To expand on my previous concerns…
- List of Hosting Providers That Accept Cryptocurrencies or Cash as Payment - #8 by Patrick
- List of Hosting Providers That Accept Cryptocurrencies or Cash as Payment - #11 by Patrick
- Abolishing Third Party Hosting Services in wiki
A new account seems to have been created for the purpose of advertising its service in the list of providers that accept privacy-friendly payment methods.
Note: I do not know anything about the service where this first happened. It might be completely fine, or not. I do not want to even look into that for the purpose of this post.
I was not sure whether we want to allow that kind of advertising, but given that the entire purpose of the thread is finding providers like this, it might be weird to block it.
From a threat model standpoint, arguably a provider that allows anonymous payment does not necessarily have to be trusted, so long as no one puts anything deanonymizing or sensitive on the server?
But lots of people put sensitive things on servers. For instance, onion service private keys necessarily need to be on the server. What if the server provider is allegedly snooping on user data? It is not a good use of project time to investigate and adjudicate that.
Can data snooping by server providers be prevented technically?
- In theory, yes, with Confidential Computing.
- In practice, probably not. No user has documented reproducible steps for such a setup yet.
At this time, the customer has to trust the hosting provider.
Attack methodology.
- create a malicious service that accepts anonymous payment
- advertise it
- get it into the list of hosting providers
- users start using it
- snoop/manipulate user data
For this reason…
…it’s best for Whonix to stay out of hosting this list.