> Wrapping up - Migrating away from US cloud services was easier than I expected.
This is absolutely not the main takeaway and I find it difficult to see how he could write this - there are gaping holes. Git repos (it's too difficult). NPM (ditto). Startpage uses Google's index. The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems. The real takeaway from this is that it's currently impossible in any meaningful sense. It feels like there's a real opportunity here for European companies to step up and make a big play, but will they? I really, really hope so. I'd jump ship in a heartbeat if I could.
Edit: To be clear, the reasons in brackets were the author's, not mine.
If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
In any case, even if a european is a proxy for an american service, you need to prove that there is a market for an european equivalent for change to happen.
> Notice: sr.ht is currently in alpha, and the quality of the service may reflect that. As such, payment is currently optional for most features, and only encouraged for users who want to support the ongoing development of the site. For a summary of the guarantees and limitations that the alpha entails, see this reference.
I've used it for a few years and it's been stable and without issue. builds.sr.ht is the best CI that I've ever used. I think the only time it has been down has been due to DDOS.
Would I run the git server of a multi-national bank on it? Probably not. A standard SAAS? Yeah if my team felt it was important to use EU companies.
Otherwise you could also self-host with a VM, then you can use gitea or gitolite with systemd oneshot services.
> If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
"There might be an option in the future if there are sufficient users" is a quite different milestone compared to fully switching away from US-based services.
I agree that some of the hard parts were glanced over. Besides that, everyone seems to talk about the cloud and nobody about the other big, if not bigger, dependency. Our use of Windows and macOS (and Google Android and iOS if you will) on the vast majority of client devices.
If
Time and time again, data-sharing agreements between the EU and the US get busted, showing there's just no legal compatibility between EU privacy rights and US spying laws. [...] With the current political situation in the US, it's also starting to become clear that our entire digital infrastructure is at the mercy of US policies. It is no longer safe to rely on US clouds for our governments and societies, as the US government can shut it down at will.
are your worries, rolling out government-required backdoors, lockouts, etc. in operating systems is going to be a huge issue. To shut down a large portion of Europe's infrastructure, the US government only has to order three companies to do so.
I think there were (and are) attempts of replacing at least the desktop systems with some variant of Linux but I think the dependency on Office remains the main problem in doing so - Windows lets you integrate all that pretty seamlessly with how the system works and is administered.
China is probably much more aggressive in this than Europe as for them the US has been a rival (or even enemy) for a long time.
Fastmail's servers are apparently located in the United States[1] - and the Netherlands, but there doesn't seem to be a way to know in which country your specific mailboxes are stored.
> Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.
So as far as warrantless surveillance is concerned, Fastmail is no better than if it were a US company or subsidiary thereof. They may themselves not be in a position where they would have to comply with US requests that would be illegal in Australia but whoever is operating their US-based DC absolutely is and they admit as much, even if they handwave this scenario as being no different from an ordinary hacking attempt[2].
[2]: Of course the flaw in this comparison is that an ordinary hacker can't make on-site staff comply with their demands and prohibit them from disclosing the hack. To do so without the authority of the law, you'd need a Hollywood action movie level of criminal enterprise that would usually involve taking a retired police officer's granddaughter hostage for some reason.
Australia has some fairly draconian digital laws that authorities can issue notices requiring developers to assist with an investigation. This can include technical assistance which could require companies to build capability for law enforcement to break the encryption used in their services.
It can't be trusted because it is incorporated in Australia which has draconian digital survellience laws.
Operated by trustworthy individuals is a moot point when they are compelled by law to build in a backdoor if asked. Even a warrant canary is forbidden.
You're repeating the same information as in the comment I'm replying to.
The surveillance laws, no matter how often you repeat the word "draconian", are irrelevant because…
Email isn't safe, and most of your email probably ends up on Google's or Microsoft's servers anyway, in which case US companies can be coerced by the US government to give them everything they have, while not being able to tell the public about it. And they do just that, a fact that came to light with Snowden's revelations. Australia cannot be worse than the US.
For emails, the government surveillance is irrelevant, as it happens anyway. And solutions like Proton Email are just privacy theatre that also happen to interact poorly with established standards (e.g., SMTP, IMAP).
I also fear Australia much less than I fear the US these days. I have always feared the US, especially due to their massive security apparatus, but at least I considered them valuable allies. These days we'll just add some extra fear points due to the techno-fascists in charge, voted-in by the people with a popular vote.
Whenever I see such comments on popular forums, such as HN, I lose faith in humanity a little, either because people don't think about the threat model (this being vibes-based) or the consequences of boycotting the underdogs, or because they are disingenuous about it.
Fastmail is a fine service, built and operated by trustworthy people, which also contribute to standards (e.g. JMAP) and to open source. A service that's also not monetized by ad-tech, unlike what the Big Tech email services are doing.
> Fastmail is a fine service, built and operated by trustworthy people
Yes, but their data centers aren't because they're operated by someone else in the US.
Fastmail is slightly better than using a US-based e-mail provider but it's still de facto US-based e-mail even if the company you sign up with sits in Australia. They don't control their own data centers and their data centers are in the US (whether they have additional data centers elsewhere doesn't matter if they're not transparent about which data center your data will go to).
“Warrantless surveillance” was yesterday's concern, back when Snowden's revelations were in the news.
Today the concern is war, both economic and literal.
From that perspective, I'll gladly use Australian, or Canadian online services, while avoiding using US ones for as much as possible. Note, I don't think it will be long before services like Fastmail will start moving their servers. Again, yesterday the US was an ally, whereas today the writing is on the wall.
Tuta comes with a caveat - you cannot use it in any other mail client (I think there are similar limitations with Proton as well).
Anyone looking for alternatives - stay away from mailboxo.org. It's a pathetic service. Stuck in past (they have a suite that makes you kick a table leg), very disgustingly bad customer service (it's almost non existent), and yeah they use 2FA inside the password.
Tuta is many times better if you can live with not being able to use another client. (They have pretty decent apps on all platforms though)
mailbox.org were good, but they decided to become more than just a mail provider and forced users into other, more expensive plans, adding office and cloud storage.
There is also posteo.de. It doesn't support custom domains, but I use it in combination with simplelogin.io (I think French, but now owned by Proton).
Yeah, I appreciate posteo's stance but when I tried using my domain via forwarding service it was a pain.
SimpleLogin, by the way, is now owned by Proton which is run by a founder (CEO?) who is a vocal Trump supporter. Nothing wrong with that of course, just saying.
More for email from EU: there is runbox (Norway; I have used it, really good except that their new suite has been in beta for over a century), mailo.com (france; on new pages I had to explicitly set translation from top right corner), inbox.eu (Latvia; haven't tried it). There are more: soverin, infomaniak has mail service, sartmail (used it; was costly for my personal usage iirc), and migadu (kinda well known), mailfence (liked it) etc.
Of course there is - Tuta (no imap/pop3 client support) and Posteo (no custom domain) - which are both excellent if you can live with these limitations.
The ones I would not consider (personally): mailbox (germany; but they are really. bad now - I have commented below about it), proton (I'd avoid it; reason was on hn recently).
Thanks for the info, I am a Private Internet Access customer and didn't realise til now. I now feel disgusted and will definitely be switching to another provider when my subscription ends. Luckily I only use it for Linux ISOs and changing region for streaming services so not much to spy on.
I used mailbox.org for several years until they forced everyone into more expensive plans by adding irrelevant features like office and cloud storage. This kind of behaviour from them was disappointing.
Can only recommend them - not too expensive, you can also use your own domains and they support at-rest auto encryption of all incoming mail with a PGP public key you give them (which of course does not prevent them from saving incoming mail as clear text somewhere else, but prevents others from reading all existing mail should they get access to your mailbox later)
Discovered them recently. Price looks absolutely fair for what you get. It offers up to ten external addresses for sending and has a web interface so it looks like a solid Gmail alternative.
Yes, but nobody competes with AWS, Azure or GCP, everything else is easy.
And most likely, most of the services/saas you mentionned relies on "US" cloud infrastructure.
(the risk is of course that the administration is not stable enough to stay bribed, or intra-oligarch fighting breaks out between Musk and one of the others)
I don't get what you're saying? There was a brief fad for using the other Chinese short video service, Rednote (Xiaohongshu) for about five minutes while TikTok was banned in the US, but mostly this discussion is about data sovereignty for Europeans who want to use European products for better legal protection.
(people have long since moved away from the Russian-bought social network, Livejournal; it's very occasionally useful to look something up on Yandex if you think it may have been delisted)
If you look into the history of some of our most recent, major disasters, they've happened under the watch of authoritarian governments. Two that spring to mind would be Chernobyl and Covid.
Companies running under those governments should surely be susceptible to similar issues because the fish rots from the head down. The culture and fear of speaking out and there for steering things in the right direction would be really dangerous for a company like Amazon and the AWS ecosystem.
If not used the latter but the former was excellent back when I used to use them. They were a little more focused on traditional compute and lacks the general breadth of services that the likes of AWS offer. But if you’re in a position where you’re able to choose a cloud platform provider based on the location of their HQ, then the chances are you’re requirements from said cloud provider are pretty basic.
