Knowing the German government I’m not terribly surprised Hetzner was forced to comply quietly. But still, if they’ll do it for one user, they’ll do it for everyone. Really sucks.
There’s no provider that’s going to be more safe than Hetzner, tbh.
If a provider doesn’t comply, you’ll just get special services raiding their DCs instead.
And if you switch to a VPS provider, you’re even more exposed.
Set up CAA with proper restrictions, enforce CT for your clients and use proper full disk encryption to prevent them from placing implants on your server itself.
The linked research: http://notes.valdikss.org.ru/jabber.ru-mitm/
I have two dedis from Hetzner and I was somewhat satisfied with it. Oh my, it migh be that time of the year where I go shopping for a NUC.
Ahhh. Going after Russian services of course.
Knowing the German government I’m not terribly surprised Hetzner was forced to comply quietly. But still, if they’ll do it for one user, they’ll do it for everyone. Really sucks.
There’s no provider that’s going to be more safe than Hetzner, tbh.
If a provider doesn’t comply, you’ll just get special services raiding their DCs instead.
And if you switch to a VPS provider, you’re even more exposed.
Set up CAA with proper restrictions, enforce CT for your clients and use proper full disk encryption to prevent them from placing implants on your server itself.
Just buy a raspi to check the certificates periodically :>
Had a friend that got a cheapo Gigabyte NUC and he needed to use a dummy HDMI for it to even boot. As it, it wouldn’t boot w/o a monitor. Take heed.
That’s a pretty meh problem though. It’s the whole reason dummy HDMI’s exist.
Alwyzon is nice. Good ping times.