this post was submitted on 12 Feb 2025
45 points (95.9% liked)
Comradeship // Freechat
2258 readers
87 users here now
Talk about whatever, respecting the rules established by Lemmygrad. Failing to comply with the rules will grant you a few warnings, insisting on breaking them will grant you a beautiful shiny banwall.
A community for comrades to chat and talk about whatever doesn't fit other communities
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Very good point.
I'm also curious to know if this means anything with regards to registration data.
TL;DR unless the shitlib did a Mission Impossible style heist, all the registration data is just on someone's server, likely in a massive data center wherever they were paying to host the site from. It's probably encrypted (well, it should be) and effectively inaccessible to anyone without the proper keys to access it.
The domain name is just the domain name
When you type in a domain name your DNS resolves that name to an IP address
Without dragging this out overly much, it's like someone stole your phone number. Not your phone.
When people call your stolen number they expect that Illuminati answers. The thief could fake being you, if they were good enough and wanted to.
But they don't have your data. That resides on your phone. The server(s) that were being used to host hexbear, to leave the analogy behind.
There's currently nothing to worry about data theft side of things.
However, with minimum due respect, whoever managed to let the domain registration expire is a top tier... dingus. I honestly don't even know how they let that happen. ๐คทโโ๏ธ
The domain can turn into a honeypot to connect IPs to real usernames
Sure. Although that means very little considering most people have dynamic IPs. You also can't do anything with an IP... not much anyway. Assuming they even grab a long term dynamic IP (some ISPs rarely change the IP, this is true) it only gives them your generalized geolocation which is often off by hundreds of miles. And your ISP, although that isn't always clear either. It's not like an ip tracing to your home directly. That would make literally every single connection you make to any website a security risk. My point being, if your personal security risk levels prohibits connections to websites... this is just another drop in a bucket.
I'm not trying to be flippant here or overly dismissive. I just think this isn't as big of a concern as some are imagining. I agree generally something should be done to alert users that the website is no longer "safe" or "genuine." Beyond that, barring a lemmy decision about how to handle expired/stolen domains, not much else can be done. ๐คทโโ๏ธ
Maybe see if someone can add it to a large Adblock list so that ublock, etc. pick it up as "potentially dangerous."
That's assuming the hexbear admin team isn't able to snag it. Last I saw it's like ~$700. There's absolutely some IT nerd with a bunch of cash who might buy it from the auction and gift it to hexbear. Who knows. There's many more shitty NATO IT libs who would buy it and sit on it for years just to pretend they "owned the tankies."
Ultimately I find it hard to not find a lot of fault in the admins of hexbear for letting this go for months and months. They should've begun migration to a new domain as soon as the old admin/owner disappeared.
Honestly if your using a heavily commie site and not taking opsec precautions to hide your real IP then they already know it.