0

What is the optimal way to protect my data (db and source code) from my hosting provider?

Would using an encrypted volume, such as truecrypt, suffice? However - for my program to access data on the encrypted volume, it needs to be unlocked and mounted - does this make it pointless?

I've heard of homomorphic encryption, but: A) I have no idea where to start, and B) I'd need to decrypt the data before presenting it to the rightful origin/user

Of course, there isn't a way to make it entirely secure, I'd just like to defend it as much as possible, and hopefully make it non-viable for anybody to view/steal it.

--Update---

For example, would a veracrypt volume provide any level of defence against the provider, at all?

(Not having a VPS is not a valid answer, sorry Tom) :)

Thanks.

Glenn
  • 35
  • 2
  • 7
  • 3
    "Not having a VPS is not a valid answer, sorry Tom" - actually it is. The point is -. you need to understand enough of computers to analyze attack vectors to realize that any vps provider means you have ZERO control over the hardware. You literally ask "if I send a packet by UPS, how can I make sure the delivery driver does not touch it" - impossible. Then say "saying it is impossible is not a valid answer" - delusional. Reality does not care what you think. – TomTom Apr 22 '21 at 14:03
  • I think my question is more like: If my parcel is opened by UPS, how can I verify that they have no feasible way of discovering what the contents actually is – Glenn Apr 22 '21 at 14:23
  • "actually it is" - implying that I self-host is not helpful in this situation, that all :) ... In fairness, you mentioned Hyper-V clusters and have explained the issues with using a VC volume. I'm now under the impression that a VC volume would provide a level of security, because the provider won't be able to access it for any mundane reason; they will need to invest time, intercepting packets, which is exactly what I'm after. Thanks :) – Glenn Apr 22 '21 at 14:31
  • "which is exactly what I'm after" - no, it is not. If you read your question and title you will find out that if that is what you are after, you lied to us. Delaying is not optimal way. Depending on what you do, it is NOT EVEN A LEGAL WAY. – TomTom Apr 22 '21 at 15:11
  • Not legal, eh!? "What is the optimal way to protect my data from my VPS provider?" this is elaborated on by: provider won't be able to access it for any mundane reason; they will need to invest time, intercepting packets, which is exactly what I'm after. I'm not sure how that's a lie, my good man! – Glenn Apr 22 '21 at 15:25
  • "Not legal, eh!?" yes, i.e. if you process medical data. You may not understand english enough, but I said "depending on what you do" - a lot of data requires specific protection (which some VPS providers offer) and "I used some encryption to delay the use" is not a legal protection. "won't be able to access it for any mundane reason;" - nice you make this up, but this is NOT PART OF THE QUESTION AS ASKED. Your stated goal is making it non-viable, not delay is against "mundane attacks". Yes, you rean redefine your question, but answers are on questions asked. – TomTom Apr 22 '21 at 17:42
  • Apologies, 'non-viable' and a defence against 'mundane attacks' seem loosely synonymous to me. – Glenn Apr 22 '21 at 20:20
  • BTW, I didn't say anything about medical data. I'm not processing especially sensitive data (well payment info, and tel, address info etc. So yes, sensitive, but not as sensitive as medical info...) I just don't want the possibility of having the company, or any individual held liable, if our users shared copyright protected info, on the platform. It'd also be nice to promote whistle blowing on the platform, and for that we need a pretty solid host, it seems. (see: Parler, Wikileaks, TPB) – Glenn Apr 22 '21 at 20:29
  • Ah, look, this is a place for professionals. There are 2 widely seen protected categories of data: Medical, Financial, Personal. If you have any EU people in your database, then Personal data applies AT LEAST. Being ignorant of your legal obligations is irrelevant. – TomTom Apr 22 '21 at 21:09
  • "I just don't want the possibility of having the company, or any individual held liable," - but you ARE. Period. "It'd also be nice to promote whistle blowing on the platform, and for that we need a pretty solid host, it seems. (see: Parler, Wikileaks, TPB)" - and that is irrelevant to the question. See, they handle this in another way. – TomTom Apr 22 '21 at 21:10
  • What way might that be? Bahnhof apparently hosted wikileaks and tpb in their bunker. Lol – Glenn Apr 22 '21 at 21:13
  • Not providing service references here. Do you ever bother with site rules? – TomTom Apr 22 '21 at 21:22
  • I've not read the rules. Not sure where they are. Reference: https://www.huffpost.com/entry/wikileaks-server-teen-dads-money_n_3920913 – Glenn Apr 22 '21 at 21:39

