It seemed unbelievable that no one used it before, so I decided to look up whether that processor really exists - and it surprisingly does. Linux distros even support it now. But I know little about it on a deep level. How far do the security properties actually go? This might be an actual breakthrough.A hosting provider employee with malicious intent, a compromised hypervisor, or even a government subpoena can't access your data because the CPU itself enforces encryption - not just software.
True fed-resistant VPSes are now possible?
True fed-resistant VPSes are now possible?
As I was porting my VPS reviews from the Shadow Forums to my website, I decided to check a few of them for possible changes since I wrote that post. And I realized that this one VPS COIN|HOST really changed. The change that caught my eye was that it advertised "confidential computing servers" which supposedly resist:
Re: True fed-resistant VPSes are now possible?
Crypto-friendly host but no Monero accepted, perpetuates the "Swiss privacy" myth, proprietary cryptographic hardware from a company known to implement fed hardware backdoors. I think you're way too enthusiastic about this. I guess the hardware security is a kind of advantage but if it was "true fed-resistant", AMD wouldn't have been allowed to release it.
-
LoadingXML
- Posts: 116
- Joined: Fri Mar 06, 2026 6:52 am
Re: True fed-resistant VPSes are now possible?
can't access your data because the CPU itself enforces encryption - not just software.
But assuming for the sake of argument they only got encrypted data, It will fall into "harvest now, decrypt later", i.e until Qunatum computers become stable enough to hold 4096 qubits, they will decrept it whether you got hardware or software encryption.
-
strawberry9
- Posts: 3
- Joined: Sun May 03, 2026 7:47 pm
Re: True fed-resistant VPSes are now possible?
I am not an expert.
"Confidential Computing" will provide an additional layer of privacy but it is not completely secure and you still have to trust the hosting provider. You should generally not treat remote computation as completely private even when TEEs (Trusted Execution Environments) are used.
There are documented attacks on modern TEE implementations -- including the one that this specific host mentions -- that cost less than 1k USD using a memory interposer (physically capturing what is going on between the motherboard and the DIMMs). This goes for both AMD SEV and some Intel stuff.
So probably not fed-resistant but somewhat snooping-hoster-resistant if they didn't spend 1k on Aliexpress hardware to look at your stuff. Just treat every provider as a honeypot.
source: https://tee.fail
there are probably other things related to this on arxiv.org
"Confidential Computing" will provide an additional layer of privacy but it is not completely secure and you still have to trust the hosting provider. You should generally not treat remote computation as completely private even when TEEs (Trusted Execution Environments) are used.
There are documented attacks on modern TEE implementations -- including the one that this specific host mentions -- that cost less than 1k USD using a memory interposer (physically capturing what is going on between the motherboard and the DIMMs). This goes for both AMD SEV and some Intel stuff.
So probably not fed-resistant but somewhat snooping-hoster-resistant if they didn't spend 1k on Aliexpress hardware to look at your stuff. Just treat every provider as a honeypot.
source: https://tee.fail
there are probably other things related to this on arxiv.org