Can you encrypt vps data so a provider could never access it?

[jackg]

This came to my mind recently because of how a lot of more centralised projects (like mixers and exchanges) can be attacked by law enforcement and taken down. I'm wondering if there's a way projects can be fully encrypted within a vps instance so the vps provider wouldn't be able to access the actual services running (but they'd still be easy to patch for the owner).

I was doing some related reading about a prototype for blockchain level cloud services and stumbled upon Intel SGX and AMD SEV which seem to offer hardware level encryption but I'm not sure of their scope and if keys could be snapshot.

[1714245705]

1714245705

[1714245705]

1714245705

[1714245705]

1714245705

[1714245705]

1714245705

[BlackHatCoiner]

For this very reason this was created: https://www.torproject.org/

If you're using a trustworthy VPS, that isn't going to screw you with the first chance, then route your traffic through Tor. Tor doesn't offer only privacy; it offers censorship resistance. Law enforcement can't shut down something they can't locate.

But, if you're asking if you can host your site to a VPS with it having zero access, then no. You either keep your files at your home, and run the website without this concern, or you trust someone else do it for you.

[LoyceMobile]

I don't think that's possible. The host can dump the memory and extract any decryption keys in there.

[jackg]

For this very reason this was created: https://www.torproject.org/

If you're using a trustworthy VPS, that isn't going to screw you with the first chance, then route your traffic through Tor. Tor doesn't offer only privacy; it offers censorship resistance. Law enforcement can't shut down something they can't locate.

I think to use tor you have to closely scrutinise how to set up bridges though? If you're not using a bridge, it's likely you'll be tracked by law enforcement or other entities running enough nodes (iirc, with tor, whoever wants their privacy protected the most normally has the resources to track everyone else - at least they have in the past when how many nodes your data hops was static a few years ago).

[DaveF]

No, at the end of the day it's on their hardware. And they can grab anything coming in and out of it. Since at some point in time you would have to input the decryption key for the machine to boot and you would have to do that at the console or at least virtual console level, they could grab it from there.

What you MIGHT and that is a big might be able to do is within your VM setup an encrypted disk. And through some creative encrypted tunneling set the decryption key.

But, as Loyce pointed out they could probably force in something either by reading the RAM.

I guess the other option is to host in a data center / provider that allows you to bring in your own hardware.

-Dave

[seoincorporation]

This is a tricky question... because I don't think the data need to be encrypted to block access from the provider.

You can change the Root password and the user password, that should be enough to block their access.

If you want to encrypt your database that's possible with: https://www.mysql.com/products/enterprise/encryption.html

If you want to encrypt your bash scripts, then shc is the right tool: https://linuxscriptshub.com/ways-encrypt-linux-shell-scripts/

And another nice way to make them confused is by changing the ports in the services.

So, I hope this information helps to make more secure your VPS.