Privacy and Data secuity by using VPS in Linode

Hosting Nextcloud in Linode VPS is safe or not.

i) Does it affects our privacy of yes, please state how to overcome that issue,

ii) if not why Linode VPC is good compared to other cloud providers.

  1. If I want to host in my Next cloud at home and if want to access my files when I am not in the home, I have port forwarding by exposing the port, in that case, I am giving a way for hackers to get access by data.
    i) is it safe to use domain names, is there any security thread.
    ii) Is there any better solution?

Can any help with this query.

1 Like

Hello,

Nothing is 100% safe, since its people who code tirelessly to make good and secure software but similarly, there are people who do the same to break that security.

Take an example of Pegasus, no matter how secure FB (WhatsApp) or iPhone (iOS) is, these people still found an way to get in with bruit force. But Pegasus type attacks are not targeting average joe. These hacking techniques are very costly and not meant for general public / business / educational institutes / etc.

General public like you and me are targeted with common exploits and in 99.99% of the time, if you follow the setup guide properly and keep your OS / Software up-to-date and don’t end up compromising your passwords in some phishing website or attack, you wont get hacked.

So linode is as secure as your own Home Server, if there is any security lapse, it would be from user end. Forwarding 80/443 is a necessity for web services to run. Exposing these ports aren’t the issue, but where this exposure is leading to is.

Without going deep into the technical discussion of permissions and etc, just follow the official guides of installation, and do that correctly. That should be fine.

And by the way, Domain Name will allow you some benefits, like you can get a Valid SSL Certificate from Let’s Encrypt and it will be easier to remember than a complicated IP Address to access your NextCloud Server.

Thanks.

1 Like

Thanks for the quick reply,

  1. Can you explain why VPS is more secure (correct me if i am wrong), than normal cloud storage provider, In case if not secure can you help me how to make it more secure.

  2. Can I trust the cloud service providers (Digitalocean, Linode) or not in privacy prespective.
    Does these sites can see my data, if so how to overcome it.If there can see our data is it meaningful to host nextcloud in these sites.

Countries like Germany, Switzerland provide cloud services, do they really provide data security and privacy namely.,

https://woelkli.com/en
https://www.hetzner.com/

Suggest any cloud which you prefer which is good and trustable like zero-knowledge encryption and publish a white paper regarding their cloud services where i can host my nextcloud using VPS.

  1. Do Nextcloud provide cloud service where we can store our data.

4.Does enterprise nextcloud solution what does it covers, do give cloud storage or only assist us by providing services.

I think it is more and less secure:

more secure:
Your provider hosts a lot of VPS and is not interested in your software and data.

less secure:
A nextcloud hoster uses normally more security features than you.

Yes they can see your data.
If you use Nextcloud server-side-encryption then they also can theoretical get the data.

The only way to prepare data for your hoster is client-side-encryption.

Finally, this also only works if you trust the client-side encryption. A lot of commercial programs like Windows Cloud uses closed source. Nextcloud uses open source for client-side-encryption. If you do not trust the software you can use client-side-encryption with external software e.g. 7-Zip, Boxcryptor, … from another software distributor.

You can also host your data at home.
There is no risk that a hosting provider reads your data.
But someone can hack your server through the ports 80/443 and the apache2/nginx and Nextcloud software.

2 Likes

Thanks for the quick reply,

  1. I recently got a solution to use a wiregaurd VPN, to secure the self hosted data, Is there any other better solution where i can secure my data when i do self hosting. Why i am asking this beacuse there is open port usually 443 or 80 which open, i can make a way for hacker.How to add various secuity layers to my self hosting. Any additional layer secuirty to my server.

If i go for VPS hosting, i can’t own my data and my privacy is questionable, if go for self hosting then port are exposed. Is there way where a balance this situation.

  1. Regarding client side encryption do, you mean we need to encrypt the file before storing in cloud server, that leaves meta data about the file. Even if i encrypt my harddisk that is still a hard on some else computer, when i try to enter the key they can still see the key using my network activity.

I read somewhere they mention that “The straightforward approach is to rent a VPS in a foreign country (.i.e Russia), and then construct a private VPN connection to the VPS from a server that you control. Then simply forward the desired ports from the VPS to your local server, you had better add VPN over TOR as your link, and keep the private server far away from where you live.”
Is this really possible and does it helps in securing my data, if so can you please explain how to do it.
If no, can you please justify it.

Hello,

The questions that you are asking, them self are really vast to explain in few paragraph. I suggest you should spend some time with Google, read few detailed articles explaining these in details.

However, I shall try to put an overview.

VPS → Virtual Private Server
Cloud → Shared Hosting

As you may see, the idea behind VPS is giving you a virtual machine. Same as your laptop or desktop PC, but its virtualized. So Processor / Discs / RAM are separated from anyone else and you are the only users of that resource. You get to choose your own OS and Software that you can to install on that barebone virtual computer.

You have the option to highly secure them, just like you can do with your own physical hardware with multiple lever of authentication and layers of data encryption & so on.

