Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Web Hosting Firm DreamHost Publishes Transparency Report

Web hosting provider DreamHost has issued its first ever transparency report to show off how frequently the company did not comply with government requests.

Web hosting provider DreamHost has issued its first ever transparency report to show off how frequently the company did not comply with government requests.

DreamHost legally rejected 57 percent of combined information requests in 2014, according to a report released Tuesday. “A majority of other tech companies don’t even come close to this!” Art Elizarov, DreamHost’s vice-president of legal affairs, wrote in the report.

Unsurprisingly, most of the requests came from the United States with 1,145 requests (not including FISA/NSL requests) in 2014. DreamHost complied with only 46 percent of the requests, affecting 1,352 accounts. Germany was the second most common, with 39 requests. DreamHost complied with 64 percent of the requests, which affected 50 user accounts. The United Kingdom rounded out the top three, with 35 requests. DreamHost complied with 40 percent of the requests, affecting 48 accounts.

“If anything looks fishy, or if the request doesn’t meet every single requirement issued by the appropriate body of law, we reject it!” Elizarov wrote.

There is growing trend towards technology and Internet companies releasing transparency reports to show they are taking customer privacy seriously. The Electronic Frontier Foundation even rates companies on how well they protect user data by tracking who publishes transparency reports. Apple, AT&T, Comcast, Dropbox, Facebook, Google, LinkedIn, Twitter, Verizon, and Yahoo are among the companies who currently release these reports. This report is DreamHost’s first.

Because it is a Web host, most of the requests DreamHost fields are related to allegations of copyright infringement, defamation complaints, and DMCA takedown requests. The company received 873 total DMCA/trademark requests in 2014 and rejected most of them, according to the report. The requests to remove or censor materials posted on the Website were usually related to defamation or invasion of privacy lawsuits. The company claimed to reject over 80 percent of these requests. However, the company removed infringing content if the takedown notice included proof of copyright ownership.

With that said, DreamHost claimed to actively identify and flag “patent trolls” that routinely send out warrantless copyright infringement notices.

DreamHost also received 466 “government requests,” or queries for user account information from various law enforcement and government organizations. These requests were typically part of a criminal investigation and DreamHost complied with them for the most part. However, it’s worth noting that for majority of the requests, DreamHost successfully narrowed the scope so only critical user information was sent to the government. Two thirds of the requests were subpoenas, with the remaining third split between court orders and search warrants.

“Every single request in this report is screened and routinely rejected for running afoul of procedural and substantive laws,” the company said. “We only accept requests that are legally sound.”

DreamHost received between 0 to 999 National Security Letters/FISA requests in 2014. As is the case for other companies who publish transparency reports, federal laws prevent DreamHost from disclosing the exact number of these letters.

Web hosting providers have a tricky balance to navigate—maintain user privacy for its Web hosting customers while still not running afoul of the government. DreamHost rejects over 60 percent of information requests due to procedural violations, such as not filling in required information on state forms, getting the subpoena from the wrong court, and other mistakes. And over 80 percent of subpoena requests are modified to include only limited data in the responses, according to the report.

“In other words, we don’t freely hand out customer data to anyone who simply asks for it!” the company said in its report.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.