← Back to context

Comment by axus

1 year ago

I'm going to need another intelligence to read the full text.

"U.S. IaaS providers and foreign resellers of U.S. IaaS products must exercise reasonable due diligence to ascertain the true identity of any customer or beneficial owner of an Account who claims to be a U.S. person."

So at a minimum, everyone's identity is verified by IaaS provider. If you claim to be a non-U.S. person, additional information is collected.

They mention looking at comments from a previous proposal in 2021, "Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities" https://www.federalregister.gov/documents/2021/09/24/2021-20...

Who counts as IaaS besides Amazon, Azure, and GCS?

29 comments

axus

Reply
OgsyedIE  1 year ago

Dreamhost, Wordpress, etc

  • nonameiguess  1 year ago

    This is not the industry-standard or NIST definitions of these terms. Something like Google Workspace Suite is Software as a Service. Something like Heroku (or Dreamhost or Wordpress) is Platform as a Service. Something like EC2 and S3 are Intrastructure as a Service. The distinction is renting out undifferentiated server space that a customer installs their own software onto. If you rent a VPS from Linode and install self-hosted Wordpress, that's IaaS. If you buy Wordpress's managed hosting, that's PaaS.

    • chlodwig  1 year ago

      Well, it may not be the industry standard definition, but it is the definition used in the actual regulation:

      -------

      Infrastructure as a Service product

      or

      IaaS product

      means a product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of “virtualized” products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the internet (

      e.g.,

      “virtual private servers”), and “dedicated” products or services in which the total computing resources of a physical machine are provided to a single person (

      e.g.,

      “bare-metal servers”).

      ---

      So Dreamhost counts, any web host where you can run arbitrary PHP code would count. Wordpess.com -- where you cannot actually modify the PHP code yourself -- would not count as IaaS. But any web host that allows you to install applications on your own, or run any of your own code, would count as IaaS by this regulation.

      1 reply →

  • kube-system  1 year ago

    Wordpress clearly does not meet the definition of IaaS in the document.

    > provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications

unethical_ban  1 year ago

edit: Vultr info is wrong. They don't have anonymous use anymore.

Vultr, for example.

There are high-quality IaaS providers that accept bitcoin for payment, allowing someone to host a server on their platform without revealing their identity.

  • rattlesnakedave  1 year ago

    Vultur requires a card linked for ID verification even if paying for BTC. Or at least they did in the past when I tried.

    • unethical_ban  1 year ago

      Interesting. I can't even create an account with a privacy address (passmail.net forwarding). Wankers.

      You are correct. "Account must be funded by credit card or PayPal before making a Bitcoin deposit." No more anonymity on Vultr.