{"id":11282,"date":"2026-07-08T19:30:00","date_gmt":"2026-07-08T14:00:00","guid":{"rendered":"https:\/\/4ksamachar.com\/?p=11282"},"modified":"2026-07-08T19:30:00","modified_gmt":"2026-07-08T14:00:00","slug":"224-david-snead-on-building-trust-and-collaboration-in-the-hosting-industry-with-the-secure-hosting-alliance","status":"publish","type":"post","link":"https:\/\/4ksamachar.com\/?p=11282","title":{"rendered":"#224 \u2013 David Snead on Building Trust and Collaboration in the Hosting Industry With the Secure Hosting Alliance"},"content":{"rendered":"<details>\n<summary>Transcript<\/summary>\n<div>\n<p class=\"wp-block-paragraph\">[00:00:19] <strong>Nathan Wrigley:<\/strong> Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley.<\/p>\n<p class=\"wp-block-paragraph\">Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in this case, building trust and collaboration in the hosting industry with the Secure Hosting Alliance.<\/p>\n<p class=\"wp-block-paragraph\">If you\u2019d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice, or by going to wptavern.com\/feed\/podcast, and you can copy that URL into most podcast players.<\/p>\n<p class=\"wp-block-paragraph\">If you have a topic that you\u2019d like us to feature on the podcast, I\u2019m keen to hear from you, and hopefully get you, or your idea, featured on the show. Head to wptavern.com\/contact\/jukebox, and use the form there.<\/p>\n<p class=\"wp-block-paragraph\">So on the podcast today, we have David Snead. David has been involved in the hosting industry since 1999, starting out as legal counsel for one of the earliest shared hosting companies, and going on to work with over 50 others. He helped found the i2Coalition, serve as in-house counsel for cPanel and WebPros, and now leads the Secure Hosting Alliance.<\/p>\n<p class=\"wp-block-paragraph\">If you\u2019re listening to this podcast, I\u2019m sure that many of you will have worked closely with hosting companies. Perhaps you run an agency, or business, that depends on the reliability, ethics, and security of hosting providers. David is here to talk about cross-industry collaboration in the hosting world, specifically around improving security, professionalism, and communication between hosts.<\/p>\n<p class=\"wp-block-paragraph\">The conversation focused on why, and how, the Internet Infrastructure Forum, or IIF, is building a framework for real-time intelligence sharing and abuse reporting, aiming to help the entire ecosystem detect and prevent attacks faster than adversaries can adapt.<\/p>\n<p class=\"wp-block-paragraph\">David talks about the challenges hosting companies face, especially smaller ones, in keeping up with security, and how this evolving project hopes to ease this by sharing actionable, non-proprietary abuse information across registrars, hosting providers, DNS services, and more.<\/p>\n<p class=\"wp-block-paragraph\">He discusses the growth of both the Secure Hosting Alliance and the IIF, the business case for collaboration, and the nuances of legal and technical information sharing across borders.<\/p>\n<p class=\"wp-block-paragraph\">If you\u2019re in hosting, run a web agency, or just want to know how the backbone of the web is working to stay more secure and connected, this episode is for you.<\/p>\n<p class=\"wp-block-paragraph\">If you\u2019re interested in finding out more, you can find all of the links in the show notes by heading to wptavern.com\/podcast, where you\u2019ll find all the other episodes as well.<\/p>\n<p class=\"wp-block-paragraph\">And so, without further delay, I bring you David Snead.<\/p>\n<p class=\"wp-block-paragraph\">I am joined on the podcast by David Snead. Hello David.<\/p>\n<p class=\"wp-block-paragraph\">[00:03:20] <strong>David Snead:<\/strong> Hello.<\/p>\n<p class=\"wp-block-paragraph\">[00:03:21] <strong>Nathan Wrigley:<\/strong> Very nice to have you with us. David\u2019s got a really interesting background, and a really interesting, I\u2019m going to use the word project. I don\u2019t know if that\u2019s the right word. It feels like it\u2019s got more solidity and it\u2019s got a lot more history than that. It\u2019s something which is, I think going, but we\u2019ll find out a little bit more about it. It\u2019s all about the hosting industry and trying to get hosts to, I guess communicate with each other in ways going forwards.<\/p>\n<p class=\"wp-block-paragraph\">[00:03:44] <strong>David Snead:<\/strong> That is a part of it. There are really two goals and one is to level up the ethics and professionalism in the hosting industry. And the second is to facilitate more comradery and interaction among hosts. Something that folks felt occurred in the early 2000s, and with all the consolidation that occurred went away. And so that\u2019s something that we\u2019re also trying to facilitate.