How would you protect files of a VPS (Virtual Private Server) from snooping by the service provider?

    • fuzzy_feeling
      link
      fedilink
      arrow-up
      4
      ·
      2 months ago

      you can but an ssh server in your initramfs.
      dropbear-initramfs i guess was the name in debian.

      • boredsquirrel@slrpnk.net
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 months ago

        Pretty cool!

        Android and ChromeOS both also just use fuse for userspace (and user-files) encryption. This could totally be used too.

        But of course, if something is not on your RAM it is not safe

      • Zikeji
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        LUKS, or anything that relies on the server encrypting, is highly vulnerable (see [email protected]’s response).

        Your best bet would be encrypting client side before it arrives on the server using a solution like rclone, restic, borg, etc.

      • lud@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        Yeah, at least the ones I used have some kind of console/terminal you can use and often you can access BIOS and reinstall the OS if you want.

    • JubilantJaguar@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.