Never figured out how to use Hertzner. Wanted to try since they get such a good reputation on here, but they banned my account when their system presented no way for me to verify my identity.
The required either PayPal or passport. I have no PayPal account, and their 3rd party verification system only allows passport from your country of residence (signup requires providing a contact address and they pre fill using this address; you can’t change the passport country). I am a British citizen living in Japan, and therefore hold a British passport; there was no way for me to provide a Japanese passport. I asked what I should do to comply, and they banned my account 6 hours later.
I can’t be the only one to experience this, can I?
I’m currently setting up infrastructure for a startup and it’s been very interesting how the threat model of data loss and disaster recovery is no longer hardware failure: it’s account lock out.
I’ve got streaming replication of my core data going from one cloud company to other company as that way if one has some antifraud system go rogue on me I still have access.
As somebody who used to spend a lot of time thinking about drives breaking it’s an interesting shift.
That's a very perceptive comment. It happens again and again and it's much harder to control for that, as compared to say making sure you are running in different amazon availability zones or something. If you wanted to destroy someone's service, probably getting them banned like you describe could even be easier than a DOS now. I worry about the day that google kills my gmail account for some random and never to be explained reason.
Well, this site is a big reason I got the insight to focus on account redundancy over disk redundancy. Lots of posts over the years of people locked out from all the big clouds in a panic trying to see if an employee will see their cry for help on HN.
Exactly. My main infrastructure is on Hetzner, but I have a live replication via Wireguard at another hoster in Austria. With less resources there, but for accessibility "in the case of".
I’m also thinking about buying a second hand server and racking it in a colocation joint just so I can physically get the disk. The client data I have is super important, and there is some level of comfort you only get from bare metal.
I literally have a Linux machine that I’m ready to rig up were it not for Comcast being my internet provider. Maddening to live in “Silicon Valley” and be dealing with dog shit data caps and speeds.
Yes, around 30 Euro per month. Now add the hardware costs.. And the internet connection costs (partly).. Anti-theft options.. In my opinion it is cheaper and more reliable to rent another dedicated server at another hoster for this. If you are sitting in Germany.
I had similar struggles with some non-IT service providers in Germany. They couldn't fathom why I have non-German nationality, German address and driving license from third country.
Passport, German address and driving license all have different address on them (all three being EU addresses).
It is apparently huge red flag in EU in 21st century.
Incredible
You have an address on your passport? I can see how that could cause issues if the address isn't valid. If I'd have to determine if your order was fraudulent or not, I'd err on the side of caution rather than risk having you abuse my server infrastructure (in the case of Hetzner).
A lot of people confuse the passport (Pass) with the national identity card (Personalausweis). There's no place of residence stated on the German passport, but it is part of the Personalausweis. Since German citizens by law are required to own a Personalausweis (there's no mandate to carry it around, just having it somewhere in a drawer suffices), practically all businesses in Germany do rely on the Personalausweis to validate identities. And of course if the place of residence stated on the Personalausweis doesn't match the actual place of residence this is going to trigger some red flags.
This is a very German thing. I’ve never seen ID cards from other countries that include an address of residence. Also the obligation to own an ID card is a very foreign concept in most other countries.
I had that issue with German companies before, especially those who rarely deal with international customers. For example in Austria only a few people own an ID card (most people have a passport, but not everyone). So the german companies were very surprised when I gave them a copy of the Austrian ID card, that also doesn’t have an address on it.
> I’ve never seen ID cards from other countries that include an address of residence.
In the USA the driver's licenses are ID cards and have addresses. Or if you don't have a license you can get a regular ID card, which has an address. The laws vary from state to state about how long you can go after you move before it gets updated. I'm not aware of a legal requirement to have one though, unless you're driving.
I thought the only way in the US to prove your address of residence is collecting your last few phone bills and bank statements. It was a huge LOL moment, when I first heard about that.
