Frequently Asked Questions

Here are some frequently asked questions potential members (and the public) often have about NearlyFreeSpeech.NET and our services. If you wish to restrict the list of FAQs to only those containing certain keywords, enter them below. Otherwise, all public FAQs will be displayed. (Our members have a much more detailed FAQ accessible via the member interface. Non-members can peek at that here.)

Search Keywords:

General Questions

Policy Questions

Technology Questions

Login Questions

Non-Member Questions

General Answers

  • What's the most important thing to know about your service?

    NearlyFreeSpeech.NET is a do-it-yourself service, designed to allow experienced webmasters and people who are strongly self-motivated to set up low-cost hosting by only paying for services they actually use.

    Support is a great example of a high-cost service that's typically bundled into hosting offerings. But it's also a great example of a service that most of our members don't use and don't want to pay for. As a result, our system is designed to be used without individual private support, and our baseline membership does not provide it. Nor do we offer "pre-sales" support; it's up to you to figure out if our service is a good fit for your needs. (Meaning that if you email us almost any question prior to signing up, you're going to get a link to this FAQ entry in reply.)

    If you do want support, we do provide a wealth of documentation, self-support and community-support options. There is also a higher-cost subscription membership available that offers limited individual private support via email and our website. But this doesn't change the do-it-yourself nature of our service: individual support provided to subscription members is limited to guidance, you'll still have to do all of the heavy lifting yourself.

    This means that if you don't want to pay for individual private support, you don't have to. But it also means that if you don't pay for it, you won't get it.

    If one of those options works for you, great! If, on the other hand, you're looking for a more "high contact" approach to support or if you're looking for someone to create or manage a site for you, that's absolutely fine, but a do-it-yourself service like ours may not be the best fit for your needs.

    To put it another way, some people change their own oil. Some people pay a mechanic to do it because although they could do it themselves, they want to spend their time another way. And some people pay a mechanic to do it because they just want their car to work and the details don't interest them. NearlyFreeSpeech.NET is a service for people who want to change their web site's oil.

  • What's the most common mistake people make while signing up for NearlyFreeSpeech.NET?

    The most common mistake people make while signing up for our service is disregarding the unique one-to-one relationship between a person and their membership.

    Your membership represents you as an individual. As it says in bold print on our signup page, you may only have one membership, you may not create a membership for anyone but yourself, no one but you may access your membership, you can't transfer your membership to another person. (Transferring some or all of the services on your membership to another member, on the other hand, is dead easy. So is sharing things if you have more than one person who needs to be involved.) You must also use your individual, real name on your membership.

    These warnings and policies are there for a reason. When people don't follow them, then sooner or later problems result.

    Don't: create memberships for other people.
    Do: host their stuff for them on your membership or get them to do it themselves.

    Don't: tell us your real name is "Company Inc." or "Organization Webmaster."
    Do: create an account for the organization on your membership.

    Don't: create a second membership for a new project or customer you want to work on.
    Do: create a second account instead.

    Don't: give your login credentials to somebody so they can help you or share responsibility.
    Do: have them create their own membership and give them adjunct access to your site or share your account with them.

    Basically, all we ask is that you don't pretend to be someone else. If you do, it will eventually result in problems. You may find yourself unable to log in, unable to make payments, or your membership may wind up in the hands of someone who has no idea what they're doing. Those problems are fixable (as long as the person whose name is on the membership is still around) but it's pretty certain they won't crop up on a day when you've got plenty of spare time and nothing better to do.

  • Why do I have to enter my real name when creating a membership?

    We don't have very many rules, but providing your real name on your membership is one of them, and we do take it seriously.

    If you lose access to your membership, the first step in our recovery process is providing a government-issued photo ID matching the name on the membership. If you entered a fake name or an organization name or "Thus-and-such Webmaster" when you signed up, you're typically screwed.

    We're absolutely fanatical about our privacy policy. We won't give your name to anybody unless somebody shows up with a judge's signature. In some cases, not even then. If you don't trust us with your name, you probably shouldn't trust us with your content.

    Requesting a real name also helps people avoid the most common signup mistake.

    If you sign up with a name that isn't a person (i.e., a club/company/organization/role name), or if we have any other reason to believe you've given a false name, we will ask you to fix it. If you refuse, we'll ask you to show a photo ID matching the name you provided (if we're not sure). If you don't, we may be forced to suspend your ability to make further deposits and eventually terminate your service.

    If you are an existing member who has given us an incorrect name, please see this entry in the Member FAQ to fix it before it's too late.

  • Can I beat your pricing if I get my own VPS?

    Maybe. We aren’t out to provide the cheapest possible service. In fact, we have absolutely no interest in doing so. Our goal to is to provide a high-quality service at a fair price, and make it scale so we can put that service in the hands of as many people as possible, many of whom couldn't otherwise afford it.

    With that said, the most common reason people feel that we're more expensive than an alternative is that they are comparing us to a different type of service.

    We provide a fully managed environment, including frequent security updates, careful performance tuning, and 24x7 response to crashes and outages for everything underneath your code. The tools you need to build your site are already there, ready to be used and customized however you want. We have dedicated infrastructure to build a constant stream of updates, more infrastructure that runs regression tests on those updates to make sure things are working before they get to you, then we let you pick just how aggressively you want those updates applied.

    With an unmanaged VPS, the provider maintains the hardware (hopefully), but doesn’t care if your VPS is up or down. The full responsibility of installing and maintaining the OS, the system configuration, all the packages and utilities, and the entire application stack falls on you. Every critical security update. Every urgent kernel patch. Every weird error in the system log. Every crash in the middle of the night. Every traffic surge. You have to know about it, you have to know what to do about it, and you have to do it. Often on a deadline. And that responsibility never goes away. It never even takes a day off.

    Occasionally, people comparing us to a VPS zero-value that, because it hasn't occurred to them, or because they plan to do it themselves (some of it, anyway — system administration is a well-paying full-time job) and haven’t placed a dollar value on their time. But VPS providers sure don't zero-value it. The price difference between an unmanaged VPS and a fully-managed VPS from the same provider is often $50-200/month. Already, our pricing looks a lot better!

    Second, the lowest VPS deals come from brand new providers who lose money on every sale. They’re buying market share by selling below their cost. We don’t compete with them on price. We just wait for them to go out of business.

    Third, VPS providers use all sorts of tricks to make it seem like they’re providing a lot more than they really are. Hopefully you’re already convinced, but if you’re in the mood to keep reading, the rest of this FAQ entry contains a partial (but long) list of such tricks and what we do differently.

    VPSs and RAM:

    • A fair bit of the RAM in a VPS goes to the kernel. Behind the scenes, providers use a technique called memory deduplication to sell the same memory to 100+ VPS customers on a single machine. We don't charge you for kernel memory at all.
    • If you want your application to perform well, you'll need a fair amount of memory for disk cache. For a nontrivial application, usually 25% or so of the total memory, although the system will always try to use as much as it can. With a VPS, that comes out of the RAM you're paying for. At NearlyFreeSpeech.NET, it does not.
    • The memory a VPS provides you is a limit. You can't exceed it. If your VPS runs out of RAM, when you get a surge of activity, it won’t be able to scale and may as well be down. That means you have to pay for the most memory you'll ever need to handle the highest load you anticipate ever having. The other 99% of the time, you're still paying for all that RAM, but it's sitting there unused. We charge you for the memory you’re using right now. If you need more, it’ll be there, if you need less, you don’t pay for what you’re not using.

    VPSs and storage space

    • Modern filesystems require at least 15-30% slack space to perform well, so that comes right off the top of a VPSs storage allocation. We only charge for the space you're actually, currently using. If you delete files, your bill goes down.
    • Then you install the whole OS into it, eating up even more. (And in the background, they quietly deduplicate that too, so they can sell the same disk space over and over.) We don't charge you for the space used by the OS, the system tools, utilities, and development tools (or the entire application stack, if you use one of the ones we provide, like PHP).
    • You have to leave room for growth. It's not unusual to see a VPS with only 10-15% of its allocated disk space actually used by application data. Here, the space will be there if you need it, but there’s no need to pay for it until you do, or after you’re done with it.
    • VPS storage usually isn't backed up by default. That costs extra and is often a "last backup only" approach. Our storage pricing for sites includes extensive, frequent snapshots and backups — onsite and offsite — at no additional charge. (If you need a restore performed, that takes a human, so there is usually a small charge for that at that time.)
    • At most providers, storage is directly connected to the machine hosting a VPS. That's good for performance, but not so good for reliability. If the machine hosting a VPS dies, well, see above about backups. We use redundant network storage built entirely from SSDs with no single point of failure for all member sites and MySQL data.

    VPS overselling

    • VPSs often measure CPU based on “virtual” CPU cores (“vCPUs”). As with RAM, there are a lot more “vCPUs” in VPSs than there are actual CPUs in the machine running them. If too many people try to use them at once, things slow way down, and there’s usually no way for you to figure out why. With us, most sites don’t pay for CPU at all, but those that do pay only for what they’re actually using at that moment.
    • VPS providers rarely support live migration. If you’re on a heavily-loaded server (or the server crashes) at a cheap VPS provider, tough luck. Decent providers will tell you a server is overloaded and offer to move you, but without live migration, that means a long downtime while they copy your disk images around. NearlyFreeSpeech.NET uses dynamic load balancing directly informed in real time by the same resource metrics used for billing. If a server gets overloaded here, load automatically shifts. If it’s still (or very) overloaded, somebody gets paged to check it out or allocate extra hardware for it if needed. If a server goes down, affected sites automatically migrate to other servers within about 60 seconds.
    • Check the VPS provider’s Terms of Service for words like “excessive resource usage.” If you find them, it’s often code for “if you actually try to use what you paid for for any length of time, we will promptly put a stop to that.” Here, charging only for the resources we actually provide creates a financial incentive for overprovisioning instead of overselling.

    We are not trying to say all VPSs are bad, or even that they’re all a bad deal. There are some applications where a VPS is a better fit than our service. And if you don’t need or want all that we provide, and don’t mind doing a lot of work yourself, a low-end VPS may save you some money. But in an awful lot of cases, for sites big and small, we provide an excellent value that no VPS can match.

  • How much does the average site really cost?

    We have recently changed our pricing, and so we cannot currently offer good statistics for this. They will return in a few months. Until then, we recommend using our Pricing Estimator tool to get an idea of what your hosting costs might be.

  • Do you provide email hosting services?

    No we do not.

    We do, however, provide email forwarding service. You can set up as many different addresses at your domain as you like, specifying where each one should be forwarded and/or use "catchall" forwarding to send everything to a single address.

    This service only handles inbound mail, and only forwards it. You will have to make other arrangements for a mailbox to receive the messages, and to send outbound mail.

    For that, the first choice, and often the best one, is to use the email account(s) provided by your ISP for this, but there are other options. Many of our members choose to use email services like Gmail or whatever Microsoft is calling their email this week.

  • Is your service easy to use?

    No.

    Compared to the endless parade of hosts that provide tons of "one-click installs," one-size-fits-all web site templates, unlimited toll-free telephone support, and cookie-cutter control panels, our service is arcane and complex. We consider this a positive.

    Our service is designed for people who are comfortable with Unix-based web hosting, including manipulating MySQL and files using command line tools. To get good results for nontrivial sites, our members need to understand how Unix file permissions and ownership work, and how they apply to a secure web hosting environment.

    We do provide extensive documentation, including a massive FAQ, that addresses a large number of the most common inquiries we receive. Because we employ neither "canned answers" to inquiries for support nor underpaid "tier 1" support personnel to give them, we do tend to refer people to the documentation when their questions have detailed and complete answers there.

    But if our systems are working properly, we expect that most of our members should never need to contact support. By extension, they should not have to pay extra to maintain a staff of people they never use. Consequently, our free technical support is extremely limited and is provided primarily through our community forum. The primary option for those seeking individual support (subscription membership) costs extra and even that has fairly strict limits as far as how much help we can provide.

    We have found that most of our successful members are those who have previous experience with web hosting. This is, however, a gross generalization. We have plenty of members who have made amazing sites starting from ground zero because they are strongly self-motivated and learn well independently. It's cool for us to watch them learn, too.

    If you are not comfortable that you already have the knowledge and experience outlined here, and you do not particularly want to acquire it, that's a perfectly valid position, but it means that using our service may be an exercise in frustration for you that is best avoided.

  • Do you provide DNS hosting services?

    Yes! Our DNS service meets most simple DNS and email service requirements for the average website. NearlyFreeSpeech.NET DNS supports most common resource record types (A, AAAA, CNAME, MX, NS, SRV, TXT, and PTR).

  • How many web sites can I host with a NearlyFreeSpeech.NET membership?

    Our system is very flexible in this regard. Each membership can have one or more accounts. Each account can have one or more sites. Each site can have one or more domain names. For many people, this means one membership, one account, one site, and one domain name. For many others, it gives them the power to be as creative as they want, and to pursue several different goals.

    Whether you spread your websites across multiple accounts or keep them all in one is completely up to you. Support for multiple accounts allows people who have sites for different reasons, such as business and personal, to keep the finances separate if they choose to do so.

  • Do you register domain names?

    Yes we do.

    See this page for full information about our integrated domain name registration services.

  • How will I know if my account is about to run out of funds?

    Our system will send you email (or, optionally, SMS) reminders when your account is running low on funds (and of course it will let you know if you run completely out). The reminder levels come pre-configured at $5.00 and $1.00, but you can add, change, or remove them at will.

  • Why do you only offer prepaid service?

    We do this for several good reasons:

    1. This allows you to limit your exposure. If for some reason your website spins out of control, you won't open your mailbox and find a $1000 bill. It'll burn through whatever you have on deposit and then shut down, allowing all of us to work together to find and fix the problem before it gets out of hand. Your liability can never exceed the amount of money you have on deposit.
    2. Holding a deposit also helps us limit our exposure. By holding the funds for a site in advance, we ensure that nobody ever incurs charges for services they can't pay. If we didn't do that, your costs would go up because our members would ultimately have to pay to cover the costs of all the other people who defaulted.
    3. Maintaining accounts lowers our overhead. We don't have to send out bills, past due notices, or go to collections. That's one more unnecessary thing you don't have to pay for, meaning your costs stay low.
    4. It means there is no list of credit card numbers or bank accounts waiting around for hackers to find.

