How would you protect files of a VPS (Virtual Private Server) from snooping by the service provider?

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      That only works if the decryption is happening on hardware you control. You can not trust any part of the VPS including the memory and CPU

        • boredsquirrel@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          3 months ago

          Pretty cool!

          Android and ChromeOS both also just use fuse for userspace encryption. This could totally be used too.

          But of course, if something is not on your RAM it is not safe

      • JubilantJaguar@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.

        • Zikeji@programming.dev
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          LUKS, or anything that relies on the server encrypting, is highly vulnerable (see schizo@forum.uncomfortable.business’s response).

          Your best bet would be encrypting client side before it arrives on the server using a solution like rclone, restic, borg, etc.

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          Yeah, at least the ones I used have some kind of console/terminal you can use and often you can access BIOS and reinstall the OS if you want.