DigDeeper recently released a new article called "Incognet has a giant fucking vuln".
This article claims that there is a severe data leak vulnerability in both Incognet and Kyun. To summarize the article, newly created VMs are supposedly able to recover deleted data from previously deleted VMs.
If the claims in this article were true, it would be a major security vulnerability and would have potentially far-reaching implications for all current and previous Kyun users.
Now, according to everything I know, this is impossible. But I'm not going to dismiss claims this severe, especially not from a relatively popular website I've read some interesting articles from in the past.
So, Let's Test.
This test is reproducible by any Kyun user.
First, I created a new Danbo with an 800 GB disk, to maximize the chances of the VM disk being placed into previously written blocks (which would be already near 100% even with a small disk).
Next, I specifically did not install any OS to the main disk, because running photorec on the disk after an OS was installed is just going to retrieve base OS files and cloud the results. Instead, I just mounted a live ISO into the CD slot of the Danbo (in this case, Grml).
I started the VM, installed photorec, then started a recovery on the entirety of the main VM disk.
About 40 minutes later, photorec finished. The results?
Nothing. Let's dig deeper (haha get it funny joke) into WHY this vulnerability isn't possible. I'll keep this as simple as I can.
Thin Provisioning
Thin provisioning is a technology Kyun uses for Danbo disks (same as most other VM providers, I'm assuming Incognet do too).
Let's say you create a new VM with x GB of disk space. In reality, this is only a limit. On creation, the real size of the virtual disk, as far as the physical disk is concerned, is 0 (ignoring things such as metadata).
As you write to the virtual disk, space on the physical disk is allocated on the fly.
This is why you can't read data from blocks that you haven't written first.
Although, usually, when you delete data on a thin provisioned volume, same as with physical disks, the data is still there until the virtual disk is deleted altogether or the blocks the file was occupying are overwritten by new files.
This is because of how filesystems work - deleting a file doesn't actually delete the data from the disk. Not even reformatting with a new filesystem will delete the data, because the data is still there, it just isn't registered in the new filesystem.
This is why DigDeeper was able to recover previously deleted data from his own VM after a reinstall, which he mistook as data from other VMs.
Were he to have used Kyun's actual reinstall feature, the virtual disk would've been deleted and recreated with the new install, rendering the data from the previous install inaccessible by the new install. To reproduce DigDeeper's issue, you would have to manually reinstall via ISO.
Etc Etc
Kyun recently turned 2 years old, and we're getting close to 1000 active VMs.
As always, thank you for your support over these years, and a special thank you to everyone who shilled Kyun to their friends, family, and weird people on the internet. We've never done any real marketing so it was pretty much the main way Kyun was able to grow.
I know development has slowed down, but trust me, big things are coming this year.