Can the vps provider not read everything on your server, unless it’s explicitly encrypted?
I’m asking because I’m interested in self-hosting mainly as a way to get privacy respecting services where good hosted ones don’t exist. I’m not sure I really want to deal with running my own hardware
If it is in the RAM, they can read it. Since it is a virtual server they can freeze and clone the current state and connect to that copy and read all data that is currently encrypted/opened without you even knowing.
While this is technically true, there is no provider on the planet that can freeze state of RAM in a way that would be useful for this.
It’s technically feasible to recover data on a laptop’s RAM, but not from a virtualized multi-tenant instance tied to a specific user.
Dunno what rock you were hiding under but this is absolutely possible in a hosted environment. There’s even ESXi documentation on how to do it. Taking a snapshot can be detected, but can’t be prevented. These memory dumps can include encryption keys, private keys (such as SSL certificates) and other sensitive data.
Unless you can physically touch the drive with your data on it, I would not store any sensitive data on it, encrypted or not.
Technically a lot of the newer chips used in datacenters support encrypted VMs which encrypts the RAM too, although you still have to trust that the hosting provider uses that feature.
Irrelevant unless you own the key they are using for it
I’m assuming that would drive up costs, so not very many use it
They will offer it as an optional service and charge you for it. So yes they use it.