Slashdot Mirror
Ask Slashdot: Best Country For Secure Online Hosting?
An anonymous reader writes: I've recently discovered that my hosting company is sending all login credentials unencrypted, prompting me to change providers. Additionally, I'm finally being forced to put some of my personal media library (songs, photos, etc.) on-line for ready access (though for my personal consumption only) from multiple devices and locations... But I simply can't bring myself to trust any cloud-service provider. So while it's been partially asked before, it hasn't yet been answered: Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information? And does anyone have a recommendation on which provider(s) are the best hosts for (legal) on-line storage there?
My total cost is about $130 to comcast a month for a single static and business class 50/10, and my own time. This setup allows me to run whatever services I deem fit, and typically keeps me clear of ISP DCMA notices. I did get one, but once I pointed out that I repair random PCs that do not belong to may, and many may auto launch a torrent app, it was quickly dropped.
Add a chromecast or two, slingTV, and a good antenna, I do not need cable TV at all, and can stream all my services out.
Silence is a state of mime.
Quote from some company based there:
All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and entities. Only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.
Keep the data at your home, they need a warrant to get into your home.
Eben Moglen was pretty clear about that (no I don't know at what minute exactly he said this):
https://www.youtube.com/watch?...
If you are going to store your data with somebody else, encrypt it before you upload it and you keep the encryption key.
Nothing wrong with keeping a backup with someone else as long as you encrypt it:
http://duplicity.nongnu.org/
http://www.duplicati.com/
I'm forgetting about an other provider which also has an open source program with encryption.
New things are always on the horizon
There's Long Key, which is pretty good.
I otherwise am of the firm belief that so long as a machine is connected to the Internet, or we can hear the keyclicks nearby, that it's total folly to believe any data is safe, many air gaps included. There's a variant of Murphy's Law stated thusly: with a big enough hammer, you can break anything.
Perhaps your router was slipstreamed some code enroute to the data center. Maybe it was your little RAID 6 array. Perhaps the kernel has had a long dormant back door or nice stack overflow to hijack. Ever plugged in your smartphone to your machine to maybe, synch something?
My guess is that in one way or another, we're all already infected, it's just a matter of hassle to get what's needed by those desiring to smash you. You may believe this to be dystopian, but once you take a long look at the CVEs out there, multiply them by two for the probably-unknowns, and even machines living their life solely in Faraday cages become suspect.
---- Teach Peace. It's Cheaper Than War.
You jest, but that's actually not a bad idea. Picking a country that you have absolutely no connection with and that has a less than friendly relationship with your own government is probably the best you can do in the current mass-surveillance climate - provided that you don't do anything that violates the local laws of your hosting country in a major way. Sure, they might well be monitoring your data, but they almost certainly won't care about it, and if your own country's law enforcement/copyright cartel/whatever comes knocking for any reason they'll almost certainly get nowhere.
UNIX? They're not even circumcised! Savages!