<\/p>\n<p class=\"wp-block-paragraph\">[00:04:16] <strong>Nathan Wrigley:<\/strong> Okay. So given that we\u2019re going to be talking about hosting, I guess it\u2019s a good idea to paint your credentials and find out a little bit more about you. So a short opportunity to just tell us a little about you and your background in WordPress and hosting specifically, I suppose.<\/p>\n<p class=\"wp-block-paragraph\">[00:04:29] <strong>David Snead:<\/strong> Sure. So I have been working in the hosting industry since 1999. As I often say, I was working in the hosting industry when hosting was cool. It is not so cool anymore. In fact most people don\u2019t really pay attention to it.<\/p>\n<p class=\"wp-block-paragraph\">You know, and I started as a lawyer for a hosting company, and I was in-house counsel for a company that actually owned a hosting company and was one of the earliest hosting companies that specialised in shared hosting. And so I was their general counsel. And for some reason it stuck, and I\u2019ve just kind of turned it into a career.<\/p>\n<p class=\"wp-block-paragraph\">So after that I had a private practise as a lawyer and I worked with probably 50 different hosting companies, mostly writing policies that nobody ever reads, which makes me super fun at parties.<\/p>\n<p class=\"wp-block-paragraph\">And then from there, my friend Christian Dawson and I formed the i2Coalition as a response to some legislation in the US that would\u2019ve been kind of the death nail for internet providers. So we started the i2Coalition. I then went in-house for cPanel and worked at cPanel and WebPros for 10 years, and then started the Secure Hosting Alliance.<\/p>\n<p class=\"wp-block-paragraph\">[00:05:52] <strong>Nathan Wrigley:<\/strong> Okay. So you\u2019ve got all all the history. That\u2019s pretty good. You know, if we\u2019re going to talk about hosting.<\/p>\n<p class=\"wp-block-paragraph\">[00:05:57] <strong>David Snead:<\/strong> All the hosting history in one person. That\u2019s kind of a very scary idea, no?<\/p>\n<p class=\"wp-block-paragraph\">[00:06:02] <strong>Nathan Wrigley:<\/strong> But that\u2019s excellent. So do you still offer counsel? Is that still, so you haven\u2019t sort of sidestepped and do half of the week on a sort of more technical basis? It\u2019s still the legal side that you\u2019re involved in.<\/p>\n<p class=\"wp-block-paragraph\">[00:06:13] <strong>David Snead:<\/strong> I do. Right now I\u2019m doing mostly M&amp;A work for, it\u2019s weird. So I don\u2019t know if anybody has ever said this to you before, but web hosting is kind of like the Hotel California. It\u2019s like, once you start in the web hosting industry, you never leave. And so I have all these clients from 15 years ago who are now running like little baby hosts, and they\u2019re talking to bigger hosts and they want to get acquired. So I\u2019m doing some of that now. I am not writing any of the policies that nobody ever reads because that was just, I did that for too long.<\/p>\n<p class=\"wp-block-paragraph\">[00:06:51] <strong>Nathan Wrigley:<\/strong> There were too many moments parties.<\/p>\n<p class=\"wp-block-paragraph\">[00:06:53] <strong>David Snead:<\/strong> Yes, exactly. Yeah.<\/p>\n<p class=\"wp-block-paragraph\">[00:06:55] <strong>Nathan Wrigley:<\/strong> Okay, so I\u2019m going to read into the record the title and the blurb that went with the presentation that you are doing or done.<\/p>\n<p class=\"wp-block-paragraph\">[00:07:02] <strong>David Snead:<\/strong> I did it yesterday.<\/p>\n<p class=\"wp-block-paragraph\">[00:07:03] <strong>Nathan Wrigley:<\/strong> Okay, we\u2019ll get into that in a moment. So the title is coordinating the fight, cross industry collaboration, and the blurb goes as follows. WordPress hosting threats cross company lines. When one provider falls victim, the entire ecosystem suffers. This session explores how the Internet Infrastructure Forum, or IFF, enables hosting providers, registrars and registries to coordinate abuse response through real time intelligence sharing. Learn how operational collaboration helps responsible operators detect and stop attacks faster than adversaries can adapt. And why working together produces results no single provider could achieve alone.<\/p>\n<p class=\"wp-block-paragraph\">When I read that, immediately was, yeah, that\u2019s a really sensible idea. Why are we separately, as hosting companies, I say we, I mean the hosting companies. Why are they all trying to do the same work over and over again, separately? When presumably this aspect of the work, the security bit is something they all have in common.<\/p>\n<p class=\"wp-block-paragraph\">[00:08:05] <strong>David Snead:<\/strong> Right? So that\u2019s the fundamental question, right? So the IIF is a voluntary organisation that is made up of everyone in the infrastructure stack. So from registrars, registries, DNS providers, hosting providers, cloud providers, everyone in the stack. So it is facilitated by the Internet and Jurisdiction Foundation. They\u2019re based in Paris, and they\u2019re the actually the secretariat for it.