Yeah, it's really odd and circular. You can often present a lease agreement if you're renting an apartment or house. If you own, you can usually present a mortgage statement. If you own and don't have a mortgage (because you purchased with cash), you can use bank statement and/or phone statement. But what's funny is, how do you get the bank statement and/or phone statement? You usually have to show a lease agreement, mortgage statement, or some other proof you own the place you live. It's fairly difficult for someone coming from another country to get those things when they first arrive because all the documents they have are from another country and the entry-level employees that have to take them would have no idea what to do with them. My foreign friends and neighbors have stories about having to use a secured credit card (basically a debit card but the machines think it's a credit card) for 6-12 months before they could get a regular credit card. It's very confusing (and arbitrary and broken) if you're not on the easy path.
This is true in the UK - driving licenses have your address on them, but for some reason they're not usually accepted as proof of address. I assume this is because you only need to renew the license (i.e. get a new copy of the physical piece of plastic with an updated photo and expiry date) every ten years, so in theory your driving license could be evidence that you lived somewhere nine years ago but not evidence that you still live there today.
Providing a recent utility bill or bank statement is a much more common ask.
Spain also has the address in the DNI (national document of identity), and as the Germans Spain's citizens are also required to have such a document. Many public and private services will ask for your DNI if they need to validate your identity.
Yes we do have government provided ID cards. Your driver’s license (or if you don’t drive there’s a non-driver version that’s just a card). There is no mandate to get one or carry it (except for driving).
We have issues with voter registration because it’s been politicized. Poor people are disproportionately less likely to have ID cards (because it costs money, takes time, and most people get it to drive which is expensive), less likely to have it up to date. It’s disenfranchising to mandate IDs. Whether or not it’s a problem falls down party lines and your favorite statistician’s analysis. But that’s why it’s “an issue”.
South American countries with per capita incomes that sometimes are an order of magnitude smaller than the US managed to have national IDs for free to their entire population, and have required voter IDs for decades.
This is a mind boggling American superstition, it is not reasonable to suppose that the poors in America are so poor that they can’t have access to something the poor in Peru or Paraguay have.
Part of the issue is that you don't need an ID in America for most of your daily life. Most people get it to drive - if you don't have a car (which is actually expensive) then you may not get an ID at all. Yea most people will get an ID, but it's not something people need.
When it comes to the cost of the ID, part of the cost is taking time out of work to sit in a crummy office and fill out paperwork. They require certain proof of identity paperwork that can be hard to get for certain walks of life. Its quite an edge case in society that can't produce a small amount of paperwork to self-identify, of course.
Its a small cohort that truly don't have the resources to get an ID, but there is almost no observed downside to not requiring IDs to vote - American elections are and have been perfectly legitimate (or until 2020, depending on who you ask...). Why would we put up extra barriers to vote when we could just... not?
We have government issues ID cards, but we don’t have free government issued ID cards as far as I know, which is one of the problem with these voter ID laws.
In Austria it is fine to vote without an ID, if the members of the voting committee know you. On the countryside they usually do know their people. It’s mostly minor politicians (from all parties) that are in the voting committee, and they sit there all day to verify the election is not tampered with. And those politicians usually know everybody from their neighborhood.
You need to be on their list though, but you get added automatically by the city to the list. When you move you need to register your new address, so they know that you live there.
In the US the states decide these rules, the federal government just sets limits. So, in my state, I just tell them my address, if I’m registered to vote they’ll have my name in the list, no need to show an ID or anything. They have a list of registered voters, so I guess if multiple people tried to give my name at my address, it would get flagged when the second person showed up. I actually don’t know what the procedure is. I think it almost never happens, at least, I’ve never heard of it happening to anyone.
Individual voter fraud is a silly way to influence an election, you have to get away with it thousands of times to make a dent.
True, but in Europe usually everybody has an ID at some point, because you need it for traveling. And an expired ID also works to prove your identity.
But in theory you could also bring two or more „identity witnesses“ that either have an ID or are known to the people at the voting station, that can vouch for your identity.
Practically it works fine in many areas of the US as well—just, good areas that don’t want to put up hurdles for voters in the first place. But, give an extremism a means to disenfranchise anybody and they’ll go for it
Morally, even if it works out OK, it ought to bug you if you don’t have a cost-free way to vote.
