…which is very much by design. The “Ownership Class” have understood the value of “Targeted Divide and Conquer” for a while now. A line from Metallica’s Master of Puppets comes to mind: Keep them tired it makes them well.

If you’re only talking about Storage (data at rest) or Network (data in transit) then encrypt/decrypt offsite and never let symmetric keys (or asymmetric private keys) near the VPS, or for in-transit you could similarly setup encrypted tunnels (symmetric/private keys offsite only) where neither end of the tunnel terminates at the VPS. If you’re talking about Compute then whatever does the processing inherently needs access to decrypted data (in RAM, cache, etc) to do anything meaningful. Although there are lots of methods for delegating, compartmentalising, obfuscating, etc (like enclaves, TPM/vTPM…) the unavoidable truth is that you must trust whomever owns the base-infra ultimately processing your data. The one vaguely useful way to use “other people’s computers” trustlessly is with SMPC (secure multi-party computation) spread sufficiently widely across multiple independent (preferably competing - or even adversarial!) virtual-computation providers, with an “N-of-M keys” policy that avoids any single provider being able to attain a meaningful level of access to your data independently, or being able to view tangible portions of your data while providing functionality during SMPC. That stuff gets super-niche though.

But… but he’s not a hurricane… I guess they could fix him up with horse tranquilliser and bleach afterwards though. (adding a /s here for the terminally oblivious)

I never used Reddit other than the rare view via a search-engine when trying to find something. I now lurk Lemmy daily but barely ever post. I read so many enlightening things here. Not leaving.