<\/p>\n<p class=\"wp-block-paragraph\">And what it\u2019s designed to do is create a common way for everyone who\u2019s in the infrastructure stack to share information about abuse and abuse issues. And it\u2019s one of the fundamental problems that you referred to is everybody is operating in a silo, right? And that\u2019s mostly because that\u2019s the way the internet is architected, right?<\/p>\n<p class=\"wp-block-paragraph\">So the internet is architected, so it\u2019s distributed, right? Registrars and registries basically do their own thing with domain names. They might have a small hosting component or maybe a cloud component, but by and large, all they do is domain names.<\/p>\n<p class=\"wp-block-paragraph\">Hosting providers probably resell domain names, but they\u2019re not part of that industry. And so how do they all coordinate? And that\u2019s what the IIF is trying to facilitate, is more information sharing among the participants.<\/p>\n<p class=\"wp-block-paragraph\">[00:09:39] <strong>Nathan Wrigley:<\/strong> Well I imagine some of the hosting companies are probably fairly good. You know, they\u2019ve got a giant customer base. Let\u2019s imagine hosting company X over there, they\u2019ve got millions of customers. They\u2019ve got a huge budget that they can put over to, let\u2019s say, security things. Well that\u2019s all well and good, brilliant. But then there are other companies who are much scrappier. You know, they maybe have only a few thousand customers. And so their budget for the exact same work is going to be reduced.<\/p>\n<p class=\"wp-block-paragraph\">How will this work? Is it going to be like a subscription service basically? Will you have a membership, which is in some way equal to the number of clients that you\u2019ve got? Will there be some expectation that, okay, we\u2019ll look at your revenue, your membership will be equivalent to a percentage of your revenue? How will that all work?<\/p>\n<p class=\"wp-block-paragraph\">[00:10:20] <strong>David Snead:<\/strong> We don\u2019t know. This is a very early stage project. Right now we are in a prototype phase where we have just figured out what information folks should submit to the secretariat.<\/p>\n<p class=\"wp-block-paragraph\">So the way it works is, you submit the information that you collect for a particular abuse issue to the secretariat, who then enriches it with all the other information that\u2019s been submitted and sends it to the right person.<\/p>\n<p class=\"wp-block-paragraph\">So a great example is, let\u2019s say a registrar reported a phishing domain. They turn off the phishing domain and they have maybe a timestamp, an IP address where it was submitted from. They submit that to the secretariat, who then finds the hosting company who is providing the services for the hosting and says, this came in about this particular site. Can you take action on that? So that\u2019s the way it works.<\/p>\n<p class=\"wp-block-paragraph\">Right now it\u2019s very early stage. It\u2019s in the first phase of a test, and we\u2019re going to look at whether the way we\u2019ve architected it, or the way the group has architected it, actually makes sense.<\/p>\n<p class=\"wp-block-paragraph\">[00:11:39] <strong>Nathan Wrigley:<\/strong> Is this going to be then a sort of slow on ramp whereby you bring a few companies in at the beginning, hopefully. And then one or two more and iron out the wrinkles, and then some more and some more? Because I imagine, if you just threw the switch, everybody\u2019s in, a lot could go wrong at that point. And I\u2019m guessing there\u2019s going to be more of a slow on ramp.<\/p>\n<p class=\"wp-block-paragraph\">[00:12:00] <strong>David Snead:<\/strong> So you\u2019ve pointed out my particular frustration with the IIF, and the reason that the secretariat is moving slowly, right? So fortunately, or unfortunately, based on my cultural background, I\u2019m just sitting here going, this needs to move faster. We need to have everybody involved, we need to have all the hosts involved, we need to have all the registrars and registries. And other folks who are a little bit more skilled in this type of work say, no, we need to figure out what we\u2019re doing and that requires a small number of people.<\/p>\n<p class=\"wp-block-paragraph\">The phase that we\u2019re in right now is looking for more folks who are interested in sitting at the table and being part of the discussion. Particularly in the hosting industry and in the web design and marketing industry. Those are folks who don\u2019t generally participate in these kind of industry led collaboration exercises. And that\u2019s the reason that I\u2019m at WordCamp, is to talk to web designers, marketing agencies about why they should participate in something like this.