Cloud, VPS, and dedicated server providers

[djzort]

title edited by @nylira 2013-08-15

I think, personally, that the assumption that AWS, Rackspace, HP Cloud etc are in any way 'safe' is a dangerous assumption. Who has access to the live systems of my business or personal software running on these services? Who has access to snooping data in transit? Who has access to whats in RAM or on HDD?

Are there alternatives that provide some or any assurance of data security both on disk, in memory and in transit?

[nylira]

The best alternative is storing your cloud data on your own server. I'm thinking of adding a section for this. Thoughts, anyone?

[Zegnat]

My thoughts. Disclaimer: these are based on things I have read and not what I am doing myself.

There is very little you can do about this except running your own server, in your own house, under your own physical control. And there are indeed people who resort to that (Falkvinge.net).

This is of course out of scoop for most people. The next best thing would be to rent place in a data centre somewhere. Then set-up a server there. This will likely be just as advanced (or maybe even more) as running it from your house but you would be able to get slightly more uptime and bandwidth (probably). Of course this will make the hardware more easily accessible by third-parties.

If you want to go for something easy maybe a service like Macminicolo.net (probably not them though, as they are U.S. based) where you get to use the service provider’s expertise in running servers but still use your own hardware. I haven’t read their specific services agreement but as you are the owner of the hardware even if everything else is theirs it would be illegal for them to access anything without prior consent.

In none of the clouds @djzort mentioned (or any of them I know of) will you own the server space you use. I think that’s the biggest problem, legally speaking. Even though you retain all the rights to your files – yada yada yada – the company owns the hard drive you store them on, the computer the hard drive is in, etc. You want to get as close to owning all the infrastructure starting with your files up to the internet connection.

---

Ultimate option: become an ISP buying your broadband directly instead through others, build two data centres, become a SysAdmin, build two servers, build a back-up solution between the two servers in the two separate data centres. Maybe also become a certification authority (CA) so you can sign and validate the SSL keys for your server by yourself.

Best option: get in touch with your ISP and see if they allow you to run your own server (else switch to another one) and set-up a server in your own house. Maybe you will want to run it over a VPN so from the outside your home IP address is not obtainable. (Running over TOR and making it all a hidden service would also be possible.) You can still use existing services for your off-location back-ups, just make sure to encrypt everything before sending it off.

[nylira]

In-progress list for the new Cloud Infrastructure section:

Proprietary: Amazon Web Services Google App Engine Microsoft Windows Azure Rackspace HP Cloud

Free: Rent a dedicated server outside the USA Rent a VPS instance outside the USA Run a server from your home

[Zegnat]

Should a list of other discouraged countries be included?

For example, people might not want to use Swedish servers due to FRA (Wikipedia.org) ‘that authorizes the Swedish Defence Radio Authority to warrantlessly wiretap all telephone and Internet traffic that crosses Sweden’s borders.’ (Emphasis mine.) Unless they are themselves within Sweden, then they probably shouldn’t use servers outside of Sweden. (Note: I guess SSL encrypted web traffic would counter this, but I can’t find any sources on that.)

[nylira]

Remember to reference YunoHost: https://github.com/nylira/prism-break/issues/89

[tuliogit]

A Cloud alternative: Unhosted. https://unhosted.org/ Reviews: http://scottbw.wordpress.com/2012/08/29/unhosted-building-web-apps-without-servers/ http://readwrite.com/2010/12/24/unhosted#awesm=~ocDcKWQRp0K4B0

[tuliogit]

