For the past days I've been participating(albeit over Teams) in a conference relevant to my industry (intel), basically startups and established companies showcasing their products to a closed audience of EU gov. officials.
One thing I noticed right away, is that all companies were asked "Can we fully host this from within EU or our country" from the various people in audience. Every single one. Many of the startups had slides prepared for this.
Definitely a change, because it is not something I can recall being important just a couple of years ago.
> Definitely a change, because it is not something I can recall being important just a couple of years ago.
I work as a consultant and freelancer across a bunch of companies, some American but mostly European ones. Last ~8 months or so, the sentiment about "Hosting our data in EU or even our own country" has drastically changed, I don't think I've seen such a clear shift in public opinion so fast before. The amount of migrations I've helped moving data from US to EU already is higher this calendar year than all the other years of my career.
Out of curiosity how much of this is a manifestation of the utility of LLMs? I get the current political impetus right now but also the barrier for swapping out an infra stack was also much higher 2 years ago. From my own projects major swaps are now relatively trivial which means that vendor lock in is weak.
Besides some companies that were deep into the weeds of AWS and been pushed to enable and use every single AWS service by their reps, I don't think it's much harder/easier today than it was two years ago.
Sure, LLMs help a bit with the actual typing, but the hard part is still planning, alignment and actual execution, all which are best done by humans talking and working with other humans.
I don't think we're in the days of "Hey Codex migrate our AWS stack 100% to Hetzner VPS stat" yet, without issues along the way. Wouldn't claim it's impossible either, but again the easy parts were already easy, and the hard parts are still hard.
Architecting to make portability easier should absolutely be a thing. But people in the weeds of a specific public cloud provider today will absolutely need to make tradeoffs between getting to a position where they can be more portable and devoting those resources to other things.
There been mumblings for as long as I've been a developer, I remember hearing about "EU data independence" first when the ePrivacy Directive came around, which must have been multiple decades ago at this point.
But yeah, in recent times the sentiment became more urgent. If I were to guess, with zero data in front of me and just judging by what I remember, I think the sentiment really changed first with the ICC blockade that happened last year, then it got really fueled on by the US threats to Greenland's sovereignty, I think that's when organizations and people really got stressed out about moving ASAP.
Around me, the threat to Greenland is what kicked the plans from “okay what mitigations should we envision?” to “alright, let’s go as far to actually run shadow ops to get acquainted with …” to full on move after the invasion.
Trump may genuinely end up being the best salesman European hosting companies ever had. I run one of the tools mentioned in this post (Bugsink) and I literally had an uptick of Danish people/companies (specifically) reaching out to me after Davos.
As someone who've basically started being known as "The guy who helps you move data out of US to Europe" in certain circles, I'm not complaining either :)
Yes, that was the thing that set off all the alarms. Trump 1 said a lot of things but had not completed the Hungary-fication of the US. Trump 1 was also before the Ukraine war!
I feel like the concern started getting popularised during the first Trump administration, because the US were overtly bullying the EU (and others of course). But the main change was that it was done overtly: before that the US has always been a big power trying to... say "defend the interests of the US" abroad. E.g. the US have been spying their allies forever. So I think it was more of a "they should stop bullying us in a few years", and indeed it went back to normal with Biden (again, "defending the interests of the US" and "leveraging their dominant position", which was kind of accepted).
The second Trump administration moved from "overtly bullying" to "behaving like a potential threat". In the second Trump administration, the US has used the tech monopolies against the EU and has become a military threat (not to mention the commercial war with tariffs). For many Europeans, it's not that the US are abusing their dominant position in negotiations anymore: it's that they are not an ally anymore. Not that they are seen as an enemy, but rather an unreliable partner who threatened to become an enemy.
I think that this is a very big shift, and that is why things are actually moving. And I don't think that this will change, because the risk of depending on the US monopolies has now materialised. That cannot be undone.
Trump 2 is worse than Trump 1 by far from EU perspective. And it also proved that it wasn't a once-off that Americans will vote in someone who threatens to dismantle NATO, invade Greenland, or start trade wars with allies for no reason.
Let's face it. Trump 2 is about dismantling democracy. The administration radiates hostility and aggression to anything democratic. In the new national security policy the EU is the adversary of the US. If that isn't a wake-up call.
Seems strange to me that not everyone, including republicans, aren't aware of this, when he's pretty outspoken about not wanting any more elections, and how "if you vote for me this time, it'll be the last time you have to vote".
If a presidential candidate anywhere else was openly talking about wanting to remove elections and democracy in the country (not to mention triggered an insurrection [?!]), I'm fairly sure they'd almost be automatically disqualified. Really strange situation all around.
From the a US perspective, EU hate each other and I see no way any temporary cohesiveness will last. Most EU countries are just as likely to elect a Trump in the next decade
I see how it may look like this from the outside. But I think it would be like saying that siblings hate each other because you witnessed an argument.
Most people in most EU countries consider the other EU countries as allies, even though they don't agree on everything. Now the fact that 27 countries argue means that they talk to each other. I think it's a lot less polarised than in the US. Or course there are extremes too.
What gave you the impression that EU members hate each other? It'd be a weird union if that was the case. Not saying it's not possible, I just haven't seen it myself, although I am a Swede so clearly I do hate the Danes and the Norrbaggar with passion, but it's love-hate, not hate-hate.
Trump wasn't threatening to invade European countries and supporting Putin's position in an ongoing war in term 1. He has been far more outwardly anti-EU in term 2.
Like NASA rockets don't have components whose manufacture is very carefully distributed over all US states just to keep the senators happy.
In any case, there are plenty of EU giants (ASML, SAP, Siemens, Alstom, Rheinmetall, etc) that are rather concentrated geographically speaking. EU fairness is more a government agency distribution thing, not for private companies.
You put your Headquarters in seattle, your data center in alabama, you have your dev team in SF... every state gets a slice
Like gov contracts and how they are divided is basically the largest conversation in defense contracts, they give more of a shit who will make the nails for a tank than the security parameters of the crew members
Yeah, I guess we replaced globalism with Europalism, since some of the other parties who initially pushed for globalism now wants nothing to do with it anymore. Oh well, I'm looking forward to closer connections and relationships to our French and Belgian brothers and sisters :)
An entire continent's sentiment shifting to pull market share away from your team is nothing to snark at, regardless of whether the first iteration works perfectly out of the box. I can guarantee you someone in Europe is smart enough to eventually get their needs sorted.
Several organizations in my area of Canada (including ours) have this as a directive right now too, and are actively exploring options for ensuring data is hosted in Canada or Europe (or have already begun or completed their migrations).
Being hosted in Canada is no longer the safety many assumed before. In reality it should not be an American company beholden to the current administration.
And that has never happened to any European company, right? (I'm looking at you ASML.) By your logic, does that mean that most European nations are "no longer the safety many assumed before"?
The example you mention is a tricky one, ASML is about as European as it is American. It is heavily subject to US export controls because its machines include US components, US software and US IP. They operate multiple R&D centers and factories in the US and employ a lot of US employees (~20%)
Not really, some of the IP is core to the product and it cannot function without it. In theory if you do something like come up with a complete replacement for EUV, you could, but everyone with deep pockets has already been trying to do that without success. Same goes for the supply chains, most companies (including ASML) don't manufacture everything themselves; so components that come out of the US would need non-US suppliers, which don't always exist.
I suppose it's a case of 'technically possible, realistically infeasible'.
A more likely scenario might be either a from-scratch not-as-good machine that you can source locally (supply-chain wise) or a novel finding (which is hard to predict if it will happen and if so, when).
Not just ASML, when I working in EU at another major Dutch semiconductor company, the leadership and decision making was mostly US-based and centered around US policies, even if the HQ was still technically in the NL, but because PE and most other major investors were all US Bay Area.
For example my manager had to reject a candidate from Iran, simply due to US policies, even if that wasn't against the EU policies, and would actually have been illegal discrimination in the EU where the position was opened, but this policy came from the US and was applied in an unwritten fashion in the EU.
The influence of the US on finance and tech is massively understated. Plenty of international EU tech companies whose business model doesn't revolve around catering to the EU market and sovereignty, will tailor their products and operations to comply with US regulations since that's where a lot of their customer base and money is made. Just read the last post of the CEO of Bird, you can disagree with him that he's a scumbag and he's full of shit, but the truth is if you want your SaaS to make money, you gotta be in the US. That's why Mistral has a large presence in SV and London. Continental EU just sucks for acquiring capital.
Even at the no-name Austrian startup I used to work before, the biggest investor was a US PE, since no German or Austrian investor wanted to invest more than 5 figures in the company, which was not enough to cover the payroll of the ML/data scientists. As long as the EU investors refuse to invest in domestic companies and their future, EU companies will forever be tied suckling to the US teat if they wish to grow and survive.
> but the truth is if you want your SaaS to make money, you gotta be in the US
Worth specifying here you're talking about VC-infested SaaS, not just your run-of-the-mill bootstrapped SaaS. It's very much possible to run a SaaS in Europe and make money, as countless of people already do, which I'm sure you too are aware of, but probably way harder to raise similar amount of money as US companies, that I'd agree with.
Edit: Strange typo; s/infested/invested, but kind of makes sense like that too so I'll just leave it, Freudian slip or something.
I spoke with some high level folks at a very profitable private company recently and inquired as to why they had DBAs on staff for what amounts to a pretty simple OLTP type system. Id naively assumed that someone of that scale would be using a cloud provider (RDS for AWS etc) thus negating the need for someone who really knows DB internals and upgrades and OS level stuff.
The answer was that they simply didn't trust GCP or AWS or Azure to see their data and know how much silly money they were making in the niche industry they almost completely monopolize.
I recently interviewed with a lower-case-m megacorp in a similar situation and they host on-prem for the same reason, at great expense and hassle in facilities all over the country.
Seems like theres room in the market for some kind of an On Prem Private Cloud Stack that emulates GCP/AWS etc but locally maybe?
Those local options exist, and have been around forever, but the problem is nobody is doing it without cutting corners and with pay-as-you-go elasticity (and the 'call an API, get a VM instantly' effects that go with it).
Most on-prem deployments were trash and a lot of them still are. Not because it couldn't be better but because it's easier to just have some random hypervisor department do this work manually and not do the work to create it as an internal product. Even VMware with vrealize failed and that's about as 'customisable cloud platform in a box' as COTS enterprise software can get.
Maybe it's because IaC and APIs were just not in the vocabulary of the average system integrator or on-prem operating team (it's still lots of clickops and copy-paste).
From our perspective I'm not sure the cloud abstraction is better or we even want it to be done like that locally. Look at S3 as an API for example. It's absolutely dire. I'd rather use NFS (!). And stuff like Lambda and Cloud Functions are just cat turds.
On the DB side, I can't say too much as we're a pretty obviously identifiable AWS customer if I give out any details. I will only say that nothing fits our size and scale so we have to run on bare metal. That just makes it really fucking expensive colocation.
Lambda is awesome .. until you actually try to use it for realsies. Cat turd is an apt description. Just being able to get the damn logs for debugging is itself a hassle. Terraform helps a ton in all this and I rarely find myself using the AWS UI anymore. Still Lambda is a great idea that just doesn't deliver for any use case more than responding to some S3 upload action or Event Bridge operation.
Don't even get me started on the API Gateway sitting in front of a group of related Lambdas. Its OK once you get it setup and running but buildign/changing it amounts to stabbing yourself in the eyes.
The "cloud" rose to prominence from a small period of tiem where Amazon had a lot of extra cloud capacity outside of Black Friday, etc, and linux networking issues that needed architecture to be a certain way.
Those linux networking issues have been long since solved, but the "cloud" was discovered to be incredibly profitable and sticky in the name of convenience and proliferated.
A lot of the "cloud" software is open source software that was packaged to have a web and api front end, and that service renamed to something specific to AWS, etc.
The fact that these "move off US infra" posts now routinely hit #1 on HN is itself pretty telling. Another example is the public outcry here in the Netherlands over selling off the company doing the infra for an important citizen-facing piece of government software (DigiD)...
Yup, I've been seeing the same development pretty much everywhere. It's become a standard question in procurement processes in all EU-based organizations I've worked for (I'm a consultant).
this is good, there's money to be saved in many many cases with self hosting. Cloud was supposed to save money but it's gotten so overdone that now companies have dedicated devops teams just like they use to have dedicated sysadmin teams. I think you can take the opensource paas's out there and selfhost something internal that covers 75-70% of your use case at a fraction of the cost of aws/gcp/azure.
i mean it makes so much sense, cause of the political instability. I recently was at a reception (because of the europe day) and there I talked to some officials that told me that even they don't really know how to to tackle the problems of nowadays. Basically every european state is trying to move its IT infrastructure from the US to Europe and i read somewhere in the news that Aldi is supposed to provide infrastructure to compete with AWS...
Loss of trust towards US is one factor; another is enshittification of services; yet another are good enough monopolies that EU don't have capital to disrupt
I'm willing to wager a bet the former reason is the bigger reason. Many of the data migrations I've helped with, been to services that owners know are slightly worse or doesn't have one feature they ideally should have had, but because of the first reason, it's more important to move now than to wait for it to be perfect. I don't think many are migrating because of "enshittification of services", I haven't heard that as a reason myself at least.
The USA is threatening war with the the EU and its allies. A loss of trust doesn't quite convey the seriousness of relationship destruction this causes and the monumental shift that is now happening.
The complete disinterest in international allies from the American public is troublesome. I recently was in a discussion about what kind of responsibility we can put on the residents of the US for this situation. A US lawyer answered "well the 25th amendment ties our hands, and we do a lot of protesting so no blame on us". The judgement on US citizens was pretty harsh.
You guys have to work a lot harder to fix your issues.
> The complete disinterest in international allies from the American public is troublesome.
I don't think that's a fair characterization of the American public. I am interested in America's standing in the world. More than half of Americans do not support these lunatics. Unfortunately due to our inherently unfair electoral system which gives preference to money and land over voters, it requires about 60~70% of Americans voting against them consistently for at least a decade to overcome the lunatics. That's just a very high bar to clear.
> You guys have to work a lot harder to fix your issues.
Open to suggestions. The only ideas I have for relinquishing control of the US from the billionaires back to the people would, rightly, get me banned from HN.
There is a way in which this whole situation has been revealing to me about how little some outside the US actually understand about US politics and civic structures, or alternatively have their own form of isolationism.
The heterogeneity in the US — culturally and in terms of political-legal structures — is far greater than those in Europe and Canada seem to understand sometimes. This is now combined with a corruption of democratic legal processes (e.g., gerrymandering) that make options outside of outright civil war a needle increasingly difficult to thread. There is a reason people are bringing up Hungary — it would be absurd to equate the EU with Hungary for the same reasons it's absurd to paint the entire US with a broad brush.
Something like 90% of people in the US opposed what was going on with Greenland. Just about the only people in favor of it in the US were the presidential administration and people trying to curry favor with it. What do you expect the other 90% to do? The legislators being petitioned were busy with a deluge of other immediate domestic problems — maybe people outside the US didn't understand the scope of the unaccountable fascist police occupation going on in cities such as Chicago, Minneapolis, or Los Angeles? Protesters in Minneapolis were being murdered by these thugs. That's not even getting into the dismantling of social safety nets, rampant corruption, Venezuela, etc etc etc
People outside the US do not want a US civil war. It's happened before and if it happened again would happen along the same geopolitical lines as before. It would be devastating not just to the US but to the rest of the world.
Treating everyone in the US as the same, without recognizing the very real divisions involved, or the structural stresses involved, doesn't help anything.
Everything happening in the US could happen everywhere. If you have enough politicians distorting and destroying traditional democratic mechanisms in favor of a criminal fascist and party domination, people have fewer and fewer options left outside of things that no one wants.
"The complete disinterest in international allies" is a dishonest statement, and I can only assume reflects total ignorance of what is happening in the US, and/or a self-serving defense mechanism to avoid really confronting the difficulty of what those in the US are faced with.
What's ironic to me in these discussions is how similar Ukraine was at one time to the current US administration (probably not by coincidence). Things change quickly.
>"Ukraine can never trust the EU again after this. There can always be another Orban."
Well, EU and the rest of the world owes nothing to Ukraine, yet they have provided much help. Blind trust is stupid anyways. Especially between countries.
>"Trust is broken forever."
This sounds like a drama queen. Look at your own politicians first.
> You guys have to work a lot harder to fix your issues.
As an American, that's pretty funny seeing how allies of the USA are constantly hostile toward Americans at every turn (unless we're buying a tshirt or something) and have been for many presidential administrations. Why would Americans be interested at all in what allies have to say when it's always negative anyway? When someone tells you you're their enemy long enough you begin to believe them.
As for the discussion of moving tech stacks to Europe, if that's where your company is why did that not make obvious sense day 0? Why would you place your critical infrastructure in another country not beholden to your laws? If you're based in Europe then you should host in Europe, and even further, host in your country.
> that's pretty funny seeing how allies of the USA are constantly hostile toward Americans at every turn
457 British solders dead in Afghanistan supporting US operations beg to differ.
Mate, seriously, step away from the propaganda and pay attention to what is happening to your democracy. Then you might understand why your allies are losing trust.
It should be a matter of shame, not pride, to the British that they followed a jingoistic US into a needless war in Afghanistan which achieved nothing but much senseless death.
trust or not, US vs EU or somewhere else, you should be in charge of your data and your data should be subject to your laws and yours alone. It only makes sense.
As a European: yes definitely. And that won't be fixed if you choose a sane administration again. There can always be another Trump. It will take significant time to build trust again.
An invasion threat isn't easily forgotten. Eventually things will be ok but America will have to prove itself again. Trust comes on foot and leaves on horseback.
Even if Trump is replaced by a Democrat, the conditions that made Trump happen are still there. That won't change from one day to the next. And don't forget he already happened twice.
10-20 years of decent administrations will make things ok again. But of course our economies will be much more decoupled by then. That process has been set in motion now and won't easily stop. That can start going the other way again but things will have to meaningfully change then over time.
As for Hungary I still don't trust them as far as I can throw them. I would have been happy to bump them back to candidate EU member during the Orban reign and let them prove themselves. Don't forget this Magyar guy is still super conservative. Just less anti EU. But unfortunately EU law didn't provide for the ability to throw a country out. That was a huge oversight.
You are right of course. Germany eventually rebuilt trust within Europe, but now have a highly decoupled economy from their neighbors. As you correctly point out.
1.) after ww 2 European economies were very decoupled
2.) One guy mentions Netherlands but if we can think about Poland, Israel, Ukraine. Israel and Ukraine because Germany supported these countries militarily, in Poland financially but still ww2 is not forgotten.
Btw. You can ask Canadian people what they thought about their annexation threats.
When I was young there was still a lot of ill will and distrust against the Germans and that was 40+ years after the war.
We were still joking about wanting our bikes back (the nazis stole everything metal at the end of the war to make weapons). And didn't like them at beach resorts etc. People would much rather buy American than German products.
That's over now but it took a very long time. Which was exactly my point. Time and consistently good politics will heal this but time it will take.
Of course the sooner you turn things around the better but the disconnection has already been set in motion and big ships turn slowly.
EU wokeup from their sleep with backstabs all around. What a rude awakening indeed. Possibly some were dismissed when they raised this scenario as unlikely.
I didn't say never. I just said, if America gets a sane administration again, things won't be automatically back to normal. There will be caution for years. Also, any new administration will spend years undoing all the destruction that has been done until things can be considered normal again.
GDPR gave us "oh cool AWS has eu-west-1 and pretends to comply so we can also pretend to comply" but I think the tone has shifted to actually caring, at least a little bit. And with the CLOUD act all the US based hyperscalars can't really offer compliant hosting.
In some cases but not enough. Some of us has been doing a lot to help educate companies and business here and with the current administration - and the fact that they are being explicitly backed/funded by the Silicon Valley tech companies long resisted government overreach - have helped to finally open ears in boardrooms to the dangers of the Cloud Act and other leverage.
Trump is not the core issue since he isn't a hereditary monarchical dictator.
It's the US population that's the problem, since they voted to put him into power TWICE, which means that they can also do it again, and again, and again, for other candidates not named Trump and not always Republican, but who could be even more unhinged, so we need to do everything to decouple from them so that their election decisions will impact us less.
No offence guys, but you do bare the responsibility of your democratic choices, as do we.
Well, neither was Orban, and he caused huge problems. The real enduring toxic legacy is the packing of SCOTUS, sold to voters as a means of overturning Roe V Wade but in fact a massive enabler for corruption and gerrymandering. Those guys are there until they die or Democrats grow a spine, probably the former.
I started the process of this back in January and now, at least in terms of product hosting; fully migrated into European infrastructure (https://bannermedia.ltd).
It didn't come without a bit of pain, but glad I've done it - and to come with this I've ended up building a whole terraform setup for cross provider / cross region high availability within Europe.
So far my key mappings included:
- Cloudflare -> Bunny CDN (and honestly I am so impressed with Bunny so far)
- AWS (or similar) -> Hetzner + OVH; I'm also looking at Civo.com for UK presence.
- GitHub -> Forgejo. I do actually still operate in GitHub for development only work, however Forgejo is mirrored within my European private network, and thats where deployment workflows happen.
- Google Analytics -> Self hosted Umami.
I'll be doing a writeup fairly soon on the entire process.
Waiting for your writeup, especially the Bunny part. We moved away from AWS but Cloudflare remains a point of failure, we are going to remove it as soon as we have some spare time to do the required research.
Honestly my needs are not super complicated. There are a few edge rules I have in place to try and block things like the TikTok Bytespider which is hammering one of my sites.
It's able to support round-robin multi-endpoint DNS, including weightings you can update which is super useful for what I'm doing.
I've only really needed to speak to support twice so far; one was to get un-blocked because I migrated all my sites too quickly on a fresh account lol, so triggered their suspicious activity (so just be aware of that) - but both times they replied within an hour and resolved things.
While I agree with him that the US is becoming more unpredictable, I don't think the EU is much better, especially with regards to digital things where they can be worse in some ways. For example, they are discussing restricting VPN access for 'child protection'[1]
I think that's a very different kind of concern, and its also been very predictable and slow.
I would also say though, you have to be a bit careful about "they are discussing" because there are many people across different countries with different agendas, and a huge amount of discussion between people. Your link for example is a pretty good bit of background info, clearly saying VPNs aren't just about accessing porn
> In the corporate world, VPNs are essential for secure remote work, allowing employees to access company
systems without compromising sensitive information. For individual users, VPNs prevent tracking by
internet service providers, advertisers and potential cybercriminals. They are also used to access
educational or entertainment content that may be restricted in certain countries, including authoritarian
regimes, supporting freedom of information and digital inclusivity, as censorship becomes more difficult to
enforce through VPN use.
It links off to sites discussing possible approaches to age verification which highlights that various approaches in France didn't meet the regulators requirements because of a lack of privacy.
I think this is a different kind of concern about how your products must work compared to worrying that with little to no notice your country may be cut off due to a diplomatic spat from some specific service.
If you/your company is already inside the EU, you can't really escape the EU's unpredictability, but you can to some extend reduce the blast radius of the American government's whims.
Most digital things in Europe are in fact much better. Lots of laws allow people to protect themselves from digital exploitation.
I agree that there is a ton of bullshit as well though. Gotta dox myself with imprints for example, so I cant share my work with people without also doxing myself. Also as a hobbyist you pretty much need all the business documents as well, like a privacy policy even if its just a small public app on the playstore. Also gotta make sure that data of European citizens never leaves Europe and and and... Lots of things to remember.
And before anyone asks, yes I know an imprint usually is only required for businesses, but nowadays pretty much everything could have business intent.
I'd never heard of that imprint stuff but that's pretty Draconian yeah. If it will start being required for foreign sites I'll block all German IPs.
I avoid doing any business in Germany these days. I tried to get a VPS from Hetzner but they demanded a copy of my ID and didn't accept that I blanked out my citizen number. Which is actually recommended by our national police for identify theft risk.
I am from Canada and when renting from Hetzner was never asked about personal ID. Maybe because I started few years ago. Never knew about Scaleway. Looked at their website - prices for bare metal seem to be higher than in Hetzner
The ID checks are random. When I registered a while back I had to provide mine, so I aborted the registration. I tried again recently and was not asked for one.
True, I guess Germany has a lot of extra layers to all this. It's really not easy to actually publish anything without being in risk of some bored lawyer making your life hell.
> need all the business documents as well, like a privacy policy even if its just a small public app on the playstore
And this is a bad thing why exactly ?!?!?!
If you respect your users data and right to privacy then you've got nothing to hide by publishing an EU compliant privacy policy.
It might be "just a small app", but I and many other people still very much still "do give a damn" about what the hell you do with my data, where you store it, how long you store it and how I can exercise my GDPR rights.
Because if I want to provide an app to like 5 people I know personally, I am soon forced to do so via the Playstore due to Google disabling sideloading on Android.
So now I am forced to inform myself about all the bullshit documents I never cared for beforehand. Yes I know what I am allowed to do with my users data, no I don't send it to some data brokers, yes I already comply to privacy laws and whatnot. Just requiring some official document that you have to let a lawyer take a look at is beyond me.
Of course. But then again, it was the US that threatened the EU with military invasion, so if you want your service to continue uninterrupted, it helps being prepared.
Currently, if you want the internet-climate of the 1990s or even 2010s, you need to build yours, preferably on a different planet, with your own hardware.
We don't have any "ideal" places anymore.
And we need to defend what we support and believe.
Have you been around at that time? NSA had recording boxes at ISP routing places, every few days guy would come to swap hdds. Most com was unencrypted. Or read about echolon...
Yeah echelon seemed overwhelming at the time, and encryption was to be the answer.
But it turn out surveillance works just fine if you only focus on the meta data. Knowing who takes to whom, and which sites people visit is much more valuable (and much cheaper) than scanning the actual payload.
And why collect all that data yourself if ad companies are happy to sell it to you, ie to the government? (Huh, maybe that's why Facebook changed its name to Meta, come to think of it)
I was four when I was programming my Commodore 64.
I have seen "parallel [dial-up] modem banks" for "lawful interception", then specialized Ethernet cards for DPI, watched traffic analysis dashboard of a REDACTED country live, did DPI on powerful-enough systems myself for personal testing.
I have gone through USENET, flame wars, IRC; did my own MITM, etc. Always knew about echelon, how escrow based Encryption canceled last moment, etc. etc. etc.
At least, the barriers were higher then. These barriers required people to be considerate, well-targeted and selective. Now we don't have any of these. The overhead is almost non-existent for these things.
Doing dragnet operations were costly, and this allowed curious yet good-hearted people to understand the environment they lived in. Now, we're all blacklisted by default and whitelisted as long as we don't touch the wrong paving stone on the internet.
This is exactly right. The new internet is analogous to cable television, but of course so much worse in many ways. The outrage and addiction are far worse, there are brand new privacy constraints, and of course it's controlled by powerful business interests with much more time and resources to pump into the problem than you have to fight it.
The author isn't just moving their personal setup; they're also moving their business operations. It's not some slacktivism 'I don't like the US any more' issue; it's a 'how can I maintain my income now the US is firing all its glass cannon' issue.
Yeah except he made multiple exceptions and justified them with "OK well I guess these can stay because they're better than what's available in Europe." So it's not exactly "I have my values and I'm sticking with them no matter what."
It's horrible everywhere. If you're in the EU go donate to: https://epicenter.works/ They're a citizen rights NGO working against all that BS in the EU (and in Austria, where they're from).
Utah has already implemented this. But yes this and Chatcontrol is very bad. The EU is not all good and we need to keep fighting such government overreach.
> they are discussing restricting VPN access for 'child protection
Oh FFS!
Governments discussing such things doesn't _remotely_ mean there is a political will for them, or that they will be voted into law. Governments are expected to research and discuss paths of legislation (and in this case, come to the conclusion banning VPNs is both harmful and ridiculous).
This is how our democracies work!
Implying government discussions will be approved legislation is, at best ignorant, at worst trolling.
Why do you think entirely different countries and states with entirely different politics across Europe Canada and America all pushing the same policy coincidentally within the space of 6 months has anything to do with democracy.
> Implying government discussions will be approved legislation is, at best ignorant, at worst trolling.
Don't get too much up in your arms about it, any topic about Europe and EU on HN ends up with huge swaths of American commentators seemingly willfully misunderstanding or spreading FUD in these comment threads.
You'll get used to it eventually, so you can identify what's the real criticism and worthwhile discussions, vs the easy trolling attempts.
Also, the "open your app store to competitors" was just bullshit, eyewash, cop out. The apps on these "alternative app stores" still need to jump through all the hoops, pay apple development fees, get approved etc.
American company maliciously complying with the law, thinking they can get away with it? Never heard about such thing!
Jokes aside, the long arm of the law takes some time, it took us long time go get Apple to even allow alternative app stores. Eventually they'll get fined and actually start following the spirit of the regulations, but it'll take time as they try to drag it out as much as they can.
> While I agree with him that the US is becoming more unpredictable, I don't think the EU is much better, especially with regards to digital things where they can be worse in some ways.
It makes a lot more sense if you realize pretty much the sole motivation behind all this digital virtue signaling is "put my data somewhere Trump isn't."
Notice how no one really lists contingencies for "what if the EU goes off the rails"? There's always an implicit assumption that EU politics will always be "sane" (read: "aligned with my personal politics").
> Notice how no one really lists contingencies for "what if the EU goes off the rails"?
Where did you try to find this? And what does "EU goes off the rails" actually mean here? There are a bunch of contingencies already in place for economic instability both for individual members states and EU-wide, there is "Article 7 of the Treaty on European Union" in case there is one rogue member, and then each member state has a bunch of their own contingencies already too.
What exactly is missing here?
> There's always an implicit assumption that EU politics will always be "sane" (read: "aligned with my personal politics").
I think you might severely misunderstand how decisions are made in EU, and also how regulations and such are actually implemented. I don't think there is any such assumptions at all, that's why we have elections, votes and referendums, because people and states have different opinions about what is sane vs not.
Where are you even getting these misconceptions from?
I think you misunderstood what I was talking about, or perhaps you're an example of it.
> And what does "EU goes off the rails" actually mean here?
It means, "what if the EU starts acting belligerently to other countries like the US has?" Where, hypothetically, would someone move their data since now the US and EU are off the table?
And if your answer is "well, you see that would simply be impossible because <waves hands about EU policy making>", then I guess you're an example of someone believing that EU politics will forever remain sane.
> that's why we have elections, votes and referendums, because people and states have different opinions about what is sane vs not.
> It means, "what if the EU starts acting belligerently to other countries like the US has?" Where, hypothetically, would someone move their data since now the US and EU are off the table?
You mean if a EU member state does this? Then those contingencies I mentioned earlier will be used.
If you're a EU member and another EU member does that, you'd still have your data in EU, just not in that member state, if you had that.
> And if your answer is "well, you see that would simply be impossible because <waves hands about EU policy making>", then I guess you're an example of someone believing that EU politics will forever remain sane.
I've literally pointed you to concrete and very real contingencies that exists today, zero hand-waving.
> Same situation as the US...
I don't know how it works there, I just know that no one in the EU assumes everyone else will always agree with you, and if you look at how democracy works in EU and in the member states, I don't think anyone has those assumptions there either.
> they are discussing restricting VPN access for 'child protection'
Just like with encryption, there will always be an idiot politician somewhere discussing banning it. Mr Google tells me, for example, that lawmakers in Michigan (US) recently proposed " Anticorruption of Public Morals Act" which contained VPN banning clauses.
Frankly, until such time as it actually NEARS, let alone BECOMES legislation, the only thing posts such as yours are doing is spreading FUD.
The clue is in the URL you post "thinktank". It not even EU parliament, let alone been through the parliament debates, let alone passed to votes, let alone passed to being implemented by member states .... its just a random idea someone wrote down.
And quite frankly, I would still much rather be in the EU's digital environment than that of the US.
Not only that but if you actually read the linked document it isn't calling for a VPN ban. It's a general report on what VPNs are and how they're perceived by various bodies. It does make reference to the UK Child Safety Commissioner's suggestion that they should be restricted to adult use only but it also talks about how essential they are for business etc. On the whole it's quite balanced and the existence of such a report seems very reasonable.
It's a result from the "European Parliamentary Research Service", hosted on the official website of the European parliament. And it is fully inline with recent attempted and success legislation of the same parliament. I am not sure why you would call this a "random idea" and an established member of the Parliamentary Research Service as "someone".
And if we go to the homepage for "European Parliamentary Research Service", we see:
EPRS’ mission is to provide Members of the European Parliament, and where appropriate parliamentary committees, with independent, objective and authoritative analysis of, and research on, policy issues relating to the European Union, in order to assist them in their parliamentary work.
So a Member of Parliament asked them to conduct this piece of RESEARCH, so what ? It may or may not ever see the light of day in parliament !
Across all publication types, the "European Parliamentary Research Service" published 1034 documents in 2025 and, 486 documents so far in 2026. And for this specific publication type ("At a glance"), they published 285 in 2025 and 113 so far this year.
How many of those hundreds of documents per year of RESEARCH actually make it all the way through to legislation I don't know .... but I think you'll find its a safe bet that its a fraction.
My understanding is that the research service is providing legislation with research to inform them on how to implement. What is your claim? That the parliamentary research service is just a bunch of people writing documents nobody cares about and if you look just long enough you will find for each of their results something that claims the opposite?
> My understanding is that the research service is providing legislation with research to inform them on how to implement.
Dude, just go read the damn website.
The research service does not operate on its own volition. An MEP requests a piece of research to assist them in their parliamentary work because they require independent, objective and authoritative analysis of a topic.
Please stop with the damn conspiracy theories. Sheesh.
