>they are charging their customers after their customers have deactivated a service (destroyed a VM)
They are charging their customers for the number of minutes it takes to safely destroy the VM. This is not a charge for something coming 'after'. It's fundamentally a charge for their actual server use, not a bonus fee.
>What sort of mental gymnastics are required to make that a reasonable choice?
They aren't charging for security, they are giving you the option to buy less server time if you don't need security, or handle it yourself by wiping only the sensitive files. There are no mental gymnastics here.
I think you hit the nail on the head here: offering the option to buy less server time if you don't need to wipe data is probably reasonable.
Now, the problem here is that DO turned that choice around, and are therefore not providing security by default, but offering you the option to pay more to get it.
Additionally, this is poorly advertised (the API docs do not clearly state "Your data may be accessible by other users!"), and that explains why many customers are (reasonably) a bit pissed at DO.
Looking at their pricing page, it looks like an instance with 512MB RAM comes with a 20GB disk. Depending on host load, IO and process niceness etc, I can see a `dd if=/dev/zero of=...` taking ~10 minutes easily.
They are charging their customers for the number of minutes it takes to safely destroy the VM. This is not a charge for something coming 'after'. It's fundamentally a charge for their actual server use, not a bonus fee.
>What sort of mental gymnastics are required to make that a reasonable choice?
They aren't charging for security, they are giving you the option to buy less server time if you don't need security, or handle it yourself by wiping only the sensitive files. There are no mental gymnastics here.