miscl notes

we staff all comms channels listed above seven days a week, although there are occasionally periods during which no staffer is available immediately via a particular channel. We're moving towards full, 24/7 coverage for all channels... it is a key goal of our team. In the meantime, we do our best to respond immediately. Please feel free to choose the channel that is most convenient for you, and we will be there to provide support.
we're happy to make our technology staff available to journalists, bloggers, & others interested in network security, privacy policy, applied cryptographic systems, & the history/structure of the "VPN market" - our press laison may be reached directly via outreach@cryptostorm.is; we do our best to respond quickly, however if you are on a tight deadline please include this information in your "subject" line to help us prioritise. Also, we ask you to respect that our customers come first, when staff resources are tight.
the cryptostorm darknet does not have an official Facebook presence (seriously: lol), as we reject the anti-privacy policies of Facebook's management; any pages identifying themselves as such are best considered "fan pages," & do not reflect the company's core team. We apologize if this causes some inconvenience.
If you see something in our service, our website, or anywhere in our network ecososytem that's broken, we ask that you let us know! Our service has improved consistently for more than five years, and we actively encourage outside critique, review, criticism, and suggestions. Feel free to post your feedback in our forum or on twitter publicly, or if you prefer drop a note privately. We are very open in our operational approach to security policy - this is not a "security through obscurity" process, and never has been. We're more than happy to provide dontated service to folks who point out bugs, typos, gaffes, goofs, slips, snags, or general screw-ups. Currently, we don't have a cash-based bug bounty programme... but we're actively working on implementing one. If you find a juicy bug and let us know, we'll dig into the coffers and put some bitcoins in your wallet - you have our word. This goes whether you contact us privately, or go public with it - just please point us at your report so we know it's been posted.
If you really want an account from us, but simply cannot afford the monthly cost right now (student, activist, low-income... whatever the reason, you need not justify nor feel obligated to explain to us - we understand), simply let us know. Within reason, we'll get you an account for free so that you can protect yourself. We've done this hundreds of times for more than five years, and are happy to do so. Perhaps you're in a country where payment mechanisms are difficult or censored. Just let us know - we've got you covered. Please, don't waste your time trying to find a way to sneak a free account (dodgy card #, tricky form injections, whatever) - just ask, as we'll set you up. Plus, if you do find a tricky hack of the payment process, just let us know and we'll bounty you with a free account (or three), per above. You don't have to "hack" us to get an account, really. If you do outsmart our payment engine and get freebies, good on 'ya :-) Post a brag, and we'll retweet your 'sploit with humility and respect. If it's truly clever, we'll set you up with a lifetime's free account. But if you're simply cash constrained for the time being, no problem - just ask, and you're covered. What goes around, comes around - it's an honour for us to be of service.
Please don't DDoS our service. We do good work in support of folks around the world, and have for years. We're not your enemy (we hope). If you want to show your DDoS chops, we're a terrible target anyhow: we're just a little website sitting parallel to a global network of VPN exit nodes; taking our website offline is an inconvenience for our customers, but that's about it. We'll just wait it out, really. We're not heavily bulletproofed against the most current, clever DDoS tools - we're just not. You can easily put us tango down if you like, but we ask that you don't. If you hate us, explain your hatred on our forum; we won't censor your post, and people can read it & make up their own minds. For the public record: we do not, will not, and have never reported "attacks" against our infrastructure to LEO (i.e. the cops). Ever. If you pwn us and wipe our network, shame on us for being bested. We'll reinstall from offsite, encrypted backups and tip our hat to your competence. That's it. If you do something really mean to us - or, worse yet - our customers - we'll take matters up ourselves, as best we can. No cops - but we do have friends who aren't too shabby in their own capabilities, too. Fair warning - although, we hope, an unnecessary one.
If you're an activist group or individual doing work in support of privacy, free speech, governmental transparency, cultural diversity, ecological sustainability, nonhuman rights/wellbeing (i.e. "animal rights"), or any other "make the world a better place for everyone" work and you're worried about your safety online, we're happy to help. We ask you route these requests through our colleagues at Baneki Privacy Labs (twitter @baneki | email baneki@cultureghost.net; they specialise in activist support of this sort, & they can help get you up and running not only with donated VPN service with us, but also with other crucial tools and procedures as well. We also donate bulk VPN accounts for auctions or fundraisers in support of activists, legal defence funds for persecuted indivduals, and other such good work. Again, drop a line to the good folks at Baneki, and we'll gladly back up their recommendation with a basket of donated accounts to help you fund your good works.
We offer an encrypted packet routing service, and meet the statutory & regulatory definition of a "transport service" under both U.S. and E.U. frameworks. We do not provide hosting service; we do not host files. We do not run "filesharing" services. We are not an ISP, and we do not provide physical internet connectivity. As such, targeting us (or our infrastructure service providers) with so-called "takedown" requests is, simply put, dumb. We have nothing whatsoever to take down, as it were. Further, sending us nasty, legal-sounding letters (emails, actually) demanding we turn over the identity of our subscribers is a source of genuine humour for us. We retain no logs of user activity, and thus cannot see who was routing packets of "Ass Busters XXII" (or whatever) over our routing infrastructure last year. So terribly sorry about that. Even if we could, we would never betray our customers in that way - and we never have. We feel quite strongly about that. If you (or your automated bot) nevertheless decide to email us with your fatuous "demand" notices under inapplicable statutory authority, do not be surprised when we post it - and our snarky reply - publicly, and use it as part of our market outreach work in the future. Marking it "confidential" in the footer is legally specious, by the way. We're fortunate to have the assistance of excellent counsel, both in the U.S. and Europe, to assist with such matters, if need be. If you are LEO, we respectfully ask that you carefully review our Terms of Service & Privacy Policy, respectively, prior to contacting us via channels outlined above. Thank you.