Become a Digital Ghost and Avoid DMCA Takedown Notices
For the aspiring United States-based online service provider, wading through the flood of DMCA takedown notices that generally comes along with the endeavor of creating and maintaining a user-friendly, dynamic content portal can be a time consuming distraction.
That’s because you need to review each and every takedown notice that comes in, evaluate the content the claim has been filed against, and respond accordingly. Under the terms of U.S. Copyright law, “responding accordingly” means quickly removing the content from your site, and notifying the poster of that removal, so that they in turn can file a counterclaim.
Worse yet, not only does this process limit your ability to focus on development of your service, constantly removing content can drive away users, and cripple your enterprise. Whether you’re looking to become a portal for written content, images, or video, the rise of spurious takedown notices is rampant, and frequently disastrous for digital entrepreneurs just looking to participate in and enrichen the new media age.
However, simply ignoring DMCA notices can likewise dire consequences. If you’re a U.S.-based business, noncompliance means that you are jeopardizing your claim to DMCA “safe harbor,” thus opening yourself up to legal liability.
The Path of Anonymity
But there is another approach. In order for a claimant, disingenuous or otherwise, to submit a takedown notice, they need to know who to send that takedown notice to.
Under the terms of U.S. copyright law, U.S. online service providers are required to list contact information on their website, and file that contact information with the U.S. Copyright Office. Just like ignoring the takedown notice, not doing so negates your ability to claim safe harbor, inviting legal action. But legal action is expensive, and not knowing who to take legal action against further complicates the matter.
Still, if you truly want to explore this option, not publicizing your contact information isn’t going to be enough. There are too many other ways to find out who owns a website, and thus you need to take additional steps to protect your anonymity.
You need to become a ghost.
Step One: Anonymous Domain Registry
The registration of domain names is generally very transparent. Top-level domain name management is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), an internationally organized nonprofit entity. When you initially register a domain name, ICANN requires the collection of personal data such as name, phone number, and address. All of this data goes into a database, called WHOIS (pronounced “Who Is”). This information is searchable by anyone, for free, via a WHOIS utility.
Numerous websites help facilitate such lookups, such as whois.net. All an interested party needs to do is put in a website name, and execute a click or two.
Here’s a sample of the kind of information that might come up via such a lookup:
As you can see, there’s plenty of information there for a copyright claimant to track you down. One way to avoid this is to opt into WHOIS privacy. Typically, domain registration services offer WHOIS privacy for an annual fee, and it works by effectively serving as a shield. When an interested party looks your website address up in WHOIS, instead of your personal information, they get the contact information for your web host, instead (or a proxy service the web host works with).
The problem with this approach is that your domain registrar can be pressured into revealing your data. In the case of DMCA, this is especially true of U.S. domain registration services, since they are bound by the U.S. legal system.
One way to circumvent this issue is to register with a pseudonym. Typically, however, most domain registrars require that your provide your real name and information. This is because by registering a domain with them, you are entering into contract. Should something come up where that registrar requires that you prove your identity, and you’re not able to do so, you could lose your domain name.
As such, a more viable alternative is using an anonymous domain registrar not based in the United States. Not only will they shield your personal data in the WHOIS database, but they’re not subject to the U.S. legal system, and therefore cannot be compelled by the U.S. court system to reveal your personal information.
The leading non-US based anonymous domain registrar is Anonymously.
You can find their list of available anonymous domains here.
Step Two: Anonymous Payment Methods
Of course, there are other ways to uncover the website owner’s identity other than domain registration. One of the easiest ways is the payment made for a service. If you’re really serious about maintaining the anonymity of your website, you’ll want to make sure you don’t leave any audit trail behind.
One of the ways to accomplish this is to pay with a prepaid credit card. You’ll also want to make sure that prepaid credit card cannot be tracked to you. For example, buying a such a card via a PayPal account probably isn’t a good idea, as you’re only adding one layer of anonymity. Instead, find someplace in the real world that sells prepaid cards, and purchase it with cash.
Alternatively, you can go the Bitcoin route. Bitcoin encrypts every transaction, and it is next to impossible to see who exactly made a payment.
Step Three: Anonymous Email
If you’re going to offer an online service, chances are you’re going to want a way for your users to contact you for general inquiries, technical support, bug reports, or whatever. Even if you don’t, your domain registrar may need to get in touch with you for a variety of reasons, and generally you need an email to register a domain in the first place.
Using an anonymous, non-identifying email address isn’t enough. Email services generally require a phone number and prior email address to sign up, which aren’t exactly “hiding your tracks.” Gmail, owned by Google, is particularly tricky, since it’s linked to your Google profile.
So what exactly do you if you want to set up an email address that’s truly anonymous, with no auditable connection to you whatsoever, but you don’t want the bother (or don’t have the know-how) of setting up your own servers?
Luckily, there are several anonymous email providers that aren’t so into collecting user data as Google, including off-shore services that, like domain registrars, aren’t bound by the United States legal system. Have a look at Tor Mail, GuerillaMail, Secure Mail, and The Anonymous Email.
Another, more well known option is Mail.yandex.com.
Step Four: Anonymous Website Hosting
Finding a website host that will support your goal of anonymity is not unlike finding a domain registrar. In fact, if you’re lucky, you’ll find a service that offers both hosting and domain registration.
In a nutshell, it’s critical to partner with a service that’s committed to protecting that anonymity, and can’t be pressured legally into abandoning that commitment. Moreover, when it comes to DMCA takedown notices, copyright claimants don’t have to file that takedown notice with you. They can actually file it directly with the webhost to shut down the webpage containing the content, or even take your entire site offline.
This is where offshore hosting comes into play. Just as they’re not bound to release your confidential information at the insistence of the U.S. court system, they’re not bound to abide by U.S. copyright law, and respond to DMCA takedown notices.
Note that many web hosts claim to be offshore, when in fact their data centers or servers are actually based in the U.S. So you’ll want to do your due diligence when making a selection. You’ll also want to make sure they bill themselves as “DMCA Ignore.” A few legitimate offshore hosting companies actually abide by U.S. Copyright law, even if they don’t have to. By stating they are DMCA Ignore, you generally know they’re not one of them. But check their terms and conditions, or contact a support or sales representative, to make sure the kind of content you want to post is acceptable prior to making a commitment.
You’ll also want to make sure they accept anonymous payment methods, such as those noted above.
Finally, it pays to take time to familiarize yourself with the copyright laws of the country in which the host is located. Just because they’re not subject to DMCA law, doesn’t mean they don’t have similar laws that could prove just as dire to your enterprise.
As we’ve suggested before, Anonymously.io is an non-US based anonymous hosting provider that ignores DMCA takedown notices. If you don’t want to go with an anonymous hosting provider, we suggest AbeloHost, an offshore hosting provider situated in the Netherlands that also ignores DMCA takedown notices.