I don't think it's necessarily specific to LE but rather to public certificate transparency logs. LE being free and easy to automate means it's very widely used these days, but if you theoretically go to a "pay" root CA and get a cert that covers thing.com and www.thing.com , the same probing will happen on the same time scale.
The alternatives to cpanel would mostly be all-in-one hosting providers like 'squarespace' or similar, which have rolled their own web GUI to automate a basic normie workflow of domain registration, putting basic DNS records in a zone, hosting the DNS, getting TLS certs, putting basic content on a httpd. It's interesting to see the "set up your small business website now!" advertising to totally non technical people.
To be fair to the vpn product, at least they did it through a partnership with mullvad, one of the least-terrible (not even in the same ballpark as the likes of nordvpn, etc) commercial vpn service providers in existence.
I would worry less about big shared hosting providers, who have a strong interest in patching their stuff quickly, than the market of people who get one or two dedicated servers or KVM VMs and then install cpanel on them and for the rest of the time they use it, ignore the CLI of the servers and never patch anything. There's a lot of small users of cpanel that have just a few licenses.
There's still a very big market of people for whom being given a VPS with ssh access and a command line is beyond their technical capability or comfort level.
Ever seen the upsell offers in the check-out workflow for hosting packages that come when you buy a new .com domain from any major registrar? All those are shared hosting packages where everything is done through some sort of web gui.
As someone who pretty much exclusively uses debian, freebsd and openbsd for server OS work, I was also rather surprised recently to see the default web gui that comes on a new fedora install.
I was pleasantly surprised to learn the architecture for this - a minimal backend that does a PAM auth and gives you a shell over websocket, with only your own Linux user credentials - and then everything else (from managing files to apache to VMs) is done in frontend javascript.
Keeps the server-side backend minimal and auditable.
I see a whole boatload of fairly big and important open source infrastructure projects that run on Linux. Sure, maybe 97% of its budget doesn't go directly to the linux kernel, but they're supporting a lot of critical stuff.
Do small businesses in your area have complicated ownership structures that it's significantly inconvenient to disclose the one family that owns, for an example small business , a plumbing repair company with 4 vans and 6 employees?
Lots of small businesses are operated from home. Their business information is scraped, transformed into personal information, sold to spammers and scammers, and in some cases abused in an automated fashion along with thousands of others.
Registering a phone number with the official company registry is sure to get you a scam call within the hour. People will come up to your house later.
The only way to live a somewhat safe life as a small business owner is to have a dedicated phone number you never answer and a dedicated post office address where nobody lives.
These kinds of requirements made a lot of sense thirty years ago, but nowadays, with billions of people able to abuse every bit of information you publish instantly from anywhere while you're asleep, it makes a lot less sense.
In theory this documentation can be used to prevent scams and crimes, but actual enforcement of people's identities has become a problem, and the criminals have plenty of unsuspecting family members, homeless people, or mentally handicapped adults they can pressure into signing papers.
They might? If they don't and it is trivial to identify the beneficial owner, why is it necessary to create a requirement to disclose? The practical experience is that people are quite bad at this sort of requirement, that may well be a source of problems and that on aggregate making it harder to do business has a notable impact [0] on general prosperity. Don't needlessly put barriers in front of people who create wealth.
It isn't a stretch to imagine that a small business owner literally doesn't have enough time in their life to maintain their own health and run their business. There are some pretty grim stories out there, I can tell one based on a friend of mine who was working ... I think 70 hour weeks. Sounded rough. It isn't actually crazy to say they may not have an hour free to figure out what form they need to fill out and where to file it, or that they'd be too sleep deprived to get it right. Assuming that this thing is the only thing they need to disclose and there aren't any other pieces of paperwork that need filing (which we all know there will be).
Sure if they have to they'll probably figure it out in most cases, maybe it is trivial. But the businesses where a straw broke the camel's back don't exist any more to point at as evidence. It is hard to know.
You get extra spam. Any data that ends up on those public lists will be used to spam you. Some websites will also correlate all the data they have on you too, so you can get that spam at home too.
Basically, you have no privacy if you start a small business under these kinds of rules.
reply