$ man 7 offshore-hosting-for-journalists
[$ ] Offshore hosting for journalists and small newsrooms — a practical guide
// NAME
offshore-hosting-for-journalists — practical guide to the four workloads a newsroom typically hosts (CMS, leak intake, internal comms, archive backup), the jurisdictional choices that matter, and the cost honestly stated.
// SYNOPSIS
# typical newsroom topology
public CMS vps-2 (iceland) $25/mo
SecureDrop intake tor-2 (iceland) $42/mo
Matrix backbone vps-1 (iceland) $15/mo
Archive backup vps-1 (romania) $15/mo
-----
total $97/mo// WHY OFFSHORE
$ man 7 why-offshore
Offshore hosting is not about evading legitimate criminal investigation; the MLAT framework moves court process through proper channels regardless of jurisdiction. What offshore hosting does defeat is the much larger volume of low-merit legal pressure: copyright-formatted takedown bots, chilling-effect cease-and-desist letters, civil plaintiffs with deep pockets but weak claims, and political pressure that relies on domestic-jurisdiction leverage on the host.
For a small newsroom doing investigative work in a hostile regulatory environment, offshore is a force multiplier on editorial time. The story that would die on a domestic host under takedown pressure survives the same pressure on Iceland infrastructure because the legal-process route is slower and less productive for the complainant.
// THE FOUR NEWSROOM WORKLOADS
$ ls /etc/newsroom/workloads
1. Public-facing CMS
Where the published articles live. WordPress (most common), Ghost (lighter), Hugo / Astro / Eleventy (static, lowest cost). Static-site generators are the operationally easiest pick: small VPS, no PHP runtime to patch, no database to manage. Resource-wise: vps-2 ($25/mo, 2 vCPU / 4 GB) is plenty for most newsroom traffic, even during the spike when a major story lands. WordPress at scale wants vps-4 ($45/mo).
2. Leak intake / source-protection
SecureDrop (heavier, full air-gap workflow) or Hush Line (simpler, Matrix-based delivery). Hosted on a Tor hidden service, separate VPS from the CMS — compromise of one must not bleed to the other. SecureDrop fits tor-2 ($42/mo); Hush Line fits tor-1 ($20/mo). See /guide/host-securedrop-affordably for the SecureDrop-specific deployment guide.
3. Internal newsroom communications
Matrix homeserver for editorial discussions. Conduit (Rust, lean, low-resource — fits vps-1 / $15/mo for a small editorial team) or Synapse (Python, reference, larger resource footprint — fits vps-2). See /vs/synapse-vs-dendrite-vs-conduit for the implementation choice and /docs/setup-matrix-homeserver for the runbook. Federation with the public Matrix graph is optional — most newsrooms run a closed homeserver.
4. Archive backup
The newsroom's own copy of its published work, hardened against takedown. Off-site, ideally a different jurisdiction from the primary CMS (Romania backup of Iceland CMS, or vice versa). Fits vps-1 ($15/mo); the data is mostly cold (read-only mirrors + occasional sync). Tool of choice: restic or borgbackup over SSH, see /docs.
// RECOMMENDED TOPOLOGY
$ draw --topology
| // workload | // region | // plan | // monthly |
|---|---|---|---|
| public CMS | Iceland | vps-2 | $25 |
| SecureDrop intake | Iceland | tor-2 | $42 |
| Matrix backbone (Conduit) | Iceland or Romania | vps-1 | $15 |
| archive backup | Romania (cross-region) | vps-1 | $15 |
| total | $97/mo |
// can be trimmed further by skipping the Matrix backbone (use Signal or an existing federated homeserver) or by colocating CMS + archive (against best practice but viable for very small budgets). Floor for a single-person investigative-journalism operation: ~$35/mo (CMS + SecureDrop only).
// JURISDICTION CHOICE FOR JOURNALISM
$ man 7 jurisdiction-for-journalism
Iceland is the recommended primary region for journalism deployment specifically:
- IMMI (2010). Codifies source-protection, whistleblower-protection, and limits on prior-restraint orders. The legislative package was designed in part to attract journalistic-hosting workloads.
- Höfundalög nr. 73/1972. Iceland Copyright Act — no §512-equivalent. Removal requires court process. Copyright complainants who file in Icelandic courts face 12-18 month first-instance timelines.
