All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Where to host my data? Seeking privacy-minded VPS
Hey everyone,
I've been DDG'ing (still doesn't sound right), and while there are a lot of posts to get advice from inhere, I can't seem to find that golden answer.
Currently I'm hosting my stuff at LeaseWeb. I have no complaints about them, and their service is phenominal. They even upgraded my VPS without charge (except for the new monthly price). However, LeaseWeb is located in the Netherlands - 8th eye in the infamous 9 eyes, and thus part of the 14 eyes.
My threatmodel is not per-se on defqon 1. My issue is more or less selfdiagnosed paranoia and an eagerness to just have my own data placed somewhere it's not being snooped at. I know this is nearly impossible, but I'd like to think I did atleast attempt to put up a fight.
I've then been looking at Icelandic and Swiss VPS's but after looking at some of the posts here, they don't seem like a viable choice, as Icelandic traffic goes through UK (and thus GHCQ), and the Swiss have new laws that allow their agencies to snoop on my data whenever.
Finland doesn't seem so attactive as their Russian neighbour is a bit untrustworthy just to put it mildly.
Will I have to go Eastern Europe, like Czech, Romanian, Hungarian, or Polish? Is Luxembourg safe? Or will I have to explore more or less shady Panama or the likes in South America?
Besides a VPS recommendation, I would also like to hear the theory behind being safe. What defines a solid choice - like Iceland is not a good choice because of the traffic goes through UK/GHCQ.
Thanks!
Comments
Id still say Swiss is very privacy friendly. Go with Swiss^^
huh, you don't know Finland....
anyway, on the internet there is no place safe. hey, look behind you.
BOOOO
This is why I'm posting. Could you explain why Finland is a viable choice and why one shouldn't be worried that Russia will pick up any traffic from a neighbouring country? I'm really just curious and want to learn. Thanks!
check networking routes....
if you have nothing to hide then you'll find with just about anywhere that has a privacy agreement. On the other hand if you are doing something fishy/tricky then BOOO
Forget VPSes, get a dedicated server, set up full disk encryption. Use only encrypted protocols to transfer data in/out. And then which country you choose won't matter as much.
Traffic from EU/US will not route through Russia to reach Finland. From Asia, very unlikely, a very minor portion might.
So, you are concerned about all those governments spying on you, but you are OK with a shared environment, on a hardware you don't control?
Colo your own hardware.
Full disk encryption, as mentioned above, is a way to go. It's a huge PITA though.
By the way, stop being so paranoid. All providers in all countries store metadata for various purposes… DDOS protection and abuse prevention being just few of these cases.
Naturally, I can't disclose where in public, but most countries with a secret agency do perform wire tapping. In the Netherlands, that's AIVD, in Germany the BND, in England the GCHQ. Does not matter anyway. Point is, it's high unlikely you find a network which does not traverse any of those wire tapes. Whenever something runs over an IX or a Tier 1, you can generally not be assured it's not sniffed.
If you want to store some data and get it to and from there without everyone seeing it in the first place, set up an encrypted partition on your VPS and run an encrypted tunnel. I would refrain from using anything similar to diffie-hellman. You'd be looking at something like RSA with 4096 bytes key size or AES with 256 bytes. If you're completly paranoid, you could stack tunnels and encrypt the encrypted traffic of the inner tunnel.
Keep in mind though. If you get that data from somewhere on the internet, then again, this is entirely pointless because it at some point will traverse someone's backbone unencrypted and there's chances there's a wiretapping in that particular one. Traffic has to be decrypted at some exit point (that can be a satellite ground station in Pakisation too though).
So, what I'm saying, the underlaying network, nor the location are too relevant. There's not this one place where you put your data and nobody will be able to gather it. You can even colocate in a swedish bunker, but again, their traffic crosses hundreds of miles in the country where it could be sniffed, or simply at the handoff in another datacenter, or in their upstreams' backbone...
This generally makes not a lot of sense though. If you have data that interests anyone, then do full disk encryption like @FHR said and put the disks in a safe at your house.
Just my 2 cents.
Thanks for your replies so far.
Just to clarify, I don't have anything shady or illegal going on at my current server. I'm not running a seedbox, and my metered traffic has never exceeded its limit. Not even close. I merely run a few services (like Mastodon) and some 10-ish websites. So the data published aren't a big secret. If they were, I would probably do things a bit more old-school and analog. Or use Tor.
For me it's just a matter of principle. If I can... (in lack of a better term) protect my data better, then I would love to. But if you're saying that moving servers from .nl to, ie, .ch isn't going to give me much, then I will probably just be satisfied with that I have.
Self-hosting isn't really an option for me. My country has session-logging implemented by law, which I would like to avoid entirely by seperating my services from my country.
OP, just don't do anything illegal. You'll be fine wherever you are. Trust me, the 5 eyes don't care about your scat porn collection.
https://www.bahnhof.net
For one thing get a dedi rather than a VPS. For another you can probably assume all cross-border traffic is being monitored. I like to imagine that internal traffic in at least some countries isn't monitored as much, but maybe I'm wrong about that.
Or the fact that VPS encryption is nearly null if the host node can just dump your VM memory space and extract your keys from it..
Disk encryption might be a bit safer on a dedi but you still need an unencrypted boot partition which can be backdoored. You need physical control over the hardware or your data is never completely safe.
Host it in your basement. It's the most secure place.
Will my mom's basement do?
privacy? maybe go back to 1920. or live under a rock like patrick.
Just want to add one more cent to that:
People usually use 4096 bits RSA and 256 bits AES;
I consider ECDHE+AES as quite safe, or could you please elaborate?
Cryptography is pretty good for protecting the contents of your traffic, but for bulk surveillance purposes, contents don't matter very much and they are mainly after metadata (search for the phrase "we kill people based on metadata"). TOR is designed to help secure metadata, but it's probably compromised and in any case it can only handle relatively low amounts of traffic.
you won't have privacy even at your home...
Just assume it from the moment you plug it to the Internet and you'll not be disappointed.
We've updated our privacy policy.
Sorry, you're right. It's bits and not bytes.
Dig a hole in the ground and put your server in it. Done!
Do you really think that any government agency would want to look into your stuff? They have many better things to do I'd think.
Of course they won't. They just scrape it and store it indefinitely to see if their analysis tools can extract anything interesting somewhere in the future which might very well be a false positive since as you said noone is actually going to look at it.
Yes. Google the phrase "collect it all".
Of course they have better things to do. But they would rather be Big Brother, so instead of doing those better things, they put ridiculous amounts of resources into monitoring people's communications on no grounds at all.
Actually they do not have have "better" things to do anymore. People need jobs and since the private sector will not hire complete brain dead morons the Govt does and they snoop through shit, since so many people now a days can not, or will not mind their own damned business. Too many snoopy people anymore, that need to know what their neighbors are doing.
Besides most of it can be done through programs looking for certain things. They look for patterns and other things. When it finds some it flags it and alerts some one.
Safest way to store stuff is on a firewalled, encrypted, totally isolated system that never sees a network. Disable all USB ports, HDMI, Firewire anything that some one could use as an entry point. Then put it in a bomb shelter and lock the door, with titanium bars that lock the door like a safe. Make sure you jam all cell signals, wireless, radio, Tv waves, EVERYTHING!!!!
Then you might be safe and private, notice I said MIGHT!!!!!
Actually i was going to put a longwinded and essentially pointless rant here but let's just say i couldn't agree more and that whatever is technically possible will be used for spying purposes.
No need for that. They can just store it in a warehouse without examining it at all. Then years later you might post something on a forum that's unflattering to el presidente (whoever that might be at the time). El presidente asks "what have we got on this guy?", the NSA digs out the stored data and finds something, and poof, you are an enemy of the people and must be "rehabilitated".
I can recommend Turkey, home of democracy and press freedom. You can not go wrong with them.
I am trying to understand the threat model, which was not well defined. It is difficult to make a recommendation if we don't understand what @hgohgoh is worried about. Can he or she list a few threats of concern, along with examples?
etc. ...
As others have tried to point out, the fact that hgohgoh requires a VPS means that some threats do not have mitigations, such as this one:
The truth is that nobody knows the true extent of surveillance and monitoring activities performed by governments and others throughout the world. Due to this lack of information, it will be very difficult to find a good VPS location. Some of the poorest nations in the world have invested in very modern surveillance and hacking technologies. Some governments with rich histories of freedom, human rights, and the rule of law may turn out to be the most egregious violators of those self-same rights and laws.
I openly wonder if such a place exists. Those who use VPSs or encryption will stand out from the crowd. Among the general population, only the tiniest fraction has heard of VPSs or could understand the explanation. They don't use encryption either.
There is no mitigation for that unless you hacky stuff like TOR. Encryption does absolutely zero to inhibit them from monitoring and recording your internet traffic. All it does is stop them from understanding the traffic content. They record it anyway, and the metadata usually tells them much more than the content would. Content is almost irrelevant to surveillance schemes. It's all about metadata. The cypherpunks of the 1980s-90s spent decades trying to protect completely the wrong thing. Oh well.