Establishing A Relatively Private Website

[kawtot]

After research and analysis helped along by you folks at TV (thank you!), I’m about to purchase a domain name through NameCheap. But I'm not sure: if I order WHOIS privacy, will I surrender some domain name ownership rights to the intermediary?

After that I will be looking for a different site host because many of you recommend using separate registration and hosting providers.

My number one requirement is a hosted solution that supports personal communications with family and friends in various countries via:

· 1-5 email accounts. I have to use Outlook. No s-MIME, Hushmail, etc, required.

· A minimalist blog. I’d be comfortable with file transfers to/from secure folders (bug_ger my users ), but there is pressure to blog and I will probably succumb. b2evolution looks ok for this.

There will be nothing remotely illegal or even “slightly shady” about the site content.

I can’t imagine using more than 0.5GB disc space, having max simultaneous users > 1, or seeing more than 5GB traffic per month.

Number two requirements are:

· Site-level security - the site is not intended for public consumption

· Content-level security - for some content I will need to restrict access to a subset of authorised users

· Privacy-friendly provider and data centre - I would prefer content/backups to be under jurisdiction that demonstrates a healthy respect for individual privacy

If anyone wants to explore in more detail the perception of privacy, please don’t hijack this thread - start another topic and I promise to opt in .

Number three requirement is a provider with a good track record of fair, honest and reliable service.

Number four requirement is good value for money (i.e. not necessarily cheap, but certainly competitive).

I learned the little I know about domain registration, DNS and hosting in the past 3 days, so really look forward to advice and recommendations from those who have more experience at this than me.

[siamect]

Ok You got it.... but I repeat it anyway for those who has not read it before...

Some companies are giving you the domain for a low cost and then it turns out that they are the registered owner of the domain. I don't know how it is with NameCheap. I hope they are ok so that they really register the domain in your name.

The Whois privacy has nothing to do with ownership and you can get privacy on a domain registered in your name if the registrar is fair...

I have used http://www.verio.com and http://domainbank.com but there are others...

To avoid being trapped by bad webhosts you should use three different companies

1. the registrar who register the domain name for you

2. DNS host. This is the one that is storing you primary DNS records. I use http://afraid.org but again there are others.

3. The webhost where you have the web pages (can be in your home)...

If all these are separate then you are in control...

Emails are usually handled by the webhost although you can host it yourself... I think is it worth to pay for a webhost just because of that.

Most webhosts offer Blogging... But you can set up you own framework.... take a look al Joomla Drupal OpenAtrium Wordpress etc

Make sure the webhost allow you to use as much RAM on the server as your framework scripts need...My OpenAtrium site require 92Mb and http://www.34sp.com which is an ok web host don't allow that unless you have an expensive package... so I host mine in my kitchen.... http://home.siamect.com

Most frameworks like that allow you to have protected contents on different levels (everyone, groups, users).

Avoid using ftp for transferring files... use ssh (sftp). It is secure but some cheaper hosts does not support it.

under jurisdiction that demonstrates a healthy respect for individual privacy

...tell me if you find one...

Edited September 14, 2010 by siamect

[Crushdepth]

Some companies are giving you the domain for a low cost and then it turns out that they are the registered owner of the domain.

I've just been through this with the first domain I ever bought. Never buy a domain from a reseller. Some will use their control over administration of the domain to keep you paying for their service. Namecheap is legit and ok by the way, you don't lose any rights using their Whois guard service.

I would suggest registering setting up a Google Apps Standard Edition account (its free) and registering your domain there ($10 including free private registration). That gives you up to 50 gmail accounts under your own domain name, huge storage space, excellent spam filter, outstanding reliability and your web/Outlook email is protected by SSL in transit. It's a hosted service with minimal admin input on your part.

Google Apps comes with a basic webpage construction service that you can limit access to if you want, but it's not a good choice for a blog, its more for making the odd static page. But since you get full control over your DNS records with Google Apps you can set up a blog somewhere elsewhere if you want.