I don't disagree at all to be honest. I don't think voter fraud is an actual concern (if bare mininum measures are taken, like voter registration or even just "checking in" individuals with their adresses), but I think it's weird that it is considered to be such a huge issue in the US when it is actually the norm in most of the world.
Especially since it's usually white people using POCs as almost "noble savages" who can't figure out how to vote, get an ID, or have a drivers license.
I agree and think that some of the “it is just impossible for minorities to get IDs” stuff is, like, uncomfortably low expectations. I think this is sort of condescending and not really helping our case. If you took the average person from a minority community, I happy to believe that they are equally able to get an ID as a person from a majority community.
But in every community there is a range of willingness to deal with bureaucratic annoyances to vote. Adding more hurdles bumps some people from the voter to non-voter bucket. The reason it is a big issue in the US is that we have a well documented history of adding those hurdles selectively in order to suppress votes from particular communities. This is part of a really dark chapter in our history so people have a visceral reaction to it. I mean, since you are Canadian—I guess people would be a little skeptical if someone tried to start a conversation like “Well lots of countries have boarding schools so here’s my plan for education in some underserved communities…,” right?
Apparently, it isn't obligatory to have an ID card here im Germany. My friend researched this last time his ID was about to expire and decided to go with passport only. The only problem is when you have to verify your address, since that's usually done via ID.
True. I just checked the ID cards for a few EU countries, and most of them don't seem to include an address of residence (I checked Poland, Netherlands, Belgium, Finland and Switzerland). France includes an address too.
The law has been changed numerous times since then. However, the requirement to possess an ID was introduced with the start of WW II. So it's not completely wrong to call it a Nazi invention.
German law requires you to own a Personalausweis or Reisepass (passport). If you have a passport, you are not required to also have an ID card/Personalausweis.
To add to this, it is actually forbidden to have a different main residency than the one on your Personalausweis if you live in Germany. If you move, you have to change it within a few weeks.
If you have residency permit, that gets updated. If you don't have (EU citizen) then having done the registration is enough. (I think GPs wording isn't particularly precise: what matters is the registration - and if you have a German ID document, then that gets updated at that point)
Yes, there's address on all three - passport, national ID and driving license.
Passport and national ID are from southern EU country, driving license is northern EU country and I live in Germany.
I have no intention on changing any of addresses on any of my IDs or driving license until legally required (10+ years from now).
German Passports have the City/Region you life in on them. The ID cards have your full address. So if the address of your ID card doesn't match your passport something is definitely fishy as you would have to get them updated when you move.
German (and most other?) passports feature the name of the issuing authority and place of birth, no other location, and remain valid irregardless of your current registered address.
Side note: It seems like many African ID cards list the profession and I've had to explain to several suspicious border guards why my passport doesn't.
EDIT: I've always wondered about this and apparently the body that sets passport specifications is ICAO, the International Civil Aviation Organization, as mandated by the UN. Specifically through ICAO document 9303.[1]
The German Passport has field for your Residence, which is mandatory and needs to be updated when you move. It is generally the general location you live in, usually your city.
This is actually exactly what happened with us. After creating a new account with the intention of exploring the ARM64 services, our account was unexpectedly suspended. I contacted them to have information on the specific concerns regarding my customer information and the reason for deactivating my account. Unfortunately, we did not receive any response to our inquiries.
> Never figured out how to use Hertzner. Wanted to try since they get such a good reputation on here, but they banned my account when their system presented no way for me to verify my identity.
Is this something new? I (Norwegian) have been using Hetzner for 10+ years, and never had a problem, and never had to attest my identity. CurrentlyI have a four servers running there. The last one was set up approx. a year ago, IIRC.
Norwegian living in the UK, and have used Hetzner for years, both via a personal account and more recently via a corporate account (UK company, Norwegian citizen), and it's not been an issue. For one of the other corporate accounts I used it for the managing director at the time (UK company, UK citizen) did have to provide ID, though. Not clear exactly which criteria has been in place when and for whom.
A large statistical model, likely run by some third-party attestation service, said so. It's mostly used to refuse service where governments require that (say, no service for North Korea), or to people known to repeatedly do fraud, etc. But false positives occur; sometimes an inspection by a human helps (send an ID).
They probably suffer from a lot of sign ups with fake IDs and with criminal intent. So I get that they are rather strict.
Another thing to consider: cloud providers are not very interested in individuals as customers. They usually want companies as customers, that also buy more than a 3$ vserver. A solution for this problem could be a sign-up fee (50 or 100$), to pay for an extended manual vetting of customers, that is then added to the account balance.
> Another thing to consider: cloud providers are not very interested in individuals as customers
A key theme in the "cloud vs data center" story is that most public cloud providers (AWS, etc...) were really easy to sign up, requiring a CC and nothing else.
Meanwhile, hardware vendors wouldn't even talk to you as an individual / small business.
Tried to sign up for gcloud a couple of months ago using my >12 year old google account.
Long story short, while I technically managed to sign up, I never managed to get my GPU quotas increased to anything above 0, support is non-existent and contacting sales (which seems to be the 'official' way, but is only really intended for business customers?) never got a response...
Meanwhile, my small server (not Hetzner) has been running for many years without any issues, never had to send them anything after I signed up...
> Never figured out how to use Hertzner. Wanted to try since they get such a good reputation on here, but they banned my account when their system presented no way for me to verify my identity.
I ran into the same thing as well, maybe my real name sounds a bit funny to their system? It was very discouraging to move forward after being instantly banned. I reached out to them how I could verify and the only way was sending them an unencrypted mail with my Passport copy. Upon request they suggested I could simply send them a fax.
Note, this has been some years ago and I've never gave Hetzner a new try. As long as I can see from professional experience, you will have a lot of back and forth with Hetzner support, which becomes quite bad the moment your team is international because they'll always manage to sneak in some sort of German text. It really feels antiquated having to go through support for basic server hardware debugging. Eventually they'll often resort to replacing your instance.
I've seen the other side of this. Our SaaS (a data API) has a number of "customers" who attempt to use us (or our competitors; we're not special here) to power some data displays on their phishing-scam websites, to make them seem more legitimate.
We ban these people — they're violating our ToU by engaging in illegal activities. But they come back. With different names, different IPs, different browsers, different credit cards. They have complete identities to burn. (We spot the correlations anyway, along other dimensions I won't disclose here, and so can keep them out pretty effectively.)
And guess what? Very often, their requests are coming from Hetzner IP blocks.
I don't think the scammers have a direct business relationship with Hetzner, mind you. I think Hetzner tries just as hard as we do to stop these people from making use of their services. But I believe that these Hetzner boxes are either set up as exit nodes of one or more common VPN providers; or they're being registered for other purposes by other parties, and then resold on the secondary market on dark-web forums.
If I were a VPS provider, and I didn't want to support illegal activity, I'd probably just give up on providing service to individuals altogether, only taking corporate customers; and even then, requiring a DUNS number or something as an additional proof-of-work for that corporation, so that people can't just keep spinning up corporations in places where that's essentially free.
Hetzner hasn't gone that far; but it makes sense to me that if a user account is flagged as needing extended verification, and the ops person responsible for verifying the account takes a look at the user-lifecycle activity logs for the user, and sees that this user has: their IP coming from multiple places during registration vs login, their browser locale and timezone bouncing around between requests and set for settings uncommon to the country their IP is originating from, etc. — that the answer would be "ban" rather than "ask the user why the heck that's happening."
One time out of ten, the user is a real person doing something weird. The other nine times out of ten, the user is a scammer and is going to make up some story about being a real person doing something weird. Every scammer has their very own pool of man-hours, and if you're in the critical path for their scam, they can burn a number of those man-hours being really insistent that they're authentic. Until you let them in, and see that they immediately start up the same dumb phishing-scam bot script that all the other scammers purchased.
We crawl through data like this professionally and from what we see, Hetzner isn't actually that bad at combating fraud. They are not GCP or AWS but there are other hosters of similar scale that have significantly worse response times and leave up clearly compromised machines for a lot longer.
I cannot really comment on this because its A) a multi-dimensional problem (Hosters like Oracle have slightly longer mean removal time than Hetzner but less of their IPs end up in our aggregated blocklist, so does that make them worse or better idk) and B) we're trying to coax at least some of these hosters into using our service to support their fraud team so its probably best not to call out potential customers ;)
It’s likely they’re just using hacked sites. I’ve seen a WordPress site used as a Viagra botnet. The owner of the business thought it was good for them because they would get more traffic so they had given the other party root access. :sigh: the shit you see as a contractor…
But I’d be willing to bet you’re seeing hacked servers, not necessarily Hetzner’s fault. Hell, they didn’t even have ipv6 firewalls until recently (like the last six months).
I have pretty good reason to believe that scammers are using purchased Hetzner credentials — which is that some scammers are just right out there in the open, talking about how they do what they do: https://teletype.in/@slivmens/LjPaei8pMTT
Translated quote:
> To do this, we go here: [link to carding forum] and create a topic in the section "verified Hetzner accounts."
> Offer price — no more than 400 rubles is needed. The priority is people from Ukraine, as they have benefits. GEO of the person who verifies the account - any, excluding Russia due to sanctions.
> Another important detail: the seller must register a fresh GMail account, use that account to create an account on Hetzner, and verify it themselves.
> After verification, we wait 3 days before the creation of the new server — otherwise the likelihood of the account being blocked for abuse increases.
> After purchasing the account credentials, we change the password, both on the Gmail account, and on the Hetzner account.
Are you implying that someone (possibly temporarily) living in another country than where they're from means the sensible course of action is to instantly ban them?
I provided them with my passport and all the other documents they requested and they still banned me with no recourse, so yeah, their signup process is the worst I have ever experienced.
They seem pretty good at writing back to people. Have you contacted them? It's normal for new accounts to get suspended pending KYC checks. But they also do the checks pretty fast.
That’s pretty suss. Just send your passport and if they have any issues with it, they’ll ask. If they ask you for your passport and you ask “how do I comply” I’d probably suspend the account to since you seem unable or unwilling to comply.
It’s obviously a typo or something similar. The customer support person likely has no idea what you’re talking about, they want a passport with your name on it, they don’t care where it is from.
I think they really care about two things: VAT and cryptocurrency. Passports are required to prove you should or should not pay the 19% VAT, and crypto (namely, SIA) destroy their servers.
You got my hopes up but it seems I'm stuck paying UK VAT even though I don't think it's necessary any more.
I've run into this with a few different German businesses, I don't know if I'm right or they are, but it seems like they don't _have_ to charge me VAT. Which is underlined by the huge "import VAT" bill I'm dumped with when I have physical goods delivered to me in the UK.
Are you using the computer for business? If so, you should be claiming VAT credits that neutralize VAT (since it's intended as a consumption tax). If they don't charge you VAT on behalf of the UK, the UK should be charging you the equivalent consumption tax by some other means to keep the consumption tax base neutral.
Have a company whose business purpose justifies spending company money on servers. Make a profit so you have company money to spend. Spend it on servers. There you go.
> I have no PayPal account, and their 3rd party verification system only allows passport from your country of residence (signup requires providing a contact address and they pre fill using this address; you can’t change the passport country)
Sounds like a good thing to do?
My current hoster in Germany made a surprise call and asked me what the name of the hotel near the address I provided was. This after I submitted the order and before they accepted.
I sent them a photo of my passport encrypted with their pgp key. This was a long time ago, so the process might have changed, but it seemed entirely manual.
You get a good range of options at a low cost with Hetzner but need to identify yourself. Many hosting companies have different levels and types of verification these days. If you want to avoid any KYC, checkout https://kycnot.me/services#VPS.
Using a VPN is one of the easiest way to get rejected. Most automated systems flag stuff coming from them as highly suspicious due to the sheer amount of crap coming through them.
The required either PayPal or passport. I have no PayPal account, and their 3rd party verification system only allows passport from your country of residence (signup requires providing a contact address and they pre fill using this address; you can’t change the passport country). I am a British citizen living in Japan, and therefore hold a British passport; there was no way for me to provide a Japanese passport. I asked what I should do to comply, and they banned my account 6 hours later.
I can’t be the only one to experience this, can I?