A random MEP asked for this research. The MEP may or may not ever table anything based on the research. Ergo, it may or may not ever progress into the parliamentary debate, let alone votes, let alone member state implementation.
I am not aware I was spreading conspiracy theories, and I do not understand why you have to be so aggressive and simultaneously defensive.
An independent, objective, and authoritative analysis requested by a MEP speculates that a restriction or ban on VPN is likely. I think this is valuable information. You are saying this is worth nothing until it actually gets up to a vote. I disagree, I see your point and maybe it's fine to panic only when it actually comes to a vote, but I prefer to know what to expect, and what the Research Service considers an "independent, objective, and authoritative analysis" on this topic.
It is good to diversify but people should really not make Europe out to be some sanctuary. European governments (and thus companies) are still going to cooperate with America. When the day comes when they do not, America's reach will still be long.
Never mind the fact that incentives in Europe are not so different from the USA. It may look that way now, but often moving across the globe just means trading one villain for another.
Still a good idea, just a word of caution. If people make a move such as this based on some assumption about the stability of the European regulatory scheme you may want to examine that assumption with a little more rigor.
This. The privacy threats are somewhat different, but they still stem from government. The EU has tried to attack end-to-end encryption more than once, and they will try again. They are now requiring logging of IP addresses, and ever more tracking of use activities. The legislation requiring age verification is the camel's nose in the tent - expect them to require full ID soon. Etc.
All Western governments have clearly decided to restrict individual rights to privacy, political advocacy, and free speech in general. The way this is happening simultaneously in so many countries seems a clear indication of a coordinated effort.
Well this is nice. Apparently I reached some limits (thanks all), and had to pay Cloudflare more. Fair I guess, although some warning would've been nice. Tried multiple payment options multiple times just now and Cloudflare botched every time without giving me an error message. Finally managed to get it through on the 10th time. Please be gentle now :/
That sucks... Bunny CDN served me and others great when it comes to a Cloudflare alternative, if you're looking for an alternative.
I understand the pragmatism with going with CF, but I'd lie if I didn't also say using CF as the front for your entire "European Digital Stack" kind of makes the blog-post feel less authentic compared to my initial impression, because of that.
I want point out the other aspect of that decision to use cloudflare because the content is already public.
If your users are in a sanctioned region or a sanctioned entity it is entirely possible for cloudflare to deny serving them traffic. In a way your website users are still bound to the US policies even if you or your country doesnt approve of those sanctions.
I think it's more likely they just use/abuse it than specifically created it, same as things like google spyware. The NSA's desires and the ad industry are aligned, so its a match made in heaven.
Have to wait for the next Snowden before you get any citations.
NSA collaborator or not, the mere existence of something like Cloudflare, which also tries to nudge you into skipping internal http/tls and just use that at the front, makes it highly likely that NSA is already deep in their infrastructure, just like they've been in the past for literally any big technology company in the US.
But yeah, zero citations, zero evidence, just based on history and what the goal of the organization is, it's pretty clear what's going on already.
I’ve also moved all mine to Europe. There are ample alternatives to us-based commercial cloud.
The regulatory environment is different, so it’s worth understanding the ramifications as far as what’s expected of you if you’re operating in a different jurisdiction. It’s nothing that can’t be handled, but some may find they have to care about things they haven’t before
It’s a great exercise for shoring up independence from extractive providers
Maybe I should have AI write up an article too. Honestly, it’s not just rare, it quietly matters
Matomo charges 22 euros for 50k hits/month.[0] Basically, it's unusable for anything other than a hobby site - especially with the number of crawlers nowadays.
If you self host for free, you're missing basically all of the good parts of web analytics such as funnel analysis as they lock all of those features being paid subs.
Sorry for the self-promotion, just wanted to mention that I'm actively working on https://vemetric.com and will soon provide a self-hosted version as well. Maybe it's interesting for some of you :)
I actually decided to self host analytics and generated a simple drop in google analytics replacement. People overthink these things. It's a very straightforward analytics API. And if you ingest the data in a good database or metrics engine (I used Elasticsearch), you can query it quite easily.
In my case, my motivation was that I want to use LLMs to query the data with agents. This whole thing was surprisingly easy to setup and a positive thing is that you don't have a scary extra data controller doing shady things with the data.
Or, to plug-in my own solution, you can self-host UXWizz[0], pay once, get all features and also receive support/help with setup/self-hosting and long-term maintenance.
Analytics should be self hosted. For any serious business there should never be a reason to use a SaaS product. For SME (including startups) obviously yes. But if you have devops teams then deploy on your own hardware.
Yeah but you're missing the point. Nobody else has the worlds biggest search engine and ad network to allow them to do the same. Others have to charge.
I am in the US but my daily chat AI is Proton's Lumo+. Adequate, good features, not too expensive. I am near the end of a 1 month experiment using Google's $250/month Ultra AI plan and I wanted to try something different when the Ultra plan ends. I have tried Mistral's Vibe command line coding agent and considered it, but decided on a one month OpenCode + Deepseek v4 experiment.
I understand why Europeans might want to go all in on their own tech stacks, but it might be more strategic to just not get locked in to specific providers. Maybe a mix of European, US, and Asian tech - with a good plan for easy migration.
First time I heard about Mistral, so I went to the site. I first thought their logo is a pixel-art letter M. Then I read that their chatbot/agent is called "Le Chat"... wait a minute, that means something different in French? And then I noticed that the logo can also be seen as a cat head (from the whiskers up). Then I scrolled to the end of the page and saw my suspicion confirmed: https://cms.mistral.ai/assets/920e56ee-25c5-439d-bd31-fbdf5c... . Kudos to the designer(s)!
Just a nitpick: 1Password is Canadian (still not European, but not us based, if that’s the issue). I do understand the choice to move all into proton though.
Matomo is nice on low traffic, but when we have a sustained rate of 5-25 logins per second and above things become real slow. Using regexps is really bad when you start having problems, but they are fine on low traffic sites.
So If like it but it is a headache on high traffic sites. If anyone have an easy solution I would gladly accept it.
I have worked with two clients. Both north of 8 million visits a month. Both on matomo. Both self hosted.
If you architect the underlying infra right it still works like a charm. But I admit people need to know what they are doing. I was quite impressed with both infra teams.
But as always, if you do not want tu use auto scaling US cloud based services, you need to enasure you have the right scaling and the necessary technical expertise at hand.
I had no problems either, until we hit peaks. We hit our problems at about 7 million unique logins per month, we do not track visits in the same way. I am not that invested in Matomo and it just costs time for me.
I am not sure how you scale Matomo we could not vertically scale anymore, we never did MySQL clusters because it just was not cost efficient for internal reasons.
Managed a fairly large matomo site in the past. Using queue plugin (https://plugins.matomo.org/QueuedTracking) with Redis Cluster really improves the situation. We actually built a custom plugin with Nginx + Lua to avoid PHP altogether for the tracking part. Scaling ingestion then wasn't the problem, draining the queue was
The tracking was not the issue the problem was report generation with segments. Every segment makes you regenerate all the reports. Tracking part is a problem because you need to split the tracking and report part of you want to have something robust.
Seems like not being compatible with Sentry's agent is a missed opportunity for Appsignal, which I think is the premier EU based (Amsterdam) APM suite at the moment. It sounds like Bugsink is rather barebones in comparison and I bet a quick agentic coding session would make short work of a migration to AppSignal.
I do use a lot of EU services. But help me understand what is the hype about moving to EU cloud services? Is it any different? Wasn't internet supposed to break the international borders and bring us together?
The biggest issue, is that the whole stack keeps being dependent on external nations, as per the companies that actually contribute to FOSS with big money.
Then it is Go (Google), Java (Oracle, IBM, Red-Hat), .NET (Microsoft), Rust (Amazon, Microsoft, Google), Typescript (Microsoft), C and C++ (Red-Hat, IBM, Microsoft, Apple Google, ...), and so on.
Attack vectors and supply chain, every piece of the puzzle matters.
There is no accident that folks like Oxide go through the trouble to control the whole stack, hardware, software, programming language toolchains they are using, only working with vendors that provide them every single documentation and customisation points they need.
A pragmatic article, always nice. I was surprised that gitlab and github was stillton the list. For me moving to self hosted forgejo was one of the easiest transition i had. But i did not have complex CI/CD needs
That lettermint service looks interesting! I was recently looking for something in that price range that covers both transactional and broadcast emails but couldn't find anything in Europe so I settled on Postmark which has been good, this looks almost identical in features and pricing though.
Same here. I just discovered this and put it in my "check out tonight" folder. I am currently happy using resend. But this looks interesting, especially also for my freelance clients with a focus on EU tech.
Meanwhile, we here in Europe move our stacks over to other continents or at least ourside of the EU to workaround the crazy EU regulation nonsense ;)
We live in crazy times my friends...
Every now and then I see similar posts and people move to Proton from Gmail, because it is European. Well, it’s fine if that‘s the only reason you switch, but if you switch because US became weird and lost your trust, you might want to check their CEO‘s comments on political issues.
While Andy Yen supports specific Trump-aligned initiatives for precise goals, such as breaking up Big Tech monopolies (which, btw, Trump won't), this does not mean he will replicate the erratic nature and global loss of trust associated with Trump and his administration.
The Cloud Act is real and transcends any single company. This global erosion of trust highlights deeper concerns: specifically, that US practices have always been coercive. Now, the world is learning and taking action.
All my customers are in US and Canada, so switching to EU will automatically add latency to everything. That's a deal breaker for me, so I end up hosting on DO TOR cloud. At least it's not hosted in US but it is by a US company.
Not a stupid question at all. Hetzner's cheapest cloud server is €4/month, which includes 20TB of egress. Certainly not free, but should be cheap enough for most.
Heh, ironic that the link is now "temporarily rate limited" my cloudflare. I can't read the article, but it looks like he did not move everything to europe ;-)
Sorry to bring it to you folks, but this is not how you build a competitive industry. You put properly though-through legislation in place if you want EU to be competitive with US and China. Not regulations, for f sake.
Honestly not everyone wants and needs a EU that can go head to head with the US and China. The markets there follow different philosophies: one is the wild west of free markets to the extreme and the other fully centralised.
I personally want a sane, stable and consumer-friendly market, no unicorns but strong consumer laws and enforcement against mispractice of businesses towards people and the environment. We are far from it but I think the EU is the closest to an entity acting like that and being predictable.
The US chases the dollars at all costs and China similar but depending on the party lines of the decade.
I have several small SaaS apps running on Rended and Railway. I would like to host them in EU. Wondering if there are similar "managed" PaaS options here. I found none.
A sympathize, but my EU biz bets on US tech. We are in a tricky position now. So every 'Look ma I moved away from US big tech' post triggers me. Details: https://blog.fortrabbit.com/us-against-them
I wonder if the author considered moving payment processing to Adyen from Stripe? They're also EU-based and a bit more... well known? I liked integrating with them in the past.
Yeah trying to move more stuff out of the US too, while simultaneously trying to pick things that don’t follow the stupid unlimited scaling of how much money we can pull out of your wallet model. Two birds with one stone.
There are definitely technical gaps though. eg bunny still uses one unified api key. CF I can lock to an IP and set granular permissions
One of my friends made fremforge.com (an EU-sovereign CI/CD with Git included). It's currently in closed beta but goes live next week (tm). It is built upon Forgejo and EU-based services using T-Cloud as the underlying hyperscaler. Have a look! I don't make any money from it, by the way. And yes, it will cost a little bit, but rest assured: because you are paying for it, you will not be the product.
