Question

DigitalOcean VPN Privacy, in light of recent political news.

This is sort of a general question to the DigitalOcean staff at large:

Given this piece of recent news:

Republican senators yesterday introduced legislation that would overturn new privacy rules for Internet service providers. If the Federal Communications Commission rules are eliminated, ISPs would not have to get consumers’ explicit consent before selling or sharing Web browsing data and other private information with advertisers and other third parties.

and following it up by saying “It is time for permanent VPN’s” .

Can anyone comment as to how DigitalOcean treats user-data from droplets that are being used as a VPN? If DO is my endpoint, then is/will my data be collected? Does DO still have a commitment to privacy in this case?

If so, then I think DO should have that clearly stated as a selling point. I have a hunch that VPN’s are about to become very popular.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

@hansen

Yes, traffic is going in and out to DO is viewable to them and their ISPs - unless it’s encrypted, which it would be in case of OpenVPN/SWAN/etc. * your ISP can’t see anything but an encrypted VPN tunnel. DO (and their ISPs) will only be able to see traffic from DO to the final website, if it’s non-HTTPS*

so that jibes with what I was thinking…using a droplet as an openVpn server essentially encrypts things up to DO (and their ISP)…so, going back to the first post:

ISPs would not have to get consumers’ explicit consent before selling or sharing Web browsing data and other private information with advertisers and other third parties.

I would like to know if DO has plans to take advantage of this data to share/sell to advertisers and third parties, or does their dedication to privacy extend to using them as a VPS end-point

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@sierracircle

Just logged in to check the status of my ticket, as mentioned in my previous response, and here’s the overview (thanks Ethan!)

1). We do not log customer traffic, we do log the volume of that traffic and know which IPs are assigned to Droplets, we do not “filter” traffic but we do have automated alerts in place to check for abuse based on a variety of factors (PPS, Bandwidth, etc.). If one of this alerts is tripped, we may then start filtering out / black holing traffic to protect the infrastructure from harm.

2). Specifically on the point of VPNs: we have no way to decrypt that traffic, even if we wanted to, which we don’t. :) My advise if you are concerned about security has always been “encrypt everything everywhere”, it is the safest bet to data security at all levels.

3). We actually go over a lot of what you are asking about, pertaining to what we do and don’t collect here in our privacy policy. We then also have a Law Enforcement Guideline you can read over to see how someone would need to request information from the platform.

https://www.digitalocean.com/legal/privacy/

https://www.digitalocean.com/legal/enforcement/

As you can see there, we could give over the contents of a Droplet to abide a proper legal requests, but we couldn’t decrypt any data on the drive (again, impossible for us to do).

I think it is too old for question but it is really new for now.

As you know recently the arrest of French activist where ProtonMail has been disclose his IP to authority.

Now I want to create VPN to allow anyone use and want to open the internet by choosing DO Droptlet but I am not clear too if I create VPN server on DO and sometime that VPN use by hacker to hacker hide himself so what DO did to my VPN server?

I want to create VPN server where I really don’t log user IP or I don’t even know what they do just free for use VPN.

I don’t know it is bad idea or not but if my VPN server use by hacker on the internet did DO block or delete my droplet?

I think every other ISP now snoops and records user data after the US senate allowed them to do so. Not just that but according to the Communications Privacy Act 1986 the Government can access any user communication data if it’s stored or retained by ISPs or other service providers. This is right which is why you are right VPBs have become of prime importance now. I personally use Ivacy VPN.