Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!
Having access to the physical layer of the network as well as the power grid feeding the servers, Bob could disrupt Alice's operations in the following way:
A VPS provides no privacy from a malicious cloud provider. It is like a glass box, as long as the data stored there is encrypted from the same device, it can be decrypted by the cloud provider
If data is meant to remain unreadable from the cloud provider, it would need to be encrypted elsewhere, and THEN sent to the VPS. That way the cloud provider wouldn't have access to the decryption keys that would've otherwise been stored in the servers' RAM.
Only encrypted data should transit/be stored in it and the decryption keys should never be present on the VPS itself.
This is the first strategy when it comes to running remote sensitive services: Multiple Glassboxes Strategy:
And lastly there is the second remote sensitive service strategy: The Blackbox Strategy
The idea here is to only use baremetal servers, rather than using VPSes, in order to have as close of an access to the server's hardware as possible, to reduce the capabilities that the adversary has on the server, preventing him from seeing what the contents of that server are.
This strategy is much more expensive as baremetal servers are not as cheap as VPSes, but the advantage is that the cloud provider has to put in much, much more effort to extract data from the memory (by performing a lengthy cold boot attack), in order to be able to decrypt the contents of the disks.
The upside is that you'll have to spin up new instances way less often than you'd have to when you were using VPSes, due to how much more expensive it is for a cloud provider to figure out that you're running a sensitive service on their servers.