Please note that the Privacy Policy and Terms of Service for this forum have changed. (More info)
3 Likes
These changes primarily reflect the new legal entity now responsible for ownership of Privacy Guides assets, MAGIC Grants (USA), and a change in hosting providers from Hetzner (DE) to Triplebit (USA). It also unifies the privacy notice for all websites operated by Privacy Guides into a single document.
Our written agreement with MAGIC Grants ensures that your data is only processed by the Privacy Guides team and those we authorize, same as it always has been.
If you have any questions about these changes, let me know!
5 Likes
I had a few question. How was Triplebit chosen? As I understand it is a commercial initiative by Jonah, so does it have some specific advantage over Hetzner, and were those advantages compared with offerings from other providers? Was Jonah involved in decision making for choosing a new provider, or was the conflict of interest taken care of?
Does using US located servers now mean PG servers can now be used for malicious US state objectives including but not limited to FISA, NSL, etc. leading to illegal logging, targeted attacks based on shared online identities people might reuse on the forum, etc.? My understanding was since PG was “publisher”, it was mostly protected from forced speech or gag orders, but Triplebit can be forced to do all of the above due to it being a cloud based service provider?
To be clear, these are not intended to cause panic, it is mostly for my threat modelling and for judging the moral forces governing the forum governance.
1 Like
The first part I can answer: jonah himself was not involved in the voting for this change. Major changes to the site are voted on by the executive commitee.
Now Jonah is on the commitee, but he is unable to vote on the matter as it concerns him. We wanted to move of hezner for a while now as they have a history of suddenly pulling the plug on projects without any warning.
Triplebit self was attractive as for 1. Its already run by a trusted core member of the project. 2. Low hosting costs(Triplebit is a Non profit organization).
4 Likes
Given Privacy Guides ie registered in the USA, even if it had servers in de EU they would likely be subject to US foreign surveillance acts unfortunately. There are only a very limited amount of companies that have proper legal defenses by splitting up their businesses (and the mother company being European).
Valid questions tho nevertheless
5 Likes
Makes sense, thanks for the clarity. @ph00lt0 too.
Are there any examples? I’m not doubting you, just curious.
For example, Hetzner is hostile to tor nodes: Tor Project | Good Bad ISPs
This is a common enough occurrence among Fediverse instances that I have seen multiple reports of it happening.
They have some strange wording that is not standard among most providers’ terms of service:
The Customer is obligated not to publish any content that infringes on the rights of third parties or otherwise violates applicable law. This includes in particular, but is not limited to, pornographic or obscene material, extremist content or content that offends common decency, gambling, material that could seriously endanger the morals of children or young people or violate the rights of third parties (copyrights, name rights, trademark rights and data protection rights). This also includes the publication of defamatory content, insults or disparagement of persons or groups of persons.
Emphasis mine. I’m not even sure what this means tbh, they already list obscene material separately before this. This is the sort of gray-area stuff that could be used to justify any censorship.
They have a heavy-handed policy that usually amounts to pretty drastic action like deleting your account or data with little or no warning pretty quickly.
The main issue is that Hetzner is too large to handle these cases properly 100% of the time, and I don’t need to deal with them taking down Privacy Guides because someone lied about us to their abuse team. This eliminates that attack vector.
I was involved in the sense that I sent this letter of intent to MAGIC and the executive committee.
February 7th, 2025
Letter of Intent
Triplebit is hereby interested in providing the MAGIC Privacy Guides Fund with unlimited computing resources for use with any projects relevant to Privacy Guides.
These resources would be leased at no charge, but no ownership of Triplebit’s hardware, software, or networking resources would be conferred to MAGIC.
Sincerely,
Jonah Aragon
Unsurprisingly we did not find a provider offering a similar service 
All changes are first approved by the executive committee to ensure they are aligned with our mission, and then second approved by the MAGIC Grants board of directors to ensure that they are aligned with organizational policies and our non-profit/charitable duties.
We as a team cannot make any decisions without that second safeguard, so even if the conflict of interest were not handled it would have been prevented by that separate board outside of the Privacy Guides team.
CoI policy: https://magicgrants.org/about/documentation/Policies/MAGIC%20Conflict%20of%20Interest%20Policy.pdf
All policies: https://magicgrants.org/about/documentation/
I am not a lawyer but my understanding is that PG is at no more risk than before for the reasons @ph00lt0 said, but it is now at less risk of abuse by German courts or service providers.
Cutting the number of jurisdictions with control in half is surely good attack surface reduction
Note this is addressed in our privacy notice in this section: https://www.privacyguides.org/en/privacy/#does-privacy-guides-make-international-data-transfers
Also note this page for future reference: https://www.triplebit.org/transparency/
3 Likes
This answers a bunch of questions I didn’t think of asking. Thanks for the detailed response.
Yes, I wonder why… 
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.