sr2/docs.sr2.uk
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docs.sr2.uk/docs/hosted.md

3.1 KiB
Raw Permalink Blame History

sidebar_position
5

Hosted CDR Link FAQ

CDR offers hosted Link helpdesk instances managed by our deployment partner SR2 Communications, a trusted team within the digital rights community, with a proven track record of securely handling sensitive data.

Where do our hosted instances run?

Hosted instances run on SR2's public cloud, which in turn is hosted on servers rented from Hetzner Online GmbH. The datacenter runs on 100% green electricity (certificate) and has stringent security measures in place to prevent unauthorised access. Hetzner holds an ISO 27001 certification (certificate) relating to the security measures in place, and there are no exclusions from the scope in regard to measures mentioned in Annex A of ISO/IEC 27001:2022.

SR2 exclusively and manages the servers from Scotland via mutually authenticated, end-to-end encrypted channels. All CDR Link helpdesk data is stored on a LUKS-encrypted volume with a per-instance key to protect the data at rest. Hetzner staff have physical server access, but strict controls are in place to prevent unauthorised access.

Is my data backed up?

SR2 manages daily backups of your data and retains the backups for 7 days after creation. As your helpdesk will constantly be updating with new tickets and replies we have not ever had a reason to retain backups for longer than this, and we always try to minimise the amount of sensitive data we keep in "hot" storage.

The backups take the form of a full disk snapshot so we are not able to restore individual tickets if they are deleted accidentally, for example, we can only roll back the state of the whole helpdesk.

The backups are stored on a physical server hosted in Hetzner's datacenter separate from your helpdesk's primary storage. As the backups are a snapshot of the disk, the data is encrypted there with the same per-instance key that is used to encrypt the primary storage (it's a byte-for-byte copy of the same encrypted data).

Can I get a copy of my data?

This is possible, however it is a manual process so we require adequate notice and may refuse if requests are too frequent.

We would provision a small virtual machine with disk encryption and export a database dump to the virtual machine. Optionally we can encrypt the database dump to a GPG key.

We would then ask for your SSH public key, preferably over a channel like Signal where we are able to confirm the contact's authorisation, and then allow that SSH key access to download the backup.

Once you have confirmed that you have the backup we would delete the virtual machine, delete the encryption key, and the underlying storage it was using would be encrypted with no possibility of decryption.