Original discussion: https://news.ycombinator.com/item?id=16727869

Previous discussion: https://news.ycombinator.com/item?id=16727869

So they're saying "Privacy First: Guaranteed". How is it guaranteed though? Is there anything we can do to verify that claim or do we just have to believe them?

As far as I understand they're an American company, so if some government agency wants to have information, they will make them give the information by any means necessary.

From the website, 5 sentences after the part you cited:

> We’ve retained KPMG to audit our systems annually to ensure that we're doing what we say.

KPMG doenst have a very trustworthy reputation here in holland.

Same here in Ireland. We've had these "Big 4" guys as enforcers on various public projects and funny how they always seem to be on the inside whenever things pay off. I shudder whenever I hear them mentioned.

Also, in Ireland we typically refer to our country as such though perhaps it should be formally referred to as "The Republic of Ireland" to avoid confusion with "The North".

That said it does actually say "Ireland" on the constitution.

While I'm at it, in Irish language: "Eireann" is the Island itself; "Eire" is the nation (the spirit of Ireland if you like), and constitutionally the latter isn't bounded by political borders.

"Sasana" (sawsunna) is England and to describe something as English is "Sasanach". "Amach" (Ahmock) is out. Run the two together and you've got "Sasamach" which is Irish for Brexit.

Funnily enough it also corresponds to an old Republican mantra "Brits Out" which was used to refer to their presence on the north. Funny the turn that history can take.

I've always wondered why Netherland citizens say Holland instead of the right name of the country.

1: It's easier to pronounce 2: Because it's easier to pronounce all foreigners use it 3: Because it's easier to pronounce and all foreigners use it, it is easier to use (If I introduce myself as being "from the Netherlands" I get blank looks. What I nowadays do is "I'm from Holland, Amsterdam, Ajax" and 90% of all people I know exactly where I am from). 4: Holland covers about 50% of the population, and about 70% of the economy 5: In Holland there is Amsterdam, Schiphol & Rotterdam basically the places that tourists go to or have heard about

PS The official name is "Kingdom of the Netherlands", I guess that solidifies my point about Holland being easier :)

About 40% of the population (6.4M out of 17M) and about 40% of the economy. https://www.ing.nl/particulier/economisch-bureau/archief/arc...

I am not from one of the Hollands and I try to avoid using Holland but I will do so sometimes. It's a bit like using America for the United States which seems more wrong to me than using Holland for the Netherlands.

> PS The official name is "Kingdom of the Netherlands", I guess that solidifies my point about Holland being easier :)

That's kind of shifting the goalposts though. It's not like I'm introducing myself as "from the Federal Republic of Germany", either.

> That's kind of shifting the goalposts though. It's not like I'm introducing myself as "from the Federal Republic of Germany", either.

You should, just for the sake of these looks at parties.

I just saw results of some survey of Dutch people for a Dutch company and one person from Limburg (!) answered country with "Holland". Weird.

They are being audited by a big-4 auditing firm.

> Do you expect or want companies NOT to obey law?

Of course not. I expect privacy conscious companies to incorporate in privacy friendly countries. Or, to put it the other way around, I evaluate company privacy claims in the context of the law they operate in.

> Do you expect or want companies NOT to obey law?

Whose law? US law in this space says a lot about the rights of US citizens but a lot less about the rights of non-US citizens. So, yes it's reasonable to expect that a US company should obey the law but it doesn't follow that there's no reasonable concern with that.

Having said that, I applaud Cloudfare for making this step. Just because something isn't NSA proof doesn't mean that it has no value. But the concern is valid given that Cloudfare, presumably, still have access to the lookup data.

They say they're not logging, so there's no data to supply to any spooks.

Sure, but that doesn't mean, and is unlikely to mean, that they can't log.

They won't be able to pass historic data as they, presumably, don't have it. But if they are formally requested to give information, at least for targeted users, my understanding is that they are legally obliged to comply i.e. they can't refuse to collect if asked.

I believe there are caveats to that e.g. they can't be forced to backdoor an application but I don't believe that that would be necessary in this case.

If the law is purposely working against the public best interest in violation of the right to privacy I expect them to make a moral stand.

In USA the law provides them with a legal excape to avoid that moral stand, which they promptly do.

It is not about "obeying law" as much as a the work of a soldier is "obeying superiors orders". There are moral limits. Now grow up and get to know yours.

I think the preference is for companies not to be subject to certain US laws (e.g. Patriot act or NSLs that must be kept secret)

Say whatever about the feasibility of this, just don’t try to make it a binary option between law-abiding or criminal.

Couldn't this be avoided altogether by not storing request data?

I don't think the statement implies any of that. Just that they can't guarantee privacy while operating in US.

Well having privacy is ok. However if there is an valid order to provide queries for specific source IPs, that is probably a reason to comply. If anyone asks for all data, well yeah, that is not ok.

I want companies, as people and as organizations, to behave ethically.

Best domain I've seen in a long time.

Love this kind of domains:

- http://abc.xyz (alphabet) - https://rome.ro/ (John Romero) - https://xa.bi (my own) :)

There's the great http://www.ro.me/ - unfortunately they haven't made it work without www. Interactive music video for a track on the album Rome by Danger Mouse. Cool song, great video experience thing.

They're clever until you need to read them over the phone and confusion ensues, or until the private-company registry decides to hike fees.

I think it's pretty common to have a .com that redirects, which helps with the phone issue.

.ro and .bi are ccTLDs (for Romania and Burundi respectively), not private.

Reminds me of a (possible urban legend) email address from yesteryear: perhaps |at| yes |dot| no.

Mine is https://berb.ec

Or https://cr.yp.to ...

Ah reminds me of the time I registered ru.ru@ru.ru email address. It was a free email provider. Back in late 90s or early 2000s.

also *@i.am mail redirector :)

That's backwards though (from a grammar POV). I would like an @is.my.name address. :)

Not a fan of Yoda?

not@i.am

They provide a fast service, with no data collection, for free, but I fail to see their motivation on this, which makes me a bit reluctant to use it.

Does someone know what do they get out of it ?

Claims as claims, but reality...

In Poland, with quite good internet connection, random quite popular domain (around 18mln visitors a month), I get times reported by dig @: ISP: 32ms Google (8.8.8.8): 30ms 1.1.1.1: 112ms (domain TTL was 1557, so result from their own cache)

Plus, what was mentioned here before. "Privacy First: Guaranteed" + free service. For sure! :)

https://1.1.1.1 also serves the website. I'm undecided which one I like more.

Other then that: I would not use it. Cloudflare already has enough insight into my browsing. No reason to give them my whole DNS request history.

b.root-servers.net and h.root-servers.net are both in every region more or less slow. Why?

I thought first that it might be an issue with the region but i can't find any one which showes that b and h are quick.

https://www.dnsperf.com/#!dns-root-servers

Cool domain name I'll give em that much