  • My web designer says I should use somebody else instead of you. What do you say?

    We say: go visit somebody else's website. Look for their affiliate program. Find out if your web designer is getting a kickback for referring you. Some providers pay 10% or more every month.

    Affiliate programs make it difficult for a web designer to make objective recommendations about what's good for your business. So good web designers generally don't participate in affiliate programs, and you can rely on their advice. We don't have an affiliate program, so when someone recommends us, you can be comfortable that it's because they like us and think we're a good fit for you.

    On the other hand, good designers like to use the tools they know will give good results. Maybe your designer has had good luck with somebody else in the past. Maybe somebody else has a system that your designer is already very familiar with. In a case like that, sometimes it's better to go with somebody else. We'll be here if you need us.

  • Do you price-match your competitors?

    No.

    Our pricing plan is designed to be fair to you and fair for us. It represents our actual cost to provide the service. In the case of resources, for instance, this is literally true: all revenue from resource charges is channeled directly into the acquisition and maintenance of hosting hardware. And by "hardware" we don't mean a Hummer with a sexy custom "NearlyFreeSpeech" wrap on it.

    Our pricing plan is simple and straightforward as well as very competitive. You pay for what you use, and you don't pay for what you don't use. That's all there is to it.

    Prices that appear better than ours fall into two categories: big bundles and temporary loss leaders. Our thoughts on big bundles are detailed elsewhere. As for loss leaders, as long as the hosting business exists, there will be somebody offering free or below-cost service because they think adding customers is more important than building a sustainable service. Competing on price with every free-today-gone-tomorrow hosting provider that comes along would simply guarantee that we'd lose what really makes our service the best deal: its simplicity, honesty, and sustainability.

  • How can you make money at these prices?

    It's not easy. For one thing, we keep overhead to a minimum. No fancy multi-acre Silicon Valley office palaces with slides and wandering masseurs here. No business development teams. No commission-driven sales force.

    Also, we try to avoid doing stupid things that make no sense just because we heard someone else made a lot of money that way. That really helps.

    This is not a loss leader, a limited time offer, or restricted to only certain people. This is our business model, and it works.

  • What is the minimum deposit?

    Our system will attempt to allow any reasonable deposit.

    There is no minimum balance needed to create a site, but your balance must be at least $0.01 if you want it to work. :-)

  • Will you design my web site for me?

    No, we will not. Our design skills are horrifyingly bad anyway. We like to stick to what we're good at, which is hosting sites, not creating them.

  • Do you offer collocation, dedicated servers, or VPS services?

    No we do not.

    There's no other way to put it: we're complete control freaks. Our policy is simple: if we don't have a remote-controlled explosive collar welded in place around your neck, we don't give you root on our network. Since there are currently no commercially-available remote-controlled explosive collars licensed for public use, we don't give you root on our network.

    This is very good from a security and reliability standpoint, but it does rule out offering these sorts of services.

    However, our hosting services have gotten more and more powerful over the years, to the point where you can do pretty much anything on our service that you can do with a VPS, dedicated server, or colo, as long as it's web-based. If you're under the impression you need a VPS or dedicated server to run your web site, try asking about it in our forums, because there might be a better way.

    The notable exceptions to this are due to legal restrictions rather than technical ones. For example, handling credit card numbers directly on your site. (We recommend using a third-party service run by security experts instead. We use Stripe.) Similarly, if you are handling regulated health information, there really is no alternative to a provider that can offer HIPAA-compliant hosted services (and, regrettably, the massive associated expense).

  • What happens if I get slashdotted/reddited?

    Typically, not much. Our system includes dynamic load-balancing and scalability so it can adapt quickly to dramatic changes in your traffic levels. (It is possible to create a site that's so inefficient that it can't keep up no matter what we do, but that's pretty rare.)

    A major "slashdotting" (or insert the surge site of the week here) of a site hosted on our service will cost you (on average) less than $10, one time. There's no higher-tier pricing to get permanently pushed into, and we won't cancel you for having something to say that people actually want to hear.

    This happens to one of our members about once a week, so you can bet we know how to handle it. Or rather, our systems do. Our load-adaptive clustering technology is at its best when handling demand surges, and our pricing is at its best when you'd prefer not to be billed based on a 1% event the other 99% of the time.

    Note: Our service is based on science, not magic. It will not make slow sites run quickly, nor will it make sites scale if they aren't built for it. Your site must be able to complete requests at the same rate they come in. If it cannot, for whatever reason, then there is nothing our system (or any other) can do; you're gonna have a bad time. Please take this into account when designing sites intended for high traffic levels.

  • What if I want to set up a web site but don't have a domain name / don't want to fool with DNS?

    When you create your website on our service, you will be asked to give it a "short name," which is a brief one-word name for your site that must be unique across our entire service, and we give you a built-in hostname based on that.

    For example, if you choose example as your site's short name, you will always be able to access it as http://example.nfshost.com/.

    If you don't want DNS or a domain of your own, you're welcome to use this name for your site at no additional cost. If you do use a domain of your own, then having your site available under this alternate name may help you troubleshoot any problems during the setup process, as well as provide a backup if there is ever a problem with your domain.

  • How come your service isn't free?

    Because the servers we buy and the bandwidth we obtain are very competitively priced, but they still do cost money, as do the people that run them.

    We get this question from two different angles. First, there are always people who just want something for nothing. We don't have much to offer those people.

    The second angle comes from people who would like to see us offer some sort of ad-sponsored free service. There are two primary reasons we have not pursued that:

    1. If it were possible for us to sell ad space on your site and make money from your hard work, wouldn't that be a little like ripping you off? You are welcome to sell ad space on your site, if you wish, and you are the only person who should profit from it. If you want to try this out, Google AdSense is a great, easy way to get started, and it works with our service.
    2. Accepting sponsorship for a site places additional constraints on the content of that site. If we did this on any kind of scale and were dependent on the profits, the sponsors would gain enough influence over us to potentially force us to censor our members. That's unacceptable.

    Finally, we would encourage you to remember the time-tested truth about free services on the Internet: if you're not paying then you're not the customer, and if you're not the customer then you're the product. And if that doesn't put you in mind of the mental image of a herd of cows milling around outside a slaughterhouse, well, we admire your optimism.

    Our customers are not advertisers, not venture capitalists, not the government, and not public opinion. Our only customers are our members.

  • What's the difference between bandwidth and storage?

    Of the two, storage is easier to understand. Just like you, we have hard drives (except larger and probably more expensive) and we store the files that make up your site on them. Storage refers to how much space those files take up. Storage billing is measured in units called megabyte-months, which refers to one megabyte stored on our system for one month.

    Bandwidth, on the other hand, refers to the amount of data that is sent out when people visit your site. Bandwidth is measured in units of gigabytes. If your page (including any graphics and such that may go with it) takes up one megabyte of space, then about a thousand people (1024 actually) would have to download the whole thing to get to a gigabyte of bandwidth, and that's what you'd be billed for.

  • Why doesn't your website look like other hosting provider sites?

    It's simple. We don't want to confuse people into thinking we're anything like other hosting providers. Our simple, text-based layout is designed to load fast, to be easy to use, and not to try to distract you from making an informed decision about us. As if that's not enough, we also think Jakob Nielsen is pretty cool.

    So, sure, we could follow the crowd and get stock graphics of impressive racks of equipment and inspired-looking people staring blankly into space. We've even been told we can't possibly be taken seriously as a hosting company unless we have them. But we're not buying. Those other companies can keep the sort of people who make hosting decisions based on how cute the model on the home page is. Our members are way too smart for that, and that's just how we like it.

    And psst, we'll let you in on a little secret. Not all of our servers are the same color. Scandalous, we know.

  • Are your domain registration services intended for general-purpose usage?

    No, our domain registrations services are provided on a cost-recovery basis as a service to our hosting members, and are not intended to be used as a standalone product. We are not, nor do we have any interest in being, a general-purpose domain registration provider.

    Consequently, while we do not impose any restrictions on the use of our domain registration and RespectMyPrivacy.COM services, our system is specially designed to facilitate use of registered domains with our hosting services. If you wish to use these services for other purposes, you are welcome to do so, with the following caveats:

    • it may require additional effort on your part to set up,
    • our prepaid balance model is not optimized for domain-only usage, and
    • we will not be able to provide technical support for usage of domains in conjunction with third-party services.

  • What if my web site gets attacked?

    This is a tough question. We do host websites that get attacked by a wide variety of different methods. However, the variety is so wide that there is no "typical" attack scenario or "average" outcome that we can offer as an example.

    At any given time, our network is typically experiencing between zero and three denial-of-service (DOS) or distributed-denial-of-service (DDOS) attacks. Most are short, lasting only a few minutes or hours, but the longest lasted for over a month. Most are not service-disrupting, but occasionally they can render a member site inaccessible, and rarely, if they are significant enough, large-scale DDOS attacks can sometimes briefly disrupt our entire service. (This is equally true of all web hosts.)

    To help protect our members' sites, we employ a large number of passive network features like connection filtering and firewalls. These are generally very effective against the everyday attacks we most frequently experience. When attacks go beyond the simple, an active response by NearlyFreeSpeech.NET personnel is typically required. Our active response to attacks on member sites (or on our service itself) is roughly proportional to the square of the disruption caused; our response escalates very quickly as attacks become more severe. Thanks to our long experience in the area, we have a wide arsenal of tools that can be dynamically employed or tuned to help mitigate serious attacks. We take keeping our members' sites online very seriously!

    Having your site attacked does sometimes consume resources, e.g. bandwidth, that we charge for. The cost of such an attack depends on the type, scale, and duration of the attack, as well as in large part on your actions before and during the attack. Since these factors are not under our control, vary widely, and cannot be accurately predicted, we will not under any circumstances attempt to estimate what the financial implications of a hypothetical attack might be. If you want such an estimate, simply figure out the bandwidth that would be used based on the size of your site and the anticipated volume of requests.

    However, since our service is paid in advance, you always have complete control over your maximum financial liability simply by controlling the balance of your account. If you feel your site is attack-prone and you are primarily concerned about costs, we encourage you to maintain a low account balance to limit your exposure. Then, if a situation arises, you will be able to make an informed decision about your best course of action before incurring any significant expenses. If you feel your site is attack-prone and you are primarily concerned about availability, we suggest that you maintain a larger account balance and customize our account balance warning feature to notify you if your expenses spike in an abnormal way.

    Our service is based on personal responsibility. Although our TACOS ensure that you have broad discretion in choosing what to say on your site, if you choose to say something controversial then you must be prepared to be first in line to bear the consequences. We will not indemnify you or waive any costs you incur arising from an attack on a site you host; we are a hosting provider, not an insurance provider.

    In all cases, if you are concerned about your site being attacked, you are your own first and best line of defense. You should design a site that is lightweight and fast-loading so that it remains available under heavy load and minimizes bandwidth cost.

    If you run into a problem with someone attacking your site or trying to bleed your funds dry, please feel free to contact us. It is absolutely not our intention to sit back and laugh while someone drains your account, whether your site content provoked the attack or not. In some cases, we can block obvious troublemakers and certain types of attacks so they will not reach your site. But since you are the site operator, we will expect you to take all reasonable measures to protect yourself first. Example 1: If someone is posting rude comments on your forum site, you will need to use your forum's blocking features to handle it. Example 2: If someone writes a script to repeatedly download the largest static banner graphic on your site, we may be able to block their IP address for you.

    With all that said, it's worth noting that most sites will never be attacked directly and have absolutely nothing to worry about in this area. Even given our libertarian TACOS, fewer than 0.1% of our hosted sites have ever been targeted by noteworthy attacks.

  • Is your service only for controversial or extreme websites?

    Not at all! It's true that our libertarian attitude toward personal responsibility attracts a handful of controversial websites, some of which make a person wonder, "Ok, sure, you can say that, but why?" However, the vast majority of sites we host (greater than 99.9%) are perfectly ordinary blogs, forums, wikis, and personal pages run by people just like you.

    For the bulk of our member base, the "fringe" web sites we host frequently serve as the proverbial canary in the coal mine: they act as our global censorship early warning system. As long as the fringe sites can remain online, we can all be confident that the rest of us with more moderate views have real freedom to express ourselves. When people (or governments) attack such sites or attempt to get them shut down, we learn more about what legal and technological techniques we need to use to keep your site protected.

    NearlyFreeSpeech.NET isn't necessarily about saying something controversial. In a lot of cases, it's merely about knowing that if you need to someday, you won't find out that your freedom to do so atrophied away while you weren't looking.

  • Should I set up my new small business website at NearlyFreeSpeech.NET?

    NearlyFreeSpeech.NET provides our members a very specific service: it is designed for people who want to tinker with their website at a very low level and squeeze every last drop out of it. We are in some respects similar to an auto parts store, rather than a mechanic. NearlyFreeSpeech.NET will sell you an alternator for your '72 Impala*, but both the responsibility to determine that the '72 Impala needs an alternator, and the job of installing it remain with the customer. All the knobs, tweaks, options, and flexibility we provide can become a real frustration for a person who just wants to be done already.

    Furthermore, as a small business ourselves, we understand that one of the keys to success is for the principals to spend as much time as possible focusing on the high-skill areas and as little time as possible on "have to" stuff, including accounting, legal issues, and maintaining web pages. Every minute that we spend on something that we're barely competent or outright bad at is a minute we're not spending leaving the competition in the dust. Thus, we try to outsource as many of those tasks as possible so we can focus on doing what we're actually good at.

    For that reason, in general, we find it difficult to recommend our service to new and small businesses; the do-it-yourself nature of our service and the limited support that entails can be anathema to someone who really needs to be spending their time somewhere else. So it's often better to pay (a lot) more and get a turnkey solution. But there are two exceptions to this:

    First, for a lot of businesses these days, the website is the business. If you're a high-tech person trying to build a small business around a dynamic web site and you need advanced control over the programming and site configuration, as well as excellent speed and scalability at minimal cost, NearlyFreeSpeech.NET may well be perfect for you.

