How "private" is the new private networking?

Hi All, I am quite unexperienced in networks so I would like to ask someone who has more knowledge on this topic.

When DO introduced private networking back then there were some criticism that communication through the private network is not private at all while others can intercept the traffic within the same network (datacenter). So if you wanted to use the private network securely you had to configure a VPN for example to encrypt the communication.

Now I saw the announcement stating: “As of July 18, 2018, DigitalOcean private networking isolates communication at the account or team level between Droplets located in the same datacenter region.” and I was wondering whether this means that configuring a VPN is no longer necessary or others still have to possibility to sniff or even modify my traffic? I have searched DO support and other resources on the internet but I haven’t been able to find any reliable answer for this question.

It would be very nice if DO could clarify this, while misusing the private network could bring a huge security risk which could really bite unexperienced users like me.

Thank you very much for your help in advance!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

DigitalOcean Employee
DigitalOcean Employee badge
August 10, 2018
Accepted Answer

Hello friend!

Excellent question. Your private networking is isolated and, in theory, no one can sniff your traffic. The reason I say “in theory” is because I’m afraid I’ve seen a bit too much in my time in the industry thus far, not that we haven’t taken the appropriate measures to protect you.

I believe that the security measures you take should be equivalent to the data you need to protect. You should assume that every layer of security might one day be found to not be as secure as once thought. We never thought we’d see the day that CPUs themselves were not secure, but here we are after the fact, just a bit more paranoid than ever before. Trust that we’re going to be paranoid and put forth every effort to protect you, but supplement that with your own security measures because you never know what is around the corner.

I suppose the shorter version of this is to say I expect you to be secure without that VPN, but if your data is of value I think you should use that VPN anyway.

Kind Regards, Jarland

All this is cool, but DO really should allow private networking within the same account/team, and NOT limit it by data centers, especially if several of their data centers are unavailable from time to time.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel