Bummer. This content is unavailable in your region.

Sorry, this post is not available in your region. Your region has decided to enact laws which target vague definitions of 'harmful' content which would require ID verification. This is my personal blog; I am not collecting your ID.

Obviously, you would think this law helps people stay safe online, but in reality, someone using a VPN, like Mullvad, could easily bypass it, so it just defeats the point.

And then, you have sketchy companies trying to take your ID. The amount of data breaches is insane, why would you let your ID be in said breach, even if they "delete it after verification" (one small bug could keep it there, like the Tea app.)

It's also putting a foot into the door. First it's NSFW content. Then it's anything the government does not like. It's madness.

Do not use a VPN. That would make your lawmakers very cross. They know what is best for you.

You're free to enjoy the rest of the blog posts not tagged with geo-restricted. You could also move to another location, but that's expensive.

“If we don't believe in freedom of expression for people we despise, we don't believe in it at all.”
— Noam Chomsky

On June 10th, AusCERT sent an E-mail to our hosting provider, Hetzner.

Greetings, The Australian Computer Emergency Response Team (www.auscert.org.au) has received a report of a phishing website running on your network at the following URL: hXXp://taxfraud.xyz As at Tue Jun 10 15:10:47 2025 this URL resolved to an IP address of: 37.27.51.34 for which you are listed as the abuse contact. This website is targeting or impersonating myGov A screenshot of the website is attached.

We would greatly appreciate your assistance in: a) notifying the owner of the website; b) cleaning, closing or disallowing access to the sites listed above as appropriate; c) providing to us any files containing phished credentials so that we can notify any affected member organisation(s). If you are not the correct person to be dealing with this incident, please forward this request to the appropriate person. Also, you are free to pass this information on to other trusted parties (e.g. law enforcement), as you see fit. If you are already aware of this matter then we apologise for the inconvenience. If possible, we would still appreciate a copy of any files from the host relating to this incident. Tracking code AUSCERT#[redacted] has been assigned to this incident. Please use this incident code in the subject line of all correspondence relating to this incident. Any feedback you can provide will be greatly appreciated. Thanks for your consideration of this request.

Of course, to aid Hetzner in the removal of this impersonation of the Australian myGov clone, they attached the screenshot with a timestamp.

Wait. That’s not myGov. It’s a mock-terminal style website. Of course, the domain was extremely funny. Regardless, we sent this reply back to Hetzner.

This website is not impersonating myGov. Visiting the website would prove such. AusCERT is making false accusations. The attached screenshot does not have the myGov website, nor any mention of myGov or “Australia”. Thank you.

Did I mention krunch was british? Now, in 1986, the Australia Acts were adopted but it is currently 2o25. So, take that what you will.

Obviously, mistakes are okay. They happen. But I still cannot wrap my head around they thought the screenshot they sent led them to believe it was a phishing campaign. Maybe if this was automated, it could make sense, but this was gross negligence that could have screwed Nest over.

Incidents like this show how thin the line is between responsible reporting and negligence. A single mistaken report can threaten legitimate organizations, especially for small communities like us (Nest) that rely on our processors upstream providers to act fairly. In this case, Hetzner was fair and clearly saw this was not the Australian myGov website.

We had a stern E-mail we were going to send but for some reason we never did as it was deemed too harsh of a reply.

Be krunch, do crimes.