Showed Cloudflare error page "Please check back later - Error 1027" for me for a while, DNS still pointing there... So probably not so European after all!
I switched to Protonmail a month ago. It is patently inferior to gmail. Every day I get annoyed by some weakness in the UI that google had apparently just always solved without me ever having to think about it. For example, reading long email chains in the proton UI is horrific. I don't know what google did that made it natural to read and proton does so badly, but it is painful to read these long chains of emails. Another example is log emails from my servers are getting grouped together by Proton. Gmail had sepearated the logs into separate emails in a very natural way. These small annoyances add up and I'm not having a fun time right now with proton.
This is actually a pretty interesting observation as GMail, when it first came out, was just as clunky as all the other webmail clients. At the time, everyone was used to Yahoo!, MSN, etc. and Google was the odd one out with their webmail client.
This changed when they were the first folks out there to get a dynamic interface in the browser (some of you may fondly or not so fondly remember the days of DHTML, XMLHTTPRequest, and the like). Fast forward 10 or 15 years and now GMail is the standard by which everything else is measured.
I'm sure there are some things that are objectively better, but a surprising amount of preference comes from familiarity.
Proton Mail not supporting filters for message bodies is brutal, I understand why they don't do it but that really lowers its usability for me. Bummer.
I am not running a company, just a household but this article speaks to me. I have given this topic plenty of thought in the past year as I have a growing unease with large American tech firms and how they use data. These are some of my setups (in the spirit of the article)
I have also rid myself of Google Analytics for a personal website. Replaced with a local solution that parses logs and builds reports that give me quite a bit of information. Its a more ethical type of analytics leaving no cookies behind and no trackers at all. All info is from the web server logs, you can grok quite a bit of insight from this alone.
Email is the biggest challenge, I have mapped out the entire migration steps for Google Workspace to Proton but have not yet pulled the trigger. The main thing is coordination with the rest of my family who use the domain for their email as well, they don't share my obsession with "digital sovereignty" so there is some negotiation around time tables :-) The Proton family plan will cut the bill in about half.
Password management --> KeepassXC with db on local nas. For personal use I feel you can't beat self hosted for password management.
Compute, Digital Ocean I continue to use and has servers in Toronto which works for me geographically. It's very low down my list of migration plans, they just work and they have treated me pretty good over the years.
Storage all self hosted (ownCloud and Openmediavault). Are they the best options, maybe not but they just work. No cloud based storage at all (Google/Apple etc etc). If I ever throw something out there it is gpg encrypted).
Offsite backups, two local copies to seperate drives (dejadup) on my NAS and offsite storage.
There are still some other services I need to consider. I do have Claude Pro. I run local LLM's for a lot of stuff with OpenwebUI but its not a full replacement.
CDN - Also use Cloudflare free tier. Have to give it more thought, it just works so well.
DNS is fully self hosted using dns-crypt-proxy / dnssec to Quad9 and Mullvad DNS. Works great. I actually blackhole any hits to google dns at the router, media and iot devices love to ignore your dns settings.
Github for code hosting. I know, Microsoft, but it works and is not a hill I am willing to die on just yet.
Photos self hosted with Immich on Proxmox. It's been pretty solid.
VPN, Wireguard to the home and have also integrated Tailscale for some things, which has been handy for extending connectivity and supporting my dad in a different city. Apparently they are based in Canada so that is a bonus. I use the free tier for now but am considering the paid version just to support them.
Router and wireless access points all on the latest Openwrt with consumer grade equipment, some of which I picked up used for like 20 bucks. Allows me to have home, guest, media and iot vlans for proper network segregation. Is it overkill? 10 years ago maybe but today I would not run any other way.
Unless you're implying that Verisign isn't a US company, just because .com has become the conventional domain for businesses worldwide doesn't change the fact that it's US-based. Similarly, the EU's widespread adoption of Microsoft Office doesn't make it any less American.
It's a bit like .gov and .edu; technically exclusive to the US. The difference is that .com and .org were opened up for anyone to purchase.
And it goes deeper than just intent: .com was literally administered under a US government contract for decades, with Verisign only ending up in control because they acquired the company that held that government contract.
So while anyone can buy a .com today, the infrastructure and oversight have always been firmly American.
When AI is used to generate one picture, like in TFA, it's acceptable if the picture is nice enough. YMMV but although I'm usually not a fan of the AI-generated pics used to illustrate everything now, I dig the AI-generated picture in TFA.
Why are there exceptions for Anthropic, GitHub and GitLab?
> Anthropic is a US company...But it satisfies something else, the sense that the organization building the thing has given serious thought to what it’s building and why.
This reads like a weak excuse. Mistral and Mistral Vibe exists and even if you don't like them, there are many non-US harnesses (Qwen code) that are available.
> GitHub stays in the picture for one specific purpose: public-facing NPM packages and issue tracking for open source software.
First of all Codeberg exists.
Secondly, at this stage relying on NPM and the Java/Typescript ecosystem is quite frankly waiting for a disaster to happen.
This post isn't absolute on moving their digital stack to Europe as it has not one but three exceptions too many.
> The OVHcloud control panel is a labyrinth: the lifecycle rule configuration is buried somewhere in the documentation, and it involves some work in the terminal.
Use OpenTofu/Terraform! Much better than messing with cloud consoles, and then your infrastructure self-documents.
I’d also put out one note to any people outside the EU looking to switch to Mistral or really any service: just because they’re a European company doesn’t mean they’ll follow the GDPR if you don’t live there. Mistral is an example: in their privacy policy, they state that they follow whatever privacy laws exist in your country.
> they state that they follow whatever privacy laws exist in your country
Well, that's kinda obvious - if they want to do business in a country, they have to follow the laws of that country. That doesn't in and of itself mean that they will apply weaker privacy protections if the local laws are less strict than GDPR...
While I do think the link highlights are pretty neat, this particular cursor hijack annoys me greatly. Would be nicer to float the link highlights next to the standard cursor.
> We are patriotic Americans. We have done everything we have done for the sake of this country, for the sake of supporting U.S. national security... We believe in defeating our autocratic adversaries. We believe in defending America.
and
> So, you know, Anthropic actually has been the most lean forward of all the AI companies in working with the U.S. government and working with the U.S. military. We were the first company to, you know, put our models on the classified cloud.
> We were the first company to make custom models for national security purposes. We're deployed across the intelligence community and military for applications like cyber, you know, combat support operations, various things like this. And, you know, the reason we've done this is, you know, I-- I believe that we have to defend our country.
and
> And so we have said to the Department of War that we are okay with all use cases, basically 98% or 99% of the use cases they want to do, except for two that we're concerned about.
Never before in history has a vassal that is this dependent on its patron hated its patron so much.
God help us when the US finally decides that the vast amounts of money it pours down the drain to keep us as its vassal is not worth the squeeze. China and Russia will not be nearly as patient and kind.
America sends a VP to give a speech, which even though it made some politicians cry, was still just words. China will just use us for spare body parts and Russia will drop our people from planes.
America says it really would like Greenland, which it could take with literally zero contest if it wanted, and which it gave back to Europe after Europe had another one if it's many internal meat grinder wars. China and Russia just takes what it wants, they don't ask.
It's really going to suck balls being the punching bag of Russia and China.
Europe is by actual fact completely dysfunctional, constantly getting itself into shit left and right, constantly needing bailouts from America to keep it afloat, and Europeans pretend they are better than Americans. Totally absurd.
They had a datacenter burn down (in large part because it was fully built using wood) and lost all customer data and did not take any action for 6 months after the incident.
While the incident did happen, a lot of actions were taken and most of the data was recovered.
OVH now also keeps backups even for clients that don't pay for it.
I was hit by that datacenter catastrophe and got my data back almost immediately, in a new VM.
I've been using them for years with little issue (no more than happened on my AWS or Azure accounts, I would say less because it's less of a mess in general).
I was hit by the fire outage too, and the response was... mixed. I was able to start a new VPS in different region the same day and reconfigure everything, but data on the old instance has been lost. They also kept double-billing me for 3 months without me realizing, support had to step in to delete the instance that wasn't showing in admin panel, but kept generating costs. No refund suggested. I ignored it, since it was like $15 overcharge. Also months later the "deleted" instance reappeared and I had to kill it again. Strange stuff.
Aside of that exceptional case - overall they are pretty great and cheap.
It's fine to have an unstable backup system, as long as any failures in your backups are uncorrelated with failures in your primary system. And a random datacentre burning down probably isn't correlated with anything else, unless you're foolish enough to host your primary and backup copies in the same building.
All else equal, a more stable backup is of course better, but any backup is better than no backups, so choosing the cheapest possible option is often the best strategy since that's the one that you're the most likely to keep using long-term.
I've been dabbling with OVH and it feels very pricey and fragile. Has a very lipstick on a pig approach to whatever they used to be doing before piling into cloud.
> Digital sovereignty sounds like a buzzword until you think
Sure now just think and give me the reason. All these moving to Europe post is getting tiring. Amazon follows the same EU rules, if not more, than Scaleway.
Matt Lakeman writes in one of his blogs that wherever he goes, people tend to love the USA. Except in Europe where he faces a constant storm of criticism. And that was before February. Just like you cannot explain the taste of chocolate to someone, it is hardly possible to explain the mental shift that happened everywhere when the US threatened the EU with military invasion. Like a broken egg this is diplomatic damage that cannot be repaired.
If you sell software and you tell your customers and prospects that everything runs in Europe, by European companies, this instills an enormous amount of trust. Risk averse sectors like manufacturing love this, and it will help you gain customers immediately.
So no, these posts are not tiring to many of us. In fact, we are only at the beginning of the beginning because many of us will be making these migrations. I wish things had run a different course.
So you are saying the reason that it is just perceived better?
Even that's quite debatable as I worked in few European companies and has never faced any backlash for choosing US vendor. Biggest European tech companies like Mistral and Klarna use many US vendors like AWS.
Yes. It is both a little funny, and true. Often departments don't even want to start a software project if it is being perceived as "legal and IT are going to have all kinds of opinions on this". When we say everything runs in Europe, by European companies, it actually signals "there will be no problem with GDPR and data sensitivity, and your legal and IT departments won't complain, and the CEO will love it".
One thing I noticed right away, is that all companies were asked "Can we fully host this from within EU or our country" from the various people in audience. Every single one. Many of the startups had slides prepared for this.
Definitely a change, because it is not something I can recall being important just a couple of years ago.
I work as a consultant and freelancer across a bunch of companies, some American but mostly European ones. Last ~8 months or so, the sentiment about "Hosting our data in EU or even our own country" has drastically changed, I don't think I've seen such a clear shift in public opinion so fast before. The amount of migrations I've helped moving data from US to EU already is higher this calendar year than all the other years of my career.
Sure, LLMs help a bit with the actual typing, but the hard part is still planning, alignment and actual execution, all which are best done by humans talking and working with other humans.
I don't think we're in the days of "Hey Codex migrate our AWS stack 100% to Hetzner VPS stat" yet, without issues along the way. Wouldn't claim it's impossible either, but again the easy parts were already easy, and the hard parts are still hard.
It’s just that they started to execute now?