<\/p>\n<p class=\"wp-block-paragraph\">[00:13:13] <strong>Nathan Wrigley:<\/strong> So this really isn\u2019t bound in any way to WordPress, is it? It just so happens that WordPress has a significant chunk of the internet, so this is a good place to start. But if you happen to be a, I don\u2019t know, Drupal user, or you\u2019re just into writing PHP code or whatever it may be, this is still applicable. There\u2019s no real WordPress layer to this. This is just a good place for you to come because, well, there\u2019s probably, what, 30 hosts, 100 yards away from us out there.<\/p>\n<p class=\"wp-block-paragraph\">[00:13:37] <strong>David Snead:<\/strong> I know. And I haven\u2019t seen all of them yet.<\/p>\n<p class=\"wp-block-paragraph\">[00:13:39] <strong>Nathan Wrigley:<\/strong> Yeah, there\u2019s work to do. But agnostic to any platform, basically.<\/p>\n<p class=\"wp-block-paragraph\">[00:13:42] <strong>David Snead:<\/strong> It is completely platform agnostic, yeah.<\/p>\n<p class=\"wp-block-paragraph\">[00:13:43] <strong>Nathan Wrigley:<\/strong> Okay. Okay, that\u2019s interesting. But WordPress is a, is certainly a good place to start.<\/p>\n<p class=\"wp-block-paragraph\">Now, I\u2019m imagining, if I was a hosting company and I was the chief executive, I definitely have some questions for you in terms of, okay, we\u2019re going to share our valuable intel with you, what are you going to do with that? How can we trust you? How do we know that the sharing is going to be done effectively and what have you?<\/p>\n<p class=\"wp-block-paragraph\">So I guess really what I\u2019m getting to is, what is the assurances or checks and balances that you, in the end, will hope to offer the host? That you can assure them that, look, if you hand us this body of work, you don\u2019t need to think about it again. You can trust us to do it honourably, effectively, collaboratively. You get where going.<\/p>\n<p class=\"wp-block-paragraph\">[00:14:26] <strong>David Snead:<\/strong> Yeah, yeah. And I suspect that you wanted to be a lawyer at some time, because that\u2019s one of the issues that we\u2019re facing. Information that can be shared freely, as an example, in the United States, might not be capable of being shared so freely in the European Union, or in Brazil, or in India or someplace like that.<\/p>\n<p class=\"wp-block-paragraph\">So one of the things that\u2019s being done, not by me, but by another group, another working group that\u2019s part of this, is analysing the legal issues around information sharing.<\/p>\n<p class=\"wp-block-paragraph\">The information that\u2019s being shared, to answer the proprietary and confidentiality question, is not proprietary or confidential information. So it\u2019s things like timestamps, domain names, IP addresses for the initial abuse submission. Things like that that really don\u2019t indicate some sort of company confidential information. And it\u2019s further abstracted into xarf, which is a language that\u2019s used for abuse reporting, that we all can share. And so I think that the only thing that would be of concern is whether that information is personal information that\u2019s subject to jurisdictional restrictions around the world.<\/p>\n<p class=\"wp-block-paragraph\">[00:15:48] <strong>Nathan Wrigley:<\/strong> Would the idea be that this organisation would do the remedial work? So is there any notion that, let\u2019s say for example, some sort of security problem was discovered by hosting company A over there, and they share that intel with you. Maybe the question is kind of asking, will you then appoint people to figure out what the patch is for that? Or is your idea just to, oh, red flag, we\u2019ve got this problem, now you all know about it. Is it just information sharing as opposed to fixes?<\/p>\n<p class=\"wp-block-paragraph\">[00:16:17] <strong>David Snead:<\/strong> Yeah, it\u2019s the latter. So the thing that we\u2019re solving for right now, so there\u2019s just one issue that, one abuse issue, that we\u2019re testing out and it\u2019s issues related to fake shops. And so the fake shop issue is the test abuse issue for the project, and where folks are sharing information. It\u2019s a particular problem right now with credentials harvesting. And so that\u2019s what we\u2019re trying to look at.<\/p>\n<p class=\"wp-block-paragraph\">[00:16:43] <strong>Nathan Wrigley:<\/strong> And how has the conversations that you\u2019ve had thus far, how have they gone? Has this been warmly received or are you facing a little bit of pushback?