Zero-Knowledge Hosting — We Cannot Access Your Data

Zero-knowledge in a hosting context means that the hosting provider has zero knowledge of the contents of your server. This goes beyond a no-access policy — it means the provider is architecturally unable to access your data, regardless of intent, legal pressure, or security compromise. The cryptographic design of the system makes access impossible without your cooperation.

At AnubizHost, zero-knowledge is implemented through our key management architecture. Encryption keys for your VPS storage are generated, split, and distributed in a way that no single system, employee, or process within AnubizHost can reconstruct a usable decryption key. The key material needed to unlock your data is assembled only during your authenticated boot process and exists only in volatile memory for the duration of your server's operation.

This architecture means that even if AnubizHost were fully compromised — every server, every employee, every system — the attacker could not decrypt your stored data. The zero-knowledge design provides protection that does not depend on our operational security, our trustworthiness, or our resistance to legal pressure. It depends only on the mathematics of cryptography.

The zero-knowledge architecture relies on a distributed key management system. When your VPS is provisioned, a master encryption key is generated using a cryptographically secure random number generator. This key is immediately split into multiple shares using Shamir's Secret Sharing algorithm, with a threshold scheme that requires a minimum number of shares to reconstruct the key.

Key shares are distributed across geographically separated systems with distinct security boundaries. No single system holds enough shares to reconstruct the master key. The share distribution is designed so that even the complete compromise of any single facility, network segment, or administrative domain is insufficient to recover the key.

During your server's boot process, key shares are assembled in a secure enclave that exists only in volatile memory. The reconstructed key decrypts your storage volumes for the duration of the server's operation. When the server is shut down or rebooted, the key is discarded from memory and must be reassembled from shares for the next boot. No copy of the complete key ever touches persistent storage.

Standard full-disk encryption protects data at rest against physical seizure, but it typically does not protect against the hosting provider itself. In a standard encryption setup, the provider holds the encryption key (or a master key that can derive it) and can decrypt your data whenever they choose. The encryption protects against external threats but not against the provider.

Zero-knowledge hosting eliminates this vulnerability. The provider cannot decrypt your data because the provider does not possess the necessary key material. This is a fundamentally stronger security model because it removes the hosting provider from your trust boundary. You do not need to trust AnubizHost — you only need to trust the cryptographic algorithms we use, which are well-studied, publicly auditable, and widely deployed across the industry.

The practical implication is significant: even under legal compulsion, AnubizHost cannot provide access to your data. We can comply with a court order to shut down your server, but we cannot comply with an order to decrypt your storage because we are technically incapable of doing so. This is the strongest protection any hosting provider can offer.

Zero-knowledge hosting provides extremely strong protection for data at rest, but it is important to understand its limitations. While your stored data is cryptographically protected, data in transit and data in memory during active computation are subject to different threat models.

Network traffic between your server and the internet is visible at the network layer (though we do not log it). Data being actively processed by your applications exists in unencrypted form in RAM. A sufficiently sophisticated attacker with physical access to a running server could theoretically extract data from memory, though this attack is extremely difficult to execute in practice.

We are transparent about these limitations because overselling security is worse than under-delivering it. Zero-knowledge hosting at AnubizHost provides best-in-class protection for data at rest, combined with our no-log networking for data in transit. For data in active computation, we recommend application-level security measures such as encrypted database columns, in-memory encryption libraries, and secure coding practices as complementary protections.