True, I missed out what scaleway have done over the years, but after being literally burnt by OVH, and hearing that scaleway was operating in similar fashion, I gave up looking at their offering.
That is only the case if you think of migrating as an all-or-nothing. The services that he did manage to migrate went quite smoothly. If he would get stuck with one or two services, was it still worth it to migrate the ones he did manage? If you think it has all been in vain, then yes - its a different takeaway. But obviously Martijn does things step by step and I imagine he is happy even with the progress he made.
In other words, the question is 'is it easy to migrate to a service for which decent alternatives exist', rather than 'do decent alternatives exist for every service you depend on?'
You takeaway depends on what question you are most concerned with.
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
I think that this will depend a lot on expectations about politics in the USA in the medium/long term. Making this kind of investments makes sense if you expect the aggressive hostility that the current administration brought against Europe (and all other US traditional allies) to continue for a long time, and not just a couple years.
I expected it to be much harder to move away from these services I heavily relied on like Microsoft 365. Before I started migrating it figured I was so entangled in their web, that switching to an alternative would be a tremendous task. After actually migrating these services, I managed to migrate 90% within a few hours per service. This is nowhere near the amount of effort I expected it needed. Because of that, I'm also optimistic about migrating Git and NPM. While I don't think NPM will be any different, I suppose my optimism about Git might be misguided because of the amount of customization that goes into setting up CI/CD. Still, since only one out of all of the services might be hard - one that doesn't handle any PII - I stand by saying the overall effort was easier than expected.
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
Big plays are possible only with big capital, and that isn't what happens in the EU tech market.
Lack of serious VCs is a problem on one hand, but to blame is also the EU Horizon program which will favor large established companies (which innovate very little), and the fact that the funding direction changes with hype cycles (in 2020 that was digital transformation, in 2024 it was AI and similar).
The "easy" stuff was easy as the external face is a custom domain. This should be understood as a lesson for future choices.
Generic / not heavily propriety services which are pointed to by something you own (i.e. a domain name) can be migrated to new services. Web hosting, s3 hosting, email hosting etc.
Migrating from @gmail is not possible without scrapping an identity and starting over.
Qwant is an EU search engine, NPM allows you to specify a git repo and that git repo can be hosted on a gitlab instance or an EU provider. It’s not impossible to switch these providers, you just give up on major conveniences.
> > Wrapping up - Migrating away from US cloud services was easier than I expected.
> This is absolutely not the main takeaway and I find it difficult to see how he could write this
He explains why he writes this, but this is an incredibly silly complaint because you can’t know what his expectations were.
> The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems.
Which the author had with Microsoft 365 as well. Considering reducing vendor lock in wasn’t a goal of what they were trying to do, it’s not clear why you’re even raising that point.
> The real takeaway from this is that it's currently impossible in any meaningful sense.
It’s not clear how you got to this conclusion in any way whatsoever. In fact, this is an entirely ridiculous assertion.
Essentially your entire comment is “the author didn’t aim to do what I wanted them to aim to do therefore the author is wrong”.
"there's a real opportunity here for European companies to step up" and what would be business model? From tiny fraction of people that care about this - wast majority are also the same types, that are known to be unwilling to pay for any service ever even 1 cent.
I'm not sure that's true - mainly because of some potentially big European customers in government or national infrastructure. They care enough about security and reliability, that they'd very likely choose a European provider over a US one, especially if the existing political climate continues.
Companies don't need anywhere near the profits of Google to cover continuous development and maintenance, so while a European tech giant of the size of Google might not seem that likely, a European office suite certainly is more likely.
Bert Hubert has previously written about how the entire European telecoms industry with the exception of Britain has outsourced not only equipment but also network operations to Huawei:
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
Or for the EC to stop their "rearm" BS, and actually do something useful for the people by helping such companies. This is the real battleground for European independence and freedom.
The US demanded rearmament for years, and the combination of US and Russia has now forced Europe - including previous neutrals Sweden and Finland - into rearmament. Only a proper, just, end to the war in Ukraine can remove the need for it now.
A shame that OP recommends Proton. The fact they don't support open email protocols like IMAP/SMTP without an extremely frustrating proxy setup is what ultimately turned me away from their service. Being able to "just" use a native mail client is pretty much a must.
The vendor lock-in from something like Proton feels way worse as a result.
Can't speak to Proton Pass, but it strikes me as a replacement that seems unnecessary: if Bitwarden is a problem, the server can be selfhosted, something which the OP seems to be familiar with.
Some of the others feel of more... questionable issues to have with US cloud services; it's hard to find problems with Dockerhub and NPM that aren't just general problems with these services/the company behind them (mainly NPM). Maybe that's just because the public/private concern for both of those services is pretty different than the others mentioned here.
What's a good alternative to Proton? Still haven't migrated my business away from Google Workspace, and I was thinking Proton would be a good alternative, but apparently not if they don't even support IMAP/SMTP.
Mailbox looks very solid, although I don't have long-term experience: https://mailbox.org
It provides email, online storage, video conferencing, calendar etc., all of it privacy-preserving by default. You explicitly don't have to provide any personal details.
Fastmail[0] is what I use for my personal email. They support all the standards, but are also pushing things forward with standardising the JMAP protocol[1] which is much better suited to mobile clients than IMAP.
They only have email and calendaring though, no equivalent of Drive/Docs/Sheets.
Australian businesses have to provide GDPR protections to EU citizens, regardless, just as EU companies operating in Australia have to obey Australian law.
I also have a feeling the Five Eyes agreement is about to end.
Not mailbox.org (!) unlike many have suggested. In last few years mailbox has gone into the gutters in almost every aspect (almost) - I am stuck there because of a large recharge/purchase I had done and they don't do prorated refunds anymore.
There are other options - tuta, posteo, runbox etc (I have just made a longer comment and I am sure you can find more on the net).
IMHO - we should not ignore other things when looking for a service replacement I mean aspects of a service other than privacy and for me responsiveness and customer service comes near the top or at the top.
I am migrating away from Proton. In theory they check all marks, in practice they fail in delivering baseline functionality in all categories.
1. The Web interface email is so-so, but the proxy email bridge is really heavy and takes a huge amount of disk space. It also makes my computer start flying from time to time. The iOS email client(very important as they dont support standard protocols) is just useless. The text is rendered like an image which I need to pinch to zoom in and slide across the text. There is no way for the font size to be increased to a legible amount. The images in attachment are not in a carroussel so I need to open1/close1/open2/close2/open3/close3 if there are 3 attached images. In an email client this is absolutely basic.
2. ProtonDrive: It took a long while before rclone was supported and for their web client to be working, "ok". Anyway it is basically unusable as a backup cloud service because it takes forever to encrypt in the browser. I just gave up and have no idea what is the state of sync of my files there. I just moved to backblaze and am waiting for my Proton subscription to expire.
3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
4. ProtonCalendar is proprietary and not compatible with generic tools in iOS or linux or Android.
I gave up trying their other services as I just expect them to be as incomplete.
I mean: Email is the thing that needs to work right and every time I need to see some email together with my wife I feel like this goofy person that complicates what for everyone else is one of the most basic tasks in using a computer.
If I could I would just cancel and ask my money back, unfortunately they do not do that.
> 3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
Even residential IPs are being blocked nowadays, we have Cloudflare to thank for that.
Yes! I run Firefox on Linux and I constantly get captcha'd everywhere (by that typical cloudflare loading page) because I'm not part of the 95% that runs Windows or Mac. Cloudflare is an awful thing for the internet.
cloudflare seethes at firefox users that have strict tracking protections enabled. OTOH it's still much less violent than hCaptcha or google. Especially if you install their PoW pass extension.
It might be because I tweaked my user agent. I had to do this, because Microsoft is being obstinate and disabling a lot of M365 features if you're on Firefox on Linux. When I set my UA to Edge it suddenly works totally fine. I'm just a bit stuck with M365 due to my work, unfortunately.
It's not really "big tech slavery", cmon. A large majority of bots on the internet try to fake their User Agent to pretend to be someone else. Unfortunately, your browser does the same. When they compare your browsers signature with the expected user agent and real user agent, they find discrepancy and flag your browser as suspicious.
The real solution is to only modify your user agent for the MS apps you have trouble with, and all your captchas will disappear.
No they don't because I had them too before I started using M365 and had to edit the UA. Maybe not as much, but I think the tracking protection also has a lot to do with it like another poster said.
You're looking at this in black and white. The CEO praised one of the administrations picks for being tough on big tech. While I think he's wrong in his statement on who stands for "the little guys" praising one pick for her stance on big tech does not mean he wholly supports the administration and it's actions.
Not all things require an equal reaction. Someone saying "this pick has a good track record" doesn't require the same level of drama as if he had said everything this administration does is awesome.
Yeah, I was a Protonmail evangelist but their mobile app sucks and their client software has nonconsensual surveillance embedded in it that you have to remember to turn off.
Yes I'm not a fan of Proton either. Especially because they hammer so much on their "Encryption" thing while 95% of the mails you get will come unencrypted from one of the big tech parties, Google, Microsoft, Amazon. So what is the point, really? And because of this indeed it is very hard to connect to it.
Email is just dead as a tech. It's no surprise nobody uses it for sensitive content anymore but instead just uses it as a notification service ("Please log in to our portal to read your message").