    Second, the economic realities of new businesses often dictate that the owners have to do some of the things that are outside of their core skills. If money is tighter than time and the alternative is not to have a site, the ability to create a site at NearlyFreeSpeech.NET for pennies may be priceless, even if it takes a little more work.**

    *As long as your '72 Impala supports HTTP and is hosted on our service.

    **But don't expect to see any "NearlyFreeSpeech.NET: It's better than nothing!" marketing campaigns.

  • Will you pre-approve my web site content or proposed use of your service?

    No.

    We don't have the resources to review content. We can't provide legal advice. And we don't offer a service that is intended to (or, by any stretch of the imagination, could) protect our members from everything they might bring upon themselves by what they choose to do.

    If you are concerned that you might encounter problems with the content you want to publish or how you want to use our service, we'd strongly advise that you consult an attorney familiar with such issues.

    Free speech is not just a right; it's also a responsibility. Each member must be willing to accept the consequences of their actions and should not expect us to do so for them.

    For your reference, here are links to the relevant fine print:

  • How much will my site cost to host with you?

    This is a question only you can answer. Sites are billed based on the resources they consume (bandwidth, storage, and CPU/RAM). The cost is therefore based on the size and popularity of your site, as well as any optional features of our service that it uses (like domain registration or MySQL).

    We don't know any of those things about your site, and we are not able to estimate things about your site that you don't know yourself. If you have your own estimates or past records about your site's size and popularity, you can use those, plus the pricing information available on our site, to estimate the approximate cost.

    We do provide a Pricing Estimator you can use to try to get an idea of how much your hosting may cost.

  • What kind of uptime can I expect with NearlyFreeSpeech.NET?

    It depends. (Of course.) The short answer is: Not only don't we know, we can't know. The long answer uses the word "however" a lot.

    Shared hosting has a well-earned reputation for volatility. You're sharing resources with other people. Who knows what they or the visitors to their sites are about to do? However, the most common causes of downtime are specific to the affected site. An expired domain, runaway scripts, or running out of funds are much more likely to cause downtime than a service failure.

    We find that when people ask about uptime, they expect a magic number with a certain quantity of nines in it. That number allegedly represents the fraction of the time our service is available. However, the availability of "the service" depends on the definition of "the service." We host a large number of sites and they don't all move in lock-step. One person's downtime might not affect anyone else.

    It would be easy (and blatantly dishonest) to pick an arbitrary definition that would allow us to claim 100% uptime, or any number of nines we want. Likewise, with enough hardware, something is always offline for maintenance. So we could make an argument for 0% uptime. (Though we prefer not to.) In the rare case where a production server crashes, it usually affects a small percentage of our members' sites for a few minutes. Sites move back and forth, servers go up and down, and most of it happens without any visible effect.

    There's also the philosophical angle. If a server reboots in the forest, but no one tries to access it, was it really down?

    At many providers, your site is 100% dependent on the availability of a single physical server. If it fails, you're out of luck. Our clustered approach provides resiliency against many types of hardware problems. However, we do develop and maintain our own clustering software. Occasionally something incredibly weird may happen here that would (or could) never happen anywhere else. Such events are rare, but not without precedent.

    Sites hosted at NearlyFreeSpeech.NET run a small risk of being "collateral damage" of a denial-of-service attack not aimed at them. But the flip side is that we have extensive experience with such attacks. We're able to mitigate most small and moderate attacks without disruption. So although the risk might be higher, the expected impact is lower. There is (most likely) not much practical difference in DDOS risk between competent hosting providers.

    All in all, our overall service availability is probably above average to very good when compared to other shared hosting providers. However, "overall service availability" is meaningless if your stuff is down. We understand that. One site offline because of a service malfunction is one too many. That's why we monitor our systems and services continuously from multiple offsite locations and respond to problems as quickly as possible, 24x365.

  • Is this cloud computing?

    No. Clouds are fluffy. We are not fluffy!

    We have been using "cloud-like" principles since we started in 2002. We make heavy use of multiple virtualization technologies, hardware independence, shared resource pooling, load balancing and clustered job distribution. But we do not consider ourselves to be a cloud computing provider, if only because that's such a marketing term and really means very little. (We've seen it argued that "the cloud" is anything you don't host on equipment you own and operate yourself.)

  • Where are you located?

    From a geographic and legal standpoint, our entire business operates from inside the United States of America. Almost all of our services are provided from our primary datacenter in the New York City metro area.

    From an Internet standpoint, we are well-connected to multiple Tier 1 backbone providers. We do not use bandwidth from the "discount" carriers frequently associated with inexpensive web hosting providers.

    Keep in mind that although our company is solely under the jurisdiction of United States law, our Terms & Conditions of Service do require you to follow the laws of whatever country you are in. (With certain limited free-speech-related exceptions available only with our prior written consent.)

    Also, although much has been written lately about how imperfect the US government is when it comes to Internet issues, it remains the best choice for hosting. Most of the top countries one would consider as alternatives have already been caught doing the exact same stuff; at this point it's safer to assume that the rest just haven't been caught yet. But in the end, there aren't any other countries that have good Internet connectivity and infrastructure, fundamentally recognize the individual right to freedom of speech, and have a legal system that doesn't force web hosts to remove anything that generates complaints.

    The US isn't the perfect choice, it's just the best one. So we'll keep working to make it better through our support of the EFF, the Freedom of the Press Foundation, and similar organizations.

    The exception to this is that if your web site will greatly antagonize the US government or is illegal in the US, you should not use any US-based host, including us, to host it. That's just common sense.

  • Do you offer telephone support?

    No. We provide support primarily through the ticket-based issue reporting system on our site and through our forums.

    Providing good-quality telephone technical support is very difficult and expensive. Since most of our members don't use support and, more importantly, don't want to pay for support they don't use, maintaining a telephone support option for the few people who would use it is not economically feasible. We also have a moral objection to call centers; anyone who has ever seen, run, or interacted with one knows that that's no way to treat human beings, regardless of which side of the phone they're on.

    Most companies as small as ours that offer telephone support do so by outsourcing it. We looked into that, and it's a very cost-effective approach, but the result is moderately awful; it still involves call centers, and it fills them with people that have little to no knowledge about the specific system they're "supporting." When a call comes in, their screen flashes up with the name of the company they're supposed to represent, and since they know little to nothing specific about the company or how its systems work, pretty much all they can do is search the FAQ and read entries to callers in the hopes that they find the right one. While that works in a lot of cases, it wouldn't work here. Soul destruction aside, our members are smart, motivated and tend to have a lot of experience; if their questions are in the FAQ, they typically prefer to find and read what they need for themselves.

    However, there are web-hosting companies that do a great job with telephone support, especially for new customers and people inexperienced with web-hosting. If that's something you're looking for, you may find that one of those companies is a much better fit for your needs than we are. And although they may be considerably more expensive, the extra investment is often well worth it if that type of extensive assistance is something you expect to use frequently.

  • Someone else uses your service and wants my help with it. How do I help them?

    Very carefully.

    First and foremost, do not let the other person give you their login credentials. If they do, don't use them. Doing that will result in a suspended membership. That will cause both of you all kinds of problems and misery without helping anybody.

    That means that to help someone else with our service, you're going to need a (free) membership of your own. There are two fundamental reasons for this:

    1. When you go to the signup page, you'll see bold print warnings that memberships are created for individuals (not companies or organizations) and that they may not be created for others, transferred, or shared. Make sure you heed those warnings. If you don't: suspended → problems and misery → nobody helped.
    2. Creating your own membership will allow you to look around our system and make sure that you're familiar with the features and limitations of our service and that you're comfortable that you can provide the necessary help.

    Second, it matters what type of help they need from you.

    If the person only needs help managing a website's content, we have a feature called adjunct access that allows one member to edit another member's site. There's no fee for that; you can create a membership and be given adjunct access to another person's site without ever paying anything. Full information about adjunct access is available in the version of our FAQ on our member site.

    We also offer the ability to share an account between multiple members. Account sharing is the best way to organize complex projects or hosting for organizations where more than one person must be involved. Account sharing doesn't require anyone but the "main" member to pay anything. Full information about this is also available in the version of our FAQ on our member site.

    If the person needs more help than that, there are two basic ways to proceed.

    • If you want to take over completely, you and the other person can each log in to your own memberships and submit free requests to transfer their stuff to you. The process for this is also described in our member FAQ. For simplicity's sake, what the other person will ask to have transferred, and what you will ask to receive, is "everything."
    • If the above is not possible or not desirable, or if you need more help from us for some special situation, the other person will have to contact us through our site and give us explicit permission to discuss all the details of their membership with you. Once that's done, you can contact us the same way to have that discussion. Then, and only then, we can work with you to figure out the best way forward. Note that both parties will need subscription memberships (our higher, more expensive tier of membership which includes individual private support) to do this.

    It's important to emphasize that due to our privacy policy, we will not under any circumstances discuss the details of any person's membership with any other person in the absence of their express written consent provided through our site.

  • Should I use NearlyFreeSpeech.NET or a VPS?

    There are certain specific cases where a VPS is a better fit than our service:

    • If the public face of your application is not web-based, it won't work on our service.
    • We provide a very full, carefully-engineered environment that is suitable for a wide variety of applications and customizable for lots more. But if you need the ability to manipulate the environment at a very low level, such as loading custom kernel modules or filesystems, you won't be able to do that here.
    • If you want to learn about a career in the fast-paced, exciting world of Internet system and security administration, our service isn't a good place for that.

    Likewise, there are several cases where we are a much better choice than a VPS, but they all boil down to this: you have stuff to do, and spending lots of time installing, customizing, tuning, and maintaining a VPS isn't it.

    Whether that's running a production application, developing your big idea, or just learning how to program, there's a good chance you're a lot better off here than you are at a lot of other places. We call ourselves a "do-it-yourself" provider, true, but we try pretty hard to provide you a great environment and a set of high-quality tools to do your "it."

    (And before you make a decision between our service and a VPS based on price, please question your assumptions.)

Policy Answers

  • What's the catch?

    We're doing the best job we can to ensure that there is no catch. But of course, there's always fine print. Ours is a pay-for-what-you-use infrastructure, and in order to convey your deposits into your account and then keep track of them, we have to maintain our billing infrastructure, do our accounting, file our taxes, and deal with payment compliance issues and fraud. All that adds up, so we have to charge you a small deposit fee.

    We do not profit from deposit fees.

    The base deposit fee is exactly the same for all members and payment methods. However, before charging you this fee, we offset it as much as we can by applying a variable instant rebate. This helps ensure that small deposits remain cost-effective and helps us tweak the system to make sure deposit fees are distributed fairly without overcharging anyone.

    If the deposit fee and instant rebate system seems unnecessarily complicated, it is and we apologize. It is unfortunately necessary in order to provide you with the best possible pricing without running afoul of the conditions imposed upon us by our payment processors. We're constantly on the lookout for ways to reduce (or simplify!) these administrative costs, because they don't help us and they don't help you.

  • What payment methods do you accept for account deposits?

    We currently accept these forms of payment:

    • Credit and debit cards: Visa, Mastercard, Amex, Discover, JCB and Diner's Club
    • PayPal
    • Mailed-in checks and money orders

    Credit card and PayPal are processed immediately. Mail-in deposits take longer.

    Some prepaid cards work with our service and some do not. Whether an individual brand of prepaid card will work is at the discretion of the card issuer, not us, so although some do work, we don't recommend using them.

    We do not accept cash payments for the simple reason that cash sent through the mail all-too-frequently does not reach its destination. Even the US Postal Service acknowledges this and officially discourages the practice. You may use cash to obtain money orders from the United States Postal Service, Western Union, and many other vendors in the United States. Internationally, we recommend the use of American Express worldwide money orders denominated in US Dollars.

    We do not accept any forms of payment not listed here.

    If you wish to pay us anonymously, see this FAQ entry for more information.

  • What is your refund policy?

    A member may easily request cancelation of their service at any time from the Profile tab in our member interface.

    When a membership is canceled, we will return the prepaid balance remaining in your account—all of it.* Since we provide a pay-as-you-go service (for almost everything but domain registration and privacy), you're only responsible for the cost of services we have already provided. There's no "OK, but your cancellation won't be effective until the beginning of the next billing cycle." or "OK, we'll cancel you right now, but you agreed to pay for a zillion years of hosting in advance, so you don't get a refund." We'll process your cancellation request as soon as possible and (in most cases) refund your remaining balance at that point.

    If you try our service and figure out the same day (by 9 PM US Eastern time) that it is not right for you, let us know immediately. Sometimes, but not always, we can void your transaction so that it will be as if you were never even charged. We can't promise that, but if you let us know fast enough, we will do our best for you.

    There are rare cases where funds may be nonrefundable:

    • Payments were made by a third party. (We are not a money transfer service!)
    • Payments were transferred to your account from another member. (But you're welcome to transfer them back, with their permission.)
    • We close your membership for certain particularly egregious violations of our Terms & Conditions of Service.

    We cannot issue a partial refund of your prepaid balance. We can only issue a refund in conjunction with the close of your membership, and it will be for the full remaining balance unless you specify otherwise.

    Also, ICANN does not allow registered domains to be abandoned. If you have any domains registered through us, you must transfer them to another person or registrar before requesting cancellation. (Fees paid for domain registration are typically nonrefundable.)

    *If we have to mail you a check, there will be a small charge deducted from your balance first, and we won't issue a refund by check for a balance less than the charge.

    This is intended to be a thorough summary, but please see our Terms and Conditions of Service for complete details.

  • What if I want to host unpopular or controversial content?

    Please review our Terms and Conditions of Service.

    Our primary requirements in this area are as follows:

    • Your content must be legal according to the laws of the United States.
    • You may not use our service to violate your local laws.*

    If you have questions about whether your proposed site is legal, you need to consult an attorney. Under no circumstances can we give a legal opinion or advice, nor can we make binding statements about hypothetical sites and circumstances.

    *You must obey all applicable local laws unless you get our prior express consent in writing. We do provide anonymous hosting of content that violates local government censorship laws at our sole discretion in cases outside the United States where we feel government censorship is contrary to the cause of freedom.

    If you have questions about our willingness to put up with controversial or unpopular sites that are nonetheless legal, we invite you to review our Abuse @ NearlyFreeSpeech.NET page.

  • What happens if my account runs completely out of funds?

