On Tue, Oct 1, 2013 at 7:35 PM, Andy Isaacson adi@hexapodia.org wrote:
In summary, it seems likely that IaaS is pwned wholesale. Colo hardware is somewhat more expensive to attack and possibly succeeds in raising the bar from "software" to "attacker has to roll a truck to pwn me", which is my current recommendation for threat modeling.
I'd generally agree... people should treat remote nodes as tossers. You could epoxy them up, encrypt them and run your remote monitoring shell. But eventually that will drop and you must assume the possibility of physical access regardless. At least with Tor and p2p in general, the idea is more to distribute nodes widely and hopefully in enough quantity to keep the odds of whoever owns the nodes, in whatever way, in your favor.
The community should make node placement more of a process under some metrics to avoid placement collisions. 'myfamily' is a concept that spans more than just the operator.