I don't personally like bitwarden either because it uses a master password, I prefer "pass" which encrypts each password with your GPG key (which can be stored on a yubikey for hardware security). But yeah self hosted bitwarden is a good option too and very popular.
There's so many organisations moving away from it though. Email password recovery yes. But really, what does Proton's E2EE add to this? The email is still sent unencrypted across the internet. And only gets encrypted when it gets to their mailbox. It's not as if someone could easily break into gmail either. Unless they know your password but then Proton is just as vulnerable.
I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.
Many emails aren't sent unencrypted any more — just not E2E encrypted. It's harder to stop an active MITM from downgrading the connection, but the bulk of non-spam messages to my server come in with TLS. And while it's not going to be possible for most people, I have pinned most of my larger destinations to require TLS with a suitable certificate, so I can have confidence that my outbound email won't transit the Internet unencrypted.
Obviously if you're a client of a big hosting service that you don't trust then E2E has value. But that's not the whole problem, or the whole solution.
It's really the only game in town for messaging. Like sure, there are a zillion incompatible alternative systems out there but email is the only system with worldwide adoption. ... and its federated. ... and it actually works somewhat reliably. ... and it's actually fairly secure these days, using a network of trusted email servers.
Like sure, it would be great if we could make end to end encryption usable for regular people for the email case. It would also be equally great if we could make E2EE usable for regular people for all the other cases.
Interesting how for a (junior) dinosaur, like me, this was never a problem: I still run my mail, web, nextcloud, xmpp, forgejo, etc server on a former thin client under a cupboard. With a symmetrical fiber 1G connection it's been surprisingly reliable.
FAQ:
Yes, you can run self hosted mail.
Yes, it's complex.
No, it's not hard, but it takes time, as it is complex - if you want to understand it. If not, go for something like https://maddy.email/
Yes, I have a fixed IP address with a reverse DNS entry configured.
My ISP is zen.co.uk.
Yes, I have reverse DNS, DKIM, DMARC, SPF, even mta-sts.
No, I'm not switching from XMPP to Matrix - it's too server heavy, XMPP is more client oriented, which is my preference.
I know about the UK's online safecty act, I used https://onlinesafetyact.co.uk/ra_my_self_hosted_single_user_... as a template to create mine. I think the act itself is basically useless and just paperwork, but something along it's ideas is actually needed.
I block many AI crawlers from accessing code and photos, as eg. Claude is so aggressive that it's code crawlers makes my system sluggish, and I have no will to let anyone use my photos beyond printing them for their wall as decoration.
I self host a mail server too. Static IPs are not available for a residential connection where I live which makes PTR and SPF records hard.
What I've been doing is using Oracle's "always free" VM to host VyOS as an ingress/egress router. It's been pretty easy to set up the mail server itself using iRedMail.
I've had some problems with spamhaus and outlook because that whole IP range is not trustworthy but otherwise it's just worked (Spamhaus was nice enough to put me on a whiltelist).
I know hosting at Oracle is not moving away from US cloud services but I set this up two years ago and this could be achieved using any cheap or free VPS.
Can you please write more details about "I block many AI crawlers from accessing code and photos"? The bots are trying to access your nextcloud instance? I'm also self hosting a few services, including nextcloud.
If you have a fixed IP with a good reputation then 95% of your email problems are solved. If you use a client (like the iphone email client), your setup is really simple (as in set it up once and forget about it). Providers will also try re-sending email if it doesn't reach you, so availability is not that big of a deal.
That being said, the major issue starting up is having that highly reputable ip/domain.
Maybe one really needs 'the cloud' (whatever that is) or the accompanying services, I don't know, but I do know that good old webhosting is still around. At least here in The Netherlands. Good for email, good for websites and webapps, good for data storage.
There are enough options to choose from the decentralized menu of hosting offerings. Most are cheap enough also, but watch out for the slightly bigger webhosting companies that are taken over one-by-one by some group of investors wanting to play AWS (and upping the prices by 400% or so).
The cloud, speaking for small-to-medium companies, is two things; a directory server with file storage, email, and an attached suite of productivity tools (e.g. Microsoft 365 or Google Workspace), and virtual, distributed infrastructure (e.g. AWS, Google Cloud, or Azure).
You can build the offerings commonly sold as "cloud" yourself, but it requires a ludicrously unreasonable amount of engineering work to reinvent the wheel and end up with a shitty solution that gets your users frustrated, guaranteed.
We need a European contender (or multiple!) that can actually compete in one or both of these disciplines. There is going to be a huge market for this very soon.
I think a ton of services would actually run just fine on a single old fashioned Linux machine without any fancy cloud stuff, we've just been conditioned to think that it's somehow wrong.
I did not necessarily need an explanation of what 'the cloud' is or isn't. I came to believe it's definition is vague on purpose. I found out it's (almost) the same old internet with new shiny marketing labels on it (I say 'almost' because clubs like Netflix probably need their movies stored near the end user for seamless HD streaming). With the end goal of getting everyone's data on someone else's server (so they can control it, eventually without your permission). It works because programmers who might understand technically what it is, usually don't call the shots when some Big Tech salesperson offers shiny new apps from the US.
Luckily, I don't need a cloud. Not someone else's cloud, not even building my own cloud. Why? Because the technical progress required for me to save, work, share and publish stuff online (or locally on my computer) was already there from the '90s. And luckily, it's not standing still. Although every exec and marketing boy wants you to believe the only good stuff is the next hyped up stuff.
We see the same thing happening with LLMs and AI. It's marketing fluff all around, by people who so fully believe in it that it becomes scary. And it's hard to argue against it, because it is impressive what LLMs can do. It's also bullshite and has nothing to do with reasoning, or thinking, or whatever human capabilities are projected onto a digital parrot (I don't want to ruffle some feathers, pun intended, a lot of people probably have good use for LLMs and it's still interesting that people work on these systems).
A computer, an internet connection and some webhosting get's you more than far enough for most use cases. Without vendor lock-in.
> I did not necessarily need an explanation of what 'the cloud' is or isn't.
You obtuse "whatever that is" sure made it sound like you did.
> Luckily, I don't need a cloud. […] A computer, an internet connection and some webhosting get's you more than far enough for most use cases. Without vendor lock-in.
That is the kind of stuff you can only say if you're not concerned about anyone but yourself.
I have employees that need to send emails, do calls with customers, work on digital documents, and collaborate efficiently. If they drop their laptop, or it gets stolen, I don't want these documents to get lost, or compromised. I need them to sign in to a myriad of services securely, using a single identity that I can centrally block if their account is compromised or the contract terminated.
All of that isn't what some "marketing boy" wants me to believe, but hard requirements to do business, and protect the privacy of our employees and our customers.
I'll just state for the record that these particular use cases make up something like 90% of what my employer uses Office 365 for, and it's absolutely impossible to do our business without it right now. If we had to solve document storage by plain old file-server storage, we wouldn't even be compliant with local laws.
I find it really annoying when tradional hosters (indeed in NL and DE for instance) move to the grifting 'pay per use'; the same VPS that I could beat over the head for millions req/month for 5 euros, now costs, for the same usage, 50+ euros because suddenly i'm paying for the cpu, memory, disk, network etc that I use. It costs them $0 extra, so that's all profit. I had it a few time now ; you can recognise it either indeed if they get taken over by some large investment firm and/or when they start offering more and more 'cloud services' next to their VPSs; once they have the infrastructure up and running, they start screwing over people. Mind you, if the service was better, then maybe, but it's not; it's just vastly more expensive.
I would like to see a movement more along the lines of "Moving away from cloud services", not just US services. Our computers are faster than ever, internet bandwidth is not a problem, public IPs affordable. Why not self host when possible?
Yep, I just finished moving most of my stuff to a bunch of small (but stupidly powerful) machines in my and my parents house. They sync and work very well. It's a nice feeling, finally everything is hosted and backed up and in my own hands. Of coourse, this is not for business, although I would have no issues hosting small busness on here; it's more robust than most single vps solutions.
Maybe, but i'm not running a bank here and I do, regurarly, stick in an external drive to run a backup. It's pretty well protected all in all. Definitely better than 'if google kills my account for no reason at all'.
It is important to not lock yourself into any cloud provider. For example using services like Firebase, which are very good, means you cannot *easily* move to self host once your business idea turns out to be a success.
Tailscale makes this easier than ever to do. I'm looking to move most of my Lambda functions off of AWS and into KNative on my Kubernetes cluster at home.
Why move away though? The cloud subsidizes for "free" a lot of powerful services that the average user can only dream of self-hosting.
And the price is what? Your browsing history? Personalized Ad's? Provided you don't AdBlock that is!
I like the symbiotic relationship. I do believe in safeguarding yourself from getting locked out of your life due to your Google acc getting banned but outside of that I see no harm in getting free service in exchange for data. It's a fair deal.
And the price is what? Your browsing history? Personalized Ad's? Provided you don't AdBlock that is!
Regardless of what you think of using your private data in exchange for free services, the problem with the cloud owned by US companies is that to us outside the US it seems like any kind of blackmail now seems fair game.
Since Vance threatened to drop NATO support if the EU regulates Musk's platforms [1], temporarily holding hostage our data to 'win' a trade war does not seem that far-fetched anymore.
Also, if the US ends up trying to make good on their threat to annex Canada or Greenland, then we are strongly dependent on a hostile state. We learned some lessons from being dependent on Russian gas.
Yeah the pricing for memory in most cloud instances is so atrocious that you pay enough to buy a whole DDR5 stick in a few months already. Or an entire ARM SBC that will outperform that stingy offer in every way.
Cloud also has networked SSDs so they can keep the machines and partitions separate, which really limits their speed and throughput and increases latency. Nothing beats a PCIe attached NVMe.
My problem is that I do not want to replace one centralilzed service with another. I do not see any difference between the US and the EU (or Australia) in handling privacy. Most politicians are super keen on destroying privacy for people, for the "good cause". There are so many examples of this I lost count. We need strong encryption and true peer-to-peer networks where the connection is going through random routes (impossible to predict) and there is no government controll of any of the nodes it touches.
Perfect is the enemy of good. The EU has it's flaws, but if you can't see the difference between the US privacy climate and the EU privacy climate then you need a reality check.
Yup, in the USA you can still have VPN server that is not storing logs, something that is simply illegal in European Union countries.
In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way, as any criminal who needs an anonymous card would pull in to the retailer some drunk or homeless person and get that SIM anyway. But "normals" can forget about privacy, unless they want to play with something like silent.link.
> In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way
This is illegal in some European countries but not all. I more than bought one phone and one SIM card with cash in the past.
There is always a degree of incoherence in people's beliefs and actions.
A good one along the lines of your comment, IMHO, is how most Europeans are very happy to promote ID cards and to be asked for theirs all the time while always complaining about "privacy" and against "surveillance".
For instance in France you must show your ID to buy even a prepaid SIM card, but then again the police can ask to see your ID with little justification. Or how they ask for ID when checking your ticket in the TGV high-speed train...
Are you insinuating that if you're in the US, you could refuse to show your ID to a police officer when they ask for it?
Go ahead and try that, tell us how it goes...
(No, there is no requirement to be carrying your ID card in any EU countries that I'm aware of. However, most jurisdictions require you to state your identity if questioned by police as a suspect. At least here in Sweden, if you're a suspect they are allowed to detain you "for identification" if you refuse.)
I am not expert in the US, and it has actually nothing to do with my comment, but I believe that police in the US might ask you to identify yourself in some circumstances (which is quite different from having to show an ID).
What I mentioned regarding France is that you must show an ID (passport, ID card or driving license) or face being detained at the police station when asked by police. You do not need to be a suspect of anything to be required to show an ID.
I was certainly not going for an agressive tone. I'm trying to say that police all over the world will want to know whom they are talking to, especially if you're a suspect. I don't think it's a world of difference between the US and an "average EU country" there.
In all of Eu countries I visited, only FI and DE asked for id when buying a prepaid sim card. And prepaid sim card days are almost over, as there is Airalo etc.
Strange as I have never heard that you would have to show your ID when buying a prepaid sim card in Finland. And I have also bought them several times and I think that I have sometimes bought them with cash.
You might be interested in Peergos (lead here). It is E2EE, built on a P2P protocol (libp2p) and thus self hostable. We don't have onion routing yet though.
For me it's not even about privacy, it's pretty clear that no matter where I host things, if I don't have control of the hardware and the TLS termination then there's no privacy I can guarantee.
However there's still a case to be made for some form of digital sovereignty.
It's no longer considered a complete paranoid delusion that the US could snap its fingers and put tariffs/sanctions on digital goods served from US companies or consider the EU to be proscribed and cut access entirely.
I used to allow myself to think of the consequences of such a situation, after all the US very famously stated that they have no such thing as allies, only temporary allegiances, and as a brit: that is a sobering thought, because we cosy up to them a lot - even going so far as to join them in an illegal war.
However, if you consider the economic harm that would be caused by microsoft just cutting access to Office365, disabling the licenses used or even cutting access to EntraID and managed sharepoints and/or Teams. Most of the EU would not lose billions in lost productivity, they would lose trillions.
What a crazy economic risk, and that's just one product. Nearly all digital services in the EU depend nearly entirely on Azure/AWS & GCP.
Even the ones that don't depend on hosting, still depend on Google Workspace or Office365; both of which depend heavily upon online services which may not always be online during heavy tensions.
I know this is difficult to reason about, but we really have our heads in the alligators mouth when it comes to our digital capability- it will be hard to remove it, and many people are enjoying the echo and will actively fight against attempts for change.
I find the Proton tools to be a joy to use and I use them for my business. For clients, I can't do that to them. Microsoft completely dominates and people just expect to be able to video call, chat, work on docs, etc. MS365 remains incredible value for money and pretty optimal for normies.
Absolutely. Microsoft stuff is so mediocre and incompetent.
They get away with it because they're pretty much the only game in town for enterprise. So there is no drive for them to improve in any way.
But really, companies choose Microsoft because it's all connected (easy to manage for them) and fairly cheap if you take the whole package and because "nobody ever got fired for picking Microsoft". But AAA third-party solutions are always way better in terms of UX and features. Picking Microsoft tools always feels like you're settling for less.
I manage a lot of the microsoft 365 stuff at work and I really hate my job. Also the condescending attitude of their employees and 'consultants'.
Teams is a horrible, ghastly product that is absolutely impossible to avoid with clients :-( I'd prefer to stay on the free plan because it feels so soul-destroying to reward such behavior, but then you can't start calls unless invited to a meeting by someone on a paid plan (or something, it's disabled with no message).
I switched because of their calendar integration. I needed an email tool that would send 'accept' replies to calendar invites send from outlook and google, and I landed on proton.
To any self-hosters if you have a working setup for that (email+calendar), please let me know! I couldn't find anything decent.
I switched my personal email from Google Workspace to Proton. My use case wasn't privacy (especially when 99% of my email is sent to and received from people using Gmail, Office 365, etc.) I was interested in trying Proton more to support a plurality of service providers.
As such, I'm probably not Proton's target customer. That means the compromises Proton makes to enable E2E are not worth it to me.
Some examples:
* Search is like going back 20 years.
* The lack of automatic filtering (e.g. Gmail's automatically applied Promotions, Updates, etc labels) has made the signal to noise ratio in my personal inbox so low that I'm considering just taking the app off my phone or suppressing notifications, at least. I don't have the time to set up manual filters for everything that comes in.
* The lack of automatic filtering and decent search means that my personal email is now pretty much useless.
Similarly, it's pretty hard to migrate away from because you can't just use IMAP to shift your email history to another provider.
This isn't a negative review of Proton. This is just to say that choosing Proton Mail means living with the compromises necessary to enable their main feature (privacy) and I don't care enough about that one feature to make those compromises worthwhile (because my email is going through so many non-private services anyway).
Well, there are no (classical) office tools. There is a text editor, but no spreadsheet. Their "Drive" solution is very mvp, you can collaborate on text docs, but it's very minimal.
Email is great, looks great, fast, nice feature set. Calendar is mvp-ish, I can accept invites and they go into the calendar and they have nice links to Teams or Meet etc, pretty seamless. They also have widget for a iPhone now, but it's early days.
ProtonPass is great, at least as great as BitWarden, sharing credentials with family and colleagues is a lot easier (not that "organizations" stuff, just click, share, done).
My iPhone syncs pictures to Proton Drive, but the app needs to be opened to do that, which is annoying. Other than that, works well, pics are safe. I really want a Linux client and an API (or rsync endpoint?) so I can push backups there (I have 3 TB drive for the family/business combined).
Their Bitcoin wallet was wasted effort if you ask me, would have preferred video chat or something. Make it more like NextCloud with a dashboard perhaps.
But when they make a new product, it's mvp but generally immediately works very well. I have a lot of trust in their solutions to just work.
But you can use almost everything on the free tier, so just try it out! The migration tool also works really well.
Yeah, there are no export tools, but technically it would be up to the other party (like Google or MS) to make those right? When you want to go Proton -> Google ;)
I guess with the bridge you can move your mail uit via imap, the Drive you can just download it all. Calendar will be annoying I think because there are no open protocols like caldav (by design, and I do miss that!!!).
The biggest elephants in the room are cloud providers, but I didn't find an easy alternative yet (hetzner, ovhcloud). ATM, the idea to the business is sold, that data resides somewhere near by in a datacenter, EU proximity. However, the EU businesses are realising that, well, whole region is at a mercy of one person.
Hetzner is great value, but their networking has a few issues:
1) Networking is mostly limited to 1Gbps. Even private networking. You can request a 10Gbps NIC, but it has to be housed in the correct data center and adds a $48 monthly fee.
2) Private networking is IPv4 only so dual-stack private networking isn't possible. Also each public IPv6 address is /64. Would be nice to get a /56 to setup dual-stack IPv6.
3) Can't specify a subnet to assign a server to when using hcloud API/Terraform. You have to specify the required IP on the subnet explicitly.
4) As I understand it, the private network traffic isn't truly secure between tenants, so needs to be encrypted between nodes anyway.
Still, I'm betting they'll fix these issues as their offering grows.
People are really quick to forget the fire that destroyed one of their data centers a few years ago and which did not get addressed in any way by OVH for months.