    Your services will be automatically disabled. As soon as you add more, it'll come back, but that can take a few minutes and that often feels like the longest few minutes of your life, so we recommend using and customizing the account balance warning system (which supports both email and SMS) to keep track of things before they go that far.

    If you don't add more funds right away, things will hang around for at least 30 days. You can add more funds at any point during that period and get it all back.

    If you haven't added funds after the 30 days, we'll start cleaning things up. Services paid for by that account, including all hosted content, will be removed. If you don't have any registered domains on that account, the account will be removed a few days later.

    If 30 days is not a long enough grace period, we offer a feature called "suspended animation" that can help you extend the retention of your content when your balance runs low. That setting can be enabled and managed from the "Suspended Animation Threshold " line of the Account Information box on the page for your account under the Accounts tab.

    If you do have one or more registered domains, they will persist until they complete the expiration/deletion process or are transferred elsewhere. That will keep the relevant account and your membership open so that you can continue to manage them.

    You can also view (and configure) how long your membership is retained after your last account expires in the "Retention Time" line of the "Details" box on the Profile tab. As long as your membership continues to exist, you can request that we attempt to recover deleted content. (A fee applies for this service.) Recoveries of this type are generally successful if requested within several months of deletion.

    Once your membership is deleted, however, that's it.

  • What is customer service like for subscription members?

    In addition to all of the options available to baseline members, people who have opted in to subscription membership are eligible for individual private support via email and our ticket system. Our individual private support option is informed by our own support experiences:

    • There are no "level 1" techs triaging requests. Whoever answers your inquiry knows what they're doing.
    • We try to answer questions quickly during our standard support hours, maintaining an average response time of less than two hours.
    • If we need to research the answer to your question (within reason) we will.
    • We never cut-and-paste "canned answers" that may or may not address the question you actually asked. (Though if you ask a question covered in our member FAQ and don't indicate that you read it, you may be gently directed to it.)
    • Don't be surprised if you write in for support a second time, and we remember you from the first time. We are not interchangeable parts, and neither are you.

  • What is customer service like for baseline members?

    Baseline membership reflects that our do-it-yourself service is designed to be used without individual support. Consequently, support options are limited, but typically unnecessary.

    Most of the information members need is maintained in a detailed technical FAQ (available here if you are not yet a member).

    When members need a little more help, they generally turn to our community support options. We have a member forum populated by some very, very smart people (including our staff), and members can view and contribute to a wiki that provides a rich variety of perspectives on tips, tricks, and how to get various things to work.

    We also offer a specialized type of support, called assistance requests, for specific predefined actions that you need us to perform on your behalf. These are very limited in scope, highly automated, and are often designed to smooth over features that don't have a UI in our control panel, because they are specialized or rarely used. Baseline members also have the ability to report perceived problems with the system, although that channel is one-way; it is not a way to obtain help or support.

    These options are sufficient for almost all of our members. Those looking for more can evaluate whether the individual support option included with subscription membership meets their needs.

  • What if my site uses less than $0.01 of bandwidth in a month?

    The same thing that happens if your site uses less than $0.01 in a day, in a week, or in a year: it keeps going until it does.

    We aren't really interested in months. The amount of bandwidth you use is carried over as long as it takes until you accumulate a penny's worth of usage, even if that takes a month or more.

    Yes, we are happy to host sites like this.

  • Do you allow adult content?

    Yes.

    See the CONTENT section of our Terms and Conditions of Service for specifics.

  • Do I get interest on my deposit?

    No. The costs of such a program would be more than the actual interest produced. (Especially these days where interest earned is vanishingly small.)

    We periodically reevaluate this situation, because we think a web account that runs forever purely off of its own interest is a pretty cool idea.

  • Can I get a credit if your service goes down?

    No, that would be silly. Since we bill primarily based on resource usage, if most of our services go down, you'll never be charged for them in the first place! We charge you primarily based on the bandwidth and resources you use. If the service is down... well, you aren't using much bandwidth or resources!

    This business model has another profound consequence. In the event of a service failure, our revenue craters on the spot until it is fixed. The technical term for that is "motivation." For this reason, we do not offer any service level agreements or uptime guarantees other than "you will get the very best we have to offer."

    By way of disclaimer, the above applies only to bandwidth and resource charges. Storage and other charges have always continued to apply during network outages. We don't know what we would do if we ever had a storage outage that resulted in data loss, since it's never happened. If it ever does, we'll try to do the right thing.

  • What's the difference between an 'account' and a 'membership?'

    A "membership" represents you as an individual person (not a company, group, club, or organization). It's how you identify yourself to us, and how you access our services. If you're a US worker, it's like your social security number except, you know, less social and more secure. And, in most cases, less number-y.

    An "account" is how you pay for our services. It contains the funds that you use to purchase hosting. You'll need at least one. You may create more, if you want, but you don't have to. Accounts also hold hosting-related assets, like web sites, domains, and database processes. Just as one membership can have several accounts, one account can fund several different assets.

    Accounts also contain contact information about their owners, which may or may not be the member who manages the account. A web designer managing an account for a client would be a good example of a case where the member who manages the account is not the owner. Similarly, a company might own an account, even though it's managed from the company's webmaster's membership. Keep in mind that from our perspective, regardless of account ownership, the member is the only representative of the owner authorized to access the account. (There's no point in having any other policy, since the member can change the account's contact information at any time.)

    People use accounts to group related stuff together, to separate business and personal expenses, or to keep track of multiple clients. All sorts of reasons. Other people are perfectly happy to jam everything into one account and have only one balance to keep track of.

    It's a little like a bank. You are one person, but you might have two savings accounts: one for college, and one for "rainy days." The bank (if they know you at all these days) knows that you are just one person, and you have your social security number (membership) to prove it.

    Unlike accounts, you may not have more than one membership. That would be like opening an account at your bank, then going out to your car, putting on a fake moustache, and going back in to open a second account.* Even if you could, why? Likewise, you cannot go into the bank, give them someone else's social security number, and open an account in their name.** So please don't open memberships for other people here.

    *At least, we assume it's like that, but we've never actually tried it. Our bank has a pretty good sense of humor, but why push our luck?

    **Sense of humor or not, we're pretty sure that's a felony.

  • If I use your web hosting, will you put banners or ads onto my site?

    No, of course not. That wouldn't really be your site.

    Your site will have on it exactly what you put there, and nothing else.

    Naturally, if you want to put banners or ads on your site, you're welcome to do so, what with it being your site and all.

  • Do you impose CPU limits?

    Yes. CGI processes and individual ssh commands are limited to two to five minutes of CPU time, and PHP requests are limited to three minutes of wall-clock time by default.

    These restrictions are designed to catch runaway processes, not to interfere with ordinary usage. "Stock" web applications, specifically including phpBB and WordPress, simply do not use enough resources to encounter these limits. Who would wait three minutes for a web page to load anyway?

    If you have a need for longer-running processes (e.g. for non-interactive use), there is usually a way to make that work or adjust our system settings to accommodate it.

    Although we do not impose an overall specific per-site CPU limit, ours is a shared hosting service. We try to accommodate individual needs, particularly on plans where you pay for the resources you use, but we do reserve that right (and responsibility) to limit anything that causes disruption to others. If you have a site on one of our older plans that does not include a resource-billing component, attempts to use large amounts of resources are more likely to encounter limits depending on total available resources.

  • May I send email from a website hosted at NearlyFreeSpeech.NET?

    Yes, but. Because of the ever-present threat of spam, we monitor email usage very closely. Therefore, you should expect an amount of scrutiny directly proportional to the volume of email you send.

    It is also very important to be aware of potential vulnerabilities introduced by email-enabled web pages. In particular, generic PHP "feedback" form scripts have proven to be very popular targets for spammers, who can find and exploit them automatically. You should be extremely cautious, and make sure that any email-enabled web sites you create are safe from exploit.

    We will hold you responsible for email activity caused by your site, whether you intended to allow it or not. If a spammer exploits a script on your site to send spam, we will have to clean up the mess. At a minimum, that will probably entail temporarily disabling your site, and it may result in additional charges for you.

  • What if my site gets a DMCA complaint?

    Please be aware that when we address questions of this nature, we cannot speak to hypothetical situations, nor can we guess what we would have done in a situation where we were not involved. Nor we can offer you legal advice.

    In the United States, the Digital Millennium Copyright Act (DMCA) defines the process by which a copyright holder can request that material be removed. In such cases, a provider is legally obligated to remove the allegedly infringing material without judging the merits of the claim. It is essentially done on the copyright holder's sworn say-so.

    However, the DMCA also governs the process for restoring material, and that process is similarly rubber-stamp on the part of the service provider. Once that's done, it becomes a matter for the courts, not the service provider.

    In this regard, the DMCA is a good law for us and for you. (Although it can and does suck in many areas, this isn't one of them.) The DMCA is, in part, supposed to protect you from capricious decisions made by the service provider based on some subset of the facts. At no point does or should an Internet service provider investigate or make judgment calls about complex copyright law and questions of what might be infringing. (We specialize in server processes, not process servers.) The DMCA gives us (and you) a certain (non-perfect) confidence that the copyright owner's claim has at least some legitimacy, and provides decent protection (once you get over the initial take-down hurdle) against the use of false claims of copyright infringement to suppress legitimate content.

    If you wish to host a controversial site in the US, it behooves you to know the law, particularly this one, and how to use it to your advantage in the event of a dispute. You should also be prepared for a downtime of some or all "allegedly infringing" material for a couple of weeks if the copyright owner wants to fight.

    We adhere to the entire law very closely. We do not generally pull the plug on an entire site if, for example, someone claims that a single graphic is infringing. We do our best to remove only the content that the copyright owner specifically identifies as allegedly infringing -- usually by allowing you to handle it yourself unless you decline or fail to do so. We allow and encourage the use of the "putback notification" process when material is incorrectly identified as infringing. But we do not automatically terminate a member's service merely for receiving a complaint alleging infringement. (However, actually infringing someone's copyright does violate our TACOS and will generally result in immediate termination.)

    Keep in mind that while we aren't lawyers, neither are we idiots. We can tell the difference between people harassing our members via the DMCA and cases where our service is genuinely being misused, and we can adjust our attitude accordingly. Fortunately, both of these cases are very rare.

  • Do you provide anonymous hosting?

    In most cases, we do not allow our members to remain anonymous to us.

    In general, the concern is that information not be disclosed to third parties. Our industry-leading privacy policy reflects our commitment not to let that happen. Therefore, from our perspective, there are very few legitimate reasons why a member would need to conceal his or her identity from us. Most people who request anonymous hosting are attempting to perpetrate fraud (on us or on the public) or wish to escape accountability for their actions.

    At NearlyFreeSpeech.NET, we believe that with great power comes great responsibility, so we take a dim view of such behavior. For that reason, our TACOS require our members to provide complete and correct contact information, and requests for anonymous hosting are typically denied.

    However, we do make one important exception. If you live outside the United States and can demonstrate that the site you wish to host would put you at significant, legitimate risk of retaliation from a government with a documented track record of reprisal against people who speak out against it, we may be able to help. Anonymous hosting is serious business; it can be one component of a coordinated plan to protect you and your family from torture and murder. It's absolutely not an option you can use to dodge lawsuits or unpopularity arising from hosted material.

    If you feel you need this level of protection, please contact us, taking appropriate privacy precautions with respect to your correspondence. Be sure to explain where you live, what you want to host, and why you feel hosting the material anonymously is the only way to guarantee your safety. Be very specific; you will need to explain your situation in enough detail so we can make an informed decision. We may, in our sole discretion, decide to waive the contact information requirement in exchange for periodic reviews of your site content by NearlyFreeSpeech.NET personnel to verify that your usage of the service is consistent with your claims. Please be aware that even if we approve your request, paying anonymously is extremely difficult.

    We are not able to provide anonymous hosting to residents of the United States under any circumstances.

    Please don't attempt to circumvent our restrictions on anonymous hosting by using fake contact information. Sooner or later we'll figure it out and terminate your membership. And, since you gave us fake information, we won't even be able to give you a refund.

  • Can I use my NearlyFreeSpeech.NET site to accept credit cards?

    Not directly. We are a shared hosting provider. The credit card issuers impose security requirements on the acceptance of credit cards that prevent you from accepting or storing credit card information on any shared server unless very specific criteria ("PCI DSS requirement A.1") exist and have been audited. We have not been audited for compliance, as it is our opinion that the criteria can only be met by VPS-type services, which we are not.

    Therefore in order to accept credit cards and most other payments, you will need to use a third-party secure checkout service. Examples that are known to work include Stripe, Authorize.Net and PayPal.

  • What types of sites should not be hosted on your service?

    These types of sites will be disabled without notice or warning upon discovery:

    • IRC proxies or bots (public or private)
    • public HTTP (web) proxies
    • public BitTorrent trackers

    These types of sites will be shut down without notice or warning the first time an unresolved issue is brought to our attention:

    • public URL shorteners
    • sites that allow anonymous, unregistered, unmoderated content posting (e.g., "chan" sites)
    IRC bots, proxies, and BitTorrent trackers

    These sites will be abused within minutes of discovery, and discovery is pretty much automated. It saves time to say "no" up front rather than wait and shut it down after a problem.

    There aren't any circumstances where an IRC proxy or bot is allowable, and you will find most common IRC ports firewalled on our network.

    If you need to set up a private web proxy on your site for your personal use that is appropriately access-limited, that is no problem as long as your use complies with our Terms & Conditions of Service. (This does not include using our SSH server as a Socks or HTTP proxy. Doing so is strictly prohibited.)

    URL shorteners

    URL shorteners are, unfortunately, a lot more fun to write than they are to maintain. If you want to set up a URL shortener for your personal use, that's fine. If you let the general public submit URLs to it, expect us to shut it down the first time it gets exploited. (And it will get exploited.)

    Properly run URL shorteners aren't successful because they have the shortest or cleverest URL; they're successful because they have a team of people working 24x365, proactively and reactively, to prevent and mitigate abuse. If you have such a team and want to run a public URL shortener on our service, please contact us for special arrangements. If you don't have such a team, you'll have to find another host that's less concerned about the Internet's welfare.

    "Unmoderated" sites

    You are responsible for your site's content. If you allow the Internet public to post content to your site, that's on you. If someone posts content to your site that violates our Terms & Conditions of Service, you have violated our Terms & Conditions of Service. You are the person we will hold accountable.

