Yes. Yes they can.

Good companies will have measures to ensure customer privacy, all the way up to ridiculous level stuff like keeping servers inside electrically touch-sensing cages with biometrically locked entrances that can only be entered with a customer representative present.

So generally there shouldn't be a cause for concern with any respectable provider.

Then again, running a server at home isn't that bad. My dad did it, he still does it, and now I do, too. We are each others' off-site backup.

The main issue is usually whether you have access to a suitable internet connection. If you want to access your stuff out-of-home, that is.

The hardware can be almost anything. Depending on what you want to run, you usually don't have to be picky. My machine was built, and gets upgraded, using dirt-cheap parts off the used market, always a couple generations behind the latest hardware.

The only thing I buy new are the hard-drives.

If it is in the RAM, they can read it. Since it is a virtual server they can freeze and clone the current state and connect to that copy and read all data that is currently encrypted/opened without you even knowing.

As soon as someone else has access to the hardware, assume someone else has access to the data. Depending on your threat model this might be acceptable. If you just don't want snooping, I'd say a VPS is a perfectly valid solution.

I use a dedicated server, but in this regard it is similar to a VPS, and I carefully consider what kind of data I put on it. I wouldn't put very private data on there. Simply because I see no need for it to be there.

They have full access to the hardware, everything on it, and all traffic going to/from it. So you need to trust the provider you use somewhat.

If you just want privacy from the usual online services by running some of your own stuff, then that's totally fine.

you dont need to run a server. get a mini pc, set it up, iron out the issues and it will run perfectly fine if you dont fuck with it.

there are a few tasks like updating it, but it can be set up to do it by itself. it doesnt need stellar reliability, just regular backups.

I use 2 VPN with my setup:

1. The private one, hosted on a VPS (OVHcloud). I set it up my self. It's a bit of work, as you need to take care of properly setting up firewall and reasonably security this server as it is directly facing the Internet. OVH provids some good guides on their website and you can find other resources. You can rent the lowest tire VPS and deploy Debian and Wireguard and you're all set ! This VPN is for connecting to my NAS at home from outside, and also for secure Internet browsing from public WiFi. This is my own VPN for me and myself (plus my family to a lesser extent).
2. The one for Torrenting exclusively Linux ISO of course. This one is a Nord on subscription, and the benefits is not really privacy IMO but rather to be drown into the traffic of thousands of other users.

I had similar concerns in the past. I decided to move all of my VPS hosted services to a physical server that I control. I then use a VPS as a portal, set to simply forward traffic without unencrypting the HTTPS. Look up SSL pass through.

Why would they.

Their core business is hosting.

It's not, but tls encryption cannot be read by a man in the middle. So feel free to use a vps as a way to shield your ip