If you don't host your data, how can you be sure you own it?
#yandex sysadmin caught selling access to users' accounts
@kzimmermann it used to be fine, just a neutral email service. It used to allow anonymous signup. Things changed a couple of years ago when it started to blackmail users to provide personal info.
@kzimmermann Hm, agree. I would encrypt the disk as well if possible. VPS providers can have access too.
The bad deed was done by a sysadmin and at least the company is taking steps:
"The Russian company said it's now in the process of notifying the owners of the 4,887 mailboxes that were compromised ...
The Russian company said that a "thorough internal investigation" of the incident is currently underway and that it plans to make changes to how its administrator staff can access user data."
But disk encryption by itself only protects against someone taking a physical disk and reading it.
If the provider can start the VPS instance up, then they can decrypt it, which means they can get full control over the system (e.g. by booting in single user mode and resetting root password).
It's not that disk encryption isn't valuable to have. It just doesn't matter for this scenario.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.