- Bulletproof hosting is typically illegal in nature
- It aims to provide a safe haven for criminals to host illegal content or services
- Bulletproof hosting is as old as the internet
- Tend to be located in Eastern European countries
Why does BPH hosting exist?
If there’s an audience for something, there’s going to be a website catering to that audience. Even the most depraved content needs to find somewhere to live. Any legit hoster will have an array of awful things in their terms of service that they will ban you for hosting, and probably call the cops over. Think malware, child exploitation material, C2 servers, etc...
A bulletproof hoster has comparatively few rules, some will disallow terrorism and child exploitation related content, but many will allow anything.
How can they exist?
Firstly they tend to base themselves in countries which turn a blind eye to certain kinds of illegal content or which don't make tackling it much of a priority. Eastern European countries like Ukraine is a top choice, among others like Russia.
When BPH companies do receive abuse reports that an ip address they control is up to no good they'll often either ignore the report or immediately inform the customer who will move their infrastructure elsewhere - thus frustrating the whole process to the point where there's no point making an abuse report.
Why not just use TOR?
In the past few years some criminals have moved their operations away from bulletproof hosting onto the dark web, only accessible through tor. Dark web marketplaces are the best example of this, they pretty much exclusively all use tor.
However tor isn’t the best option for all illegal activity, it has speed and reliability issues, and there’s the fact that the IP’s of all tor nodes are public, so it’s easy to identify if traffic is coming to or from tor, this inherently makes that traffic untrustworthy to many services.