I found MIAB through the excellent privacytools.io website. Beside using MIAB, it suggests choosing a service provider based outside the US and, ideally, also outside an alliance of up to 14 Western countries that seem to condone spying on their citizens. I interpret this advice as disqualifying the four hosts recommended in MIAB’s setup guide: Digital Ocean (US), Linode (US), 1&1 (GER), or RimuHosting (NZ). What are viable alternatives? Any firsthand experience running MIAB on such an alternative host?
All countries spy on their citizen, even with perfect encryption traffic analysis is possible. If you have a need for that level of privacy; I suggest hosting from your own premises with a static IP address, two steel security doors and a sledgehammer.
I personal use Hetzner Cloud ( https://www.hetzner.com/cloud?country=us ) hosted in Finland.
The problem with hosting outside of your own country is you have even fewer rights as a foreign national to privacy.
I used to be the senior system engineer for a trans-national human rights organisation. Nothing confidential was ever kept online that could endanger the people we were supporting and campaigning for or be used against them. The same for activists and employees working in emerging democracies, where the organisation was legally allowed to operate but disliked by the government and security agencies. At all times we treated all services as compromised and acted accordingly.
The two steel doors and a sledgehammer may sound like a flippant remark but arose from a number of conversations around security I had at that time.
Not necessarily a need, but a strong preference that I intend to act on. If we all did, the world’s spymasters would have to actually earn their pay. As it is, we are making their dirty work too easy for them.
I have been very happy with Time4VPS, they are in Lithuania I think, works great with Miab, excellent pricing and support.
Then my original comments stand, host from your own premise. Going outside your own country simply increases the risk.
OP I have hosted MiaB installations on Time4VPS in Lithuania without problems, although I remember setup being a bit clunky.
I have also used Forpsi based in Czech Republic. If you do not read Czech you will be redirected to their parent company’s site (Aruba Cloud).
I have also used AlphaVPS in Bulgaria.
I would not hesitate to recommend any of these hosts.
Keep in mind that it is best to use KVM virtualization.
But at least some countries data privacy laws are very strict and they are enforced. Some countries even obey their own laws, imagine that!
Thanks for the suggestions. None of the countries you mention are among the Fourteen Eyes that privacytools.io advises against. As a bonus, the Czech Republic’s key disclosure laws don’t apply to encrypted email, presumably. However, Aruba Cloud is based in Italy, so I would pass on that one. I have yet to research your other hosts in detail.
Personal recommendations outside US:
Good point. Anyone know of a well-researched list of countries that, going by precedent, can be trusted to enforce their strict privacy laws? Sort of the opposite of the Fourteen Eyes.