Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When I ordered a VPS at Netcup (a Hetzner alternative) they called me and asked me for the name of the hotel next to my place to check if I really lived at the address I provided. I guess that if i would have needed to look it up, that is, struggled a bit with the answer, they would have denied me as a customer.


Just today, a remote colleague mentioned staying at whatever hotel near the office. I had never heard of it: as a local, I don't tend to use the hotels here!

Seems like a really weird choice of question. Thinking of germans, a bakery seems more likely something they'd know of; perhaps a supermarket works more internationally (I'm sure there's exceptions to that as well). Maybe the distance in driving, cycling, or public transport minutes to surrounding cities could be a universal question to ask


If they can look it up then so can you! Maybe it filters out lazy scammers, but it doesn't sound like solid KYC to me.

In fact I don't feel like a hosting service should need to do this at all. If you pay your bills and aren't on the Stasi blacklist you should be good to go. I don't want or expect the likes of Hetzner to be responsible for policing.


As someone who runs mail servers, I wish they'd be MORE strict to stop the drive-by spammers. Every so often our servers get blocked because someone starts sending spam from a machine on the same netblock.

It might be good point-of-difference for some hosting service: have brutal KYC so your netblock is well regarded.


I agree. I'm currently using Linode. If they started requiring every account to have a valid US passport, I'd happily comply.


I wish these companies were forced to get the nationality of the person or the companies owners and be forced to assign them to IP address blocks which identifies these nationalities.

My home DNS server blocks all requests to .ru and .cn, but I can't do IP-address-block blocking because shady Chinese companies or individuals just need to rent some computing on AWS or DigitalOcean in order to become indistinguishable from American companies. And specially DigitalOcean seems to be the favorite platform for doing scams.

We're OK with having license plates attached to our cars, but not to be forced to expose our nationality to infrastructure providers? There's really no privacy-sensitive stuff which needs to be protected in that case.


I don't think you can KYC your way to stopping spammers without stepping on some protected classes.

I think that having a blacklist with some ID (bank account, national ID, CA cert) that's hard to replace is a good compromise.

You could try giving people moral purity tests before you let them in (doesn't some of the tildeverse work like that?) but I think it's a dark road.


Sure, it's not solid, but they knew I was a private customer, so what should they do? Do a request to a private credit bureau like the SCHUFA (like Equifax) to check if my provided details are valid?

It feels like it's a check to get a general feeling if things sound plausible. Like no Russian accent for a German name, some knowledge of the surroundings, a valid phone number.


Boy we're playing IRL Papers, Please now!


I had the same thing, but this was a business address while I was working remotely and had no idea about the area. Told them as much on the phone while looking the answer up on Google Maps. They just accepted that and opened the account.


I thought Netcup either colo'ed at or rented servers at, Hetzner? Maybe this was a ways back or have they always had their own DC?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: