[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] VPS provider

On 09/25/2012 04:00 PM, irregulator@xxxxxxxxxx wrote:
> On 09/25/2012 10:18 PM, Matthew Finkel wrote:
>> On 09/25/2012 01:42 PM, Flo wrote:
>>> +1
>>> This.
>>> The problem is especially on container-virtualizations like OpenVZ is
>>> that the admins of the hostnodes must just type something like 'vzctl
>>> enter 123' and they have a shell in your VPS...
>>> So you should have at least Xen/KVM where you can use encryption
>> Yes! Sadly there aren't too many KVM hosts, but providers are slowly
>> offering more options. Xen has been stable for a longer amount of time,
>> so there are more options available for that, Linode, et al.
>> I personally have KVM boxes from http://buyvm.net/ and
>> http://arpnetworks.com/, at times they leave something to be desired
>> with regard to performance, but overall I have no complaints related to
>> service or uptime. I don't currently use them for Tor related purposes,
>> but if they're not going to serve as exit nodes, anything else shouldn't
>> cause a  problem (except bandwidth, as was noted). I'm planning to
>> contact them in the future to determine their stance on Tor and see if I
>> can move forward with some ideas I have, but that remains to be seen.
> Hey people
> I was under the impression that everyone having physical access to a
> running machine can get access to the operating system as well.
> Encryption makes no difference for a running computer, since cold boot
> attack may be used to dump the keys from memory. What's more, in a
> virtualization environment i guess that would be easier.
> If the above statements are generally correct, then you should trust a
> VPS provider, as long as you trust the administrator of the host machine
> *and* everyone else having physical access to it (for example the
> datacenter).

The above is true, for as much as I know, for the most part, but it
really depends on the situation and the purpose of the VPS. Using a
container-like VM provides very little guarantee as to who may have
access to data contained within. As you said, this is not limited to the
immediate VPS provider's staff, either.

Similarly, for the emulation implementations the data is nearly never
100% secure. However, the information that is stored on this type of
system is a key factor into whether or not it is safe enough to use a
third-party provider. It's not the case that the data is secure when
using KVM/Xen vs OpenVZ/Linux-VServer, only that is is more secure. ;)
tor-talk mailing list