Yep, I forgot about reboots. I guess I assumed a VNC session would be sufficient for that. I'm also assuming that the hardware is colo'd under a real identity so connecting to the machines directly is not a security threat. I was more worried about someone getting into the machines through a public facing sshd. Of course, that can be secured by turning password authentication off and only using RSA keys, but with ssh hidden services in stealth mode, you can deny there is any ssh at all. What would make this even safer is if you hosted it in your home. The major drawback is the really low outbound bandwidth. It's possible with a forum like this, which is mostly text. Turn off avatars for even better performance. I doubt a few hundred simultaneous users create more than a few 10s of kilobytes of sustained traffic, since they are not requesting data all the time. The main benefit is that a private residence is the best legally protected location. With dedicated servers, you don't own the hardware and the provider can hijack your servers at their discretion. Even with colo there will be terms and conditions and they can cut service, block your network connection, or shutdown the server whenever LE decides to do a correlation attack. When the hardware is hosted in your home, locked in a cage, with yourself and a few guns standing by, you can't beat that kind of protection. Edit: It's also safer for reboots because you do it directly through a keyboard/monitor connected to the machine, and maintenance issues / hardware upgrades are a lot easier to deal with.