[antouank]

Still, I'm not sure how that will work. Say I spawn a VPS, and I start my VPN server in there. Can Amazon just go in there and snoop somehow? My keys are encrypted, even if they can see the disk they are on, and the traffic also. All it can do is see the network traffic that originates from that machine, and log that.

[pricechild]

Assume that if someone has physical access, the machine is compromised.

[foobar__]

They can easily look at the RAM of the VM and get the plain-text encryption keys for SSL or VPN or whatever.

I'm absolutely sure by now someone has written a program to automate this, and to be honest I expect some governments already force some companies to do this.