<\/p>\n<p class=\"wp-block-paragraph\">[00:16:50] <strong>David Snead:<\/strong> So, look, I\u2019ll be very direct with you. If something isn\u2019t just an immediate threat to them, it\u2019s very difficult to conceptualise why you should participate. And I am pretty used to answering that question simply based on the political work that I do with the i2Coalition. But once you talk about, so let\u2019s use fake shops as an example. Fake shops, and you\u2019re providing services to fake shops, actually has an impact on your bottom line.<\/p>\n<p class=\"wp-block-paragraph\">So if you are providing, let\u2019s say, payment processing to an entity that is running a fake shop, it very easily can make your credit card processing charges higher. It ends up eating bandwidth. It will tax your abuse resources.<\/p>\n<p class=\"wp-block-paragraph\">One of the things that you referred to initially is, you know, larger hosts have a lot of money. I wouldn\u2019t say they have a lot of money, but they have more bandwidth to handle a vast fire hose of abuse issues. Most smaller hosting companies might only get five or six abuse issues in a month. But if you have a fake shop, that\u2019s going to generate a huge amount of abuse, and it\u2019s taking away resources that you can use to actually grow your business. So that argument actually is relatively persuasive in getting folks to pay attention.<\/p>\n<p class=\"wp-block-paragraph\">I find that the business argument around abuse is a much more compelling discussion than kind of moral persuasion. I don\u2019t think moral persuasion works in the context of a community that is trying very hard just to keep their heads above water.<\/p>\n<p class=\"wp-block-paragraph\">[00:18:42] <strong>Nathan Wrigley:<\/strong> It feels to me from what you\u2019ve just said, and I could be reading too much between the lines, but it feels to me as if a good target audience would be smaller hosts to begin with, simply because they\u2019re probably going to be more receptive because they have less bandwidth themselves. And so would welcome anything that can make the burden of sharing this information easier. So 10 of the small hosts combined is, well, it\u2019s much bigger than each of them individually would be, whereas I suppose you\u2019ll have to get a critical mass of them on board until maybe some of the bigger hosts start to look at you with favourable eyes, let\u2019s say that.<\/p>\n<p class=\"wp-block-paragraph\">[00:19:15] <strong>David Snead:<\/strong> Well, so we have some pretty large hosting companies who are participating. So as an example, both GoDaddy and Newfold are participating. But we also have smaller hosts. But I agree with you, the information that\u2019s being provided, particularly since it is actionable, realistic information that can be adapted for bespoke systems, is invaluable, right?<\/p>\n<p class=\"wp-block-paragraph\">So if you only get five or six abuse complaints and you get an abuse complaint, and you can go to the secretariat and say, we got a complaint about this domain, and the secretariat says, here\u2019s what the registrar did. Here\u2019s what Cloudflare did. Here\u2019s the information they provided us. And you can use that to make a decision on how to address that problem. It saved you hours and hours and hours of research time.<\/p>\n<p class=\"wp-block-paragraph\">[00:20:09] <strong>Nathan Wrigley:<\/strong> Technically speaking, what would the conduit of information both toward you and away from you look like? So if I\u2019m hosting company X, how are you imagining that I will supply you with that information? But also, if I\u2019m just looking for information from you on a daily, weekly basis, whatever it may be, how do I receive that? Is this like a, I don\u2019t know, a website or an API or?<\/p>\n<p class=\"wp-block-paragraph\">[00:20:33] <strong>David Snead:<\/strong> It\u2019s an API. So it\u2019s a file. It\u2019s just a general file download.<\/p>\n<p class=\"wp-block-paragraph\">[00:20:37] <strong>Nathan Wrigley:<\/strong> Right, okay. So it\u2019s readily available 24\/7?<\/p>\n<p class=\"wp-block-paragraph\">[00:20:40] <strong>David Snead:<\/strong> Right. That\u2019s the goal. Right now it\u2019s not, but the goal is to kind of figure out a way to make something like that possible.<\/p>\n<p class=\"wp-block-paragraph\">[00:20:47] <strong>Nathan Wrigley:<\/strong> Yeah, okay. I also suppose that the hosting companies, whilst this is good for their business if they can minimise costs and hand a lot of this work over to you, there\u2019s a part of them which would also probably like to put some sort of badge on their website to say, this is what we\u2019re doing. We\u2019re part of this alliance, for want of a better word. Is that something that you are looking to develop as well, you know, some sort of credentialing system to demonstrate that you\u2019re in this?<\/p>\n<p class=\"wp-block-paragraph\">[00:21:12] <strong>David Snead:<\/strong> So that\u2019s not something that the IIF is working on. It\u2019s something that the Secure Hosting Alliance does. The Secure Hosting Alliance has a trust seal that we give to hosts who fulfil our Trust Seal Certification provisions. But that\u2019s not something that the IIF does.