Privacy...well any honest and reliable service provider will give your data to anyone who has a court order. It is quite easy to get such an order in Thailand using *legitimate* means. Host your website in a different country, preferably one you aren't a citizen of.

[kawtot]

siamect:

Privacy... hmmm... I'm sure there are some less intrusive jurisdictions (and I don't mean data havens for mega-corp IP, wealth cloaking, and so on). If/when I find somewhere, I'll PM you.

Hosting... as I don't have any cats I can't host from my kitchen :-) Actually, for the next few months I'm on a 'free' wired LAN/dynamic IP in a condo, so need to hire a host until detached accommodation is arranged.

Anyhow, many thanks; today I'll learn a bit more and follow-up on your tips.

[joncl]

We use http://www.hostgator.com/ in the USA for www.jsat.tv and many more sites at a cost of THB400 per month with a business account and unlimited everything (users, bandwidth, emails, support etc), well worth the money.

[kawtot]

Crushdepth:

Will have a look at Google Apps today. Thank you.

joncl:

Following your tip, too. Cheers.

[kawtot]

There have only been a couple of replies, but almost 300 views of this post, so I'm asuming some level of interest and reporting back.

I registered with NameCheap. Got a good .com, with WHOIS privacy, for 10years, with plenty of evidence of ownership, at a good price. WHOIS privacy is offered on .com, .net, .org, .info and .me; it does not seem to be available for any others, e.g. .uk.

Although it was sleepy-time in the US when I transacted, 5 minutes later all the documentation arrived, and about 2 hours later a parking page was up for the http://www.<domainname> including a redirect to it from http://<domainname> (i.e. without the ‘www’), and my account had full access to re/configure the domain. A good experience.

Why didn’t I buy in Thailand? I couldn’t find a .com provider for less than twice the cost of NameCheap. Also, here the focus seems to be primarily on .th TLD’s. In that space, the perfect .in.th domain name for me is available. However, you can only secure a .th for 2 years at a time, and to be eligible for a .th you must reside here - I may move from Thailand one day and I don’t want the hassle of changing email addresses, etc again.

I’m still looking for a host. This time around I won’t buy in Thailand because hosting appears quite expensive, and according to various public forums both the providers and the pipes in and out of the country are not so hot.

Now, some of you may suspect me a Thai-bashing khwai (no offence Winnie!), but this is my cost- and risk-based decision for a small private site. Every day I support as many Thai businesses as I can and am gaining some fantastic friends/experiences in the process. If I needed a business web presence here it’d definitely have a .th domain and I’d most likely work with a Thai host.

I don’t know about the approach to data privacy in Thailand, but it’s not relevant to me since I’ll be hosting ‘offshore’ for other reasons.

I’ve looked at the US approach to data privacy and am 'concerned' – either this precludes some of the best offerings or will force me to reconsider my requirements.

I’ve also looked at the UK situation – kinda like that in the US, except it appears (to me, so far) that no UK provider is even allowed to offer WHOIS privacy.

Australia and Malaysia need more investigation. Any others?

<end of post, the dinner gong has sounded>

[Crushdepth]

Data privacy in Thailand is appalling, don't do it. Australia is not a good choice either, the government is trying to introduce internet censorship and has announced ambitions for a rather high level of mandatory data retention on internet usage.

You could try Singapore or maybe look at some of the Scandinavian countries.

[siamect]

Data privacy in Thailand is appalling, don't do it. Australia is not a good choice either, the government is trying to introduce internet censorship and has announced ambitions for a rather high level of mandatory data retention on internet usage.

You could try Singapore or maybe look at some of the Scandinavian countries.

Singapore... Scandinavia ....privacy....??? If there are any places on this planet where big brother will always see you....

Martin

[phuketrichard]

buy ur domian at Joker.com, (I got a.info url for $1.99/year)

host it anywhere, I use Dayana host for less than $15/year.

NO website is ever private, BUT if u only give the url to your friends and family it will be ok,

Make sure in your meta tag you place a <no follow> for all se's and then they wont ever index the site.