- EEA-not-EU. GDPR applies via the Joint Committee but the European Court of Justice does not have direct jurisdiction. One less layer of EU-treaty exposure for editorial decisions in tension with EU regulation.
- Outside Five Eyes / Fourteen Eyes. Iceland is not a signal-intelligence sharing partner — material consideration for the highest-stakes deployments.
Romania is a strong secondary region (archive backup, Matrix backbone) — EU-internal latency is better, costs are lower, and the cross-region split provides redundancy.
// FAQ
$ faq journalism-hosting
Q. Why would a newsroom host offshore instead of with a normal provider?
A. Three reasons: (1) Civil-discovery resistance — court process in Iceland or Romania moves slower than in most domestic jurisdictions, which deters frivolous subpoenas. (2) No DMCA-§512-equivalent — copyright-formatted takedown requests don't trigger a removal obligation. (3) Source-protection regimes — Iceland's IMMI statutes explicitly support journalistic intake hosting. None of this protects against an actual criminal investigation that moves through proper MLAT channels; the protection is against the larger volume of low-merit legal pressure.
Q. What workloads does a newsroom typically host?
A. (1) Public-facing CMS (WordPress / Ghost / Hugo) for published articles. (2) Source-protection intake (SecureDrop or Hush Line). (3) Internal communications backbone (Matrix homeserver, often run on a separate VPS). (4) Archive backup (the newsroom's own copy of its work, hardened against takedown). xmrhost.io serves all four — most newsrooms run them on two or three VPS instances, not a single mega-server.
Q. Is Iceland really journalism-friendly or is that marketing?
A. Real — but specific. The Icelandic Modern Media Initiative (IMMI, 2010) is a legislative package that codifies source-protection, whistleblower-protection, and limits on prior-restraint orders. It doesn't make Iceland a free-for-all; it codifies what Icelandic law already favored. WikiLeaks operated out of Iceland in the early 2010s for these reasons. The protection applies to operators hosting journalistic content; the operator's day-to-day experience reflects that.
Q. What's a realistic monthly budget for a small newsroom?
A. $60-150/month for the hosting infrastructure (CMS VPS + SecureDrop VPS + optional Matrix VPS for internal comms). Most newsrooms run on the lower end ($60-80) and add capacity when active stories drive traffic spikes. The dominant cost is editorial time, not infrastructure — but infrastructure has to be sized for occasional 10× traffic burst when a story lands.
Q. Can a single VPS host both the CMS and the SecureDrop intake?
A. Technically yes, operationally no. FPF strongly recommends keeping SecureDrop on dedicated infrastructure — a compromise on the CMS that bleeds through to SecureDrop is a source-compromise event. Standard newsroom topology: CMS on /node/vps/vps-2 ($25/mo), SecureDrop on /node/tor-hidden-service/tor-2 ($42/mo). Separation is cheap insurance.
Q. How does xmrhost.io respond to legal correspondence about hosted journalism?
A. The operator processes court-issued process from courts of competent jurisdiction in Iceland or Romania. DMCA-format takedowns are responded to with a pointer to the correct national procedure (no removal until court order). Cease-and-desist correspondence is logged and forwarded to the customer; the customer's response, not the operator's, is the operative reply. See /legal/aup for the full procedure.
Q. Can the operator be compelled to reveal a journalist's identity?
A. The operator collects the minimum identity data required to support the account: a pseudonym is sufficient at signup; payment routes through OxaPay (no KYC); email is optional. If a court order arrives demanding identity data the operator does not possess, the response is that the data does not exist. This is structural defense, not policy promise — it works because the data was never collected.
// SEE ALSO
$ ls /usr/share/doc/xmrhost/guide
- /guide/host-securedrop-affordably — SecureDrop-specific deployment.
- /playbook/journalism — journalism workload manpage.
- /threat-models#journalism — source-protection threat-model dossier.
- /vs/synapse-vs-dendrite-vs-conduit — Matrix implementation comparison for the internal comms layer.
- /vs/iceland-vs-romania-offshore-jurisdiction — region comparison.
- /legal/aup — operator's complaint-handling posture.
- External — freedom.press (Freedom of the Press Foundation), docs.securedrop.org, hushline.app.