To VPS or not to VPS?


#1

I’m confused about VPS and GlobaLeaks.

There’s a Google Document that says: You MUST NOT use a VPS.
This is the document: https://docs.google.com/document/d/1Y5h_lSZq-MsefH1LkEjHN5uOfEccyyI4oJgd7tm2Iho/pub

That doc is linked from the page that welcomes the admin account after logging into a GlobaLeaks 3.5.5 installation.

But from looking around, I get the impression that sometimes people do install GlobaLeaks on a VPS. For instance this forum thread: Globaleaks not visible through http or https

I have 2 questions:

  1. When would it be OK to install GlobaLeaks on a VPS?

  2. When it comes to GlobaLeaks installations, are there any VPS providers that should be avoided?

I’m new around here. I hope this makes some sense. Thanks in advance.


#2

Thanks for your Forum question.

The default suggestions for uses of GlobaLeaks try to set the bar high on the threat model and security requirements, so it’s obviously discouraged to use VPSs due to the ability of the VPS provider to jeopardise the security of the system (for example being able to read/write RAM memory).

However in most non-critical scenarios, quite common for anticorruption purposes within countries where justice system is functioning and civil rights are due, a VPS could be used within a reasonably safe approach.

So the question need to be answered with another question:

  1. Who is the threat-actor in your security-scenario?
  2. Which kind of resources the threat-actor could put in place in order to takeover the VPS provider? (legally or trough physical threats?)
  3. Whenever there would be a disclosure of the whistleblower identity trough a takeover of the VPS provider (and in turn the VPS), is that a life-threatening risks for the Whistleblower?

Depending on those evaluation it maybe reasonable or not to take a specific server deployment choice (VPS or not, choosing the right country or the right provider).

I would also ask, if it’s possible to answer without disclosing any sensitive information, which is the social-goal of the whistleblowing initiative you’re working on / kind of malpractices you wish to uncover?

Those evaluations are useful to gives a choice to the very simple answer, is a VPS good or not?

Fabio


#3

Hi Fabio. Thanks a lot for your response.

I’m trying to answer your questions. I hope it makes sense…

Who is the threat-actor in your security-scenario?

My impression is that my colleagues are casting a very wide net. Threat-actors could be almost any company.

Which kind of resources the threat-actor could put in place in order to takeover the VPS provider?

AFAICT there’s no risk of physical threats. Though there could be legal threats, it’s not clear to me if the legal threats would be directly related to the VPS/deployment infrastructures. I still need to talk about this with my colleagues.

Whenever there would be a disclosure of the whistleblower identity trough a takeover of the VPS provider (and in turn the VPS), is that a life-threatening risks for the Whistleblower?

No. It’s not a life-threatening situation.