Now that i covered home servers, time to cover remote servers as i know most people here prefer them.

My next tutorial is about how to acquire them anonymously. very easy with non-KYC cloud providers ( https:// kycnot DOT me/?t=service ) (paying them with monero, accessing them with tor, and accessing the SSH service through tor aswell), will do that tutorial shortly

However the main issue is what's next : how do you hide what you do on that server as much as possible from the cloud provider, for as long as possible ?
I think first you need to have to have a dedicated server, and you need to be able to upload your custom iso there, to make sure that the host OS doesn't contain any monitoring tools.
The host OS should contain packages needed (tor (as a bridge node), libvirt for QEMU/KVM VMs)

Then i think there needs to be a service to make sure that the host OS integrity remains the same (automatic system integrity checks (sha512sum on all filepaths, packages installed,also on all binaries, and libraries) (to avoid any cloud provider from spying in)), and if anything were to change, there should be an emergency shutdown script to be triggered (to keep the VM hidden)

Now for the VM i think it should be LUKS encrypted on the OS level (not sure if this would change much, as the encryption is serverside), and in it would run your sensitive service (ex: nginx, php and tor (which uses the host OS tor service as a bridge node)), of course the goal is that whole setup should be to make it as hard to find for the cloud provider as possible.

Of course, one should not abuse ressources or you would show up as a potential crypto miner, damaging the hardware in the long run

Feel free to criticize it, i'm interested to know how you guys would improve such a setup

Full graph here: http://ss.suragu.net/f/leajb/remote-server-draft.png

BTW the main problem i think is how do you encrypt all of a system's RAM for the host OS, to ward off cold boot attacks. definitely interested in how that can be done