They also learned nothing from it, and are repeating the exact same mistakes.
I stopped hosting even my personal blog on OVH because of how garbage it is.
Yes they are such chaos internally. Even their support tells you different things every time. I kept having issues around my IRC bouncer on one of my servers (kimsufi, their budget brands). Some support people said yeah no issue as long as you don't do anything illegal. Others said I'd get insta-banned, and sometimes I did have issues and had to call them to get re-enabled.
Now, I have to admit I haven't been a customer of them for 10 years due to exactly this. But yes the fires exposed a lot of the same I left them for.
I left to go to DigitalOcean but it became too expensive and then I found Scaleway which I'm a happy customer of for years now.
Both companies are excellent, and I'd absolutely trust them with my business, but neither can replace something like AWS. The friends I have at companies who are actively using AWS are all relying on a fairly large number of AWS only services. Either they'd need to stand up their own replacements and host those services on VMs, or in some cases rewrite parts of their stack.
E.g. if you're using AWS Cognito then you're not going anywhere.
Exactly! You can get a bare minimum, like a virtual machine (EC2) or storage (S3), which probably enough for small and medium enterprises (SME). However, if we move beyond, I'm not sure as I don't have experience with them. Now, if I'm building a prototype, I want something quick and just a lack of Cognito is a deal breaker.
IMHO Aws is designed for totally embracing their philosophy and language. You don't understand two Aws Devs talking to each other. Even organizations are internally structured for Aws operations. This create something even stronger than a dependency.
> Making yourself a subsided of Amazon was never wise
True, but the AWS pricing doesn't make sense otherwise. If you're not using the managed services, then the value proposition is no longer there. Using those services is what allows you to build massive systems for relatively cheap, with much less staff. We had a project that was to be moved from on-prem to Azure (same deal), it went from thousands of Euros per month to fitting into the a free-tier, but only because we could use managed services. Spinning up the same VMs would cost more than hosting it ourselves.
I like them a lot but they only have EU DCs, if you are looking for Global (or at least Asia) you're out of luck for now. Perhaps this disconnect from US services might give them the impulse to spread out though! I'm really happy with them as a customer and I don't have needs beyond Europe anyway.
I've found Scaleway for AWS-style managed backend services fronted by Bunny (https://bunny.net/ - also EU-based & owned, but with global CDN DCs) works well! Bunny have nearly 30 DCs in Asia alone.
Problem with Hetzner is they don't have the self hosted DCs in pacific region yet. They have Singapore for their PaaS solution, but if you want those cheap second hand servers then have to be in EU
I think this is less of an issue than people actually think - if it gets to the point where this becomes a real problem, individual EU countries can force the datacenter owners like Google/MS to change ownership structure for these datacenters to EU-based subsidiaries or completely new companies if they want to continue to operate.
This doesn't matter as far as the concerns about US warrantless surveillance laws go because those laws also apply to subsidiaries of US companies. IIRC Microsoft tried to argue that its EU subsidiary could not comply with US requests and lost.
Usually everything is through subsidiaries. For tax and profit allocation purposes the way it works is that you set up subsidiaries in tax-friendly jurisdictions and then channel the profits to them through contracts between subsidiaries.
The general point is what does "moving away from US cloud services" mean, then?
Does it mean not using infrastructure actually located in the US? Or does it mean effectively boycotting US-owned companies that may be fully located, including infrastructure, in Europe?
I don't know if it migrates CI pipelines as well (which is apparently what prevents the OP from leaving github), but Codeberg has a migration tool to automate the switch from Github (and others) to Codeberg.
Yeah the last couple weeks has made me wary of anything US based too. Not just privacy but also just overall risk. They’ve suddenly become very erratic in their decision making.
Quite hard to untangle it though. So much of the internet is US centric unfortunately. And even if you figure out the first layer of vendors they in turn are likely US reliant too
At the end almost everything in life is about interests. It's clearly in the best interests of one country, or union of countries, to do their thing and reduce reliance on others.
Reducing reliance on others is primarily risk mitigation, which is increasingly perceived as necessary due to the rise of authoritarianism and wars, in western democracies at least. However, it is quite a sub-optimal solution, and in some cases very costly or close to impossible. It will almost always reduce economic growth, sometimes quite severely.
It would be in the best interests of any one country or group of countries to not have the threats which we think we must de-risk in the first place. Free trade was the primary way we thought we could do that, or at least Europeans thought that was the way. We were wrong all these years. I admit I was one of them. I thought at some point in the near future we would collectively move past this thing called warfare. How naive.
It's striking how little discussion there is of the underlying risks that now make the US cloud less attractive. Trump is doing a lot of damage to the US as a services provider.
I was thinking about it today, I could think of an equivalent for EC2, S3, Software defined networking, archival, load balancers etc. But, one thing I could not easily come up with a replacement for is IAM. What would be an equivalent to IAM that a smallish cloud provider could use without building it from scratch?
A system that provides roles, policies and granular permissions that can be attached to specific resources like the equivalent of S3 buckets, equivalent of EC3 VMs etc.
For hetzner object storage probably generate keys for VM's and store them in Vault or similar tool to manage credentials, which you'll likely want anyway.
I moved from GitHub to self-hosted gitolite. I use a (standard) Makefile in each repo, which my deploy job runs (make test, make build, etc). I use githooks to do various automation.
It's really not that much different to GH Actions, and not more work. But it's much faster, and easier to work with.
If you're working in a team, then PRs are hard to replace.
My company is looking into a move from GitLab to https://forgejo.org (Codeberg, essentially). Seems way easier to self host. Seems fine so much for all my team's needs.
Yeah, we've been using gitea for five years, and from administrator's point of view it's one of the easiest things to self host. Updates can happen automatically and require very little downtime, and it's light on server resources.
In comparison, Gitlab was a massive pain and became close to unusable on that same server before we migrated to gitea, even though Gitlab was used just for code hosting, and gitea is used for everything it supports (container image and package repositories, issues, etc).
On my first team in 2011 we used Phabricator before the company sprung for github enterprise. Phabricator was fine; you could even just copy/paste the output of `git diff` into a form on the UI as an alternative to pushing to a monitored branch.
For code review and merge workflow gerrit used to be good a decade ago, it's probably good today, too. Github PRs are strictly worse today than what I remember from gerrit back then.
Gerrit is great if your team is willing to work in a rebase based workflow!
We handled huge repos on Gerrit (and a huge number of them) at my previous employer with very few problems. It does take a certain effort to self-host it, but then what doesn't.
what advantage does gitlolite over gitea? If i wanted to replace GitHub my intuition would be to replace it with gitea. It seems to have similar interface, pull requests, workers etc to gh.
Gitolite is a bare bones git server. Gitea is a forge. They’re not remotely in the same class of software. Gitolite doesn’t even have a web view for the repos, you need a separate package like cgit for that; never mind project management features.
Infomaniak is Swiss company and is a very nice alternative to 365. It covers emails, cloud storage and office editors (via OnlyOffice editors), and plenty more services.
For source code, BitBucket is provided by Atlassian, which while not European is Australian, so also from a trustworthy country.
On Bitwarden, at least for now, it's mostly Open Source … for techies, for the server-side, there's Vaultwarden which is easy to self-host and with self-hosting of FOSS software you achieve true data sovereignty.
I'm an EU citizen and I worry about the US as well, but we need to be careful about this migration to EU services, as in some areas the European alternatives aren't good enough and people will go back to Big Tech, instead of preferring a FOSS solution that happens to have US dependencies.
For the Americans in the room with European customers, this all should be taken very seriously.
From our perspective, the US has just declared itself hostile. No organisation their right mind would use a stack dominated by Russian companies, any organisation not considering the risks of having their tech US-based right now is being careless in the extreme.
Even if Trump goes away tomorrow, this is a long term issue. America has demonstrated that it's an unreliable partner twice now. We can't make our planning on the basis of a dice roll for the Whitehouse.
I wonder if shifting to cloud providers in the EU will lead to the rise of giant European cloud companies in both technology and infrastructure, or if this is just a short-term trend.
I'd like that. Personally, I prefer to self host all my stuff.
But I can't do that to our clients. I want to provide them with something that makes them independent from us, something they can just hire any random agency or freelancer to work on. That leaves AWS and Azure as strong options.
There's a number of European cloud providers (https://www.stackit.de looks especially interesting), but I'm looking for too-big-to-fail options. Hetzner sure is that, but you don't get managed relational databases, object storage and a couple of other things that typical web apps rely on.
I know I can host stuff like Postgres and MinIO myself on Hetzner cloud instances. But when it comes to _managed_ services for this stuff, from a too-big-too-fail provider, I'm drawing a blank when it comes to European providers right now.
> I want to provide them with something that makes them independent from us, something they can just hire any random agency or freelancer to work on.
I have the same attitude and regularly find (sales) people not understanding why I'm doing this. They are pathologically looking for my angle. But there's none.
I totally have an angle, I consider our reputation to be our most important asset. There's a lot of devs and agencies out there. It's a whole lot harder to find good _and_ trustworthy ones. Being that is my angle. We got close to 100 % of our business from recommendations, and I like that. Wouldn't really want to spam strangers for finding gigs.
