Can the vps provider not read everything on your server, unless it’s explicitly encrypted?
I’m asking because I’m interested in self-hosting mainly as a way to get privacy respecting services where good hosted ones don’t exist. I’m not sure I really want to deal with running my own hardware
Yes. Yes they can.
Good companies will have measures to ensure customer privacy, all the way up to ridiculous level stuff like keeping servers inside electrically touch-sensing cages with biometrically locked entrances that can only be entered with a customer representative present.
So generally there shouldn’t be a cause for concern with any respectable provider.
Then again, running a server at home isn’t that bad. My dad did it, he still does it, and now I do, too. We are each others’ off-site backup.
The main issue is usually whether you have access to a suitable internet connection. If you want to access your stuff out-of-home, that is.
The hardware can be almost anything. Depending on what you want to run, you usually don’t have to be picky. My machine was built, and gets upgraded, using dirt-cheap parts off the used market, always a couple generations behind the latest hardware.
The only thing I buy new are the hard-drives.
I have an old laptop I tried using, though it had some keyboard issues and it’s wifi is near dead, so I’d have to buy ethernet adaptors at minimum
A laptop is a great place to start.
I like using desktop components as I’ve been able to incrementally upgrade the ram, CPU, and drives as the years go by. A lot of people also really like using single board computers.
The only thing I’d recommend against are pre-built NASes. Theyre proprietary AF and so overpriced for what you get if you don’t need the handholding of the consumer NAS software.
One thing I recommend doing, is keeping step by step notes on everything you set up, and keep a list of files and folders you’d need to keep to easily run whatever you’re running on a new system.
That way, moving to a new system, changing your config, or reinstalling the OS is so much easier. A couple years down the line you’ll be thanking yourself for writing down how the hell you configured that one thing years back.
Almost every problem I’ve had was due to me not accounting for some quirk of my config that I’d forgotten about.
And that would apply with a VPS, too, if you end up going that route.
If it is in the RAM, they can read it. Since it is a virtual server they can freeze and clone the current state and connect to that copy and read all data that is currently encrypted/opened without you even knowing.
While this is technically true, there is no provider on the planet that can freeze state of RAM in a way that would be useful for this.
It’s technically feasible to recover data on a laptop’s RAM, but not from a virtualized multi-tenant instance tied to a specific user.
Dunno what rock you were hiding under but this is absolutely possible in a hosted environment. There’s even ESXi documentation on how to do it. Taking a snapshot can be detected, but can’t be prevented. These memory dumps can include encryption keys, private keys (such as SSL certificates) and other sensitive data.
Unless you can physically touch the drive with your data on it, I would not store any sensitive data on it, encrypted or not.
Technically a lot of the newer chips used in datacenters support encrypted VMs which encrypts the RAM too, although you still have to trust that the hosting provider uses that feature.
Irrelevant unless you own the key they are using for it
I’m assuming that would drive up costs, so not very many use it
They will offer it as an optional service and charge you for it. So yes they use it.
As soon as someone else has access to the hardware, assume someone else has access to the data. Depending on your threat model this might be acceptable. If you just don’t want <INSERT GENERIC EVIL BILLIONAIRE> snooping, I’d say a VPS is a perfectly valid solution.
I use a dedicated server, but in this regard it is similar to a VPS, and I carefully consider what kind of data I put on it. I wouldn’t put very private data on there. Simply because I see no need for it to be there.
I don’t have an explicit threat model beyond “I don’t want anyone able to read my stuff”. It just makes me uncomfortable and I find myself limiting what I’m able to put down. I’ll trust a provider or service if I must, but generally I just prefer things to be E2E and not worry about it
I use 2 VPN with my setup:
- The private one, hosted on a VPS (OVHcloud). I set it up my self. It’s a bit of work, as you need to take care of properly setting up firewall and reasonably security this server as it is directly facing the Internet. OVH provids some good guides on their website and you can find other resources. You can rent the lowest tire VPS and deploy Debian and Wireguard and you’re all set ! This VPN is for connecting to my NAS at home from outside, and also for secure Internet browsing from public WiFi. This is my own VPN for me and myself (plus my family to a lesser extent).
- The one for Torrenting exclusively Linux ISO of course. This one is a Nord on subscription, and the benefits is not really privacy IMO but rather to be drown into the traffic of thousands of other users.