    Sites typically avoid this through steps like verified user registration, holding some or all posts for approval, automated content scanning (e.g., PhotoDNA), and human moderators.

    Like URL shorteners, successful sites that eschew one or more of those precautions are successful because they have an aggressive moderation team large enough to provide 24x365 coverage. Like with URL shorteners, if you have such a team and want to run this type of site, please contact us for special arrangements. If you want to run such a site without adequate moderation, you'll need to do so elsewhere.

    These policies don't mean you can't run sites that get any complaints or are ever abused by others. They mean that we are not your content moderators. If you run this type of site and we get a complaint about prohibited content on your site, we want to see that you have already taken care of it by the time we investigate.

  • How do I sign up for my company/club/organization?

    Memberships represent individual people. (The law calls this "a natural person." At NearlyFreeSpeech.NET at least, corporations are not people.) A company, club, or organization (we'll go with "company" for the rest of this FAQ entry, but it applies just as well to clubs, organizations, or other types of groups) has no arms, fingers, and eyes and cannot read our Terms and Conditions of Service or complete our signup form.

    If you're signing up to host stuff for any kind of organization in which you're not the sole participant, you still have to create your membership as yourself, at which point you, personally, agree to adhere to our Terms and Conditions of Service. This is not too different from opening a company bank account; you still have to give them your own ID and sign the signature card and checks with your own name, not "President" or "Company Name, Inc."

    It is very important to understand that once you create a membership for yourself, it's yours. (To reiterate the above, your membership represents you as an individual.) Although you can cancel your membership, or it can expire if you don't have any accounts or services for awhile, you can never give it away, nor ever let anyone else access it, just like you can't give away your personhood, nor allow other people to pretend to be you. This means we do not allow multiple people to simultaneously manage one membership. We are simply not equipped to handle disputes where multiple people are claiming to be in charge and giving us conflicting instructions. There must always be one person with the final say, and that is the person who, in the event of a dispute, can produce photo ID matching the name on the membership.

    After you create your membership, using your own name, you will then have the opportunity to create an account. (Actually you can use your membership to create as many accounts as you want, just like you can have multiple accounts at the same bank.) This is the step where, as the representative of a company, you should be very cautious. You should fill out the account contact information to reflect that of the company, not yourself. This indicates that while you manage the account, the company owns it.

    After you fund the company's account, you will be able to set up whatever funds, sites, domains, and other services we offer that the company needs. All of those things attach to the account to make up a neat little package of related stuff. That becomes important if you ever need to transfer control to someone else, because it makes that very easy.

    If you need to share responsibility for services here with other people from your company, that is also easily done. Other people from the company can set up memberships of their own. Then, you can share access to a single site or a whole account with them.

    If/when the day comes that you need to hand over management of the company's stuff to someone else, it's a very straightforward process. The person taking over simply creates a membership for themselves (again, as an individual, in their own name), at which point they read and agree to our Terms and Conditions of Service. (That part is really, really important.) Then, the company's account has a 12-digit account number like A1B2-C3D4E5F6 you can use to identify it. Give the other person that number, and then each of you should send a free assistance request to us through the member interface asking to move the company's account from the old manager's membership to the new one. The account, and all the sites/domains/databases it contains get moved over in one easy step. It's very easy to do, and can be handled in a few minutes without any downtime or interruption of service. If you have other stuff hosted in a separate account on the same membership, it won't be affected.

  • Will you honor a court order requiring the takedown of my site?

    Usually. However, we do handle these issues on a case-by-case basis, considering several important factors.

    First, we look at who is the target of the court order. Some court orders target you as the site operator, and some target your hosting provider.

    If a court orders us to take the material down and that court has jurisdiction over us, the material comes down. We uphold United States law at all times, end of story. If the court does not have jurisdiction over us, we typically request that the order be domesticated before implementing it.

    If a court orders you to take the material down, it's a bit more complicated. We will then consider whether the court has jurisdiction over you due to citizenship or residency. If they do, we will typically prohibit you from using our service to violate the court order. If there's a court order against your content, you need to fight the order, not try to use the Internet to evade it.

    Some countries' legal systems claim that their courts can exercise jurisdiction over any content visible inside that country, regardless of where it is hosted. We repudiate that legal theory. We do not accept orders from courts that cannot exercise personal jurisdiction over us or you unless they have been properly domesticated. US law frequently bars the domestication of such orders. (However, if Atlantis instead requires all Atlantean ISPs to block access to your site, that is not something we're likely to be able to help with.)

    We will also consider the free speech implications of the order. However, many people don't understand how limited this is. Typically, we will only consider free speech-based arguments when the site is about the government issuing the court order. I.e., we would be very likely to disregard a court order from Atlantis requiring the removal of content critical of the government of Atlantis. We would be significantly less likely to disregard a court order from Atlantis requiring you to remove material that the Atlantis court found defamatory of an Atlantis citizen if you are also an Atlantis citizen or resident. Using our service is not a way to opt out of your country's laws.

    While we will consider whether a foreign court order is a travesty of justice, it is one of the least influential factors. It rarely comes into play.

    One factor we do not consider at all is your opinion. We are not interested in how justified you feel your actions are, how messed up your country's laws are, how easy/unfair/one-sided you feel it is to get such an order in your country, what an ignorant jerk you think the judge was, or how sure you are that they're all out to get you. If you agreed with the order and the process, you'd take the material down yourself; we'd never hear about it. Beyond that, your opinion ceases to have any probative value. Sorry if that's hard to hear.

    When we deal with court orders from your jurisdiction, and you are outside the US, it is often helpful for you to make your attorney available to us (at your expense) to answer questions about the matter. If you got a court order issued against you in your own country, but you don't have qualified legal representation, it will be somewhat more difficult for us to take you seriously.

    To reiterate the most important statement at the top, we handle all situations on a case-by-case basis. We will not guarantee any specific response, nor will we even guarantee that we will handle all cases as described here. However, we have been at this for many years. The guidelines above have served our goal of staunchly defending freedom of expression without letting the Internet collapse into total anarchy.

    In all cases, the indemnification provisions of our Terms and Conditions of Service require you to pay any legal expenses we incur in handling or responding to court orders related to your services with us.

  • Can I use your ssh server as a web/SOCKS proxy?

    No. We are entirely focused on web hosting and our Terms and Conditions of Service expressly forbid the use of our ssh server for any purpose other than maintaining content hosted here. That prohibition definitely includes using our ssh server as any kind of web or SOCKS proxy for accessing the Internet.

    We try to run an open system that provides our members with the most powerful tools for managing their content. As a result, we allow outbound network connections from the ssh server for people who need to move content from/to elsewhere, and we allow ssh port forwarding so people can access their MySQL processes from offsite and so that they can securely access their own sites hosted here.

    However, we can and do check for outbound network connections that use our ssh subsystem as a proxy, and our system automatically kills them. Furthermore, we may be forced to take appropriate action if we observe repeated or blatant attempts to misuse our system in this way, including but not limited to revoking ssh access (which will require you to use our paid support to regain) or, in extreme cases, terminating a membership.

  • What is supplemental verification?

    Our Terms and Conditions of Service require that accurate contact information is provided for all memberships; free speech is a responsibility as well as a right and part of that responsibility is that you may be held accountable for what you say. Supplemental verification is any step we take to verify your contact information above and beyond our usual policy of trusting what you enter when you sign up for and use our service.

    There is a huge correlation between people who provide fake contact info and problems like payment fraud and illegal content. So if during the ordinary course of providing service we find a clear and specific reason to question whether accurate information has been provided, then we get into supplemental verification. To give an extreme example, if you tell us you're John Smith from Ontario, Canada, but pay with Bob Jones' credit card with a billing address in California, and you're logging in from Nigeria, we're probably going to give that a second look.

    Depending on the situation, we may inquire about some or all observed discrepancies. That's usually enough to take care of it. In a handful of very rare cases -- about 0.01% of members -- we wind up asking for ID. In those extreme cases, generally any government-issued ID, like a driver's license or passport, is suitable for that purpose, but that comes up so rarely that we're very flexible in handling it on a case-by-case basis.

    Typically any problem in this area is easily resolved. If not, it's for one of two reasons. Most of the time the membership was blatant fraud (stolen credit card, illegal content, etc). But sometimes the person involved says something to the effect of "I know your policy, but I don't agree with it, so I won't follow it." The nature of our Terms and Conditions of Service is that if someone refuses to abide by the Terms and Conditions, we will refuse to provide the Services, so that is not an ideological position that is compatible with use of our hosting. Importantly, it may also impair the ability to get a refund. (So if you're thinking about signing up with fake contact information, please don't. It'll eventually end in tears. Yours.)

    Supplemental verification is also triggered anytime someone claims they are a member of our service but has neither the login information nor access to the contact email address. In those cases, we skip straight to asking for ID to establish the rightful member. (And naturally anyone who provided fake contact info and winds up in that situation is pretty much out of luck.)

    It's also worth remembering that we also have an industry-leading privacy policy that protects contact information from disclosure without a legal requirement to do so, and that we may also offer anonymous hosting with advance written permission in certain very rare cases where personal safety is an issue.

  • What will you do if I send you email instructing you to do something to my membership?

    Nothing.

    We cannot process any instructions with respect to a membership via email. This includes, but is not limited to, requests to cancel, to accept payments, to register, renew, or transfer domains, to disable content, or to remove anything.

    Email is not secure. Anyone who knows your email address can send an email that appears to be from you. Some people don't even bother using your email address when pretending to be you. We routinely receive emailed requests to do stuff that clearly aren't from the member. But the scary ones are the ones that look like they are from the member but turn out not to be.

    Even when we're pretty sure you're you and we believe there would be little risk in doing so, we cannot process an email request. After all, we could be wrong. And even if we're not, we also need to take reasonable steps to protect not only you, but also ourselves.

    So, on our system, the way you prove you're you is to log in with your member login name and password (and, optionally, a two-factor device).

    If you need help logging on, check out the Login section of our FAQ.

    If you need our help with something else, the best way to obtain it is via the support tab of our member site.

    If you have a subscription membership, you can submit requests via email if you want, but you'll still have to click a link, log in, and confirm that the message really came from you. (Which basically copies it into our support system as if you had submitted it from our site.) That does introduce delays, so you'll generally get faster response if you send such requests directly from the support tab. Please note the option for individual email-based support is only available to subscription members. Baseline members should check the support tab for community support and self-support options.

  • Is anything recoverable from a membership that has been closed?

    No. Once a membership has been closed, nothing can be recovered.

    The permanent deletion of services, content, and account information is an important part of the implementation of our privacy policy, designed to let former customers be confident that they haven't left hidden copies of their data behind.

    Closing a membership also entails removing enough of your personal information that even if recovery were possible, we would have no way of proving you are the right person to recover it for.

    As such, once a membership is closed it is permanently gone and any associated information, content, domains, or other services cannot be recovered. (You are, of course, welcome and encouraged to re-create things from your own backups if you choose to set up a new membership with us.)

    This applies regardless of whether the membership was closed by request, due to running out of funds for an extended period of time, or for violation of our Terms & Conditions of Service.

  • What is the "MFFAM" policy?

    Because we believe in free speech, we host a small amount of offensive content. Some days, that's really hard to do. There are views expressed using our service that we find personally repugnant. (Although we don't host as much of that type of content as one might expect, given our extremely broad Terms & Conditions of Service. The simple fact is that our service is for smart people, which disproportionately excludes people who hold those types of views.)

    Nonetheless, our content policy does occasionally put us in a position of accepting money to host sites we find abhorrent. But we have no interest in profiting from sites like that. For that reason, since our founding in 2002, we have what we have more recently started calling the MFFAM policy: Morons Funding the Fight Against Morons.

    When we find a repugnant site on our service, we mark the account. We receive reports about all payments to such accounts, and we take a portion of that money larger than the amount of estimated profit and we donate it to the best organization we can find. The best organization in any given case meets two criteria:

    1. The recipient organization does share our values.
    2. The recipient organization is as opposite (and hopefully as offensive) as possible to the site operator that funded the donation.

    Examples of organizations that have received funding over the years include the Anti-Defamation League, the Southern Poverty Law Center, local chapters of the NAACP, the National Bail Fund Network, the American Immigration Council, the Trevor Project, and others.

    This policy isn't perfect by any means, but neither is the world we live in. MFFAM does let us help the organizations that we hope will eventually get us closer to that perfect world. It helps the people who operate repugnant sites understand that they are here because we tolerate them... barely... not because we endorse them or their views. It also does a pretty decent job of further thinning out the number of such sites, as a fair number of people who run them only believe in free speech when they're the ones talking.

Technology Answers

  • Do you support PHP? FastCGI? SSI?

    Yes, absolutely! You can run PHP, python, ruby, perl, lisp and tcl applications on our system, as well as many others.

    We have custom integration for PHP, as well as support for using FastCGI, SCGI, and HTTP to speak to an application server written in the language of your choice, like Django, Ruby on Rails, or Node.JS.

    CGI has fallen out of favor due to its drawbacks; all of those alternatives didn't emerge because it was so great. However, it still fills a need and works fine here; you can simply put a CGI script in your web space with a .cgi extension, and mark it executable.

    We update our support for programming languages very frequently. Check our home page for links to current example configurations.

    SSI (server-side includes) can be used by naming your files with a .shtml extension.

  • What database software do you support?

    Full MySQL support is available. We give you your own private MySQL process and full administrator privileges; there's no need to worry about other users trampling on your databases or trying to shoehorn several applications into a single database.

    To help you manage your process remotely without having to install and maintain extra software, we provide a private installation of phpMyAdmin that can be used to access hosted processes easily.

    We also support a number of common database libraries in both PHP and CGI applications, including SQLite, db4 and gdbm.

    Some server types also allow configuring processes like memcached, Mongo, and Redis.

  • What common web applications and frameworks work with your system?

    Lots! Here's a partial list of the ones most frequently asked about or used:

    • Django
    • Drupal
    • Flask
    • Joomla
    • Laravel
    • MediaWiki
    • Node.JS
    • Ruby on Rails
    • Symfony
    • Trac
    • WordPress

  • Do you support TLS for member sites?