Of course, a lot of agencies do just that. And I've also seen more than one situation where an agency held their client hostage, not giving them access to their own code, hosting environment and what not.
Sure, it's not 100 % angle. It's also to a large degree professional ethics. But I can easily rationalise it into business value, and am probably not far off.
There was enough computing demand from Europe before this 'shift' (it's one tech enthusiast here). Large US cloud just opened DCs in Europe. No European cloud provider wanted to step up and provide the level of service US giants offer.
Honestly I doubt it. For now, the really big users, companies and large organisations are waiting it out. If they can sort of get by for the next four years, then they aren't going to make the switch, and frankly neither would I.
I think the trend should be away from these cloud providers in general and to smaller companies that offer both a paid service and a self hosted option as a way of providing you with an exit strategy. Ente is a good example of this
There isn't even a short-term trend. We saw posts like this a few years ago (in the blog post even admits he tried this before) and they went nowhere, just like this "movement" will.
From perspective outside of US it is not that relevant (in this context) if there is change after this. Because as we have seen in 2016 and now - there is no stability.
As a plus they provide Forgejo Actions (https://forgejo.org/docs/latest/admin/actions/) which is pretty much similar to that other Actions, and which should make migrating that much easier. (you could replace the Alpha state Forgejo runner with the Gitea forked act runner -- as they are both essentially act runner forks); or you could run any of the CI/CD tools mentioned here: https://codeberg.org/forgejo-contrib/delightful-forgejo#ci-c...
Since you are switching anyways you could try to adopt local first and that way you make sure you don't have yet another cloud dependency ie political dependency.
I am self-hosted, then I don't mind clouds, US or not, but... I am fed up with those "clouds" which are closing their eyes on the fact that they are weaponized by hackers, to point I started to think they actually want that, aka wrecking small hosting namely more business for them.
Nearly everyday I get a scans/hack attempts(script kiddy grade for what I can see...) from some of them, this is seriously annoying and those 'scans/hack attempts' have been usually referenced by security communities, OFTEN FOR MONTHS IF NOT YEARS.
No "cloud" is spared: aws, microsoft, google, ucloud.cn (the worst), ovh, etc...
On top of that, they are "protecting" 'scanners' (onyphe/stretchoid/cyberresilience/etc), you know those guys who are scanning(when it is not some kind of script kiddy look-alike hack attempt) the whole internet, that 'for your own good' with the second line of their website being 'pricing (ahem... scan data)'. We all know that you do not scan any system without being explicitely asked for unless... military/police.... or mob.
I know this going to offend many but as an outsider, it is heart wrenching to see a foolish, greedy and extremely corrupt property dealer dismantling the greatest empire in the human history, piece by piece from its soft power (VOA, USAID) to its core functions (tempering with science and education) and there's no political force in sight that can be of any significance.
> Startpage is owned by a Dutch company which is operated from its headquarters in The Hague, the Netherlands, and is a part of System1, a publicly traded company based in the United States.
I was hoping Startpage was the successor of startpagina.nl, which I used as a kid in 1995 to 'browse' the web. One of the oldest Dutch websites that I can remember. Fond memories!
I don't like all of his suggestions, like startpage.
But I have very good experience with Scaleway, much more so than OVH or Hetzner. Hetzner demanded ID photos for everything. And OVH is a chaos. Scaleway is more like an Amazon type cloud and their support is really good and direct. Also cheaper than Amazon (and without the whole ratmaze of fee structures!)
Surprised the author didn't realise that the dropdown by login boxes has been supported for some time by BitWarden, and more importantly, the backend is open source so you can run it yourself (there's also a third party implementation that's even simpler to run yourself).
Looks unrealistic to me.
Sure, for one guy with lots of energy and know how its possible.
Try migrating academia, industry, entire government branches etc. That's not gonna be easy.
It isn't easy or realistic, yet. But these things always start with the guys and girls with energy and skills. They write blogposts, it gets picked up. Somebody starts making improvements, convinces their manager to do it. Slowly things start to improve, people start building tools, sharing knowledge. Some of these people also work in, or for academia, industry, government branches. Once enough people are ready to pay real euros, there will be entrepreneurs ready to provide solutions on the market, also in Europe.
I don't buy the idea that Europa has lost all the big tech so we're doomed or something. No, maybe we won't have an aws/azure/google cloud competitor any time soon. But it has never been easier to start a software product, the thousands and thousands of SaaS services we rely on can easily be build from the ground up by devs from all over the world.
> the thousands and thousands of SaaS services we rely on can easily be build from the ground up by devs from all over the world
Define easily.
If it was that easy to clone Microsoft Excel (up to the most miniscule detail) I'm sure someone would have done it by now and offered it for free or for half the price. It's not that easy. You can get most of the functionality done sure but not all of it - and not having all of it wrecks the flows of all of your finance/accountant teams who won't be able to migrate or will be forced to work in different ways. Getting everything to work would take years. When Google "cloned" Excel to its own product and didn't even bother trying to make it 100% compatible with Excel because it's too much work.
That's just Excel, how the heck are you going to migrate everything else?
I think with enough budget and determination it can happen in around a decade I guess, but I don't see where the motivation or determination will come from - in a few years Trump will be gone and things will be more normal again.
Europe should have thought about this like 20 years ago , it seems a bit late to me.
The truth is the dependence isn't one directional , America needs Europe as well for ASML, for pharma and for all kinds of other things. I don't think there will be a complete decoupling.
"in a few years Trump will be gone and things will be more normal again."
Oh, you sweet summer child... He is already dismantling democratic institutions at a startling rate. Vance is threatening to leave NATO as leverage to change UK laws. Do not make the assumption that the U.S. will be what it was, in ten years.
I agree, but on the other hand: it's just software. We just need to build easy few-clicks transitions for the most popular usages.
Like Azure, didn't catch up with AWS on day one. They first added the most used features.
The US software moat is large, but I bet the most used features of the most used services are easier to replicate.
It's a 2 step process, first you have to rebuild the thing (or most of the thing) yourself, which is already a huge undertaking.
Then you need to migrate everyone from their current stack to the new one (or new ones. You probably want to give more than one option).
The migrating might even take longer than the building.
I'm betting it mostly doesn't happen but we'll see.
Even if you try to look at the situation from a detached POV I think you can't help but be baffled at how much influence the US is giving up for no apparent reason. It always felt like a house of cards here in Europe - we rely on defense from the US, we store so much of our data there, and almost all of our stuff comes from China or its area of influence.
Now there's a guy at the top of the US who doesn't understand human interactions beyond anger, disgust and mindless loyalty. Or diplomacy beyond simple monetary transactions. He and his rich friend are getting rid of anything they don't understand (or that they don't understand to be of value to them right now), and apparently that's almost everything.
We're living in interesting times.
I wonder what game theorists are doing right now. All I know is that old joke about economists can't be true, about blindly assuming that everyone acts in their own best interest. People do factor in stupidity, right? But there must have been limits, and we're clearly far beyond those.
One relatively simple thing we're missing on the Swedish cloud market is someone offering OIDC SSO, Chat, Video meetings, e-mail, calendar and file sharing.
I can't even say which European company offers this, Proton maybe?
Being a long time open source advocate I think it can be done, but system integration would never be as good as MS or Google.
But this simple platform would get a lot of SMB's to migrate.
Some comparisons: Singapore is a de-facto single party state with widespread government censorship, heavily limited civil rights, government/ruling party controlled media and heavy ethnic discrimination. Switzerland OTOH is almost a model country for such metrics.
The European Commission has recognized the Swiss Data Protection Act as equivalent to the GDPR. This allows data to continue to flow freely between Switzerland and the EU.
Proton is nowhere near M365 capability set unfortunately. M365 really caters for the big enterprise. Data Loss Protection, integrated security, it has a lot of that stuff in the backend. Not to mention all the gaps in user-facing apps like chat, video, office suite.
Perhaps they will get there but they're nowhere near there right now. You could use it together with MS Office standalone but then you're still dependent on Microsoft.
Um, after “simple” you’ve listed six different kinds of services. Just operating that any kind of nontrivial scale will require quite a bit of headcount.
Yeah - I think this is a huge problem for people wanting to self-host email as well. It's a pretty feasible thing to do technically speaking, but you'll likely end up being filtered into a whole lot of spam folders.
Even on European servers, it’s still controlled by a US organisation, so if Bitwarden is required to shut down access, they will. For an example where this happens, this court verdict from The Netherlands shows Microsoft's Dutch branch refusing to grant access to data (on its EU servers) of a Dutch company, to a Dutch curator who by law must be given access, because of trade sanctions on the majority owner: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:RBAMS:2...
When I started in tech, Freedom was key. You put a value in your freedom to run and modify your code.
Over time that has not only regressed to just free to run, but not even that - you have to have permission to run your stuff
It’s easier to be a vassal. I won’t say good luck though. Live in favour of the king and you’ll be fine. Until the king does something and you get to kiss his ring.
Searx is great (I use SearXNG personally) but be aware that it's something that lifts along on the main search engines. It's not a search engine, just a meta one. It still depends on the big US ones for its results. Just like Kagi for that matter (though they do have a small crawler themselves, their main results are metasourced from various large engines)
I'm not sure how all this is going to play out but sooner than later local solutions will be enforced politically.