<\/p>\n<p class=\"wp-block-paragraph\">Talking about like why, other than business reasons, folks should participate in this, one of the things that is going on that I would suggest that most hosts know about, is there\u2019s a little bit of a moral panic going on in the world about what contents you have. And regulation is actually a very real thing for the hosting industry, who has not ever been regulated. This is the time where you can say, hey, this is what we\u2019re doing, right? We\u2019re dealing with issues. This way a trust seal is the same thing, right? It\u2019s something that you can say, we are actually taking steps to make the internet a better place.<\/p>\n<p class=\"wp-block-paragraph\">[00:22:18] <strong>Nathan Wrigley:<\/strong> I think if you are a general agency owner or, I don\u2019t know, just a freelancer, hosting is one of those things that you, once you\u2019ve done it once, you\u2019re in it for the long haul until something goes wrong. But you\u2019re also browsing around for any tiny indication of why is this host slightly different? You know, what is it that they\u2019re doing that, I don\u2019t know, is faster? What is it that they\u2019re doing that\u2019s more secure? So it feels to me if you had a credentialing system and I began to hear about it and see it pop up again and again, it would be one of the metrics which I would weigh up when looking at hosting.<\/p>\n<p class=\"wp-block-paragraph\">[00:22:51] <strong>David Snead:<\/strong> I would think so. One of the things that a trust seal does is it indicates that there\u2019s been some vetting of the host. That someone has determined the things that are important to the hosting industry and are important to the web design industry. The agency industry are also important to the host.<\/p>\n<p class=\"wp-block-paragraph\">Great example of that is one of the provisions of the Secure Hosting Alliances\u2019 Trust Seal Certification is that a contract is presented to the customer before they sign up, which is super customer friendly.<\/p>\n<p class=\"wp-block-paragraph\">One of the things as a lawyer that you hear about all the time when people are dissatisfied with their services is, yeah, well, I never saw that contract. Or it was just a hyperlink in an email that I got. That\u2019s one of the differentiators for a Trust Seal certified host is that the contract is actually presented to them, to the customer beforehand.<\/p>\n<p class=\"wp-block-paragraph\">[00:23:57] <strong>Nathan Wrigley:<\/strong> So in terms of the WordPress crowd, is this a thing that you are pitching only to hosts? Like when you step out of here, are you trying to have conversations only with hosts? Or is there some bit of the WordPress community, the freelance, the agency owners? Are you trying to communicate with them just to scope out what they need?<\/p>\n<p class=\"wp-block-paragraph\">[00:24:15] <strong>David Snead:<\/strong> So for both the Secure Hosting Alliance and for the IIF, it is that. I really enjoy talking to agencies and developers about whether this is important to them, or why it might be important to them.<\/p>\n<p class=\"wp-block-paragraph\">[00:24:31] <strong>Nathan Wrigley:<\/strong> In terms of how long this project\u2019s been going, I\u2019ve only heard of it because of your participation here, but I don\u2019t know if you\u2019ve been banging this gong for a decade or, I mean you\u2019ve been in the industry for long enough to have been banging it for decades. Is this a new initiative or is this something which has a long and storied history?<\/p>\n<p class=\"wp-block-paragraph\">[00:24:49] <strong>David Snead:<\/strong> So the Secure Hosting Alliance has only been active for a year, a little bit over a year. I\u2019ve been talking about abuse for a long time, but the Secure Hosting Alliance has only been around for a year.<\/p>\n<p class=\"wp-block-paragraph\">[00:25:01] <strong>Nathan Wrigley:<\/strong> And have you, in that year, got any intuitions that you\u2019ll be here for another year? Is it basically going in the right direction?<\/p>\n<p class=\"wp-block-paragraph\">[00:25:09] <strong>David Snead:<\/strong> It is going in the right direction. So we started out with two or three charter members. We now have 25 hosting members. We have three security vendors who are members as well. We have, I think, 17 Trust Seal Certified members, and we\u2019re launching in 2027 a trust seal for security vendors who provide services to hosting companies.