    Yes.

    We support modern/secure TLS using certificates issued by the authority of your choice. You are welcome to generate and use your own key and obtain certificates for aliases in any domain name you own, or you can have us do it for you for a small fee, or you can use streamlined tools we provide that work with the Let's Encrypt project to secure your site.

    TLS on our system is implemented using the SNI (Server Name Indication) extension of TLS. This has widespread support, but somewhere out there on the Internet, some ridiculously obsolete browser or ancient device with outdated firmware can't handle it. If you have a requirement to support old, known-insecure versions of SSL, we cannot meet that requirement.

    Our implementation of TLS has not been audited for and we do not support its use for the following:

    • PCI DSS compliance for credit card processing. (Use a third-party processor; we're very happy with Stripe.)
    • HIPAA compliance for sensitive medical information. (There's paperwork. Lots of it. You need a specialized — and very expensive — provider who can help prepare your compliance documents.)

  • Can I use .htaccess files to customize my web server configuration?

    Yes, almost any directive that can be placed in an Apache .htaccess file will work on our system. The most significant ones that will not work are those that perform access control based on IP address; due to our network architecture, IP blocking is performed before requests reach .htaccess and must be configured separately.

    The most common location for .htaccess files is /home/public. By default, no .htaccess file exists, so if you want one you will have to create it yourself.

  • May I install other types of server applications that are not web-based?

    To an extent, yes. However, we only allow HTTPS (and legacy HTTP) services (e.g., websites) to be accessed from outside our network. A partial list of servers that will not work with our system includes:

    • Live streaming
    • Non-web-based MUD and gaming servers (including Minecraft)
    • Voice/video chat servers not based on WebRTC
    • email servers (SMTP, POP, IMAP)
    • anonymous FTP servers
    • IRC bots and servers (though many web-based chat programs do work)

    The bottom line is that if a service speaks the HTTP protocol on TCP ports 80 or 443, it is likely to work. If it doesn't, it definitely will not.

  • What type of control panel do you use?

    We have our own custom control panel that is as unique as the rest of our service. While it is in no danger of winning any awards for its great beauty, it does allow you to control most aspects of our service without resorting to complicated configuration files. The major benefits of this custom environment are:

    • It matches the services we offer very closely.
    • If you need help with it, it's a safe bet you aren't going to stump us, since we wrote it.
    • When people write to us and say "you should add (feature) to the control panel" we can occasionally write back later that day and say "Good idea, try it out."

    There's no "demo" of our control panel, but you can create a membership and kick the real thing around for yourself. Naturally, doing so is completely free. To get a basic idea, all you need to provide is your name, a login name, and a working email address. (We promise not to spam you.)

    To get a better idea, we recommend that you create an account, which will require your basic information (real name, address, etc.), but don't worry, our privacy policy has your back. No payment information is needed to check out the control panel. So please try creating an account; you might be surprised by what happens next!

  • What software can I use to access your system?

    The most popular and successful tools used for uploading content to our site are those based on secure, modern technologies like SCP, and SFTP. This includes most web design programs and most file transfer utilities.

    For managing site content directly, we also provide SSH access to the command line. This includes a full suite of preinstalled utilities like rsync, git, and unison that can be used to transfer or synchronize content between your local system and a site hosted on our service. But, if you prefer, you can also hand-code your entire site in vi (an elegant editor for a more... civilized... age). Or emacs, pico, nano, and others.

  • What are the most common things that do not work on your system?

    Erm, this is embarrassing. We used to have a list of things here that were known not to work on our system. But now they all work. So, uh, there's not much to see here right now.

    Our system is for web sites only. So most of the inquiries we get about things that won't work are things that aren't web-based.

  • Why don't you offer static IP addresses?

    We have a corporate policy that we do not offer services that consume IP address space on a per-site or per-user basis. The most common example of this is when a web site is assigned one (or more) static IP addresses, but it also applies to anonymous FTP sites and some other types of hosted services.

    Assigning static IP addresses on a per-site basis is a practice that has devastated the Internet address space, so we don't participate in it. Tens of thousands of IP addresses can be assigned to a single rack of equipment in a datacenter somewhere, but there is a shortage of IP address space. That's not the right way to do things.

    We regard this as an "Internet environmental" issue, and it's one about which we're prepared to be a little extremist. Basically, we believe that it's wrong for us to do it, so we don't do it. Not everyone agrees with us, and we definitely do lose business because of this position.

    For standards-compliant web hosting (HTTP/1.1), there is no need to assign a static IP address, and no supported browser remains available that requires this. Static IP addresses also severely limit our ability to reroute around equipment that has problems or is being maintained, and even makes it tougher for you to benefit from our load balancing technology.

    The most common reason people request a static IP address is to point external DNS at a site hosted with us. As part of our hosting service, we provide our own special DNS records for each site that you can link to external DNS using the CNAME capability that work even better than static IPs. These records preserve full fault tolerance and load balancing.

  • Does 'NearlyFreeSpeech.NET DNS' support subdomains?

    Yes. Our NearlyFreeSpeech.NET DNS service allows unlimited subdomains under a single domain name at no additional charge.

    Please be aware, however, that we do not use the subdomain-is-subdirectory hack (unfortunately) made popular by a certain brand of web hosting control panel software. You can use our service to create multiple independent sites and then assign or remove names from one or more NearlyFreeSpeech.NET DNS domains at your discretion. There is no connection between a site and a domain name or subdomain other than what you create, and there is no correlation at all between subdirectories of a site and subdomains of a domain.

    Subdomains can be associated with sites we host by adding them as aliases. If you're a member, see this member FAQ entry for more information.

  • What is your hosting network like?

    Our hosting platform uses a network of distributed, fault-tolerant, load-balancing shared servers. Sites are automatically distributed across the servers to make the best use of resources based on the popularity of the site and the capacity of the server. As a result, there is no need to fear having busy or CPU intensive sites on the same server slow you down; our system will re-balance them automatically.

  • How big is a gigabyte?

    On our system, a gigabyte is 1,073,741,824 bytes. Hard drive manufacturers would have you believe that it's 1,000,000,000 bytes, but we don't sell hard drives.

    Technically 1,073,741,824 bytes is a gibibyte, but we have a hard time calling it that without a childish urge to snicker, and nobody likes a snickerer. If you want to be strictly accurate, the hard drive manufacturers are right, and we bill storage and bandwidth based on gibibytes* and mebibytes* (1,048,576 bytes), not gigabytes and megabytes.

    Someday we'll grow up about this, but that day has not yet arrived. We are moderately more mature when it comes to the abbreviations, and we try to use MiB and GiB to represent base-2 prefixes correctly wherever possible.

    *Must... keep from... snickering.

  • How many MySQL databases can I have?

    A MySQL process can contain as many databases as you wish. You can also create multiple MySQL processes if you wish. Doing so will cost more than placing all your databases in a single process, but will increase the available resources.

    For those with particularly demanding database needs, we also have hosted dedicated MySQL offerings including reserved resources and advanced features like thread pools.

  • What sort of spam protection does your email forwarding provide?

    We use a layered approach to spam prevention on our email forwarding service.

    First, we outright block messages from known malicious senders, like compromised servers.

    Second, we enforce strict restrictions on the email servers that attempt to send email through our forwarding systems. These restrictions are no problem for legitimate email servers (they should all be passed by default on a properly configured system), but they represent a tough barrier for the sort of compromised, virus-infected servers that send most of the world's spam. These restrictions block most illegitimate messages based on delivery mechanisms, not the content of the message. Our public site has more information about our Email Acceptance Policy. This step includes greylisting.

    Third, we do some very minimal content-based spam filtering to catch the worst of the worst that gets past the rest of the checks. If a message fails this filtering, it goes to your domain's email quarantine, accessible through our member interface. The level is set high enough to produce vanishingly few false positives but a fairly high rate of false negatives. In other words, you shouldn't see any legitimate messages get blocked by this filter, but you will see spam slip through.

    This system is designed to balance two conflicting goals:

    • Keep as much control as possible over determining whether a message is spam and what to do about that in the hands of the recipient.
    • Keep other providers from blacklisting us due to the messages we forward.

    If you have us forward messages to a third-party service, which most people do, whatever spam filtering they use will also apply. And, finally, you can (and should) use tools in your email client to make the final determination. The rest of these steps are designed to give those tools their best chance to work.

    This approach provides a highly effective, layered defense against spam.

    The filtering steps we perform cannot be disabled or bypassed.

  • What kind of hardware and OS will my site be running on?

    We use 64-bit AMD Epyc based servers with ECC RAM, and all member sites run on FreeBSD. The specifics of our hardware evolve quite rapidly, and we don't throw away stuff that still works just because something newer came along. Our load-balancing algorithms are sophisticated enough to handle a heterogeneous environment.

  • Do you support IPv6?

    Yes. NearlyFreeSpeech.NET strongly supports the migration of the Internet to IPv6. Most of our own sites, including www.nearlyfreespeech.net and members.nearlyfreespeech.net are IPv6 enabled. We also support IPv6 for ssh access to member sites.

    We also offer IPv6 support for HTTP/HTTPS access to member sites hosted here. It is enabled by default on newly-created sites. For existing sites, it can be enabled on a per-site basis from our member interface.

Login Answers

  • What should I do if I've lost access to the email address associated with my membership?

    If you know what your contact email address is, but you've lost access to it, usually that is no problem. As long as you still know your login and password, you can just log in, go to the profile tab, and change the email address we have on file to your correct address.

    The only time this becomes a problem is when you have lost access to your email address and you can't log in. That's a much more difficult situation. If you contact us from an email address not associated with your membership, we have no way of differentiating you from someone who set up that email address five minutes ago in your name to steal access to your membership. That's one reason why it's very important to keep your member contact email address up to date at all times. (But if you're reading this, it's probably too late for that reminder to be helpful right now, so just keep it in mind for the future.)

    To resolve this situation, you will have to have us change the email address associated with the membership. However, that can only be done after completing our login recovery process. To complete this process for a lost email address, please follow these steps:

    1. Carefully review the list of possible recovery actions in this FAQ entry.
    2. Determine which of those actions you wish to perform. For lost email accounts, our failure to contact the current address must be one of the actions.
    3. Email us from the new email address you want to use. In your email, specify a list of which recovery actions you wish to perform. Make sure your list includes enough actions for a successful recovery. (The default is 3 but if you customized this from the profile tab, you'll have to remember that.)
    4. Include any documentation pertaining to the recovery actions you have chosen as attachment(s) to that email. Typically this will include a photo ID and a bank account or credit card statement.

    Other requested steps will be initiated from our end as appropriate once all documentation requirements have been satisfied. After the process is complete, any personally-identifying information you provided during the recovery process will be discarded.

    While completing this process, please observe the following guidelines:

    • Do not attempt to use an optional recovery action that you did not set up beforehand.
    • Do not send any documentation not specifically identified as acceptable.
    • Do not send documentation that does not meet the requirements.
    • Do not redact, crop or edit any documentation you send.
    • Do not ask for any exceptions to the policy.
    • Do not attempt to negotiate or argue with the recovery process.

    The process typically takes 10-60 minutes of work on your part to complete. Although burdensome by Internet standards, it is typically not actually difficult unless there are extenuating circumstances. For example, if you gave us a fake name when you signed up, you're probably about to have a very bad day.

    Due to the requirement that we attempt (and fail) to reach you through your current contact email address, recoveries of this type can take a long time, up to a week. Once the process is completed, we will update the email address associated with your membership to the one you used to initiate the recovery process. At that point, you will be able to recover your login information and regain access to our system.

    Important: Because we don't know whether you're you, we will not help you complete the process. We will not give you hints. We will not tell you how many actions you have to complete. We will not give you any information about the status of the membership. In fact, you may find our staff unusually distant and/or unhelpful during the recovery process. To avoid leaking information, while your membership is in the recovery process, the only response to any inquiries you send will be automated messages indicating whether or not you are making progress toward recovery.

    This is not personal, nor is it representative of our attitude toward helping our members. It reflects that most people who attempt the recovery process are trying to steal something, and those are people we have no interest in helping at all. That we helped them accidentally or with the very best of intentions won't be any consolation to the member we helped them steal from. So, we apologize in advance to our legitimate members for any "guilty until proven innocent" treatment they may receive while completing the recovery process. It's hard, and it sucks for everyone, but it's the right way to keep our members' stuff safe.

  • How do I recover my login name or reset my password?

    You can recover your login name (using your member email address) or reset your password (using your login name and email address) from this page on our public web site.

    Here are two crucial pieces of information you need to reset your password and log in successfully:

    • Your new temporary password will be in your password reset email, but the change will not take effect until you click the confirmation link.
    • The confirmation code (used to confirm you want a reset) and your new temporary password are both in the email but are not the same thing.

    To complete a password reset, you must perform all four of the following steps:

    1. Request a password reset email from our public web site. (You can do this once per hour.)
    2. Click the confirmation link in the password reset email. (This prevents others from harassing you by resetting your password without your consent.)
    3. Log in to our member interface using the temporary password found in the password reset email.
    4. Visit the Profile tab and select the "Change Password" action to set a new permanent password.

    If at any point prior to step 2 you successfully log in with your old password, the password reset will be cancelled. Likewise, requesting a new password reset (once an hour has elapsed) cancels any incomplete previous password reset attempt.

  • Why can't I access your service from an IP listed as a Tor exit node by default?

    The short answer is that fraudsters and thieves wrecked it for you.

    While we support the notion of Tor on an ideological level, our real-world experience with Tor has consisted of extensive problems with Tor-sourced hacking attempts and an unsustainable level of Tor-sourced credit card fraud. We also encountered relentless exploitation by spammers and phishers using Tor to create throwaway accounts. (Sign up, create a site, send spam, get caught, sign up, create a site, send spam, get caught, sign up...)

    We understand that it isn't the existence of the Tor network that makes these things possible, but it does make them easy, and when virtually all of the traffic from a certain source is malevolent, blocking that source can be the only option. Forcing people off of Tor at least long enough to confirm their membership and make an initial deposit may not be the ideal solution, but it's hard to argue with results.