1 Answers1

1

Not HAVING a VPS provider.

And I am not snippy. THere is no way to protect a VPS from the people running the hardware. There are some theoretical ways but - at the end someone needs to allow access. I.e. your encryption - how the heck would the program decrypt the data? See, with physical access I can make a backup and spend a lot of time cracking. They key must be somewhere on the VPS image, or?

There are some ways in i.e. Hyper-V clusters to protect images from being exported, but again, the provider has access to the hardware.

Generally you ARE protected by the hosting provider. Contracts and the fact that you are irrelevant between hundreds of thousands (possibly) of machines.

I'd just like to defend it as much as possible, and hopefully make it non-viable for anybody to view/steal it.

And you are willing to pay a SIGNIFICANT price for that, both possibly in hardware (yes, hardware, SCM rental is expensive) and / or making your programming possibly 5 to 10 times as expensive? Because that is what we talk about - encrypting everything is fine, but it also means decryption when it needs to be accessed, the keys STILL somewhere on the platform for anyone with a debugger.

The SysAdmin / VPS host is the one attack vector extremely hard to defend against.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • Thanks, sincerely appreciate your response. Would a veracrypt volume provide any level of defence against the provider, at all? I don't mind paying more for a more computationally expensive set-up. Yes - defended by contracts is great, but most of the main-stream host privacy policies, aren't great - for example, they contain clauses that allow sharing your data with various authorities without even notifying you/the company leasing the VPS! The is certainly true with Digital Ocean - who can share customer data with the US authorities for almost any reason, even if you, company and... – Glenn Apr 22 '21 at 13:38
  • the VPS are located outside of the US! (Clearly this is because they are a US company, but this is not good for a privacy perspective, at all.) – Glenn Apr 22 '21 at 13:40
  • "Would a veracrypt volume provide any level of defence against the provider, at all?" - how does it decrypt? See, can be intercepted. – TomTom Apr 22 '21 at 13:49
  • Well, that's the case for anything, isn't it. I've heard that everything travelling across the internet back bone is recorded. – Glenn Apr 22 '21 at 13:59
  • I'm trying to figure out if the VC volume will only be encrypted when the volume isn't mounted/in use. I.E. Is it accessible in plain-text for the VPS provider when in use? If yes, then it provides next-to 0 defence from access by the provider. – Glenn Apr 22 '21 at 14:01
  • Ah, who cares about that - given that encryption is standard. That makes this statement ignorant. Btw, as does the data volume. I can promise you that statement is false, there are TERABITS going through PER SECOND. Point is that Virtualization means you can EASILY intercept ON THE HARDWARE LEVEL. – TomTom Apr 22 '21 at 14:01
  • "I'm trying to figure out if the VC volume will only be encrypted when the volume isn't mounted/in use." to figure THAT out - READ THE MANUAL. – TomTom Apr 22 '21 at 14:02
  • Fair enough. It specifies [OTF encryption ](https://www.easytechjunkie.com/what-is-on-the-fly-encryption.htm). "information is read and written while encoded, so at no point is any information that is stored on the drive not protected and encrypted." - that sounds like homomorphic encryption, so, either my link's erroneous, or I've misunderstood it. ? – Glenn Apr 22 '21 at 14:18
  • I guess it doesn't get processed whilst encrypted, and when it's read, it is decrypted? – Glenn Apr 22 '21 at 14:33