But yeah, in recent times the sentiment became more urgent. If I were to guess, with zero data in front of me and just judging by what I remember, I think the sentiment really changed first with the ICC blockade that happened last year, then it got really fueled on by the US threats to Greenland's sovereignty, I think that's when organizations and people really got stressed out about moving ASAP.
The second Trump administration moved from "overtly bullying" to "behaving like a potential threat". In the second Trump administration, the US has used the tech monopolies against the EU and has become a military threat (not to mention the commercial war with tariffs). For many Europeans, it's not that the US are abusing their dominant position in negotiations anymore: it's that they are not an ally anymore. Not that they are seen as an enemy, but rather an unreliable partner who threatened to become an enemy.
I think that this is a very big shift, and that is why things are actually moving. And I don't think that this will change, because the risk of depending on the US monopolies has now materialised. That cannot be undone.
Seems strange to me that not everyone, including republicans, aren't aware of this, when he's pretty outspoken about not wanting any more elections, and how "if you vote for me this time, it'll be the last time you have to vote".
If a presidential candidate anywhere else was openly talking about wanting to remove elections and democracy in the country (not to mention triggered an insurrection [?!]), I'm fairly sure they'd almost be automatically disqualified. Really strange situation all around.
I see how it may look like this from the outside. But I think it would be like saying that siblings hate each other because you witnessed an argument.
Most people in most EU countries consider the other EU countries as allies, even though they don't agree on everything. Now the fact that 27 countries argue means that they talk to each other. I think it's a lot less polarised than in the US. Or course there are extremes too.
What gave you the impression that EU members hate each other? It'd be a weird union if that was the case. Not saying it's not possible, I just haven't seen it myself, although I am a Swede so clearly I do hate the Danes and the Norrbaggar with passion, but it's love-hate, not hate-hate.
Database runs in France, front end in Belgium, Operations in Spain...
EU Fairness dictates they all need to get a slice of the pie so this will be interesting (and by that I mean absurdly hilarious).
You snark, but is this not EXACTLY how a sizeable majority of modern apps are made?
Substitute in some random tech stacks, cloud providers, or buzzwords.
Database runs in AWS, front end in Nuxt, Operations in Claude.
In any case, there are plenty of EU giants (ASML, SAP, Siemens, Alstom, Rheinmetall, etc) that are rather concentrated geographically speaking. EU fairness is more a government agency distribution thing, not for private companies.
You put your Headquarters in seattle, your data center in alabama, you have your dev team in SF... every state gets a slice
Like gov contracts and how they are divided is basically the largest conversation in defense contracts, they give more of a shit who will make the nails for a tank than the security parameters of the crew members
And I'm not even bashing EU. The closest example still working today is probably the US's Jones Act.
This is taking into account the worst case scenario, which isn't that unlikely to happen.
I mean, for sure there are these plans in motion already, but how hard would it be?
I suppose it's a case of 'technically possible, realistically infeasible'.
A more likely scenario might be either a from-scratch not-as-good machine that you can source locally (supply-chain wise) or a novel finding (which is hard to predict if it will happen and if so, when).
For example my manager had to reject a candidate from Iran, simply due to US policies, even if that wasn't against the EU policies, and would actually have been illegal discrimination in the EU where the position was opened, but this policy came from the US and was applied in an unwritten fashion in the EU.
The influence of the US on finance and tech is massively understated. Plenty of international EU tech companies whose business model doesn't revolve around catering to the EU market and sovereignty, will tailor their products and operations to comply with US regulations since that's where a lot of their customer base and money is made. Just read the last post of the CEO of Bird, you can disagree with him that he's a scumbag and he's full of shit, but the truth is if you want your SaaS to make money, you gotta be in the US. That's why Mistral has a large presence in SV and London. Continental EU just sucks for acquiring capital.
Even at the no-name Austrian startup I used to work before, the biggest investor was a US PE, since no German or Austrian investor wanted to invest more than 5 figures in the company, which was not enough to cover the payroll of the ML/data scientists. As long as the EU investors refuse to invest in domestic companies and their future, EU companies will forever be tied suckling to the US teat if they wish to grow and survive.
Worth specifying here you're talking about VC-infested SaaS, not just your run-of-the-mill bootstrapped SaaS. It's very much possible to run a SaaS in Europe and make money, as countless of people already do, which I'm sure you too are aware of, but probably way harder to raise similar amount of money as US companies, that I'd agree with.
Edit: Strange typo; s/infested/invested, but kind of makes sense like that too so I'll just leave it, Freudian slip or something.
I’m hearing it from “normal” people too which is actually quite weird. To the point of going back to paper for some stuff.
The answer was that they simply didn't trust GCP or AWS or Azure to see their data and know how much silly money they were making in the niche industry they almost completely monopolize.
I recently interviewed with a lower-case-m megacorp in a similar situation and they host on-prem for the same reason, at great expense and hassle in facilities all over the country.
Seems like theres room in the market for some kind of an On Prem Private Cloud Stack that emulates GCP/AWS etc but locally maybe?
Cloud-In-A-Box anyone?
It's more like cloud-in-a-rack, but that's what https://oxide.computer/ is trying to do isn't it?
Most on-prem deployments were trash and a lot of them still are. Not because it couldn't be better but because it's easier to just have some random hypervisor department do this work manually and not do the work to create it as an internal product. Even VMware with vrealize failed and that's about as 'customisable cloud platform in a box' as COTS enterprise software can get.
Maybe it's because IaC and APIs were just not in the vocabulary of the average system integrator or on-prem operating team (it's still lots of clickops and copy-paste).
On the DB side, I can't say too much as we're a pretty obviously identifiable AWS customer if I give out any details. I will only say that nothing fits our size and scale so we have to run on bare metal. That just makes it really fucking expensive colocation.
Don't even get me started on the API Gateway sitting in front of a group of related Lambdas. Its OK once you get it setup and running but buildign/changing it amounts to stabbing yourself in the eyes.
Open source, and works great when small, and at scale.
https://www.proxmox.com/en/products/proxmox-virtual-environm...
https://www.youtube.com/results?search_query=introduction+to...
The "cloud" rose to prominence from a small period of tiem where Amazon had a lot of extra cloud capacity outside of Black Friday, etc, and linux networking issues that needed architecture to be a certain way.
Those linux networking issues have been long since solved, but the "cloud" was discovered to be incredibly profitable and sticky in the name of convenience and proliferated.
A lot of the "cloud" software is open source software that was packaged to have a web and api front end, and that service renamed to something specific to AWS, etc.
Would be great if this irony was taken note of at this level.
Designing startups from the beginning to be able to be hosted in different places will become a norm.
Im sorry to say it, but i feel a lot of Europeans have lost a good deal of trust in the US.
You guys have to work a lot harder to fix your issues.
I don't think that's a fair characterization of the American public. I am interested in America's standing in the world. More than half of Americans do not support these lunatics. Unfortunately due to our inherently unfair electoral system which gives preference to money and land over voters, it requires about 60~70% of Americans voting against them consistently for at least a decade to overcome the lunatics. That's just a very high bar to clear.
> You guys have to work a lot harder to fix your issues.
Open to suggestions. The only ideas I have for relinquishing control of the US from the billionaires back to the people would, rightly, get me banned from HN.
The heterogeneity in the US — culturally and in terms of political-legal structures — is far greater than those in Europe and Canada seem to understand sometimes. This is now combined with a corruption of democratic legal processes (e.g., gerrymandering) that make options outside of outright civil war a needle increasingly difficult to thread. There is a reason people are bringing up Hungary — it would be absurd to equate the EU with Hungary for the same reasons it's absurd to paint the entire US with a broad brush.
Something like 90% of people in the US opposed what was going on with Greenland. Just about the only people in favor of it in the US were the presidential administration and people trying to curry favor with it. What do you expect the other 90% to do? The legislators being petitioned were busy with a deluge of other immediate domestic problems — maybe people outside the US didn't understand the scope of the unaccountable fascist police occupation going on in cities such as Chicago, Minneapolis, or Los Angeles? Protesters in Minneapolis were being murdered by these thugs. That's not even getting into the dismantling of social safety nets, rampant corruption, Venezuela, etc etc etc
People outside the US do not want a US civil war. It's happened before and if it happened again would happen along the same geopolitical lines as before. It would be devastating not just to the US but to the rest of the world.
Treating everyone in the US as the same, without recognizing the very real divisions involved, or the structural stresses involved, doesn't help anything.
Everything happening in the US could happen everywhere. If you have enough politicians distorting and destroying traditional democratic mechanisms in favor of a criminal fascist and party domination, people have fewer and fewer options left outside of things that no one wants.
"The complete disinterest in international allies" is a dishonest statement, and I can only assume reflects total ignorance of what is happening in the US, and/or a self-serving defense mechanism to avoid really confronting the difficulty of what those in the US are faced with.
Ukraine can never trust the EU again after this. There can always be another Orban.
Trust is broken forever.
Well, EU and the rest of the world owes nothing to Ukraine, yet they have provided much help. Blind trust is stupid anyways. Especially between countries.
>"Trust is broken forever."
This sounds like a drama queen. Look at your own politicians first.
As an American, that's pretty funny seeing how allies of the USA are constantly hostile toward Americans at every turn (unless we're buying a tshirt or something) and have been for many presidential administrations. Why would Americans be interested at all in what allies have to say when it's always negative anyway? When someone tells you you're their enemy long enough you begin to believe them.
As for the discussion of moving tech stacks to Europe, if that's where your company is why did that not make obvious sense day 0? Why would you place your critical infrastructure in another country not beholden to your laws? If you're based in Europe then you should host in Europe, and even further, host in your country.
457 British solders dead in Afghanistan supporting US operations beg to differ.
Mate, seriously, step away from the propaganda and pay attention to what is happening to your democracy. Then you might understand why your allies are losing trust.
/lives in the US
It often feels like US people never trusted the EU and now feel offended when EU people say "we don't trust the US anymore". I find that interesting.
and nothing of value was lost. What did the US get out of the relationship?
Even if Trump is replaced by a Democrat, the conditions that made Trump happen are still there. That won't change from one day to the next. And don't forget he already happened twice.
10-20 years of decent administrations will make things ok again. But of course our economies will be much more decoupled by then. That process has been set in motion now and won't easily stop. That can start going the other way again but things will have to meaningfully change then over time.
As for Hungary I still don't trust them as far as I can throw them. I would have been happy to bump them back to candidate EU member during the Orban reign and let them prove themselves. Don't forget this Magyar guy is still super conservative. Just less anti EU. But unfortunately EU law didn't provide for the ability to throw a country out. That was a huge oversight.
Btw. You can ask Canadian people what they thought about their annexation threats.
When I was young there was still a lot of ill will and distrust against the Germans and that was 40+ years after the war.
We were still joking about wanting our bikes back (the nazis stole everything metal at the end of the war to make weapons). And didn't like them at beach resorts etc. People would much rather buy American than German products.
That's over now but it took a very long time. Which was exactly my point. Time and consistently good politics will heal this but time it will take.
Of course the sooner you turn things around the better but the disconnection has already been set in motion and big ships turn slowly.
Does that really matter? They can not un-member it. And if current economic situation persists you will find more with the Orban like thinking.
Unless Europeans can never trust Hungary again and move away from them at lightspeed, I'm smelling hypocrisy.
And yes I don't trust Hungary.
It's the US population that's the problem, since they voted to put him into power TWICE, which means that they can also do it again, and again, and again, for other candidates not named Trump and not always Republican, but who could be even more unhinged, so we need to do everything to decouple from them so that their election decisions will impact us less.