>Migrating away from US cloud services was easier than I expected.
So if the AI hype is worth its salt, the transition should at some point become trivial.
"Hi Mistral, can you please build a OneDrive replacement? I will host in on my Linux server at OVH. Here is the documentation for OneDrive, make sure that the software works as described in the documentation. Then install it into my server using these credentials and put the client side apps in my Apps folder"
I can't keep myself but thinking, what will happen when the mighty US tech companies that used to serve the planet get limited to 340M people in the half of the North American continent.
So far it was just convenient to have your tech thingies in the USA even if you are just providing a niche service somewhere in south Italy from Montenegro.
For years this created a positive feedback loop that fed into the centralization of capital and talent in USA, particularly in the Silicon Valley. It wasn't that Americans were writing better for loops than Europeans, it was that the global nature of the tech positioned itself at the place with least resistance and largest resources.
Unfortunately this is coming to an end as a political choice by the USA itself, so what's next then?
The moat of social networks and financial networks can indeed be broken by force if politicians choose to. This brings so much opportunity to non-Americans, it is sad for those who feel like global citizen and integrated with the whole humanity and its pretty much the dream of ant-globalists.
I've found OneDev (selfhosted) to be an excellent alternative, unlike others which feel either half-baked or require a lot of configuration/maintenance
I think it's good that people finally does this but people in EU should've been doing this many years ago when all the news of the surveillance broke out.
i dont think its that easy as others pointed out but yes I think it would help to have some strict startups around EU maybe that force companies to comply...but then again, from indie hackers/indei makers sides, europe hasnt been too incentivized/friendly for/to start ups either compared to other parts of the world...I think this is one of the major reasons.
At Tech for Palestine, we've been investigating moving off many US based cloud services, with the intent of providing training, guidance, etc, for the broad population on how to do it and where to go.
Our main conclusion so far is that many of the platforms that we look at, such as Signal or Protonmail, need serious UX improvements before they can be used by any serious chunk of the population (though for a HN audience, they can mostly put up with it).
The problem I see with this article, is that 3 of his chosen options rely on Swiss companies. And Switzerland is most definitely not the EU.
For the time being their interest are very much aligned with the EU (and logically so, from a geographical and economic standpoint), but Switzerland also has a history of happily changing sides when their "neutrality" or their financial interests are at stake.
Their historical dependency on finance (and their shady practices), combined with a high dependence on US trade, and high financial investments in the US make them particularly vulnerable to economical and financial blackmailing by the US. For a case-in-point, see the particularly weak response (or "diplomatic" response, staying charitable..) of Karin Keller-Sutter to the Trump developments, in a bid to hopefully avoid tariffs.
Therefore, companies obeying Swiss laws simply do not offer the same "privacy" guarantee as companies obeying EU law.
Secondarily, putting your trust in a company who's CEO openly supports the Republican party is, in the current context, very questionable. No matter the Proton PR denials and clean-up attempts after the facts.
Hot take: If the US and EU secret services stop sharing any intel with each other, wouldn’t it be smarter for Europeans to use American services now more than ever? Because even if they’ll get their hands on your nudes, tax docs, or pirated movies, what could they even do with it? If you use an European company on the other hand and some local government wants to fuck you up, it’s much more easier to get their dirty hands onto you, your family, and your friends.
The formatting actively prevented me from processing more than half the article's content but I agree with the premise as far as I was able to get it: if you're a EU-based company or individual it's a good idea to move away from US cloud services unless you're a subsidiary/employee of a US company.
The legal concern for EU businesses should be self-evident given that EU-US data sharing provisions have been struck down again and again with every replacement inheriting the exact same issues of the one before it. There simply is no way for US-based companies to comply with EU data protection laws while still complying with US laws granting law enforcement and federal agencies warrantless surveillance powers - they'd actively have to break US laws to comply with the EU laws.
That said, this is much more difficult for some things than others.
If you're building on AWS, there's simply no drop-in replacement. Yes, there are EU equivalents in the same category but it's very different from "simply" switching between AWS, GCP and Azure.
For package registries like NPM, moving away also means abandoning the standard ecosystem. For private packages this may be an option but for public packages at some point you will likely need to involve a US service. GitHub is kinda in the same boat - although alternatives to GitHub exist functionally, GitHub is also a platform for discoverability and ease of access. These platforms act somewhat as monopolies for these purposes simply through the network effect of so many people using them.
Even Microsoft 365 (or Google Workspace) can be somewhat difficult to avoid given that so many things simply integrate easily with it compared to whatever company-wide "productivity suite" alternative you might want to use. That's without even getting into the quality and compatibility of the tools themselves.
What seems far easier and often overlooked are the infinite number of dime-a-dozen SaaS providers: emails, monitoring, realtime, messaging, payments, etc etc. These provide an easy first step for most companies and by adopting these incrementally you can also more easily wean yourself off bulk service offerings like AWS. Of course this comes with the cost of a diverse stack: you can't simply hire an AWS certified devops guy and expect him to know how every single service works, on the contrary none of your folks might know how a given new service they need to add works.
Another consideration that's becoming increasingly relevant is the (un-?)intentional vendor lock-in imposed by AI assistants: the LLM your devs or management is using might be able to generate a SOA app built on AWS or Azure but it will likely be less helpful integrating with a EU-based specialized service provider with a fraction of the userbase. Not to mention the AI assistant itself probably runs on US-owned infrastructure and is likely provided by a US-based company.
Proton? Really?[1]
Expressing personal opinions without thinking beforehand how they would land, when you're a CEO, is one thing, but the hamfisted attempts at clarification and then the PR team's scrambling afterwards to delete everything was a questionable look at best. Not inspiring confidence.
That's arguable. If you're in an unequal relationship the best way to go about them is to reset them to a base equal state and then build the relationship again.
"Equal" is a very relative concept, and trying to move from unequal to that in a month or two after decades of having a reputation of being a stable partner is only going to make it more difficult.
The US has been vocal about Europe having to spend more on defense as part of NATO. Yet most countries didn't, preferring to spend the money on other things. Governments of the largest European economies have been so full of themselves, yet now their strongest ally is asking them to actually deliver.
I understand that for Europeans this might cause a negative reaction, but the reaction is pure emotion, not an attempt to understand both sides of the partnership.
The current administration has been pushing things very fast, that is true. Maybe too fast. But it is also refreshing to see that you can get rid of bureaucracy if there is a strong will.
And let's not forget that the change in the US administration has had a direct impact on the debate around de-regulation and making the business environment in the EU more friendly for entrepreneurs and new business. But it came only as a reaction to what Trump is doing, not as part of a clear strategy or execution plan.
Uhm, you did notice the threats of invasion and annexation to allies, didn't you? This is not "more closely defending interests", this is a 180° change of policy after half a century. Maybe this feels like some minor issue to you, but generally, countries take direct threats to their sovereignity extremely seriously.
And the thing is - while Europe didn't do the whole "growth above all" thing in recent years, it still has the best median quality of life in the entire world. Maybe there is a point, where it's just good enough?
Maybe the price of eternal exponential growth is too high.
I've been hearing those doomsday "europe is going to get destroyed economically" stories for my entire life. Yet the median quality of life and other societal markers kept going up.
Do you really not notice what you are doing to supposed allies, without whom the US is essentially nothing? This is a two way street. And without protection from the US, why should american outstanding political influence be a thing anymore? The US and its citizens aren't special, just one country among many others now.
Even if that were true, closely defending the interests of the US conflicts with defending the interests of the EU.
Besides, the example of the sanctions to the ICC provide a concrete case of unacceptable risk due to the new US policies. Even assuming that sanctioning the ICC in favour of Israel is defending the interests of the US.
> The only thing that has changed since the latest elections in the US is that there is a government that more closely defends the interests of the US.
This is a huge understatement of the current political situation in the US, where old allies are suddenly being treated extremely unfriendly and where stability is no longer something you can count on given how quickly the situation has deteriorated since Trump took office. While it is allegedly being done to "more closely defend the interests of the US" the ends may not justify the means.
We don't have an issue with the approach on a fundamental level here in the EU, but we would have liked this move to have been made in a more progressive fashion, as it makes the US look like a very unpredictable commercial & military partner.
> Getting rid of good relationships with the US will weaken European tech (and not just tech) even more.
Forcing EU to improve their own tech and military development is something that is being done in response to the US' lack of predictability, nobody's being "fooled" by talking heads, people just generally love the feeling of safety and predictability.
I'd like to understand why you're assuming this will weaken European tech though - what is this based on specifically? We can develop our own versions of anything you make in the US, we have the engineers and the US is no longer really leading even in AI initiatives thanks to the Chinese open sourcing their AI tech.
This comment makes me think of the Gell-Mann amnesia effect but applied to comments. If I was unaware of what has been happening for the past few weeks I would find this comment reasonable and well nuanced. I realize that many times I read something on hn on a subject I know almost nothing about and leave thinking I've learned something.
Privacy rights in the EU are being eroded as we speak. Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.
Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.
> Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.
We are very far away from the status quo in the US. Some countries are overtaken by extreme right, which is worrying. But it's nothing like the US where the entire country went to shit overnight.