In case of shared hosting, others with their code / files will be present on your same disc and processor pipe or RAM, plus server admins may have the rights to access your files. Here, you don’t get to choose, configure or deploy software or OS and do deep modifications of these software as per your need.

Technically speaking, yes they can see. Matter of fact they always do for copying your entire VPS on multiple separate hardware server for fail safe.

However, seeing and reading aren’t same. Since you can encrypt your virtual disc at OS lever and then further layers of encryption data with application that you are using, its pointless for these service providers to even try reading your data.

So its safe to say that you can trust any of these big names.

None of the links you have provided are service offered by any country. These are private companies based on a particular country. They are taking advantage of certain country and their data privacy laws where raw data may not be shared with law enforcement unless some explicit court order.

However, this is geared more towards businesses like Google / Facebook / Dropbox and such. For individual user VPS, even if someone gets your virtual disc, its extremely difficult to read inside that disc with layers of encryption.

Try any big names

AWS / Oracle / Microsoft / Google
Digital Ocean / linode and so on.

More or less they all follow similar privacy policy and offers similar software solutions (VPS → Disc level encryption and so on)

I don’t know what you are trying to host, what is making you so serious about data safety, but in case its something highly classified, I guess you should hire software consulting firms for your setup.

As otherwise, data privacy and security are in anyway the core philosophy behind all these technologies you talked about, so for average joe, things are well covered.

Thanks.

1 Like

Thanks for the quick reply - NaXal, I got a clarity reagrding VPS.

Can you please answer these below questions too if possible.

Regarding client side encryption do, you mean we need to encrypt the file before storing in cloud server, that leaves metadata about the file. Even if i encrypt my harddisk that is still a hard on some else computer, when i try to enter the key they can still see the key using my network activity.

I read somewhere they mention that “The straightforward approach is to rent a VPS in a foreign country (.i.e Russia), and then construct a private VPN connection to the VPS from a server that you control. Then simply forward the desired ports from the VPS to your local server, you had better add VPN over TOR as your link, and keep the private server far away from where you live.”
Is this really possible and does it helps in securing my data, if so can you please explain how to do it.
If no, can you please justify it.

If you use client-side-encryption (only possible with Nextcloud clients on Windows, Linux, MacOS, Android, iOS) then you can look with the browser the encrypted “data waste” (metadata). But i do not know if all nextcloud provider have activated it.

I think it makes less sense. By the way TLS/SSL is also a kind of “tunnel”. Perhaps you can better search Nextcloud with TOTP to secure your Nextcloud. If you use client-side-encryption it all does not matter. You can host the data at Dropbox, Microsoft, Amazon, Apple, Mega, … if you like it.

2 Likes

Hello,

I am not expert on these technologies so once again I urge you to Google and read more in details how connections are established and how can SSL secure your request when its being transmitted from client to server side.

Every modern OS now days support this. Encrypting the disc from OS level. On top the data stored may also have its own encryption via the software used like NextCloud. When you are trying to access these, NextCloud allows you setup SSL so the connection between server and client side is encrypted so even with someone having access to the network packets in transit, won’t be able to read into them.

As I said, its hard to explain in few lines here, these technologies are vast, and if you Google, you may find plenty of resources digging deep into the inner working of these technologies and how they work for data security.

VPN → Virtual Private Network

VPN doesn’t necessarily need to be secure network. This protocol wasn’t designed for the security aspect, rather to help negate the connectivity issues between different WANs and LANs and NATs and so on.

However, a VPN connection itself can be made secured with encryption. This is to help the client stay secure from its own network / ISP while connecting with the VPN server.

Now days, people use that one single point of this VPN to upsell a VPN as security solution. It helps only when you are using a mobile / laptop in AirPort / Coffeeshop / Hotel open WiFi / Network to communicate with a server / website having no SSL or to hide your activities from ISP or network to allow you access blocked internet content.

Nothing else, nothing more.

One use of this VPN in nextcloud can be seen in one of my setup. I am from India and here, highspeed fiber Internet is cheap enough but one notorious aspect of all major Indian ISPs are CG NAT. So home users don’t get Public IP Address (forget static, not even dynamic). One must pay for static public IP and ISPs force users to migrate to costly business plans for Static IP. So here, in this network setup, one can use Free AWS / oracle type VPS as pass through via VPN to forward web traffic from that Public VPS with Public Static IP to his/her home server via a VPN Tunnel

TOR is once again a network tool, designed for users to access subnet / DNS which are not in Global Internet database. It has it’s own issues and it’s not designed security in anyway.

I urge you to once again read more via Google as these are really vast subject.

Thanks.

1 Like

Thnaks for the reply @NaXal

can you please explain this the below statements alone, how to do it.
“one can use Free AWS / oracle type VPS as pass through via VPN to forward web traffic from that Public VPS with Public Static IP to his/her home server via a VPN Tunnel”, so that i can try using it.

Hello,

Please do excuse me for being bit lazy and having lack of time to write down an entire tutorial, beside, I am no expert on this subject either but if you may please Google, there are many detailed guides, article & tutorials are available on how you can install and use WireGuard or OpenVPN with AWS or using any other VPS in that regard.

Thanks.

1 Like