No offence guys, but you do bare the responsibility of your democratic choices, as do we.
It didn't come without a bit of pain, but glad I've done it - and to come with this I've ended up building a whole terraform setup for cross provider / cross region high availability within Europe.
So far my key mappings included:
- Cloudflare -> Bunny CDN (and honestly I am so impressed with Bunny so far)
- AWS (or similar) -> Hetzner + OVH; I'm also looking at Civo.com for UK presence.
- GitHub -> Forgejo. I do actually still operate in GitHub for development only work, however Forgejo is mirrored within my European private network, and thats where deployment workflows happen.
- Google Analytics -> Self hosted Umami.
I'll be doing a writeup fairly soon on the entire process.
At some point deciders at EU companies are going to notice that Hetzner and/or OVH are also not a bit but much cheaper than AWS.
[1] https://www.europarl.europa.eu/thinktank/en/document/EPRS_AT...
I would also say though, you have to be a bit careful about "they are discussing" because there are many people across different countries with different agendas, and a huge amount of discussion between people. Your link for example is a pretty good bit of background info, clearly saying VPNs aren't just about accessing porn
> In the corporate world, VPNs are essential for secure remote work, allowing employees to access company systems without compromising sensitive information. For individual users, VPNs prevent tracking by internet service providers, advertisers and potential cybercriminals. They are also used to access educational or entertainment content that may be restricted in certain countries, including authoritarian regimes, supporting freedom of information and digital inclusivity, as censorship becomes more difficult to enforce through VPN use.
It links off to sites discussing possible approaches to age verification which highlights that various approaches in France didn't meet the regulators requirements because of a lack of privacy.
I think this is a different kind of concern about how your products must work compared to worrying that with little to no notice your country may be cut off due to a diplomatic spat from some specific service.
I agree that there is a ton of bullshit as well though. Gotta dox myself with imprints for example, so I cant share my work with people without also doxing myself. Also as a hobbyist you pretty much need all the business documents as well, like a privacy policy even if its just a small public app on the playstore. Also gotta make sure that data of European citizens never leaves Europe and and and... Lots of things to remember.
And before anyone asks, yes I know an imprint usually is only required for businesses, but nowadays pretty much everything could have business intent.
I avoid doing any business in Germany these days. I tried to get a VPS from Hetzner but they demanded a copy of my ID and didn't accept that I blanked out my citizen number. Which is actually recommended by our national police for identify theft risk.
I moved to Scaleway instead. Much better company.
Erm, dude....
Applies to business letters, order forms, websites, emails ....Might not be called "imprint" in UK-speak, but its basically the same thing.
And this is a bad thing why exactly ?!?!?!
If you respect your users data and right to privacy then you've got nothing to hide by publishing an EU compliant privacy policy.
It might be "just a small app", but I and many other people still very much still "do give a damn" about what the hell you do with my data, where you store it, how long you store it and how I can exercise my GDPR rights.
We don't have any "ideal" places anymore.
And we need to defend what we support and believe.
But it turn out surveillance works just fine if you only focus on the meta data. Knowing who takes to whom, and which sites people visit is much more valuable (and much cheaper) than scanning the actual payload.
And why collect all that data yourself if ad companies are happy to sell it to you, ie to the government? (Huh, maybe that's why Facebook changed its name to Meta, come to think of it)
I have seen "parallel [dial-up] modem banks" for "lawful interception", then specialized Ethernet cards for DPI, watched traffic analysis dashboard of a REDACTED country live, did DPI on powerful-enough systems myself for personal testing.
I have gone through USENET, flame wars, IRC; did my own MITM, etc. Always knew about echelon, how escrow based Encryption canceled last moment, etc. etc. etc.
At least, the barriers were higher then. These barriers required people to be considerate, well-targeted and selective. Now we don't have any of these. The overhead is almost non-existent for these things.
Doing dragnet operations were costly, and this allowed curious yet good-hearted people to understand the environment they lived in. Now, we're all blacklisted by default and whitelisted as long as we don't touch the wrong paving stone on the internet.
It used to be other way around.
TL;DR: I'm not 15 years old.
It's horrible everywhere. If you're in the EU go donate to: https://epicenter.works/ They're a citizen rights NGO working against all that BS in the EU (and in Austria, where they're from).
Oh FFS!
Governments discussing such things doesn't _remotely_ mean there is a political will for them, or that they will be voted into law. Governments are expected to research and discuss paths of legislation (and in this case, come to the conclusion banning VPNs is both harmful and ridiculous).
This is how our democracies work!
Implying government discussions will be approved legislation is, at best ignorant, at worst trolling.
It’s people being paid off and it’s obvious.
Don't get too much up in your arms about it, any topic about Europe and EU on HN ends up with huge swaths of American commentators seemingly willfully misunderstanding or spreading FUD in these comment threads.
You'll get used to it eventually, so you can identify what's the real criticism and worthwhile discussions, vs the easy trolling attempts.
Jokes aside, the long arm of the law takes some time, it took us long time go get Apple to even allow alternative app stores. Eventually they'll get fined and actually start following the spirit of the regulations, but it'll take time as they try to drag it out as much as they can.
Utah, meanwhile, has an actual law in place that makes site owners (!) responsible for their users using VPNs: https://www.tomshardware.com/software/vpn/utah-becomes-first...
It makes a lot more sense if you realize pretty much the sole motivation behind all this digital virtue signaling is "put my data somewhere Trump isn't."
Notice how no one really lists contingencies for "what if the EU goes off the rails"? There's always an implicit assumption that EU politics will always be "sane" (read: "aligned with my personal politics").
Where did you try to find this? And what does "EU goes off the rails" actually mean here? There are a bunch of contingencies already in place for economic instability both for individual members states and EU-wide, there is "Article 7 of the Treaty on European Union" in case there is one rogue member, and then each member state has a bunch of their own contingencies already too.
What exactly is missing here?
> There's always an implicit assumption that EU politics will always be "sane" (read: "aligned with my personal politics").
I think you might severely misunderstand how decisions are made in EU, and also how regulations and such are actually implemented. I don't think there is any such assumptions at all, that's why we have elections, votes and referendums, because people and states have different opinions about what is sane vs not.
Where are you even getting these misconceptions from?
> And what does "EU goes off the rails" actually mean here?
It means, "what if the EU starts acting belligerently to other countries like the US has?" Where, hypothetically, would someone move their data since now the US and EU are off the table?
And if your answer is "well, you see that would simply be impossible because <waves hands about EU policy making>", then I guess you're an example of someone believing that EU politics will forever remain sane.
> that's why we have elections, votes and referendums, because people and states have different opinions about what is sane vs not.
Same situation as the US...
You mean if a EU member state does this? Then those contingencies I mentioned earlier will be used.
If you're a EU member and another EU member does that, you'd still have your data in EU, just not in that member state, if you had that.
> And if your answer is "well, you see that would simply be impossible because <waves hands about EU policy making>", then I guess you're an example of someone believing that EU politics will forever remain sane.
I've literally pointed you to concrete and very real contingencies that exists today, zero hand-waving.
> Same situation as the US...
I don't know how it works there, I just know that no one in the EU assumes everyone else will always agree with you, and if you look at how democracy works in EU and in the member states, I don't think anyone has those assumptions there either.
Just like with encryption, there will always be an idiot politician somewhere discussing banning it. Mr Google tells me, for example, that lawmakers in Michigan (US) recently proposed " Anticorruption of Public Morals Act" which contained VPN banning clauses.
Frankly, until such time as it actually NEARS, let alone BECOMES legislation, the only thing posts such as yours are doing is spreading FUD.
The clue is in the URL you post "thinktank". It not even EU parliament, let alone been through the parliament debates, let alone passed to votes, let alone passed to being implemented by member states .... its just a random idea someone wrote down.
And quite frankly, I would still much rather be in the EU's digital environment than that of the US.
It's a result from the "European Parliamentary Research Service", hosted on the official website of the European parliament. And it is fully inline with recent attempted and success legislation of the same parliament. I am not sure why you would call this a "random idea" and an established member of the Parliamentary Research Service as "someone".
And if we go to the homepage for "European Parliamentary Research Service", we see:
So a Member of Parliament asked them to conduct this piece of RESEARCH, so what ? It may or may not ever see the light of day in parliament !Across all publication types, the "European Parliamentary Research Service" published 1034 documents in 2025 and, 486 documents so far in 2026. And for this specific publication type ("At a glance"), they published 285 in 2025 and 113 so far this year.
How many of those hundreds of documents per year of RESEARCH actually make it all the way through to legislation I don't know .... but I think you'll find its a safe bet that its a fraction.
Not implementation.
Dude, just go read the damn website.
The research service does not operate on its own volition. An MEP requests a piece of research to assist them in their parliamentary work because they require independent, objective and authoritative analysis of a topic.
Please stop with the damn conspiracy theories. Sheesh.
A random MEP asked for this research. The MEP may or may not ever table anything based on the research. Ergo, it may or may not ever progress into the parliamentary debate, let alone votes, let alone member state implementation.
Its just RESEARCH.
Stop with the FUD.
An independent, objective, and authoritative analysis requested by a MEP speculates that a restriction or ban on VPN is likely. I think this is valuable information. You are saying this is worth nothing until it actually gets up to a vote. I disagree, I see your point and maybe it's fine to panic only when it actually comes to a vote, but I prefer to know what to expect, and what the Research Service considers an "independent, objective, and authoritative analysis" on this topic.
What the hell are you on about ?
There are what, 700 MEPs from 27 member states ?
Do you even realise the sheer amount of work required to get it from "piece of RESEARCH an MEP requested" to "legislation enacted by member state" ?
And that assumes it survives parliamentary debates and votes intact !
Just because an MEP requested a piece of RESEARCH it DOES NOT MEAN it is "likely" to become legislation.
Stop with the conspiracy theories.
Meanwhile, "researching" chat control, VPN restrictions, etc.? "Oh it's just research, they're not actually going to do it."
Never mind the fact that incentives in Europe are not so different from the USA. It may look that way now, but often moving across the globe just means trading one villain for another.
Still a good idea, just a word of caution. If people make a move such as this based on some assumption about the stability of the European regulatory scheme you may want to examine that assumption with a little more rigor.
All Western governments have clearly decided to restrict individual rights to privacy, political advocacy, and free speech in general. The way this is happening simultaneously in so many countries seems a clear indication of a coordinated effort.
Feels a bit ironic... though this website is hosted on Cloudflare Workers so using an American company anyway?
I understand the pragmatism with going with CF, but I'd lie if I didn't also say using CF as the front for your entire "European Digital Stack" kind of makes the blog-post feel less authentic compared to my initial impression, because of that.
If your users are in a sanctioned region or a sanctioned entity it is entirely possible for cloudflare to deny serving them traffic. In a way your website users are still bound to the US policies even if you or your country doesnt approve of those sanctions.
NSA collaborator or not, the mere existence of something like Cloudflare, which also tries to nudge you into skipping internal http/tls and just use that at the front, makes it highly likely that NSA is already deep in their infrastructure, just like they've been in the past for literally any big technology company in the US.
But yeah, zero citations, zero evidence, just based on history and what the goal of the organization is, it's pretty clear what's going on already.
