Technically you’re correct: your VPS provider can inspect your network traffic, the contents of RAM and anything on the disk.

Bluntly: you have to trust your VPS provider, and if you’re unsure they’re trustworthy you shouldn’t use them.

(Scaleway is legitimate, bound by actual useful data protection laws, and has a comprehensive privacy and security policy.)

Honestly, from all the Gen Z and younger kids I know in my life the big thing that’s probably killing the fediverse is it’s not a media-first platform.

Not a one of them really participates in text-primary social media, which is what Lemmy definitely is.

Mastodon supports it better, but there’s so much gatekeeping around the “right way” to share media content that the few people I know that tried to use it just bounced off it because they couldn’t figure out the technical and social aspects of how to interact, because it’s just piles of conflicting opinions.

They will, however, spend an insane amount of time on TikTok or Youtube or Twitch or Instagram or Snapchat endlessly watching whatever comes up and scrolling along to the next thing or sending pictures/videos of whatever they’re doing at that moment to their friends.

Yeah, I just mentioned it because OCI is kinda wonky and requires some static routing stuff in the iptables on the host to have the platform work as intended (which, as far as I’m aware, no other hyperscaler does), which strikes me as really really lazy engineering, but I’m just a simple computer janitor so maybe I’m wrong there.

The most infuriating thing at my last job was people sending in a ticket freaked out that their database was stolen and ransomed, and us going ‘Well, we sent you 15 emails over the last 3 months telling you that you had the database open and improperly secured, so what exactly are you wanting us to do now?’

That’s not really the right approach on OCI, unfortunately: if you just flush the rules you also break a lot of their management plane.

You’d want to modify the /etc/iptables/rules.v4 and rules.v6 files to add any rules you want to load on boot (and, of course, if you just flush the rules without saving them, then it won’t persist and a reboot will break things, again).

It’s an arguable benefit: I’m a fan of having the security policies AND iptables sitting between me and doing something stupid, but I also spent most of the last decade dealing with literally thousands and thousands of compromised hosts that just whoopsie oopsed redis/jenkins/their database/a ftp service in a publicly accessible state, got hacked, then had the customer come crying to us asking why we didn’t keep them from blowing their foot off - which, basically, is what the OCI defaults do.