How would you protect files of a VPS (Virtual Private Server) from snooping by the service provider?

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      That only works if the decryption is happening on hardware you control. You can not trust any part of the VPS including the memory and CPU

      • fuzzy_feeling
        link
        fedilink
        arrow-up
        4
        ·
        3 months ago

        you can but an ssh server in your initramfs.
        dropbear-initramfs i guess was the name in debian.

        • boredsquirrel@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          3 months ago

          Pretty cool!

          Android and ChromeOS both also just use fuse for userspace (and user-files) encryption. This could totally be used too.

          But of course, if something is not on your RAM it is not safe

        • Zikeji
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          LUKS, or anything that relies on the server encrypting, is highly vulnerable (see [email protected]’s response).

          Your best bet would be encrypting client side before it arrives on the server using a solution like rclone, restic, borg, etc.

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          Yeah, at least the ones I used have some kind of console/terminal you can use and often you can access BIOS and reinstall the OS if you want.

      • JubilantJaguar@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.