$ pwd
[$ ] use-case: journalism
// NAME
journalism — hosting for journalists & investigative reporters.
// SYNOPSIS
xmrhost-cli playbook describe --workload=journalism
xmrhost-cli provision --workload=journalism --region=<is|ro>// TL;DR
$ head -n1 README
// source-protection-grade hosting for newsrooms, leak inboxes, and securedrop / hush line intake.
// DESCRIPTION
$ man playbook(journalism)
// compartmentalized stack + jurisdictional treaty-depth
Source protection is not a single technical control; it is a discipline of compartmentalization. The public-facing CMS (Ghost, WordPress, Astro) lives on one VPS; source intake (SecureDrop, Hush Line, custom Tor onion) lives on a separate VPS, ideally in a separate jurisdiction; editorial mailboxes live on isolated infrastructure with PGP at rest and in transit. Compromise of any one component should not chain to the rest of the operation.
Iceland's IMMI codifies source protection — a foreign court order routed against an Icelandic hosting operator has to clear the domestic courts, which in practice raises the cost of compelling disclosure several treaty-deep. SecureDrop (the Freedom of the Press Foundation's reference design) runs cleanly on a vps-4 or vps-8 in Iceland; the journalist workstation belongs on hardware the editor controls directly, never on the same host as the intake server. We can also provide a dedicated IPv6 / no-IPv4 instance specifically for onion-only intake, which simplifies the OPSEC posture.
Anonymous registration is supported (working email + Monero), but the operational identity that matters is the editorial team's own — pen names, PGP key custody, contact-page disclosure of the masthead. We do not validate identity at signup and we route legal correspondence through the local counsel for the deployed region. Retention is engineered low: edge NetFlow at 1:4096 sampling, no per-customer correlation, no per-account access logs.
// see also
- SecureDrop — Architecture (docs.securedrop.org)
- Freedom of the Press Foundation — Threat Model (freedom.press)
- IMMI — Icelandic Modern Media Initiative (immi.is)
- EFF — Surveillance Self-Defense for Journalists (ssd.eff.org)
// RECOMMENDED NODES
$ xmrhost-cli list --workload=journalism
// 3 plans flagged for this workload. all xmr-billed.
// RECOMMENDED REGIONS
$ xmrhost-cli regions list --workload=journalism
-
is — iceland : IMMI-codified source protection. A foreign court order has to clear the domestic Icelandic courts; civil-process MLAT depth is non-trivial. Persónuvernd is the GDPR DPA.
-
ro — romania : EU DSA jurisdiction with the narrow-takedown preference; useful as a secondary newsroom region paired with an Iceland intake. ANCOM follows standard EU lawful-intercept rules.
// THREAT MODEL + AUP BOUNDARY
$ xmrhost-cli scope --workload=journalism
// the hosting layer is one component of the threat model. what we cover, and what we explicitly don't:
// scope: in
- IMMI-codified source protection in IS; EU DSA narrow-takedown procedure in RO
- Compartmentalised stack — separate hardware for CMS vs intake vs editorial mailbox
- Dedicated IPv6 / no-IPv4 instances for onion-only intake (simplifies OPSEC posture)
- Anonymous registration (working email + Monero), legal correspondence via local counsel
// scope: out
- Journalist workstation security (that machine should never run on hosted infra)
- Source verification (how you authenticate a leaker is editorial, not a hosting concern)
- Country-of-publication libel / defamation analysis — get specialised counsel, not a host
- Physical safety of the editorial team — RWB, EFF, Frontline Defenders are the resources
// AUP boundary
Customers are responsible for compliance with the laws of their own jurisdiction. The operator does not provide legal advice; consult specialized counsel (Reporters Without Borders, EFF, Frontline Defenders) before publishing in adversarial environments.
// SEE ALSO
// playbook — full workload list, node — full catalog, location — region posture, why-monero — billing rationale.