[daneel_w]

A question to ExaMesh, in case someone from there happens to be reading: could you publically offer a guarantee and promise that not a single byte will be read off of (or written to) customers' SD cards or SSD drives before being installed, or after being uninstalled from your racks?

[KennyBlanken]

Not ExaMesh, but there are a variety of ways to encrypt the card and remotely unlock it.

You can use dropbear to ssh into the Pi and provide the key during boot.

You can have the Pi connect to a remote system to retrieve the key.

Some methods are obviously not perfect, but it'll definitely make it more complicated than just "copy the card." Remote key retrieval would let you audit when the system was booted and so on.

There's a more complex purpose-built open source software package specifically for handling remote disk unlocks but I'm blanking on the name and my google searches aren't turning it up. I vaguely recall it had fairly high levels of paranoia in its design.

[3xa]

I personally vouch for our team, but think about it: your Pi is connected to the Internet. You are responsible for the security of the Pi (system security, updates, encryption ...). You send us the hardware in the mail. How many hands does the package go through? Of course, no one gets into the data center without access authorization, etc. pp.

Encryption of your data is the key here.

[daneel_w]

Thanks for the assurance. The concern with "mail order co-lo" is of course that the customers themselves don't travel to the DC to install and power up the server.