    For that reason, we restrict access to our member interface from IP addresses that are listed as a current Tor exit node. To lift the Tor restriction for your membership, you must already have a membership and a funded account, and you must explicitly request that Tor access be allowed via our assistance request system. (All of which must be done without using the Tor network.) We require manual approval to filter requests based on the common sense of a real person and protect members who don't use Tor from Tor-based brute force attacks on their password. We charge a nominal fee ($1.00 -- waived for subscription members) to reflect the manual nature of the review.

    If you know of a reliable way for us to distinguish a handful of good people amidst a throng of would-be criminals in an environment that's raison d'être is to make distinguishing people impossible, please let us know. So far, making sure we already have a relationship with the good people is the best we've come up with.

    Note: if your IP is operating a Tor exit node with a policy that allows access to our system, it doesn't matter whether you are using Tor to access our system or not; if traffic originates from a Tor exit node, there is no technical way to distinguish whether or not it passed through Tor. (If there were, it would seriously undermine Tor.) For example, the limit will still apply if you run a Tor exit node but bypass it to access our system. Similarly, if you use a VPN service that allows its customers to run Tor exit nodes, your VPN server's IP may be listed as an exit node even if you are not personally running one. These are all situations that can be addressed through the approval process.

    Completely separate from that, we also have concerns about reports of unscrupulous Tor exit node operators diverting TLS connections. This is a real thing; I have personally experienced a case where using a particular exit node led to TLS certificate mismatches when accessing a site where I knew no such mismatch existed. You should think carefully about passing any secure information through the Tor network.

    If you are running a Tor exit node on your IP, even if you aren't using it to access us, you'll have to cut back to relay-only long enough for the change to be picked up by Tor's published server list before you can sign up or log in. If someone else is running a Tor exit node on your IP address, you'll need to either work with them to do so or use a different IP address to access our system and request approval.

  • Why aren't I getting system emails (like password resets) from NearlyFreeSpeech.NET?

    To make sure you receive automated system emails from us (including signup confirmations, password resets, account balance warnings, domain renewal notices, and other automatic service-affecting messages), make sure you are allowing email from notify@NearlyFreeSpeech.NET.

    To make sure you receive any handwritten emails from us, make sure you are allowing email from support@NearlyFreeSpeech.NET. Finally, each support ticket is assigned a unique email address @support.nearlyfreespeech.net (but we don't get too many reports of those being blocked).

    We won't send you any spam or unnecessary messages from any of these addresses.

    If you're not receiving email from us, the first thing to check is your junk mail folder. Since our system is highly automated, junk mail filters occasionally incorrectly flag the messages it sends as spam. If you don't find them there, check your junk mail settings. Some email providers make it very easy to block a sender and silently delete such messages, making it very hard for you to figure out later that the sender is blocked.

    If you're still unable to resolve a problem receiving email from us or our system, please feel free to contact us. Ironically, you'll probably have to do that by email, but if the problem is with receiving automatic messages, we'll have a real person write back. Write to us from the email address you're having trouble with, and we'll look up the fate of any messages we tried to send there. If there's a problem on our end, we'll fix it. If there's a problem on your end, we'll try to find a way to provide you with the relevant log entries so you can ask your email provider what the heck is going on.

  • What is the login recovery process?

    Our login recovery process applies in very specific, rare situations:

    • You have lost both your login information and access to your email address.
    • You have a two-factor authentication configured, your second factor is lost or broken, and you don't have one-use recovery codes saved.
    • We determine that control of a membership and the associated email address have been hijacked or transferred to someone other than the named member.

    To recover access to your membership in these situations, we offer various recovery actions, and a certain number of them must be completed successfully. The login recovery process is very onerous (by Internet standards, anyway; it's not really that difficult), and since its goal is to prevent illicit membership access, you will probably find that we are not very helpful while you are completing it.

    These recovery actions can be performed by any member at any time:

    • You provide a legible, unredacted image of a currently valid government-issued photo ID matching the name on the membership. Examples include a driving license, passport, or state-issued ID card. All IDs are considered on a case-by-case basis, but a good rule of thumb for whether a particular photo ID will be acceptable is whether it shows your date of birth and whether you can go to prison for forging it. (Note: Most school-issued IDs do not meet our requirements.)
    • You provide a legible, unredacted image of a preprinted statement showing a transaction matching the date and amount of a recent deposit to an account on your membership and the (personal or business) name we have on file for the corresponding account. This usually means a bank or credit card statement. PayPal provides downloadable monthly statements that you can use, but you will typically also have to verify your address as described below. Email receipts and screenshots (e.g., from PayPal or us) are not acceptable.
    • If (and only if) you lose access to your email: We try and fail to contact you via the email address we currently have on file for your membership. (This one may take a long time.)
    • If (and only if) you lose your configured two-factor authentication device: We successfully contact you via the email address we currently have on file for your membership.

    These optional actions must be set up in advance from the profile tab in our member interface to be used for recovery:

    • You complete SMS verification. (Requires SMS to be configured in advance.)
    • You complete two-factor verification. (Requires two-factor authentication to be configured in advance.)
    • You correctly answer your pre-set security question. (Requires a security question and answer to be configured in advance.)
    • You use an SSH key to create a file with a specific name on one of your sites hosted here. (Requires an SSH key to be configured in advance and that you have access to at least one currently accessible site hosted by us. Caution: If you are out of funds, your sites can't be accessed!)

    The default number of actions required to recover a membership is three, but this can be customized from the profile tab in our member interface to make recovery (and consequently hijacking) more or less onerous.

    If (and only if) you choose to provide both a photo ID and an account statement, then at least one must display the same official mailing address as that shown on the corresponding account. If neither does, you must additionally provide address verification, typically a utility bill, lease, or property tax bill matching the account address and the surname or company name. The address may be current or contemporary with the deposit. If you provide either a photo ID or an account statement but not both, you can skip this requirement.

    The third and worst case scenario is that you have two-factor authentication configured that isn't working and you didn’t save any one-use recovery codes and you don't know your login and password and your member contact email address isn't working. This case is so spectacularly unlikely that even if your recovery settings are lower, you must complete all possible verification steps to regain access to your membership. Seriously, don't let this happen.

    Unfortunately, the vast majority of "I lost all my information, please make an exception to your security practices and let me in" requests we receive come from people trying to gain illicit access to someone else's membership. NearlyFreeSpeech.NET takes the security and privacy of our members' services very seriously. Our members know that we are serious about protecting their privacy and security. That's at least part of the reason many people choose us. They expect us to live up to that in such situations so that when they emerge from it, they can be supremely confident that their membership can't be hijacked by the first person who comes along with a good story. Consequently, we automatically construe any attempt to convince us to make an exception to our standard practices as an attempt by an unauthorized party to socially engineer illicit access. This includes threats, attempts at negotiation, sob stories, and everything in between.

  • Why do I get redirected to the login page without an error message when I try to log in to your member site?

    If you are a current member of our service and you log in successfully with your correct member login name and password, and then you get redirected (possibly after seeing a "click here to continue link" flash by) to the same login page again without any red error messages, this indicates that your browser did not accept the cookie our site sets to indicate you are logged in.

    If this happens, here's what to check:

    • Make sure that your browser is accepting cookies for members.nearlyfreespeech.net. This can be affected by your browser security settings as well as third-party Internet security software. (When testing this, we recommend you start from a known point by first deleting any cookies you currently have for our sites.)
    • Verify that your computer's system clock is set to the correct time and time zone. Unlike other sites -- some of which want to track you for years -- our cookies last only a few hours to protect your privacy. As a result, even small-scale system clock and time zone issues can make your computer think our cookies are already expired, even though it will happily accept cookies from most other sites. (Note: Clocks that are 12 or 24 hours off can be particularly hard to spot.)

    To help debug these issues, try logging in from a different browser on the same computer. If that works, it tends to indicate a browser issue. If it still doesn't work, that suggests a systemwide issue like security software or a clock problem.

  • What does the error "the login information provided is not correct" mean?

    First, if you are having trouble logging in, make sure this is the exact error message you are receiving. There are several other things detailed in this section of our FAQ that can cause problems logging in, but they each display a different message.

    To prevent people from using incorrect login attempts to gain information about your membership or our system, this message is intentionally vague. However, if you see the "login information is incorrect" error after attempting to log in, our system will send an email to your member contact address with more detailed information about the failed login attempt. That information will include whether the problem is with the password, or (if you are using it) two-factor authentication.

    If the problem is with the username, our system won't know who you are and can't send the email, so make sure to check for typos in the username. If you're not sure about your username, you can request that our system verify it for you.

    If the email refers to a problem with two-factor authentication or "secondary auth," that typically indicates that you have a two-factor device configured for your membership, but that you didn't enter an authentication code from your device, used the wrong one (perhaps one for another service), or waited too long to login after generating it. If your two-factor device is lost or broken, you can use previously-generated one-use recovery codes to log in. If you don't have any one-use recovery codes saved, you'll have to go through our login recovery process.

    If the email indicates the problem is with the password and you're not sure you have the right one, you can request a reset. When using temporary passwords generated by our system, the most common problems are:

    • Not confirming the reset before trying to use the new password. (Make sure to follow the instructions in the message.)
    • Hard-to-discern characters in the password, like 1, l and I, or 0 and O.
    • Extra whitespace characters before or after the password (especially if using cut and paste).
    • Entering a confirmation code in the password field. (They are not the same.)

    We don't know what your password is, and there is no way for us to retrieve it. If a particular password is giving you trouble, even if you're sure you know what it is, your best option is often to request a reset anyway. (You can do this up to once an hour.)

  • What should I do if the two-factor device used for logging in to my membership is lost or broken?

    When you enable two-factor authentication, you are supposed to generate and securely save one-use recovery codes. This situation is what those codes are for; they are used in lieu of codes generated by your two-factor device. As long as you have them, you can use one code to log in as normal and two codes to remove the two-factor device from your membership. Then you will be all set.

    If for some reason you don't have those codes, you will have to complete our login recovery process.

    To start that process, please send a message to support@nearlyfreespeech.net from the contact email address associated with your membership indicating that you want to complete the login recovery process to generate additional recovery codes.

    Assuming you contact us from the correct email address, our system will send you a response listing which recovery actions are configured for your membership and how many of them you must complete, along with more specific instructions about how to proceed.

    If, for some reason, you have lost your two factor device and access to your email at the same time, you're probably screwed, but if not you must do login recovery to update your email address first. We will not process recovery requests related to two-factor devices from email addresses other than the current member contact address.

  • What should I do if I've forgotten what email address is associated with my membership?

    You can ask our system to send a message to the email address associated with your membership telling you what that address is by visiting the login recovery page.

    Please note that due to our privacy policy we will not, under any circumstances, disclose a membership's email address directly. The recovery form is the only way to request this information, and the recovery form will only send the information to the existing member contact address, so for this to be successful, you'll still have to find that address, and it has to work.

    If you know what your contact email address is but you can no longer access it, or if you have no idea what the address is and cannot find our recovery emails, please see this related entry.

  • What do I do if my membership was frozen due to sharing or a fraudulent transfer?

    Memberships are held by individuals and have that individual's name on them. Our policies strictly forbid both sharing memberships and transferring your membership to another person. (It is, however, quick, easy and allowable to transfer an account from one membership to another or to share an account between multiple memberships when appropriate.)

    If you share or transfer control of your membership, we will eventually detect that, and the membership will be suspended. Murphy's law guarantees that this will happen at the time that is most inconvenient and problematic for you. If you're reading this entry, that time is probably now.

    If you are the named member, you can restore access to a membership suspended for this reason by contacting support@nearlyfreespeech.net from the email address that was on the membership prior to any fraudulent transfers, and completing all of the following steps:

    1. Confirm that you are the person named on the membership.
    2. Provide a legible, currently-valid government-issued photo ID matching the name on the membership.
    3. Read and understand our Terms & Conditions of Service and confirm to us that you have done so.
    4. Confirm that you understand that your membership is in your individual name and may not be shared or transferred.
    5. Confirm that if you wish to transfer an account or any of its contents to another person, you (and they) will follow all of our policies in doing so.

    If you do not have access to that email address, or if that email address does not belong to you (for example because someone else created a membership in your name despite the bold print warning not to do that), you must additionally complete the verification steps for a lost email address.

    If you are not the named member, and someone else gave you control over their membership and it was subsequently frozen as a result, you will not be able to complete this process. Only the named member can do so. Your only recourse is to find them and obtain their assistance. This is true even if they quit, got fired, moved away, were voted out of office, broke up the band, divorced, went to jail, graduated, made a vow that forbids use of technology, whatever.

    Please do not contact us asking for exceptions or special treatment. This situation only occurs as a direct result of violating our Terms & Conditions of Service (and the bold-print warnings presented at signup), and any problems that result are entirely self-inflicted.

    Please also be aware that as of September 2017, if you have violated our policies around memberships and if that violation causes any problems or extra work for us we may assess a $50.00 fee to cover the time we spend dealing with the resulting mess.

  • What happens if I enter the incorrect email address when I create my membership?

    When you sign up, we send a signup confirmation email. If that message bounces, then the membership is usually deleted within a day.

    If the signup confirmation email doesn't bounce, but no one responds to it, it may linger for up to a week before being deleted.

    If someone replies to a signup confirmation email from the address we sent it to, and the membership has never been accessed, we will manually delete the membership as time permits.

    We will not manually delete a membership associated with one email address in response to inquiries from any other email address.

    If you signed up with the correct email address, but that address is no longer valid, please see this entry instead.

  • Why does the members site keep asking me to log in again?

    If your ISP changes your IP address, or you use Tor or another service that causes your web request to originate from multiple IP addresses, you may find that our system prompts you to log in again whenever your IP changes.

    This is a security measure designed to prevent session hijacking. By default, all your requests must originate from the IP address you logged in from. However, if your IP address changes frequently, constantly logging in can get super annoying. So this behavior is configurable.

    To review or change your session protection settings:

    1. Go to the Profile tab.
    2. In the Details box, find the Session Protection line.
    3. You can see the current setting on that line. To change it, select the Edit link.

    You must log in from a stable IP address to make this change. The default setting is High, which is fine for most people. We recommend thinking long and hard before choosing a setting below Medium.

Non-Member Answers

  • One of your customers' sites offends me. Who do I email to have it taken down?

    Please see Abuse @ NearlyFreeSpeech.NET.

