Bulletproof Host Stark Industries Evades EU Sanctions
Posted4 months agoActive4 months ago
krebsonsecurity.comTechstoryHigh profile
heatednegative
Debate
80/100
CybersecuritySanctions EvasionBulletproof Hosting
Key topics
Cybersecurity
Sanctions Evasion
Bulletproof Hosting
The article exposes Stark Industries, a 'bulletproof host', for evading EU sanctions, sparking a discussion on the ease of sanctions evasion and the limitations of global powers' control.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
41m
Peak period
28
0-6h
Avg / period
8
Comment distribution64 data points
Loading chart...
Based on 64 loaded comments
Key moments
- 01Story posted
Sep 11, 2025 at 1:42 PM EDT
4 months ago
Step 01 - 02First comment
Sep 11, 2025 at 2:24 PM EDT
41m after posting
Step 02 - 03Peak activity
28 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 14, 2025 at 12:07 AM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45214164Type: storyLast synced: 11/20/2025, 4:38:28 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
https://www.swedbank-aktiellt.se/telegram/WOzsdcJG
"AMSTERDAM, April 10, 2025
MIRhosting, a leading provider of enterprise-grade colocation and IT infrastructure services in Europe, proudly announces the launch of two dedicated, fully equipped data rooms at its newest location within the NorthC data center in Nieuwegein. This strategic expansion strengthens MIRhosting's colocation capabilities, directly addressing the growing demand for reliable and scalable colocation solutions in the greater Amsterdam region...."
The EU tries to rope off a single building with velvet ropes, a doorman, ID verification, facial scans, and cookie banners, while next door it's an illegal rave in an abandoned supermarket.
The real issue is that there aren't a whole lot of consequences when it comes to tracking data. It's a legal violation, sure, but it's not a criminal violation. So it would be up to you to pursue it. In many countries you can't even file a civil lawsuit, but rather, you have to go through your national data protection agency. Which in reality likely means your complaint will be auto-rejected after five years because they need to clean up the queue.
As far as the malicious disobedience goes... well... it's probably because "all the other website do it", but you might as well just give people the option to go to a setting to turn it off. It's not like that would be any less of a legal violation than the banner.
I do wonder what would have happened if the laws were in place first. Would people have been so willing to add all this stuff if it meant putting a big thing over the entire shop?
My other consideration is whether if the owners had to use their site like new customers every time if they'd get pissed off about the stuff covering their actual shops.
In either case, I think the net result is bad news for users, good news for people selling things. And of course the sprinkle of "people just making mistakes/guesses" too, but there's no universe that's not going to be found.
Don't know if it was intentionally positioned like that but I was ready to imagine it was.
The EU's own government websites are littered with the obnoxious cookie banners [1].
It's an unbelievably thoughtless and misguided law that has unfortunately ruined the internet. I think a lot of people rightfully blame the EU and they're terrible lawmaking for this nonsense.
https://european-union.europa.eu
They didn't want user data to be sent to third-parties without consent, so they created a law that made it mandatory for web pages to ask for consent to send the data. Most web pages need to send data to third-parties to be profitable, so they need to ask for consent.
What would the next steps be like? The purpose of the law is to give users the power to consent or not consent. In other words, I can pay for the contents of a web page with my data. Removing that option from me doesn't give me power to do whatever I want with my data: it takes that power away from me instead. That would be bad.
Is that true? If so, it's a sad state of affairs.
Runner up: 1-click reject all mandatory
Because it is not the means, it is the intent that the GDPR tries to protect you from. The GDPR (and EDP) says that tracking, any tracking not just cookies, requires the consent of the tracked one.
https://en.wikipedia.org/wiki/Iron_Man
A "bulletproof" host or provider is the colloquial term for a business that will not reveal your identity, payment information, provide LEO access, respond to subpoenas, etc.
It's generally used by cyber-criminals as a "safe" vendor, though some privacy-minded individuals like this type of provider as well.
https://www.youtube.com/watch?v=Gnjb1WVkhmU
Those poor astronauts! ("Law Enforcement Officer", for anyone else not in the know).
inventing new word when we don't need one
Well, that countries law enforcement could always cut off those servers. It's usually either due to corruption or in case of russia political intent that these servers are kept online.
obligatory: https://xkcd.com/1053/ Happy ten thousand day!
Others already answered but while I'm chiming in anyway, I'm not in the hosting industry but IT security (for like ten years, say) and for me it's a very normal term. Maybe precisely because of that niche though; many of us are paranoid
I'm sure they are enjoying the rubles. And that they know that polonium-210 is not detectable with Geiger counters.
they think they're omnipotent but really don't control the world, rendering economic sanctions and service blacklisting to be null and moot
26 more comments available on Hacker News