I was really surprised at their server farm; I always figured (from the original Wired article) that it was fairly busy with servers.

I guess losing the fiber optic link kind of ruined that. Or, you know, having to put your customers' data into a Zodiac to hang out on a plank of metal in the sea.

That photo was early in the buildout, but yeah, it was a single 300 square foot circular room in one of the towers with 5-10 racks, loosely populated.

We planned to raise $3-5mm plus followon financing, and ended up raising only $1.5mm or so, most of which was spent on mechanical/life safety upgrades to the facility -- we didn't have a whole lot left for datacenter. Losing the 155Mbps link was a big problem -- the best we had was 4xE1 (8Mbps), some caching/CDN, and 128-512k of satellite. Thus, our costs never dropped the way we wanted, so we couldn't really be price competitive.

Wired has a 3-6 month lead time, so the Wired article actually got written while we were first looking at the buildout. This happened to overlap with the collapse of the dotcom bubble.

I can see a definite advantage in cooling being that close to the North Sea.

How far down did the towers go? Was the entire hollow space within them basically inhabitable (if uncomfortable)?

Each side was 7 (I think) hollow 300sq ft concrete rooms, circular. We had forced air circulation, and AC in the "datacenter" tower (which was 2 rooms of datacenter, some power conditioning, and a NOC); just forced air in the residential one (and some heating using electrical heaters).

During the war, those towers were where people lived, and the lowest levels were shell magazines for the big AA guns (3.9"?). They had a bigger superstructure, too. I absolutely would not have wanted to have been there with 300 people; even with 6-10 it was pretty bad.

I haven't tried to find a cached/mirrored copy of their original sales/pricing page, but from what I remember they explicitly refused 'customer equipment', claiming security risks. The cost included a setup fee which essentially purchased you a brand new rack server already on site. I can't recall what their policy on cancellation was, but I think it was either 'we'll return the whole machine to you' or 'we'll destroy it on your behalf'.

Having new machines shipped out also seems like a better proposition from a risk perspective, since hardware isn't cheap, but it's a whole lot less than some irreplaceable customer hardware, software, or data.

I just now submitted that link, as a matter of fact, before I saw this one. I wondered if you'd have any comment on it.

It's amazingly accurate (I did help him with fact checking about a year ago, and some URLs for photos and things, but I think it was 99% accurate to begin with -- the only thing I pointed out was a purely technical point).

He had better insight into the legal issues than we (or any of the lawyers we talked to) did.

I still think it failed primarily because the economics changed under our feet (prices went from $2-3k to $20-30 within 2 years), and because we didn't raise enough money. The team could have been a bit better (and would be, today; I was like 20 years old back when we did this, and none of us had done a traditional startup before), but the brick wall we were up against on pricing and financing was pretty much a deal killer.

I don't think any of this is strong evidence against a similar effort working today (not an offshore platform for hosting, but cryptographic systems, or offshore for HR/visa compliance, or just for cost advantages).

The basic strategy of trying to push only a single challenge (technical or legal or whatever) vs. trying to innovate on everything at once, is valid.

How would a similar extra-legal data haven work today?

Let's say cost is not an issue - some people with deep pockets have things they think are worth it to host outside the law, and will pay you with bitcoin (run through a bitcoin pool operating on the extra-legal territory itself).

How do you get around the fact that all your internet links will be run by companies in real countries subject to legal orders?

How do you get around the fact that any ragtag band of pirates can board and take over your "island" nation? Do you hire a team from G4S to guard your ship? G4S or any other security entity would be subject to laws and court orders, too.

If it's not a ship, but an actual island, you still have most of the same problems. Even if it's populated to provide some measure of physical security (you can't bomb an island with innocent civilians on it without a lot of bad press, not that other governments would need to bomb to shut you down), won't the existing government care more about protecting tourism and/or the interests of the natives before they care about protecting a data haven?

http://imageshack.us/f/546/havenco.jpg/

For hosting static data, it's trivial to build a distributed cryptographic system which is arbitrarily censorship resistant. The trivial way is to distribute a large file encrypted, then once it's widely seeded, publish the key. It's really hard to censor a short string, basically as hard as censoring an idea.

For transaction processing systems which need to be durable, I'd go with something with multiple levels of indirection on the network, using links which are locally secure for short periods of time. Sort of like tor/onion routing with hidden services.

You might still put your processing nodes in a concrete fortress of some kind, but they're basically anonymous data processing equipment. Use tamper-resistant technology and the worst that happens to them is denial of service.

The point of having a published high profile physical location (like Sealand) is to claim jurisdiction there, and thus get some legal benefits in interacting with other jurisdictions. To the extent that everything can be done on the Internet, you don't particularly need that.

Further, if you're hosting content that makes governments unhappy (say, WikiLeaks-esque data that casts other sovereign nations in a bad light, or actively hurts their country like a list of undercover operatives), what is to stop them from using their military to take over your sovereign country?

Wars happen all the time, and you have no military of your own.

Do you agree with the conclusions about it being better to change the law (since it is supposed to work for all of us) rather than attempting to subvert it?

I think eventually some smaller nations will catch on and become secure offshore data and processing hubs, just as today there is an entire economy around offshore finance. We will probably look back at DataCo as being a few decades ahead of time.

I believe in using purely software or technical means where possible (PGP to defeat unlawful wiretaps, Start-TLS to protect against echelon), followed by social pressure (i.e. "it's rude to rip off someone's work", vs. enforcing it with laws).

Do a good job of articulating socially good uses. PGP to protect you from spies is unrealistic, PGP to protect you from the law if you are a criminal is both unrealistic and bad PR, but filevault to protect my SSN when your laptop is stolen, that's a much easier win -- it's just hard technically and inertia, but those are easier than active political or legal opposition to overcome.

In parallel with that, try for political change, ideally using tech as much as possible to support that -- I wasn't an Obama voter, but what the 2008 campaign did with social media was transformative.

If all those fail, sure, consider doing something crazy like Sealand or offshore corporations or whatever, but ultimately I'd rather live in a first-world country WITH good laws, than something with technical or jurisdictional hacks.

Nauru is (or was) trying to do this. http://www.thisamericanlife.org/radio-archives/episode/253/t... is where I heard about it, but this story aired almost a decade ago so I don't know what's happened since. I assume it didn't pan out. Nauru is kind of hard to get information on, because of its obscurity and isolation.

I remember looking at HavenCo's prices frequently, but couldn't afford to host there. For the price you had to make money and we were sailing on voluntary member payments. And what we were doing required serious bandwidth...