  • How do I report a violation of your Terms and Conditions of Service or illegal activity?

    Please see Abuse @ NearlyFreeSpeech.NET.

  • How do I report that my copyrighted content is being distributed by a site you host?

    Please see Abuse @ NearlyFreeSpeech.NET.

  • I visited a site that is hosted with NearlyFreeSpeech.NET. Why did I receive an "access denied" error?

    Please see this page for complete information on this message and how to eliminate it.

  • What happens when I report a technical problem with someone else's services?

    We are happy to receive reports about problems, no matter the source. However, if you report a technical problem with someone else's services, you may get a frustrating response.

    Our Privacy Policy doesn't allow us to discuss our members' services with other people without the affected member's consent. That includes problems and our efforts to fix them or alert the affected member. Therefore, we can respond to problem reports from the public only by acknowledging the problem so you know we received your report. Unless the problem is specific to you, we will not provide any additional information.

    Sometimes, people interpret our inability to discuss the problem as blowing them off or a sign that we're not going to do anything about it. This is not the case at all; it is merely an artifact of properly enforcing our Privacy Policy.

    What does discussing problems have to do with our Privacy Policy? Although the simple answer is that our members' services are nobody's business but theirs until they tell us otherwise, the practical reason for this is a little more complicated.

    From time to time, we get reports like, "I went to www.example.com and it was down! Fix it! You people suck! Your servers suck!" While we can generally say "Yes, the site is down," we do not go into why or when it might be back in response to such a report, which sometimes means the person goes away believing that not only do we suck, but we suck on purpose!

    There are many reasons a website might be offline. Maybe the person couldn't pay. Would you want us to discuss your billing status with anybody who asks if it was your site? Probably not. But if we respond to all "site down" complaints but only stonewall the ones where billing is involved, stonewalling becomes a substitute for saying that it's a billing problem. So, to protect our members' privacy, we must treat everything as a private matter even if it makes us look like we're unwilling or unable to fix a problem.

    (Those who are paying attention may have noticed the similarity to the old philosophical problem of encryption: if you only encrypt things when you have something to hide, using encryption is a clear sign that you have something to hide. For encryption to be maximally effective, you have to encrypt as much as possible. Others may have had similar experiences trying to find out the condition of their hospitalized friend.)

    So, if you are a member of the general public, please do not assume the worst of us because we won't discuss a problem you found. We ask that you remember that our Privacy Policy is a promise to protect our members all the time, not just when it's convenient for you or when it makes us look good. Your patience and understanding will be appreciated.

    Of course, if you're having a problem with your NearlyFreeSpeech.NET services, you can always expect full disclosure regarding any issues and our full support in helping to resolve the problem.

  • How do I report a technical problem with a NearlyFreeSpeech.NET site?

    Please feel free to report downed sites or other technical problems with NearlyFreeSpeech.NET services to support@NearlyFreeSpeech.NET even if you are not a NearlyFreeSpeech.NET member (or if you are, but not the owner of the services in question). We want to make sure our members' services stay working at all times, and we'll take any tip we can get when something might be amiss.

    If you are a member and there's a problem with your services, contact us through our site if at all possible so we can get started right away and not have to goof around making sure it's you.

  • How do I contact the operator of services you host?

    Our strict privacy policy absolutely forbids us from providing information, including contact information, about the operators of services we host in response to public inquiry. We take our commitment to our members' privacy very seriously.

    Therefore, you should attempt to contact the operator directly.

    In many cases, the operator has contact information on their website. That's the best way to reach them. If such information is not available, but the site has a registered domain (i.e., the site name does not end in "nfshost.com"), you may wish to consult the public whois information for the domain, which is generally required to include accurate contact information.

    If the operator chooses not to include contact information on their site and is not using a registered domain, you may safely conclude that they do not wish to be contacted.

    Please do not send us messages for members of our service, as we will not forward them; we do not have the resources to act as a go-between messaging service between site operators and people who wish to contact them, nor is it our place to second-guess their decision about how they prefer to be contacted.

  • I am a journalist doing a story on a site you host. May I interview you?

    It is our policy not to comment on member sites.

  • One of your members hosts something for me (or my/our organization). Will you give me access to it?

    No.

    We encounter a variety of situations where people contact us claiming to be the rightful owner of a web site or domain managed through our service. Such claims are typically accompanied by demands to allow the person to take over, transfer services, or take something down.

    Our policies are extremely strict and are designed to provide maximum security to our members. At NearlyFreeSpeech.NET, memberships are held by individuals. The individual person we have on record as the holder of a membership is the only person authorized to access that membership or direct us to take any action related to services we provide under that membership

    This puts people wanting access to a membership into two categories:

    First, the person whose name is on the membership. Occasionally, a member will mislay their login credentials and be unable to access the system. We are able and happy to assist with a variety of such matters; they have their own FAQ entry with the specifics.

    Second, everyone else. This includes customers, vendors, employees, employers, contractors, co-workers, relatives, friends of members, and current or former members with adjunct access, not just the general public. We apologize, but we are not able to assist you under any circumstances, unless expressly authorized to do so in advance by the relevant member, and even then only under a very limited set of circumstances (such as allowing a predesignated party to make deposits or renew domains in case of emergency). Any concern or conflict you have with the member hosting the services with us, including problems contacting them, must be resolved directly with that member or via channels other than us (e.g. the court system). There are absolutely no exceptions.

    We apologize to anyone negatively affected by our hardline stance on protecting the privacy and security of our members. While this often seems harsh to people already having some other major problem not caused by this policy, we ask them to please keep in mind the absolute chaos that would result if we handed over web sites and domains to anyone who asked for them via email based on their say-so. Thank you for your understanding.

    Note: If you contact us about accessing hosted services on a membership and you receive a link to this FAQ entry in response, then it is applicable to your inquiry, and that is the end of the discussion.

    This is the case even if you believe (or wish) otherwise. It is not unusual for people who receive such a link to think that they or their circumstances are special and therefore this entry does not apply to them. That is not the case.

    If you want to obtain services hosted by a member of our service, and you are not that member, then you have several options:

    1. Obtaining the member's assistance is always the first and best choice.
    2. All disputes involving domain names must follow the Uniform Domain-Name Dispute Resolution Policy (UDRP).
    3. If you know who the member is, sue him or her in a court of competent jurisdiction, win, and obtain a court order requiring the transfer of the assets of interest to you.
    4. If you do not know who the member is, file an in rem lawsuit against the content itself in a court of competent jurisdiction, make sure we are notified of the proceedings so we can attempt to notify the member, win, and obtain a court order requiring the transfer of the relevant assets to you.

    Absent the above, contacting us asking for access to someone else's stuff is a complete waste of your time.

  • Can I invest in NearlyFreeSpeech.NET?

    NearlyFreeSpeech.NET is not a public company, and we are not seeking private investments at this time. We are a real business, organically grown and designed to last, not a venture capital/IPO/bankruptcy Ponzi scheme.

  • Why do you host really, really offensive content?

    The simple answer is that we allow offensive content — whether that means offensive to you or offensive to us — because our Terms and Conditions of Service allow all legal content and it's not illegal to be offensive.

    The real question, then, is: why we don't we change our Terms and Conditions of Service?

    Well, everything from this FAQ entry and our Abuse page definitely applies. But when you get into websites that advocate or represent viewpoints that are particularly offensive and harmful, there are additional reasons.

    Most importantly, websites that advocate or represent viewpoints are created by people who hold those views. If those people are willing to stand up and wave their hands and say "Hey! Here I am! Over here! Look at me!" we prefer to let them. To some extent, we are willing to host certain types of content to rub the world's nose in the fact that people who think that way still exist. And if that makes you uncomfortable, good, it's working.

    In addition to that, we have very strict requirements to provide accurate contact information and we operate from a nation of laws. If someone who hosts a site on our service engages in criminal activity and the police come to us for help (with appropriate warrants/subpoenas/etc), we're very likely to be able to provide not only information, but technical assistance that may be essential to catching them. If we kick them off and they pop up twenty minutes later on some third-world ISP that hasn't put our level of thought into their policies, doesn't keep good records, and doesn't have the legal system we enjoy, that opportunity is lost.

    Of course, the simplest reason is that it's not up to us to decide what the rest of the world should or shouldn't see. Bad news, it's not up to you either. Worse news, it's still true even when we agree. Which is probably most of the time.

    Finally, censorship is always bad, for a variety of well understood reasons that we don't need to repeat here. But in the case of some types of content, it has special dangers. When you censor a web site based on the extreme or dangerous views of its creator(s), you haven't stopped those people from thinking that way. You haven't made them go away. You certainly haven't stopped the people who hold those views from doing whatever else they do when they're not posting on the Internet. What you've actually done is given yourself a false sense of accomplishment by closing your eyes, clapping your hands over your ears, and yelling "Lalala! I can't hear you!" at the top of your voice. Pretending a problem doesn't exist is not only not a solution, it makes real solutions harder to reach.

    So that's why we host really, really offensive content. It's not because we like it. It's certainly not because we agree with it. And it's not because we profit from it; our MFFAM policy makes sure of that.

    It's because we've spent a long time thinking about this very carefully and concluded that it's the best course of action. But that's our opinion. We respect your right to hold — and to express — a different view.

    Please note: If you found this because of a specific site that falls into the offensive-but-legal category that you were hoping to censor, here is what you should do instead:

    • Speak out against the views espoused on that site.
    • Learn more about the issue so that you can advocate effectively against it.
    • Find a way to become locally involved in activism related to the issue.
    • Donate money to related causes.

    That's what we do. Unfortunately, all of those things do take more effort than demanding censorship. But they're both useful and effective, whereas censorship is neither. If you're upset by something you see online but not upset enough to do these sorts of things, then "don't look at it" is probably the best advice we can offer.

    Of course, if you find something that's actually illegal rather than merely offensive, take appropriate action immediately.

  • How do I take over responsibility for something hosted by one of your members?

    This process works a little differently here than it does with most other services. At NearlyFreeSpeech.NET, responsibility is divided into two distinct pieces: a membership and an account.

    A membership represents an individual person. A person can only have one membership, which has their real, personal name on it. This membership cannot be shared or transferred.

    The account is a separate piece under the membership that contains money, sites, domains, everything related to hosting for a specific entity (which might be the same person, or it might be a company, club, or organization.).

    So, in order to take over responsibility for hosted services, following process:

    1. Make sure our service is a good fit for you. If it isn't, it's best to find that out beforehand.
    2. Create your own membership in your own name. If the other person tries to give you their username and password, don't let them! You must never access a membership belonging to someone else.
    3. Establish with the other person exactly what you are taking over. This could range from a whole account full of services down to a single site or domain name. The important thing is that you both agree on exactly what is to be transferred.
    4. If you are receiving anything other than a full account, you must create an account of your own and fund it.
    5. When you are ready, both you and the other person should submit identical "transfer" assistance requests in our user interface. (More detailed instructions are available in our Member FAQ.)
    6. We will take care of the rest.

  • If I think services you host are currently unavailable due to lack of funds; is there anything I can do?

    Requests to manage hosted services or renew domains will not be honored unless they have been properly verified according to the authentication methods previously established by the membership owner. Generally, this means that the individual member logs in to our system to take the appropriate action. However, there is one exception to this policy.

    Transfers between member accounts that consist only of funds may be made with only the approval of the sending member. In other words, anyone with a funded NearlyFreeSpeech.NET membership can transfer funds to any other member's account if (and only if) they know the recipient's account number.

    This means that the following conditions (and only these conditions) can be resolved by anyone:

    • A site hosted here is unavailable and the only reason it is unavailable is a lack of funds.
    • A registered domain that meets all of the following criteria.
      • The domain is currently registered through us.
      • The domain is currently within the auto-renew period (from about ten days before expiration to about 30 days after expiration).
      • The domain was previously set to auto-renew by the member.
      • The only reason the domain has not auto-renewed is the lack of funds.

    Please note that our system does send out-of-funds and domain auto-renewal failure notifications to the member's contact email address but that our privacy policy strictly prohibits us from discussing or disclosing information about the applicability of these conditions to any particular situation in the absence of a properly-verified request from the member. In other words, we cannot tell you whether or not the unavailability of services obtained through us results from a lack of funds.

    If you believe you are in this situation, you can take the following steps:

    1. Create a new NearlyFreeSpeech.NET membership.
    2. Make a payment sufficient to cover the expected costs.
    3. Use the "Transfer Funds Between Accounts" action on the Accounts tab.
    4. Enter the recipient member's account number as the Destination Account.
    5. Select the "To another member's account" transfer type.
    6. Enter a transfer amount sufficient to cover the expected costs.
    7. Select the "Transfer Funds" button.

    Please keep in mind that although hosted services typically come back online within a few minutes if lack of funds was the problem, domain registrations can take 24-48 hours to start working again if they were expired at the time of renewal.

    If you do not know the member's 12-digit account number, you will not be able to use the process above.

    The following additional information applies only to individuals who cannot access their membership.

    Under ordinary circumstances, our Terms & Conditions of Service impose a strict limitation of one membership per individual, for good reasons. Under ordinary circumstances, completing the appropriate recovery process to regain access to your membership is strongly preferable. We provide extensive recovery options for a lost username or password, a lost email address, or a lost two-factor device. But under ordinary circumstances, a member logs in to our site and does whatever they need to do, and they do not wind up reading this.

    If extraordinary (but temporary) circumstances exist — like if a member is temporarily unable to log in to their regular membership because they are traveling and don't have needed info to access or recover it — where violating the letter of the one-membership-per-person policy by creating a second membership for the sole purpose of depositing funds into the first will mitigate larger harm, we allow it.

    However, the "temporary" qualification of those extraordinary circumstances is significant. Taking this action is only a good idea if "temporary" applies. In other situations, taking this action may not mitigate larger harm; it may make things worse.

    Although it is extremely rare and our system takes many precautions to prevent it, it is remotely possible for a member to, through a sufficiently large combination of consecutive instances of bad judgment or dishonesty, engineer a situation where they have set security protocols to verify their identity that they subsequently they have no way to meet. In such cases, it is very likely to be preferable to allow services to be deleted and then pursue recreating them once they are removed from the inaccessible membership. Adding funds through this process may only increase the delay before that happens.