<\/p>\n<p class=\"wp-block-paragraph\">[00:25:40] <strong>Nathan Wrigley:<\/strong> I know that several owners of hosting companies listen to this podcast. They may very well be the people that you\u2019ve spoken to already, but if they are not, and they are people who would like to investigate this further, I suppose the thing that\u2019s going to be in their head is, okay, Nathan and David, you\u2019ve explained what I\u2019ll get out of it, what do I need to put into it? So is this an annual financial commitment? How does it all work from that point of view?<\/p>\n<p class=\"wp-block-paragraph\">[00:26:02] <strong>David Snead:<\/strong> Yeah, so you become a member of the i2Coalition. And so the Secure Hosting Alliance is a working group of the i2Coalition. So you would be a general member and you would participate in the Secure Hosting Alliances\u2019 working groups. You also have the ability to participate in the i2Coalition as a whole, which is a much larger trade association that represents almost everyone in the internet infrastructure vertical. Mostly doing policy work, primarily in the US and the EU. Although there\u2019s, we\u2019re doing some work in India right now as well.<\/p>\n<p class=\"wp-block-paragraph\">[00:26:40] <strong>Nathan Wrigley:<\/strong> And does membership allow you to steer the future of the project? I know that lots of chefs in the kitchen results in terrible food, but that, I fear, is something that could happen. You\u2019ve got 87 members, 260 members. And then the 260 members all start to bicker and, you know, we want this, no. You see how it goes.<\/p>\n<p class=\"wp-block-paragraph\">[00:26:59] <strong>David Snead:<\/strong> I do.<\/p>\n<p class=\"wp-block-paragraph\">[00:26:59] <strong>Nathan Wrigley:<\/strong> What\u2019s the position there? You know, is there sort of gated levels of membership? How are you organising all of that?<\/p>\n<p class=\"wp-block-paragraph\">[00:27:04] <strong>David Snead:<\/strong> There are not. The membership is based on self-reported revenue. The membership is not horrifically expensive from my perspective. And I think that that, most of our members would say that it is, it\u2019s actually relatively affordable, particularly for the small to medium sized hosts. And registrars or design agencies, anyone who\u2019s participating.<\/p>\n<p class=\"wp-block-paragraph\">The question about, who\u2019s running the show, comes up quite a bit. We haven\u2019t really faced that issue, particularly in the Secure Hosting Alliance. Folks seem to get along. But the organisation runs on the idea of rough consensus. And so decisions end up not being controlled by one member or not. Some of the i2Coalition has some very large companies who everybody knows about, who get along with startups, and folks against whom they compete directly. And policies still get made. The organisation still moves forward.<\/p>\n<p class=\"wp-block-paragraph\">[00:28:11] <strong>Nathan Wrigley:<\/strong> Yeah, I guess you\u2019re in a space where, obviously all of these hosting companies commercially are vying for everybody else\u2019s business. But in this particular situation, that is not the case. Nobody\u2019s vying for their websites to be less secure. They all want the same level of security. So at least in that sense, you would hope that consensus could be maintained even if, commercially, the two companies that are in the room, the 10 companies that are in the room might be commercially at loggerheads with each other. At least on this they could agree. That would be the hope, I suppose, anyway.<\/p>\n<p class=\"wp-block-paragraph\">[00:28:47] <strong>David Snead:<\/strong> It seems to be, not only the hope, but the actual way that things work. You ask about how compromise is reached. What comes to mind is I have a much different concept of privacy than, particularly when I was at WebPros, than other folks in the i2Coalition had. And another company just called me up and we worked through our disagreements about how privacy should be handled within the i2Coalition and were able to move forward.<\/p>\n<p class=\"wp-block-paragraph\">The industry I\u2019ve found to be hugely collaborative, particularly the hosting industry. Everybody knows what their competitor is doing. But when it comes to addressing an issue like, how are we going to deal with abuse as a community? Folks come together. CEOs of hosting companies while they compete tend to be relatively good friends.<\/p>\n<p class=\"wp-block-paragraph\">As I said at the very beginning, it really is like the Hotel California, right? You come in as a CEO of a hosting company, you grow it and you sell it to another company. All of a sudden you\u2019re at the bottom again with a server in your grandma\u2019s basement, you know, trying to start again.<\/p>\n<p class=\"wp-block-paragraph\">[00:30:08] <strong>Nathan Wrigley:<\/strong> It\u2019s a really curious effort. I suppose really at the bottom of this entire podcast is your endeavour to be heard and to reach out and get some conversations going. So with that in mind, where do people find the information about this? So maybe there\u2019s a website that we could mention. But also, is there a specific place where you hang out? Is there a place where you would like to be contacted most?