I like the idea of a "discouraged countries" list. Check this for a start: https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29#Responses_and_involvement_of_other_countries I guess Australia should be part of the list, also because of it's long term participation in surveillance program ECHELON: https://en.wikipedia.org/wiki/ECHELON Information leads to two Israelly enterprises involved with PRISM. Also, Wikileaks' The Spy Files shows that Israelly enterprises also are big makers of surveillance utilities: http://wikileaks.org/The-Spyfiles-The-Map.html Also: Israelly govt. is said to be involved in the Stuxnet case: https://en.wikipedia.org/wiki/Stuxnet Therefore, I wouldn't trust servers in Israel. Canada should be part of the list: https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#cite_note-82 Germany showed "surprise" with PRISM revelations. But Germany actually USED Prism information: http://www.spiegel.de/politik/deutschland/bild-bericht-bundeswehr-soll-von-prism-gewusst-haben-a-911531.html Germans even have their own spying program: http://www.npr.org/blogs/parallels/2013/06/22/194299389/Privacy-In-Germany http://www.spiegel.de/international/germany/berlin-profits-from-us-spying-program-and-is-planning-its-own-a-906129.html More here: http://www.spiegel.de/international/world/german-intelligence-worked-closely-with-nsa-on-data-surveillance-a-912355.html The lapdog germans even spied Middle East traffic for US, and even filtered the content before sending it to NSA: http://www.nytimes.com/2013/07/10/world/europe/for-western-allies-a-long-history-of-swapping-intelligence.html?pagewanted=all&_r=0 United Kindom has its own spying program, called Tempora, and also shares information with PRISM: https://en.wikipedia.org/wiki/Tempora http://endthelie.com/2013/06/21/revealed-british-intelligence-agency-secretly-accesses-the-worlds-phone-calls-internet-traffic/ France also has its own ilegal spying program: http://www.lemonde.fr/societe/article/2013/07/04/revelations-on-the-french-big-brother_3442665_3224.html More here: http://www.csmonitor.com/World/Global-Issues/2013/0705/France-another-snooping-state-says-Le-Monde And Here: http://www.huffingtonpost.com/2013/07/04/france-spying_n_3546226.html New Zealand is also part of the five eyes aliance: http://www.stuff.co.nz/national/politics/8782798/Expert-says-Kiwis-under-constant-surveillance Another 25 countries can be found here: http://bits.blogs.nytimes.com/2013/03/13/researchers-find-25-countries-using-surveillance-software/

[tuliogit]

About skype-like server-side substitutes. I've been using jit.si for XMPP. With Jitsi, it supports everything, even video calls. But when it comes to Android, the XMPP client, "Xabber", only supports chat. So I need to have a SIP account, for which I chose ostel.co. It's a server run by the Guardian Project, which makes some apps mentioned here, Orbot included. As long as the protocol AND the app supports END-TO-END encryption, I wouldn't mind about the location of the server. I'd like to see the "discouraged countries" list for cloud computing purposes, since cloud computing is indeed a necessity for some enterprises, it indeed saves money, so this list would indeed be usefull for reducing risks when hiring these services.

[DavidCWGA]

I suggest https://www.moln.is as a recommended VPS provider. From their press page:

Moln.is is a VPS (Virtual Private Server) provider that cares about its users. All of our efforts has gone into making a solution for data privacy, not only in a technical way. Besides providing a highly efficient and scalable service, we've made sure that your data is your data.

The user gets full console access to the machine. You can encrypt your drives with passwords only you know. The servers are placed in Sweden, a country that has sane privacy laws regarding your data. Our company policy is to keep no logs of the individual users.

[gertvdijk]

I'd suggest the in the Netherlands based CloudVPS. They're active on the privacy topic and recently also publicly announced they are refusing the requests of the NSA or any other foreign (non-NL) governments. The company underlines their terms of service in which they state to only provide the Dutch government information if a court order or law says so.

See also their blog articles about privacy:

• Privacy Issues for European Data because of NSA - PRISM Disclosures
• CloudVPS introduces Data Ownership Guarantee

[annonman]

RAMNode has VPS available in the Netherlands.

[DavidCWGA]

But RAMNode themselves are an American company.

[tuliogit]

therefore, RAMNode is NOT secure either. It is known that NSA may require cooperation, including gag orders, from american citizens who operate servers ANYWHERE. Check the videos of interviews with Lavabit's owner for more details. This means that not only the company needs to have servers outside unsafe terrorist countries, but the owners and the whole staff needs to be citizens of safe peacefull countries, or at least have a refugee status already recognized for them and anybody they care about.

About Moln.is : it is UNSAFE too, just like anything hosted in sweden, because of tge FRA law. http://en.m.wikipedia.org/wiki/FRA_law

[tuliogit]

The world is mostly made of people who cannot afford to pay for VPS and/or VPN. By the way, both technologies are, by nature, unsafe. So I propose we quit the useless VPS list discussion. The "unsafe countries list" may have its uses, but still, we should center our attention on solutions that subvert the corrupt client-server arquiteture.

[annonman]

VPS starts at about 5 bucks a month.

http://lowendbox.com/

This is a very valid thread considering the server OS and FOSS server packages listed on the homepage.

[011010101101]

Zegnat suggested running a server inside one's house, which is (IMHO) much smarter than using a VPS provider if it can be done practically. This is especially true if the computer has got to handle your own personal data and it's going to be in RAM unencrypted, or it has to handle your encryption keys. (If your data is encrypted and the keys won't be stored on the VPS, then sure, go ahead and use one.)

This does not necessarily have to be expensive! Consider the Raspberry Pi for example. It is < $50 to buy and the yearly 24/7 operating power costs should be low as well. This could be a good start for many people.

Hosting a server at home does open one up to some unique risks: for example storm troopers blowing down your front door if they don't like your traffic! OK, not storm troopers, but you get the idea. People have had all their computer hardware, cell phones, game consoles, etc seized for running Tor exit nodes out of their houses. This is very unlikely, but it's good for people to understand the worst case scenario.

