In light of the Kiwi Farms situation this is a discussion that we really need to have, and I think the demographic of this community in particular makes it a really good place to talk about this. I'm hoping that this thread can be of use to the admins of this site, and maybe even Kiwi Farms or anyone looking to keep a website up in the face of the kind of concerted troon attacks that Kiwi Farms is experiencing. I wanted to ask our more technically inclined users:
a) Is troon proofing a website possible?
b) If so how do you do it?
My understanding is that you need your own servers, a domain name, DDoS protection, and a way to protect against hackers. But this isn't my area of expertise and I may be missing something. In any case it would be necessary to troon proof every link in the chain. I'm interesting to hear what the community thinks about this.
Basically you take either the Gab Approach or The Pirate Bay Approach
Gab Approach: own and control everything. You are in effect your own ISP, hosting provider, and service provider. You are a singular target that must be taken down, but a successful attack takes everything down.
The Pirate Bay Approach: spread the system out as much as possible around the world and try to blend in with everyone else. Idea is that hosting providers don't know they're hosting part of TPB, and the expectation is that bits and pieces will be eventually shut down, but you make it easy to quickly migrate it somewhere else.
Both have merits. Gab Approach probably works better for a company since the company itself is already a single point of failure. TPB Approach is probably a better approach for something like Kiwi Farms.
Gab being a company is already at the mercy of government: government declares Gab illegal and that's the end of Gab, because they don't really exist outside of the company. So from that standpoint they might as well control everything.
Kiwi farms is a couple dudes running a site. They don't have nearly the same level of formal organization as Gab does. So it makes sense for them being more of a loose association to keep their infrastructure loose as well.
Who does Gab use for their DDOS protection? That's what took KiwiFarms down. Josh used Cloudflare. If gab uses Cloudflare then they're just as fucked.