VPS and piracy

BlahajEnjoyer, 10 months ago

It depends on provider, one thing I can tell you for certain is that most of them don’t scan your file system, it is overhead they simply don’t need.

What is likely to happen is that they’ll get sent a DMCA and if they are a company that cares about DMCA claims (I.e. OVH) they’ll shut you down, if they don’t care then that DMCA claim goes directly to the trash can and you can continue business as usual.

hoodlem, 10 months ago

I wouldn’t do it unless maybe the provider gives a wink wink that they are pro-privacy and are hosted in a nation that doesn’t have strong copyright laws.

Or host it at home, and use a VPN to torrent.

sammydee, 10 months ago

Given that the Fediverse is wide open, unencrypted, and your instance owner is no more immune to getting a subpoena from law enforcement than anyone else ... one might think twice about asking questions of the form "if I commit a crime can they find me" here. Even if your VPS can't detect it, you just left a paper trail here by asking how to commit a crime. :) Bad plan.

Your Fediverse instance owner might consider deleting your post and perhaps your account to keep them from being the subject of such a subpoena in the future.

Xirup, 10 months ago

Honestly you are right, I should think before posting things like this, may sound dramatic but I don’t want my whole Instance to be damaged by a post.

sammydee, 10 months ago

Not just your instance. Every instance Federated with it that got a copy of your post is part of the chain of evidence. Don't plan crimes in the fediverse for heaven sakes.

axum, 10 months ago

IP is not shared via activitypub FYI. Only the instance owner would have that.

That being said, yes don't plant crimes as federation makes removing your incriminating comment across instances near impossible

Max_P, 10 months ago

Set up full disk encryption or an encrypted container like gocryptfs. But typically they analyze network traffic not IO traffic because that’s quite a pain to implement as they’d have to reimplement the entire filesystem just to analyze what you store.

reggie, 10 months ago

There are VPS services that dont give a fuck about DMCAs and pirated content. You should specifically look for one like that if this is your intent. I do not have any specific provider recommendations but you might find something useful in lowendtalk.

garrettw87, 10 months ago

This is true. I know of one that doesn’t care but I’d prefer not to out them even though a lot of people surely know already.

But how could a provider find out, if they are one that cares? Well, they could sniff all their network traffic, do some SPI/DPI on it, store those logs, and run automated analysis on them periodically.

Even then, they’re not going to do the job of, say, the RIAA or MPAA for them. So in most cases, the only way a host would find you out on their own is things like high storage usage (maybe), high amounts of commonly-pirated file types, and high usage of certain protocols (like torrent). Outside of that, probably nothing would happen until your host gets a DMCA notice.

h3ndrik, 10 months ago (edited 10 months ago)

If you rent a VPS, you’re having a legally binding contract with whatever company you choose. Read that contract/agreement! It will contain information like if they snoop at your data, if you allow them to rat you out to somebody else or what is allowed and what isn’t allowed and consequences if either party does something wrong. You won’t find that specific information in US law or some general answer that applies to every provider.

If they say in their TOS: ‘we will ban you if you do X’ and you agree to that and then do X, they’ll probably ban you… if they say something else in their TOS, then something else will happen. this is how contracts work.

However, i’m not sure if US law provides citizens with something like privacy. In other jurisdictions, it is forbidden to just scan through all your customer’s data to see if you can find something incriminating. At least on the level of pirating some movies.

And the FBI might have real criminals to arrest. I’m not sure if they’re actively looking for peanuts like one person who runs JDownloader. Unless you point them right at it. YMMV

garrettw87, 10 months ago

AFAIK, web hosting clients here in the US don’t really have any expectation of privacy from their host itself.

h3ndrik, 10 months ago (edited 10 months ago)

Rly? How do you do business in the US? How do (small) companies rent webservers that process credit card information of their clients? How do they store sensitive data? Like data you’re contractually obliged not to tell anyone. Where do you sync private data from your phone?

I know technically, you can snoop at data if you’re the host and the server is right there with you. But surely that has to be illegal?

SheeEttin, 10 months ago

You work with a provider that is SOC 2 compliant, meaning while they have the ability to access your information, they can only do it in a way that is controllable and auditable by the provider.

garrettw87, 10 months ago

No idea. Maybe hosts typically follow a policy of not snooping in stored files without a ticket requesting or authorizing it implicitly or explicitly. At least that would make sense to me.

AdminWorker, 10 months ago

Microsoft has been known to detect unencrypted passwords on storage or emails and try them on the encrypted zips that are stored. It may be standard practice to operate across borders.

idle, 10 months ago

Really? Any proof of this?

thorn_staff, 10 months ago

Here’s an Ars Technica article talking about it.

LachlanUnchained, 10 months ago

Most can detect traffic. Content itself, I do t know. Certainly some can.

Probably will remove you. Ban you. And pass on any data they may have to authorities.

It’s the main reason I don’t do it. Even if it’s extremely unlikely.

That’s what my homelab is for. But even then, it has its own problems.