As well, it is against the Terms of Service for most ISPs to run a server on a residential internet connection ("server" is not really a term with a clear definition, so what kinds of traffic this would apply to is anybody's guess. Hope you've got a good lawyer).

So, you've gotten permission from your ISP, and you've got a shiny new server running inside your garage. You're all set, right? Well, one thing people often forget to consider is that the hardware you bought may have been backdoor'd. It seems like US law does not currently allow companies to be compelled[1] to add backdoors to their hardware under gag order, but that could be possible in the future. And what about Chinese companies?

So in order to be able to fully trust the hardware you want open source hardware (I've opened a new issue for this, #611).

Open source "all the way down" is very hard to achieve: if there's a proprietary integrated circuit in there anywhere handling data, it's probably not fully open source. And good luck making your own integrated circuits: the cost to produce one is often greater than 1 million USD, and that's if you're willing to trust someone else to fabricate it for you.

A sticky subject, indeed!

The point of this post wasn't to discourage anybody! For most of us there's a long road to real computational freedom but the first step is to be thinking in the right direction. It is definitely worth it to take small steps away from centralized control. Don't worry that you don't have the perfect setup yet; just keep taking small steps towards freedom and a lot of progress will be made.

[1] Currently, National Security Letters seem only to apply to providing information upon request and could not be used to force a company to install a backdoor.

[annonman]

I ran commercial servers as a paid service out of my home for 8 years. It is very difficult to achieve:

--Uptime.

--Speed.

--Reliability.

Even with commercial ISP services the hardware costs and constant upkeep / monitoring made it very unfeasible. This is why I suggest a VPS as an alternative.

I prefer to run a server locally, but for critical services like email / CalDav sync / etc. a commercial provider would be a dependable alternative. (Unless you are willing to accept downtime and latency).

[Cathryne]

https://pagekite.net/ is another solution for hosting a server at home.

[011010101101]

As an addendum to the above, hard to tell whether the NSA, etc is attempting to actively compromise hardware yet. However this new NSA doc discusses a $200 million/year program, one aspect of which involves the intention to "insert vulnerabilities" into "commercial encryption systems", "trusted computing platforms", and "endpoint communication devices":

http://www.theguardian.com/world/interactive/2013/sep/05/sigint-nsa-collaborates-technology-companies

[annonman]

Have we done any more work on:

• Safe countries list
• Hosting providers

?

[Atavic]

I see the safe countries question appearing in many issues. I think it's a false dilemma, as a connection isn't almost never direct to the server your browser is pointing to. On the net there are many hops (middle targets that the connection's request passes thru before reaching the queries server) and if one had to exclude USA, UK, CAN, AUS and NZ then most of the net will be unreachable. For this issue the best answer is an anonymous OS or a live iso with no persistence.

[Wolf480pl]

@Atavic you can make it harder for the countries in the middle to wiretap by using encryption, etc.

However, when you rent a server somewhere, that country can (directly, or through your provider by legally pressuring them) obtain physical access to the server you're renting and dump all your keys from RAM, or mess around with the server in many other way. Defending against that would require use of equipping the server with physical intrusion sensors and/or using TPMs, etc. and there's little sense doing that unless you own the physical server. And they can still take your server down if they want.

So the list of safe countries would be more of a "places to safely store your data" than "places that won't tap on your connection".

[Hillside502]

Internet censorship and surveillance by country https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country

[Wolf480pl]

Some information about legal protections of personal data (including laws governing when and how such data can be seized) and about data retention policies would be helpful too.

[Hillside502]

Technological Sovereignty Data Sovereignty Information Sovereignty https://en.wikipedia.org/wiki/Technological_Sovereignty

Information privacy law https://en.wikipedia.org/wiki/Information_privacy_law

Privacy law https://en.wikipedia.org/wiki/Privacy_law

Data retention https://en.wikipedia.org/wiki/Data_retention

[strugee]

So, I admittedly have not read this entire thread, only the comments in the last couple days. My principal concern with this point is our limited resources. It seems to me that the primary question here is where the servers are hosted, but I don't know that this community has the resources to actually research and keep up with all the relevant laws, worldwide - especially since legal stuff can get pretty complex in ways that we (PRISM Break) as a technical community aren't skilled at dealing with. Plus you're always depending on the provider's good-faith respect of the law, anyway. So I feel like maybe we should just declare this out-of-scope, similar to how we declared hardware out-of-scope. Thoughts?

[Atavic]

The answer is to host a service for your own if possible. If not, we're dealing with privacy and encryption is a good measure (problem about which kind of encryption is another issue).