On Sun, 12 Jul 2020 21:12:31 +0000 dlugasny@protonmail.com wrote:
in the next three days, my VPS provider planning to shutdown ("maintenanance") for 6 hours my VPS where tor relay is running (with some services).
I suspect that my VPS will be copied and reviewed (by not authorized persons) afterwards.
The provider can copy and examine disks of a running VPS even without shutting it down. They might get a few filesystem errors, but most likely nothing major and 99% of data will be there.
The only way to protect from that, is to set up Full-disk encryption (FDE) on the VPS beforehand. But even then, it is challenging to make sure the decryption key is not leaked to the provider (e.g. when entering it via their "VNC Console", which can be keylogged).
If you do not set up FDE, you should assume all your data on any VPS is accessible to the provider. Even RAM of a VPS can be copied without stopping it, so running Tor in a RAM disk (tmpfs) is not an answer either.
For more privacy get a dedicated server rather than a VPS. At least a server actually must be shut down to mess with its disks, and RAM is basically out of reach. (I believe wiretapping SATA, let alone DDR, can be ruled out as purely theoretical, in most cases :)
Make sure that backdoors such as Intel AMT are not active though, or get a non-Intel server.
What should I do ?
Do not get overly paranoid, most likely it's just a maintenance and has nothing to do with your VPS or with Tor running on it. As said above, if they wanted your VPS' contents, they can freely get it at any time without attracting attention.
If it was a dedicated server, then yes, a cause for concern, as it's a plenty of time to detach your disk and copy it. For a VPS, none of that downtime is even needed for that in the first place.