Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Best Country For Secure Online Hosting?

Posted by timothy on from the thou-shalt-not dept.

An anonymous reader writes: I've recently discovered that my hosting company is sending all login credentials unencrypted, prompting me to change providers. Additionally, I'm finally being forced to put some of my personal media library (songs, photos, etc.) on-line for ready access (though for my personal consumption only) from multiple devices and locations... But I simply can't bring myself to trust any cloud-service provider. So while it's been partially asked before, it hasn't yet been answered: Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information? And does anyone have a recommendation on which provider(s) are the best hosts for (legal) on-line storage there?

22 of 113 comments (clear)

  1. Did we learn nothing from Snowden? by PhrostyMcByte · · Score: 4, Informative

    There is no safe place to put your data. If someone wants it they'll get it. If you want to keep something private, encrypt it.

  2. The great nation ... by Anonymous Coward · · Score: 2, Insightful

    ... of Flashdrivia.

    1. Re:The great nation ... by postbigbang · · Score: 5, Insightful

      There's Long Key, which is pretty good.

      I otherwise am of the firm belief that so long as a machine is connected to the Internet, or we can hear the keyclicks nearby, that it's total folly to believe any data is safe, many air gaps included. There's a variant of Murphy's Law stated thusly: with a big enough hammer, you can break anything.

      Perhaps your router was slipstreamed some code enroute to the data center. Maybe it was your little RAID 6 array. Perhaps the kernel has had a long dormant back door or nice stack overflow to hijack. Ever plugged in your smartphone to your machine to maybe, synch something?

      My guess is that in one way or another, we're all already infected, it's just a matter of hassle to get what's needed by those desiring to smash you. You may believe this to be dystopian, but once you take a long look at the CVEs out there, multiply them by two for the probably-unknowns, and even machines living their life solely in Faraday cages become suspect.

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:The great nation ... by fyngyrz · · Score: 2

      You don't even need a big hammer. The combination of some easily-obtained drugs, any solid surface, the secret-holder's fingers or other body parts, and just a small ball peen hammer will fully suffice to access any data, or the password to get at said data.

      XKCD explains it in a nutshell.

      --
      I've fallen off your lawn, and I can't get up.
  3. Host it yourself by wbr1 · · Score: 5, Informative
    If you do not trust cloud providers for whatever reason, then DIY. A business class account with a static IP works best, but it can by done with dyndns, etc. Set up your server, and and a VPN to your network. OpenVPN clients are available for just about any device, and then you can access anything you are running inside your lan, UPNP, SMB shares, whatever. You can pick up a crappy firebox on ebay and load an alternate firmware in it for cheap (I got one for 5 bucks at a church yardsale). Or you can just port forward and run your VPN software on some boxen inside your router.

    My total cost is about $130 to comcast a month for a single static and business class 50/10, and my own time. This setup allows me to run whatever services I deem fit, and typically keeps me clear of ISP DCMA notices. I did get one, but once I pointed out that I repair random PCs that do not belong to may, and many may auto launch a torrent app, it was quickly dropped.

    Add a chromecast or two, slingTV, and a good antenna, I do not need cable TV at all, and can stream all my services out.

    --
    Silence is a state of mime.
    1. Re:Host it yourself by wbr1 · · Score: 2

      This is why I specifcally mentioned a business class, cable account. Business class so you can host without interference, and get a static ip, cable as is sccalable to usable upload speed.

      --
      Silence is a state of mime.
  4. Encryption by mysidia · · Score: 4, Informative

    Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information?

    NONE. Zip. Zero. Nada.

    If you wish to secure what you host, then use a solution that encrypts it on the client side.

    I believe BitTorrent Sync is an example of that.

    Some hosting and online backup providers also offer solutions where every file is encrypted on the client side, and the hosting provider never gains access to the plaintext files.... this is what you need.

  5. Switzerland by Anonymous Coward · · Score: 5, Informative

    Quote from some company based there:

    All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and entities. Only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.

  6. Cuba by Anonymous Coward · · Score: 3, Interesting

    The US Government has only just started re-normalization of relations with Cuba. They certainly don't have the bureaucratic relationships or procedures in place to get search warrants processed via INTERPOL or otherwise. Even the most trivial of requests will have to go through the state department making the prospect prohibitively expensive for anything but the most important of tasks.