<\/p>\n<p class=\"wp-block-paragraph\">[00:30:33] <strong>David Snead:<\/strong> Sure. So our website is hostingsecurity.net. I\u2019m not too afraid of getting too much spam. So folks can email me at snead@i2coalition.com And the two is the numeral two. So it\u2019s snead@i2coalition.com. And I\u2019m happy to answer questions.<\/p>\n<p class=\"wp-block-paragraph\">In terms of hanging out, I am at most industry conferences in the hosting industry. In the WordPress industry, I\u2019ll be at WordCamp US. We also participate very heavily in ICANN. So there is an i2Coalition member at every single ICANN meeting.<\/p>\n<p class=\"wp-block-paragraph\">[00:31:12] <strong>Nathan Wrigley:<\/strong> So if you go to wptavern.com and you search for the episode with David Snead, S-N-E-A-D, you\u2019ll be able to find those details. I\u2019ll put everything into the show notes. So anything that I missed? Was there a particular focus that we didn\u2019t touch?<\/p>\n<p class=\"wp-block-paragraph\">[00:31:26] <strong>David Snead:<\/strong> No, this is actually one of the most thorough podcasts I\u2019ve been on recently.<\/p>\n<p class=\"wp-block-paragraph\">[00:31:31] <strong>Nathan Wrigley:<\/strong> That\u2019s love to hear it. Well, David Snead, thank you very much for joining me today.<\/p>\n<p class=\"wp-block-paragraph\">[00:31:35] <strong>David Snead:<\/strong> Glad to be here. Thanks for having me.<\/p>\n<\/div>\n<\/details>\n<p class=\"wp-block-paragraph\">On the podcast today we have David Snead.<\/p>\n<p class=\"wp-block-paragraph\">David has been involved in the hosting industry since 1999, starting out as legal counsel for one of the earliest shared hosting companies and going on to work with over 50 others. He helped found the i2Coalition, serve as in-house counsel for cPanel and WebPros, and now leads the Secure Hosting Alliance.<\/p>\n<p class=\"wp-block-paragraph\">If you\u2019re listening to this podcast, I\u2019m sure that many of you will have worked closely with hosting companies. Perhaps you run an agency or business that depends on the reliability, ethics, and security of hosting providers. David is here to talk about cross-industry collaboration in the hosting world, specifically around improving security, professionalism, and communication between hosts.<\/p>\n<p class=\"wp-block-paragraph\">The conversation focused on why and how the Internet Infrastructure Forum (IIF) is building a framework for real-time intelligence sharing and abuse reporting, aiming to help the entire ecosystem detect and prevent attacks faster than adversaries can adapt.<\/p>\n<p class=\"wp-block-paragraph\">David talks about the challenges hosting companies face, especially smaller ones, in keeping up with security, and how this evolving project hopes to ease this by sharing actionable, non-proprietary abuse information across registrars, hosting providers, DNS services, and more. He discusses the growth of both the Secure Hosting Alliance and the IIF, the business case for collaboration, and the nuances of legal and technical information sharing across borders.<\/p>\n<p class=\"wp-block-paragraph\">If you\u2019re in hosting, run a web agency, or just want to know how the backbone of the web is working to stay more secure and connected, this episode is for you.<\/p>\n<h2 class=\"wp-block-heading\">Useful links<\/h2>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/i2coalition.com\/\" target=\"_blank\" rel=\"noopener\">i2coalition website<\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/hostingsecurity.net\/\" target=\"_blank\" rel=\"noopener\">Secure Hosting Alliance website<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Transcript [00:00:19] Nathan Wrigley: Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley. Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in this case, building trust and collaboration in the hosting industry with the Secure Hosting Alliance. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11282","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"blog_post_layout_featured_media_urls":{"thumbnail":"","full":""},"categories_names":{"1":{"name":"Uncategorized","link":"https:\/\/4ksamachar.com\/?cat=1"}},"tags_names":[],"comments_number":"0","wpmagazine_modules_lite_featured_media_urls":{"thumbnail":"","cvmm-medium":"","cvmm-medium-plus":"","cvmm-portrait":"","cvmm-medium-square":"","cvmm-large":"","cvmm-small":"","full":""},"_links":{"self":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/posts\/11282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11282"}],"version-history":[{"count":0,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/posts\/11282\/revisions"}],"wp:attachment":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}