I have the impression that many obfs4 bridges are run from VPSs and I want to take a shot at this as well. But I am a “noob”. So I am wondering about the security of such a setup. Would it not be trivial for the VPS provider to gain root access to a rented server if they really wanted to? And would someone with server access be able to manipulate the bridge, intercept the traffic or something? If so, can this be mitigated in some way, for instance with OS encryption?
I am also wondering why this guide is not linked to from the official setup guide, because according to it these security practices are “paramount”.
In one word: Yes. It is very easy to do on a technical level, but also very illegal in many parts of the world. If you run tor on a VPS, you need to have some basic level of trust with your provider.
For a VPS, no. If at all (depends on the type of virtualization), you can only have encryption at rest and not while your server is up and running.
Thanks for your reply. I can’t really say how I can establish a level of trust with any VPS provider, so I probably shouldn’t be doing this. Will put the bridge project on hold.
My suggestion is to look at the laws that govern them. In most of (or all of?) Western Europe as an example, sniffing your traffic is a serious crime. Why would your VPS provider risk losing their business over your VPS?
Also, there is a list of ISPs and hosters available where others had good or bad experience. Typically, the ones advertising privacy and tor-friendlyness are more expensive but that is not always the case. Link: Tor Project | Good Bad ISPs