    1. Re:Cuba by John.Banister · · Score: 4, Funny

      I recently read that Huawei is supplying their infrastructure hardware, so I guess it's a matter of picking which government you don't want to have your info.

    2. Re:Cuba by Anonymous Coward · · Score: 2, Informative

      Depends on whether you have any trade secrets worth stealing. If you're putting your personal files online, with little more than your recipe collection, your unfinished pirate-romance novels that in your youth you thought might make a name for you, pictures of the victims geotagged with where you buried them, and the cat pictures that you haven't yet uploaded to Facebook, then yes, you're fine going with the Chinese, who won't give a shit about you. On the other hand, if your hobby includes developing new alloys for aircraft or naval designs, you really, really don't want the Chinese anywhere near your data, and you might trust American incompetence more. Either way, though, you'd really be better off not putting your data in the cloud.

    3. Re:Cuba by Zocalo · · Score: 5, Insightful

      You jest, but that's actually not a bad idea. Picking a country that you have absolutely no connection with and that has a less than friendly relationship with your own government is probably the best you can do in the current mass-surveillance climate - provided that you don't do anything that violates the local laws of your hosting country in a major way. Sure, they might well be monitoring your data, but they almost certainly won't care about it, and if your own country's law enforcement/copyright cartel/whatever comes knocking for any reason they'll almost certainly get nowhere.

      --
      UNIX? They're not even circumcised! Savages!
  7. Don't trust anyone by dabadab · · Score: 2

    Don't trust anyone, especially not cloud providers.
    I think a more appropiate question would be to ask for some solution where the untrustworthiness of the cloud provider is a given and is accounted for (like storing everything encrypted and not handling the decryption key to the provider).

    --
    Real life is overrated.
  8. Fantasyland by Anonymous Coward · · Score: 3, Insightful

    If you want your data secure, the last thing you do is put in on SOMEONE ELSE'S server.

  9. the same question was asked before by Anonymous Coward · · Score: 3, Informative

    http://yro.slashdot.org/story/...

    Which country is best to choose for hosting Internet services and locating VMs to avoid government surveillance (both NSA and local)? It should be a country with good connectivity to the US and Europe, but have strong legal protections from mass surveillance. People talk about Switzerland, Norway and Iceland (even Spain). Anyone worked through the pros and cons of each of these? I'm not concerned about legitimate (with court order) surveillance, just the un-targeted mass surveillance most governments seem to do. I don't believe this bad behavior should be rewarded or made easy.

  10. Tahoe-LAFS by TechyImmigrant · · Score: 4, Interesting

    A small plug for Tahoe-LAFS.

    It doesn't matter where it is. It uses cryptography to give you what you want. Mirror in many places including on your own machines for redundancy.

    https://www.tahoe-lafs.org/tra...

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  11. At your home by Lennie · · Score: 5, Insightful

    Keep the data at your home, they need a warrant to get into your home.

    Eben Moglen was pretty clear about that (no I don't know at what minute exactly he said this):
    https://www.youtube.com/watch?...

    If you are going to store your data with somebody else, encrypt it before you upload it and you keep the encryption key.

    Nothing wrong with keeping a backup with someone else as long as you encrypt it:
    http://duplicity.nongnu.org/
    http://www.duplicati.com/

    I'm forgetting about an other provider which also has an open source program with encryption.

    --
    New things are always on the horizon
  12. Iceland by slimdave · · Score: 3, Informative

    The good chaps at Clipperz moved to https://1984.is/# for reasons that they explained out in this blog: https://clipperz.is/blog/2013/...

    Their logic seems compelling.

  13. Re: Probably... by Anonymous Coward · · Score: 3, Interesting

    Switzerland gave up banking secrecy without a fight. What makes you think they'll protect your data?

  14. Re:midphase by nospam007 · · Score: 3, Informative

    " I'd look for Icelandic hosting. They seem to appreciate privacy at a national and local level."

    Yes, they're so private, they sold the DNA of all their citizens to a private company.
    http://www.wired.com/2015/03/i...

  15. Do what the above guy is doing. by AJWM · · Score: 2

    Just break up your data into lots of little (encrypted) chunks and post them to web forums like Slashdot which never delete anything. You'll need some kind of map as to where all the pieces are, so do the same with that. Recurse until you have something small enough you can remember.

    --
    -- Alastair
  16. Re:Ah, I see what you want. by zidium · · Score: 3, Funny

    Burned to the ground, I'm afraid ;-(

    --
    Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!