Full text:<p>Posted on behalf of Silence, EFnet admin:<p>Dear users,<p>EFnet has always been a network that promotes freedom of speech. One of the core pillars of a free virtual society is trust. Trust not only amongst ourselves internally, but an undying trust in the companies that allow their users to connect to our wonderful network. We have survived over two decades, in a world that is increasingly image- and video-based. IRC can offer neither of those. IRC is based on ideas. Ideas that are exchanged in text. With text, as opposed to images and videos, one has to be put extra effort into the subliminal, the meaning, the message. This has been our catcher in the rye, and we intend to protect this content-based communication form, for as long as it is appreciated by the hundreds of thousands who every day turn to IRC for philosophical debates, dating and just about anything you can think of (I’m sure a lot of the things in that last category does not belong here in this text, but you get the picture!).<p>We rely solely at the goodwill of others, as is the case with most things worth saving. There is no money to be made. We all do this for free. Sure, some companies might have benefited from a small level of advertisement, attracting customers to their products. But all in all, it has mostly been an uphill battle against enormous attacks, sometimes exceeding 75Gbps of DDoS. This has made it impossible for all but the largest organizations to host a server on our network, or any other large virtual society. We are Don Quijote and the weather mills are often winning.<p>One of our key strategies is to preserve a close relationship with the major Internet- and Hosting Service Providers, as those are the networks that our users connect through. This has worked very well due to our personal involvement with a lot of said organizations. If we find an abuser on IRC, we try to not only ban him or her, but also to contact the provider so that the problem is handled at the right end, often with the involvement of law enforcement, as was the case with Kevin Mitnick, t0rn and a lot of other well publicized hackers/crackers.<p>Unfortunately, the past few days many EFnet servers (and more are following) have had to ban an entire ISP, which has not happened in over a decade, if not longer. Naturally, something extreme must happen for this to be even considered. Almost always can we find a solution through the use of good old fashioned communication. Alas, not in this case. Well, here is the story (to the best of my knowledge):<p>One of our EFnet operators located a server that a client was using, the server was most likely hacked and/or used for illegal activities. As IRC is often a playground for these people to use, before moving on to more serious targets (where they can make money through extortion), we take this extremely seriously. Because of the serious nature of this, our operator sent an email to Hetzner.de, a German hosting provider, to help them lower the abuse of their servers, as well as ours. This is usually a fruitful symbiotic relationships, where both parties stand to gain.<p>However, the big difference between this case and all the other thousands of cases we have handled in the past, is that someone at Hetzner chose to forward this complaint to the actual abuser him/herself. This might seem fair enough, as anyone accused should be granted the right to defend him- or herself. However, the email also contained sensitive information about who this operator was, including nicknames (from which names can be derived, and thus, also, home addresses). We know what an impact this can have on your social, not to mention your professional life. We have seen people lose their jobs, after constant attacks and we have also seen companies lose money that is hard to fathom, considering this is still just a simple chat for friends. This is a fundamental breach of that mutual trust that has allowed us to accept clients from Hetzner to use our network - free of charge, just like we do with anyone else wanting to connect.<p>This a give and take network, where mutual trust is vital for our survival. We are maintained by the community, and we exist solely for the community. Hetzner.de has broken one of the most fundamental aspects of any report of criminal activity or suspicion thereof; source protection.<p>I expect us to get attacked now, which will result in a lot of work for the company kind enough to donate money and time to continue to provide us with servers, in an era where almost everything else would be more profitable. But this is an ideological problem, more than a financial one. We have been attacked before, and we will again. We are prepared. But these preparations rely on the fact that we know who the enemy is. Hetzner.de has made that impossible.<p>As a result of this, we have decided to ban all Hetzner IP ranges (both IPv4 and IPv6) from our servers. It seems other networks are following, and I know QuakeNet has published a similar statement. We simply do not want anything to do with a company that values money over source protection and integrity. Some may argue that this was a one time mistake, and that we should not jump to conclusions so fast. Could this have been a mistake? Sure. Does it matter, given the consequences this could have had for this operator’s personal life and health? No. We do not appreciate cowards that would rather see someone else hurt, than take their responsibility.<p>Unfortunately, according to trusted sources (ex-employees) of Hetzner.de, this is policy and not an exception. They have realized they can save money (by limiting attacks) by redirecting the attacks back at the person reporting them. That way, the hacker/cracker/kiddie using their services will not cancel their contract with Hetzner, and in return Hetzner will remain protected. Left are those of us that work for free, and who will continue to do so, for as long as there are honest, reliable companies out there, willing to go the extra mile to protect the freedom of the Internet, and, above all, freedom of press and source protection.<p>Questions on this matter must be directed to Hetzner.de, as our involvement in this situation is over. This has been their decision based on questionable methods. It is unfortunate for them that they got caught, but it is good for the sake of the free Internet.<p>Sincerely yours,<p>Johan Boger, on behalf of EFnet and anyone else believing in integrity, source protection and a free Internet.