YOu can always add that no info is giving out in the who is info and that costs a litle bit more BUT if u dont spring for it , it is availabe for anyone to see as its required by law to have this info.

why do u have to use outlook? I suggest you use Thunderbird , stay away from anything Microsoft as much as u can.

[Milo]

There have only been a couple of replies, but almost 300 views of this post, so I'm asuming some level of interest and reporting back.

I registered with NameCheap. Got a good .com, with WHOIS privacy, for 10years, with plenty of evidence of ownership, at a good price. WHOIS privacy is offered on .com, .net, .org, .info and .me; it does not seem to be available for any others, e.g. .uk.

Although it was sleepy-time in the US when I transacted, 5 minutes later all the documentation arrived, and about 2 hours later a parking page was up for the http://www.<domainname> including a redirect to it from http://<domainname> (i.e. without the ‘www’), and my account had full access to re/configure the domain. A good experience.

Why didn’t I buy in Thailand? I couldn’t find a .com provider for less than twice the cost of NameCheap. Also, here the focus seems to be primarily on .th TLD’s. In that space, the perfect .in.th domain name for me is available. However, you can only secure a .th for 2 years at a time, and to be eligible for a .th you must reside here - I may move from Thailand one day and I don’t want the hassle of changing email addresses, etc again.

I’m still looking for a host. This time around I won’t buy in Thailand because hosting appears quite expensive, and according to various public forums both the providers and the pipes in and out of the country are not so hot.

Now, some of you may suspect me a Thai-bashing khwai (no offence Winnie!), but this is my cost- and risk-based decision for a small private site. Every day I support as many Thai businesses as I can and am gaining some fantastic friends/experiences in the process. If I needed a business web presence here it’d definitely have a .th domain and I’d most likely work with a Thai host.

I don’t know about the approach to data privacy in Thailand, but it’s not relevant to me since I’ll be hosting ‘offshore’ for other reasons.

I’ve looked at the US approach to data privacy and am 'concerned' – either this precludes some of the best offerings or will force me to reconsider my requirements.

I’ve also looked at the UK situation – kinda like that in the US, except it appears (to me, so far) that no UK provider is even allowed to offer WHOIS privacy.

Australia and Malaysia need more investigation. Any others?

<end of post, the dinner gong has sounded>

I believe 123.com offers WHOIS privacy?

http://www.123-support.co.uk/support/answers/how-do-i-purchase-whois-privacy-for-my-domain-names-464/

Our M/C club also had a private, log-in only site built awhile ago. PM me if you'd care for any further details.

[siamect]

NO website is ever private, BUT if u only give the url to your friends and family it will be ok,

Make sure in your meta tag you place a <no follow> for all se's and then they wont ever index the site.

You can very well have a webpage private...

If you are the only one in control of your server, it is private and you can control what you want to show and what you what to hide. Unfortunately most web hosts deny us this right. Therefore you should have you web host in a place where you are the only one with physical access to it..

The <no follow> meta does not stop search engines from indexing http://en.wikipedia.org/wiki/Nofollow

Guiding search engines has exactly no thing to do with keeping you website private.

and to try to increase privacy by giving the URLs only to friends and family is plain ridiculous...

Martin

Edited September 19, 2010 by siamect

[manarak]

I'm a webmaster with own servers in Switzerland.

I can provide everything you need, but I can't show a track record other than a handful of clients who can recommend me.

Regarding security and access control, you won't be able to do it yourself - you'll need a pro to set it up and to explain to you how to use the solution without compromising security.

I would propose the following:

- register your domain with godaddy with whois protection. That way, only the godaddy employees and US authorities can know your identity.

IF this level of privacy is not enough, I can offer you to host in a subdomain of mine, i.e. something like yourdomain.mydomain.com, this way your name will appear nowhere, and you won't even have domain costs.

- use my services to setup the solution you need. I have software with all the features you require: security, user-based access control, blogging, comments, forum, private messaging, galleries, etc. through php application framework (easy to use, don't worry).

The solution provides a comparatively high level of security for such a simple and cheap setup.