Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Best Country For Secure Online Hosting?

Posted by timothy on from the thou-shalt-not dept.

An anonymous reader writes: I've recently discovered that my hosting company is sending all login credentials unencrypted, prompting me to change providers. Additionally, I'm finally being forced to put some of my personal media library (songs, photos, etc.) on-line for ready access (though for my personal consumption only) from multiple devices and locations... But I simply can't bring myself to trust any cloud-service provider. So while it's been partially asked before, it hasn't yet been answered: Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information? And does anyone have a recommendation on which provider(s) are the best hosts for (legal) on-line storage there?

16 of 113 comments (clear)

  1. Did we learn nothing from Snowden? by PhrostyMcByte · · Score: 4, Informative

    There is no safe place to put your data. If someone wants it they'll get it. If you want to keep something private, encrypt it.

  2. Host it yourself by wbr1 · · Score: 5, Informative
    If you do not trust cloud providers for whatever reason, then DIY. A business class account with a static IP works best, but it can by done with dyndns, etc. Set up your server, and and a VPN to your network. OpenVPN clients are available for just about any device, and then you can access anything you are running inside your lan, UPNP, SMB shares, whatever. You can pick up a crappy firebox on ebay and load an alternate firmware in it for cheap (I got one for 5 bucks at a church yardsale). Or you can just port forward and run your VPN software on some boxen inside your router.

    My total cost is about $130 to comcast a month for a single static and business class 50/10, and my own time. This setup allows me to run whatever services I deem fit, and typically keeps me clear of ISP DCMA notices. I did get one, but once I pointed out that I repair random PCs that do not belong to may, and many may auto launch a torrent app, it was quickly dropped.

    Add a chromecast or two, slingTV, and a good antenna, I do not need cable TV at all, and can stream all my services out.

    --
    Silence is a state of mime.
  3. Encryption by mysidia · · Score: 4, Informative

    Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information?

    NONE. Zip. Zero. Nada.

    If you wish to secure what you host, then use a solution that encrypts it on the client side.

    I believe BitTorrent Sync is an example of that.

    Some hosting and online backup providers also offer solutions where every file is encrypted on the client side, and the hosting provider never gains access to the plaintext files.... this is what you need.

  4. Switzerland by Anonymous Coward · · Score: 5, Informative

    Quote from some company based there:

    All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and entities. Only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.

  5. Cuba by Anonymous Coward · · Score: 3, Interesting

    The US Government has only just started re-normalization of relations with Cuba. They certainly don't have the bureaucratic relationships or procedures in place to get search warrants processed via INTERPOL or otherwise. Even the most trivial of requests will have to go through the state department making the prospect prohibitively expensive for anything but the most important of tasks.

    1. Re:Cuba by John.Banister · · Score: 4, Funny

      I recently read that Huawei is supplying their infrastructure hardware, so I guess it's a matter of picking which government you don't want to have your info.

    2. Re:Cuba by Zocalo · · Score: 5, Insightful

      You jest, but that's actually not a bad idea. Picking a country that you have absolutely no connection with and that has a less than friendly relationship with your own government is probably the best you can do in the current mass-surveillance climate - provided that you don't do anything that violates the local laws of your hosting country in a major way. Sure, they might well be monitoring your data, but they almost certainly won't care about it, and if your own country's law enforcement/copyright cartel/whatever comes knocking for any reason they'll almost certainly get nowhere.

      --
      UNIX? They're not even circumcised! Savages!
  6. Fantasyland by Anonymous Coward · · Score: 3, Insightful

    If you want your data secure, the last thing you do is put in on SOMEONE ELSE'S server.

  7. the same question was asked before by Anonymous Coward · · Score: 3, Informative

    http://yro.slashdot.org/story/...

    Which country is best to choose for hosting Internet services and locating VMs to avoid government surveillance (both NSA and local)? It should be a country with good connectivity to the US and Europe, but have strong legal protections from mass surveillance. People talk about Switzerland, Norway and Iceland (even Spain). Anyone worked through the pros and cons of each of these? I'm not concerned about legitimate (with court order) surveillance, just the un-targeted mass surveillance most governments seem to do. I don't believe this bad behavior should be rewarded or made easy.

  8. Tahoe-LAFS by TechyImmigrant · · Score: 4, Interesting

    A small plug for Tahoe-LAFS.

    It doesn't matter where it is. It uses cryptography to give you what you want. Mirror in many places including on your own machines for redundancy.

    https://www.tahoe-lafs.org/tra...

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  9. At your home by Lennie · · Score: 5, Insightful

    Keep the data at your home, they need a warrant to get into your home.

    Eben Moglen was pretty clear about that (no I don't know at what minute exactly he said this):
    https://www.youtube.com/watch?...

    If you are going to store your data with somebody else, encrypt it before you upload it and you keep the encryption key.

    Nothing wrong with keeping a backup with someone else as long as you encrypt it:
    http://duplicity.nongnu.org/
    http://www.duplicati.com/

    I'm forgetting about an other provider which also has an open source program with encryption.

    --
    New things are always on the horizon
  10. Re:The great nation ... by postbigbang · · Score: 5, Insightful

    There's Long Key, which is pretty good.

    I otherwise am of the firm belief that so long as a machine is connected to the Internet, or we can hear the keyclicks nearby, that it's total folly to believe any data is safe, many air gaps included. There's a variant of Murphy's Law stated thusly: with a big enough hammer, you can break anything.

    Perhaps your router was slipstreamed some code enroute to the data center. Maybe it was your little RAID 6 array. Perhaps the kernel has had a long dormant back door or nice stack overflow to hijack. Ever plugged in your smartphone to your machine to maybe, synch something?

    My guess is that in one way or another, we're all already infected, it's just a matter of hassle to get what's needed by those desiring to smash you. You may believe this to be dystopian, but once you take a long look at the CVEs out there, multiply them by two for the probably-unknowns, and even machines living their life solely in Faraday cages become suspect.

    --
    ---- Teach Peace. It's Cheaper Than War.
  11. Iceland by slimdave · · Score: 3, Informative

    The good chaps at Clipperz moved to https://1984.is/# for reasons that they explained out in this blog: https://clipperz.is/blog/2013/...

    Their logic seems compelling.

  12. Re: Probably... by Anonymous Coward · · Score: 3, Interesting

    Switzerland gave up banking secrecy without a fight. What makes you think they'll protect your data?

  13. Re:midphase by nospam007 · · Score: 3, Informative

    " I'd look for Icelandic hosting. They seem to appreciate privacy at a national and local level."

    Yes, they're so private, they sold the DNA of all their citizens to a private company.
    http://www.wired.com/2015/03/i...

  14. Re:Ah, I see what you want. by zidium · · Score: 3, Funny

    Burned to the ground, I'm afraid ;-(

    --
    Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!