Page 1 of 1
True fed-resistant VPSes are now possible?
Posted: Tue Apr 28, 2026 5:46 pm
by digdeeper
As I was porting my VPS reviews from the
Shadow Forums to
my website, I decided to check a few of them for possible changes since I wrote that post. And I realized that this one VPS
COIN|HOST really changed. The change that caught my eye was that it advertised "confidential computing servers" which supposedly resist:
A hosting provider employee with malicious intent, a compromised hypervisor, or even a government subpoena can't access your data because the CPU itself enforces encryption - not just software.
It seemed unbelievable that no one used it before, so I decided to look up whether that processor really exists - and it
surprisingly does. Linux distros even
support it now. But I know little about it on a deep level. How far do the security properties actually go? This might be an actual breakthrough.
Re: True fed-resistant VPSes are now possible?
Posted: Tue Apr 28, 2026 7:09 pm
by qualia
Crypto-friendly host but no Monero accepted, perpetuates the "Swiss privacy" myth, proprietary cryptographic hardware from a company known to implement fed hardware backdoors. I think you're way too enthusiastic about this. I guess the hardware security is a kind of advantage but if it was "true fed-resistant", AMD wouldn't have been allowed to release it.
Re: True fed-resistant VPSes are now possible?
Posted: Tue Apr 28, 2026 9:13 pm
by LoadingXML
can't access your data because the CPU itself enforces encryption - not just software.
But assuming for the sake of argument they only got encrypted data, It will fall into "harvest now, decrypt later", i.e until Qunatum computers become stable enough to hold 4096 qubits, they will decrept it whether you got hardware or software encryption.
Re: True fed-resistant VPSes are now possible?
Posted: Sun May 03, 2026 8:54 pm
by strawberry9
I am not an expert.
"Confidential Computing" will provide an additional layer of privacy but it is not completely secure and you still have to trust the hosting provider. You should generally not treat remote computation as completely private even when TEEs (Trusted Execution Environments) are used.
There are documented attacks on modern TEE implementations -- including the one that this specific host mentions -- that cost less than 1k USD using a memory interposer (physically capturing what is going on between the motherboard and the DIMMs). This goes for both AMD SEV and some Intel stuff.
So probably not fed-resistant but somewhat snooping-hoster-resistant if they didn't spend 1k on Aliexpress hardware to look at your stuff. Just treat every provider as a honeypot.
source: https://tee.fail
there are probably other things related to this on arxiv.org