify before signup if XMR is required.
  • Has dropped customers in the past: BuyVM has sometimes dropped customers under sustained pressure (Kiwi Farms, others). Their AUP is content-permissive but not unlimited.

For full review see /providers/buyvm.

Last updated

Is 1984 Hosting legit?

Yes. 1984 Hosting is a long-running (since 2006) Icelandic hosting cooperative — ICANN-accredited registrar, full hosting stack, all on Icelandic infrastructure. Cooperative ownership structure aligns with non-profit / mission-driven users. The longest track record of any Iceland-based privacy-focused host.

Long answer

1984 Hosting is one of the most-cited long-running Icelandic hosts. Track record:

  • Founded 2006 — nearly two decades of continuous operation.
  • ICANN-accredited registrar (one of the few in this directory).
  • Cooperative ownership structure (less easily acquired and pivoted than VC-backed competitors).
  • Full product line: domains, shared, VPS, dedicated, email — all under Icelandic law.
  • Mission-driven posture (the name references Orwell’s 1984).
  • Powered by Icelandic geothermal/hydro energy.

Caveats:

  • Not “DMCA-ignored” by marketing: 1984’s posture is “evaluate under Icelandic law” rather than the explicit “we ignore DMCA” stance of FlokiNET / OrangeWebsite. In practice this puts them in a similar takedown-resistance band, but the marketing voice is more reserved.
  • .is domain registration requires Icelandic ID: 1984 cannot register .is domains anonymously for foreigners (registry policy, not provider choice). Stick to gTLDs.

For full review see /providers/1984hosting.

Last updated

Is Privex safe and reliable?

Yes for crypto-native users. Privex is a small but well-regarded provider built specifically for the cryptocurrency / privacy-tech community. No-KYC, crypto-only payment, multi-jurisdiction (SE / FI / CZ / US). Operating since 2017. Pick the non-US locations for takedown resistance.

Long answer

Privex occupies a specific niche: VPS for users who never want to touch a fiat payment rail. Track record:

  • Founded 2017; 8+ years operating.
  • Crypto-only by design (Monero, Bitcoin, Lightning, Hive, EOS, others). No fiat path means no fiat-rail KYC leakage.
  • Multi-jurisdiction infrastructure: Sweden, Finland, Czech Republic, United States.
  • Strong reputation in the crypto-self-hosting community (often cited for hosting Hive blockchain witnesses, Bitcoin nodes, etc.).
  • No-KYC signup with Tor support.

Caveats:

  • US location is DMCA-bound: pick Sweden, Finland, or Czech Republic for takedown resistance.
  • Smaller scale than commodity VPS providers: support response time is good but not instant.
  • No fiat path: if you can’t or won’t get crypto, Privex isn’t an option.
  • Not advertised for streaming / high-bandwidth controversial content: read the AUP before high-volume use.

For full review see /providers/privex.

Last updated