The regulatory environment is different, so it’s worth understanding the ramifications as far as what’s expected of you if you’re operating in a different jurisdiction. It’s nothing that can’t be handled, but some may find they have to care about things they haven’t before
It’s a great exercise for shoring up independence from extractive providers
Maybe I should have AI write up an article too. Honestly, it’s not just rare, it quietly matters
The hub for european alternatives : https://european-alternatives.eu/
Matomo charges 22 euros for 50k hits/month.[0] Basically, it's unusable for anything other than a hobby site - especially with the number of crawlers nowadays.
If you self host for free, you're missing basically all of the good parts of web analytics such as funnel analysis as they lock all of those features being paid subs.
[0]https://matomo.org/pricing/
In my case, my motivation was that I want to use LLMs to query the data with agents. This whole thing was surprisingly easy to setup and a positive thing is that you don't have a scary extra data controller doing shady things with the data.
[0]: https://www.uxwizz.com/
I think it's fair that GA is free and Google gets some benefits from using the data for their ad network.
I understand why Europeans might want to go all in on their own tech stacks, but it might be more strategic to just not get locked in to specific providers. Maybe a mix of European, US, and Asian tech - with a good plan for easy migration.
Off topic: that’s a beautiful website
https://en.wikipedia.org/wiki/CLOUD_Act
So If like it but it is a headache on high traffic sites. If anyone have an easy solution I would gladly accept it.
If you architect the underlying infra right it still works like a charm. But I admit people need to know what they are doing. I was quite impressed with both infra teams.
But as always, if you do not want tu use auto scaling US cloud based services, you need to enasure you have the right scaling and the necessary technical expertise at hand.
I am not sure how you scale Matomo we could not vertically scale anymore, we never did MySQL clusters because it just was not cost efficient for internal reasons.
> Not everything moved. Cloudflare is a US company, I still use it, and I’m at peace with that.
which you admittedly couldn't read when you complained about it.
https://insights.linuxfoundation.org/project/korg/contributo...
Then it is Go (Google), Java (Oracle, IBM, Red-Hat), .NET (Microsoft), Rust (Amazon, Microsoft, Google), Typescript (Microsoft), C and C++ (Red-Hat, IBM, Microsoft, Apple Google, ...), and so on.
I can't seen any reason for this to be "the biggest issue".
There is no accident that folks like Oxide go through the trouble to control the whole stack, hardware, software, programming language toolchains they are using, only working with vendors that provide them every single documentation and customisation points they need.
Unfortunely we lack an European Oxide.
My only question is, what are the selling points that made you choose Lettermint over Scaleway TEM?
Using TEM seemed obvious at first sight, given the fact that you already use Scaleway for object storage and compute.
The Cloud Act is real and transcends any single company. This global erosion of trust highlights deeper concerns: specifically, that US practices have always been coercive. Now, the world is learning and taking action.
But given how often GitHub and AWS East 1 go down, this is good.
One bad day at Amazon shouldn’t stop Europeans from doing laundry.
The cloud should have been localized from the start.
I personally want a sane, stable and consumer-friendly market, no unicorns but strong consumer laws and enforcement against mispractice of businesses towards people and the environment. We are far from it but I think the EU is the closest to an entity acting like that and being predictable.
The US chases the dollars at all costs and China similar but depending on the party lines of the decade.
There are definitely technical gaps though. eg bunny still uses one unified api key. CF I can lock to an IP and set granular permissions
I know it was created in Ireland and didn't hear anything about it changing ?
No ddos protection yet.
This changed when they were the first folks out there to get a dynamic interface in the browser (some of you may fondly or not so fondly remember the days of DHTML, XMLHTTPRequest, and the like). Fast forward 10 or 15 years and now GMail is the standard by which everything else is measured.
I'm sure there are some things that are objectively better, but a surprising amount of preference comes from familiarity.
Just install your favorite desktop + mobile mail apps and you're fine.
If that can't be done with Protonmail, and you want to move your email out of the US, suggest FastMail, based in Australia.
Nothing really support IMAP search.
Every mua sucks at large mbox file.
-- Edit: I am a happy fastmail user
But I guess you mean search w/o local caching
I have also rid myself of Google Analytics for a personal website. Replaced with a local solution that parses logs and builds reports that give me quite a bit of information. Its a more ethical type of analytics leaving no cookies behind and no trackers at all. All info is from the web server logs, you can grok quite a bit of insight from this alone.
Email is the biggest challenge, I have mapped out the entire migration steps for Google Workspace to Proton but have not yet pulled the trigger. The main thing is coordination with the rest of my family who use the domain for their email as well, they don't share my obsession with "digital sovereignty" so there is some negotiation around time tables :-) The Proton family plan will cut the bill in about half.
Password management --> KeepassXC with db on local nas. For personal use I feel you can't beat self hosted for password management.
Compute, Digital Ocean I continue to use and has servers in Toronto which works for me geographically. It's very low down my list of migration plans, they just work and they have treated me pretty good over the years.
Storage all self hosted (ownCloud and Openmediavault). Are they the best options, maybe not but they just work. No cloud based storage at all (Google/Apple etc etc). If I ever throw something out there it is gpg encrypted).
Offsite backups, two local copies to seperate drives (dejadup) on my NAS and offsite storage.
There are still some other services I need to consider. I do have Claude Pro. I run local LLM's for a lot of stuff with OpenwebUI but its not a full replacement.
CDN - Also use Cloudflare free tier. Have to give it more thought, it just works so well.
DNS is fully self hosted using dns-crypt-proxy / dnssec to Quad9 and Mullvad DNS. Works great. I actually blackhole any hits to google dns at the router, media and iot devices love to ignore your dns settings.
Github for code hosting. I know, Microsoft, but it works and is not a hill I am willing to die on just yet.
Photos self hosted with Immich on Proxmox. It's been pretty solid.
VPN, Wireguard to the home and have also integrated Tailscale for some things, which has been handy for extending connectivity and supporting my dad in a different city. Apparently they are based in Canada so that is a bonus. I use the free tier for now but am considering the paid version just to support them.
Router and wireless access points all on the latest Openwrt with consumer grade equipment, some of which I picked up used for like 20 bucks. Allows me to have home, guest, media and iot vlans for proper network segregation. Is it overkill? 10 years ago maybe but today I would not run any other way.
Thanks for attending my Ted Talk.
Did he move also the CDN stack? :)
Unless you're implying that Verisign isn't a US company, just because .com has become the conventional domain for businesses worldwide doesn't change the fact that it's US-based. Similarly, the EU's widespread adoption of Microsoft Office doesn't make it any less American.
EDIT: That was unpopular. Why?
Source: own multiple, via EU registrar
(Edit: Parent was edited after reply - parent statement is now correct)
Verisign, the organisation that actually controls the .com top-level domain, is a US company and operates under US jurisdiction.
Where you purchase the domain from is irrelevant.
The initial thread read like “.com domains are exclusive to US” which they of course aren’t
And it goes deeper than just intent: .com was literally administered under a US government contract for decades, with Verisign only ending up in control because they acquired the company that held that government contract.
So while anyone can buy a .com today, the infrastructure and oversight have always been firmly American.
I didn‘t yet have a good idea on how to utilize it, open to ideas.
Why not move there?
Why are there exceptions for Anthropic, GitHub and GitLab?
> Anthropic is a US company...But it satisfies something else, the sense that the organization building the thing has given serious thought to what it’s building and why.
This reads like a weak excuse. Mistral and Mistral Vibe exists and even if you don't like them, there are many non-US harnesses (Qwen code) that are available.
> GitHub stays in the picture for one specific purpose: public-facing NPM packages and issue tracking for open source software.
First of all Codeberg exists.
Secondly, at this stage relying on NPM and the Java/Typescript ecosystem is quite frankly waiting for a disaster to happen.
This post isn't absolute on moving their digital stack to Europe as it has not one but three exceptions too many.
Use OpenTofu/Terraform! Much better than messing with cloud consoles, and then your infrastructure self-documents.
I’d also put out one note to any people outside the EU looking to switch to Mistral or really any service: just because they’re a European company doesn’t mean they’ll follow the GDPR if you don’t live there. Mistral is an example: in their privacy policy, they state that they follow whatever privacy laws exist in your country.
Well, that's kinda obvious - if they want to do business in a country, they have to follow the laws of that country. That doesn't in and of itself mean that they will apply weaker privacy protections if the local laws are less strict than GDPR...
> We are patriotic Americans. We have done everything we have done for the sake of this country, for the sake of supporting U.S. national security... We believe in defeating our autocratic adversaries. We believe in defending America.
and
> So, you know, Anthropic actually has been the most lean forward of all the AI companies in working with the U.S. government and working with the U.S. military. We were the first company to, you know, put our models on the classified cloud.
> We were the first company to make custom models for national security purposes. We're deployed across the intelligence community and military for applications like cyber, you know, combat support operations, various things like this. And, you know, the reason we've done this is, you know, I-- I believe that we have to defend our country.
and
> And so we have said to the Department of War that we are okay with all use cases, basically 98% or 99% of the use cases they want to do, except for two that we're concerned about.
God help us when the US finally decides that the vast amounts of money it pours down the drain to keep us as its vassal is not worth the squeeze. China and Russia will not be nearly as patient and kind.
America sends a VP to give a speech, which even though it made some politicians cry, was still just words. China will just use us for spare body parts and Russia will drop our people from planes.
America says it really would like Greenland, which it could take with literally zero contest if it wanted, and which it gave back to Europe after Europe had another one if it's many internal meat grinder wars. China and Russia just takes what it wants, they don't ask.
It's really going to suck balls being the punching bag of Russia and China.
Europe is by actual fact completely dysfunctional, constantly getting itself into shit left and right, constantly needing bailouts from America to keep it afloat, and Europeans pretend they are better than Americans. Totally absurd.
They had a datacenter burn down (in large part because it was fully built using wood) and lost all customer data and did not take any action for 6 months after the incident.
They're just not a serious company.
While the incident did happen, a lot of actions were taken and most of the data was recovered. OVH now also keeps backups even for clients that don't pay for it.
I was hit by that datacenter catastrophe and got my data back almost immediately, in a new VM.
I've been using them for years with little issue (no more than happened on my AWS or Azure accounts, I would say less because it's less of a mess in general).
Stop spreading false rumors.
Aside of that exceptional case - overall they are pretty great and cheap.
I had a VPS there and all the data was lost. I'd like to see any proof that data was recovered, because that's simply not true.
All else equal, a more stable backup is of course better, but any backup is better than no backups, so choosing the cheapest possible option is often the best strategy since that's the one that you're the most likely to keep using long-term.
Wooden floors contributed to the fire, they were fire resistant but that only lasts so long. Fire-doors are often the same type of wood.
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Sure now just think and give me the reason. All these moving to Europe post is getting tiring. Amazon follows the same EU rules, if not more, than Scaleway.
If you sell software and you tell your customers and prospects that everything runs in Europe, by European companies, this instills an enormous amount of trust. Risk averse sectors like manufacturing love this, and it will help you gain customers immediately.
So no, these posts are not tiring to many of us. In fact, we are only at the beginning of the beginning because many of us will be making these migrations. I wish things had run a different course.
So you are saying the reason that it is just perceived better?
Even that's quite debatable as I worked in few European companies and has never faced any backlash for choosing US vendor. Biggest European tech companies like Mistral and Klarna use many US vendors like AWS.
> The act is not limited to companies based in the United States.
more mean the US rules that hoover up all the data for the government