James Stanley

Digital Ocean Private Networking is not Private

Thu 5 March 2015

Digital Ocean offer a "Private Networking" option which, to many people, sounds like it is accessible only to other droplets created by the same Digital Ocean account.

A coworker recently explained to me that this is not how it works.

The "Private Networking" mode is actually a network shared across every droplet in the same Digital Ocean datacentre! There are likely a large number of people who assume they can use Private Networking to keep services private, but are unwittingly exposing themselves to attack by any interested party.

So, if you use Digital Ocean's Private Networking for privacy purposes: you should stop right away and set up something else! Possibilities including setting up stunnel, or OpenVPN, or SSH tunnels. Feel free to get in touch if you need more information.

In Digital Ocean's defence, nowhere do they state that their Private Networking mode provides privacy. In the Private Networking announcement, they do describe it as "Shared Private Networking", though they do not make it explicit that it is shared with droplets belonging to other users.

If you like my blog, please consider subscribing to the RSS feed or the mailing list:

James Stanley - james@incoherency.co.uk | jesblogfnk2boep4.onion | [rss]