Also, we don't have this singular president entity which has so much power that everything can be turned upside down in just one election. We have a president but she has very little power and influence compared to the way it is in the US.
Also, our multi-party system prevents the two-party zero-sum setup that is present in the US where parties go to ever extreme methods to make the other side look bad (because a lose for one is a win for the other). For us it doesn't work that way.
> Privacy rights in the EU are being eroded as we speak. Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.
Last time I checked not even the US is proposing to install AI agents on everybody's phone to surveil your encrypted messages (look up chat control, last meeting not even 2 months ago). Soon people will start looking for non-EU VPNs to install Signal (the CEO said they would leave EU if the law passed).
> Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.
Disagree, some of the EU clouds are already well on their way.
Yes ChatControl is a worry indeed. But we have been successfully fighting it for a long time. And it is only pushed by a small number of politicians.
Surprisingly enough the drive to do this does not come from within Europe but from the US (Ashton Kutcher and "Thorn"). They have managed to pocket some influential politicians.
Not sure why you're getting downvoted. This is factually true:
Chat control: EU Ombudsman criticises revolving door between Europol and chat control tech lobbyist Thorn
> Breyer welcomes the outcome: “When a former Europol employee sells their internal knowledge and contacts for the purpose of lobbying personally known EU Commission staff, this is exactly what must be prevented. Since the revelation of ‘Chatcontrol-Gate,’ we know that the EU’s chat control proposal is ultimately a product of lobbying by an international surveillance-industrial complex. To ensure this never happens again, the surveillance lobbying swamp must be drained.”
> Disagree, some of the EU clouds are already well on their way.
Feel free to drop a few links. Digital EU projects tend to be absolute disasters run by bureaucrats. They always result in some 100 page long document, talking about planning a plan for creating a planning framework. Also throw in the words sovereign and digital transformation, for maximum corpo-political bullshit.
Yes but that's only one tiny aspect of GDPR. Unfortunately this is an aspect where they caved in to corporate lobbying, they should have just mandated the obedience of the "do not track" flag (or a similar thing). That browsers set it by default is not a problem because the whole idea of GDPR is that tracking should be opt-in, not opt-out. But really this is a tiny part of GDPR. It is not just about the web even. And as annoying as the cookiewalls are, they also make the user more aware (I mean, why do you want permission to share my data with 572 "trusted partners"??). It also enforced some concepts that should already have been standard, like the purpose principle, explicit permission ("opt-in") etc.
It has really made companies much more aware of data handling. At work we have data protection officers now, privacy advocates, every app we onboard now has to be reviewed in terms of what the data is used for, where it ends up, if we have agreements with them in terms of what it's used for etc. This is really great because before we had pretty much nothing like that. It was just move fast and break things, including customers' privacy that would get broken. And our company is one that doesn't make any money from tracking our customers, so it wasn't really targeted as us, but it still drove so much improvement.
I think it will become much better now that we are disconnecting europe from US services. The main reason that tracking-informed ads are so much more valuable than context-informed ads, is that Google and Meta etc are promoting them. They control the auctions, and tracking is their moat. Nobody has such pervasive tracking networks as them.
The disconnection from these services could really be the trigger for an EU-based context-informed advertising service.
counterpoint: not everyone needs a hyperscaler. Especially with open source like Kubernetes out there. Of course the more experience companies have managing it, better the service becomes. But I don't see why it can't happen within EU.
I do understand that, my point was that the pieces needed to provide it as a managed service are much easier to come up with in comparison to what AWS had to do with Fargate.
dude, EU is home for around 500 million people. (correct me if I'm wrong). EU definitely needs a hyperscaler. Every single one of these people will need a digital identity along with their compute rights.
Hetzner might get a lot of love here but it's another service that treats protonmail users as second class citizens since they ask for ID. I would avoid them just because of this.
She got that nickname for her push to mandate provider-level blocking of requests to foreign servers distributing CSAM while working as the German minister for family affairs, which critics argued would create a slippery slope by establishing a practice of forcing ISPs to implement network request blocking (IP bans). This push materialised in the Zugangserschwerungsgesetz, which while being passed in 2010 was never actually applied and eventually repealed. Around the same time the German minister for the interior argued for police powers to use trojans (computer viruses) for investigations, which likewise passed and seemingly has been used with very mixed success - it's worth noting that the use of this practice by US federal law enforcement was already well-documented at the time.
The USA PATRIOT Act on the other existed and had been used extensively (as far as we know) before expiring in 2020. But even without the USA PATRIOT Act, the US is well-documented in using warrantless surveillance: https://proton.me/blog/us-warrantless-surveillance
The existence of nicknames is a weird metric to judge a jurisdiction's attitude to privacy by when you have actual evidence of behavior you can compare directly.
EU governments trying to push for special powers for law enforcement to sabotage encryption and failing (remember: the UK is not in the EU anymore) is very different from what US federal agencies and law enforcement are not only permitted to do but also are doing and have been doing for decades. It's probably not necessary to point out the limits corporations face under EU privacy laws compared to the US.
Hey so I’m pretty sure you can host your own business mail for free these days without a static IP. This is basically how it would go:
Cloudflare Tunnel installed on your box (free)
Cloudflare Email Worker connected to your domain which writes emails to a KV store (generous free tiers)
Cloudflare Worker that downloads the emails from the KV store and uses Worker TCP sockets to send it to your mail server over the tunnel via a TCP port ie 25000 (CF blocks 25)
For sending mail in blue, local mail server uses smtp2go or Azure Communication Services.
I’ve pretty much convinced that a cheap Synology rack is the best way to do this because it replaces Azure ID (Synology SSO) and Exchange (Synology Mail) which self hosted non-SaaS in the one appliance, it gets security updates, and it has a easy web interface for setting everything up.
Haven’t managed to write the Cloudflare worker code yet, but found this guys repo and he’s done pretty much all the heavy lifting: https://github.com/Sh4yy/cloudflare-email
The explicitly includes Cloudflare as one of the big services they currently used and needed to excise from their life as part of this move. Promoting consolidation from many providers to one while also switching from a generic solution to a vendor locked-in one would probably be a downgrade in their book.
I think it’s better to have all your mail data on prem. You’d only be using US companies as a transit.
Yeah there’s some lock-in with all the free Cloudflare stuff but you could probably get it running again without CF pretty fast if you needed to. If you have a static IP, skip the CF stuff!
OP suggested Proton but I’m not sure I’d want to go from one mail host to another. That’s just shifting trust and what I’m taking away from happenings of US at the moment is that being insulated from the events of the world is a good thing.
If you don't have a static IP you could just rent a cheap VPS and host your mail server there or just use it as a gateway for your home server. No need to use Cloudflare.
> Wrapping up - Migrating away from US cloud services was easier than I expected.
This is absolutely not the main takeaway and I find it difficult to see how he could write this - there are gaping holes. Git repos (it's too difficult). NPM (ditto). Startpage uses Google's index. The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems. The real takeaway from this is that it's currently impossible in any meaningful sense. It feels like there's a real opportunity here for European companies to step up and make a big play, but will they? I really, really hope so. I'd jump ship in a heartbeat if I could.
Edit: To be clear, the reasons in brackets were the author's, not mine.
> Git repos (it's too difficult)
Sourcehut
> Startpage uses Google's index.
If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
In any case, even if a european is a proxy for an american service, you need to prove that there is a market for an european equivalent for change to happen.
TIL that Sourcehut is or has been moving to the EU/Netherlands, thanks!
They have moved to Netherlands. They were planning, but Murphy knocked (kicked?) on the door as a massive DDOS, so they expedited the move, a lot.
For git there's also Codeberg
https://codeberg.org/
+1 for Codeberg. I switched also to them. Theo habe also an alternative for GitHub Pages
> Sourcehut
Is it there yet?
> Notice: sr.ht is currently in alpha, and the quality of the service may reflect that. As such, payment is currently optional for most features, and only encouraged for users who want to support the ongoing development of the site. For a summary of the guarantees and limitations that the alpha entails, see this reference.
– https://sourcehut.org/pricing
I've used it for a few years and it's been stable and without issue. builds.sr.ht is the best CI that I've ever used. I think the only time it has been down has been due to DDOS.
Would I run the git server of a multi-national bank on it? Probably not. A standard SAAS? Yeah if my team felt it was important to use EU companies.
Otherwise you could also self-host with a VM, then you can use gitea or gitolite with systemd oneshot services.
> If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
"There might be an option in the future if there are sufficient users" is a quite different milestone compared to fully switching away from US-based services.
[dead]
I agree that some of the hard parts were glanced over. Besides that, everyone seems to talk about the cloud and nobody about the other big, if not bigger, dependency. Our use of Windows and macOS (and Google Android and iOS if you will) on the vast majority of client devices.
If
Time and time again, data-sharing agreements between the EU and the US get busted, showing there's just no legal compatibility between EU privacy rights and US spying laws. [...] With the current political situation in the US, it's also starting to become clear that our entire digital infrastructure is at the mercy of US policies. It is no longer safe to rely on US clouds for our governments and societies, as the US government can shut it down at will.
are your worries, rolling out government-required backdoors, lockouts, etc. in operating systems is going to be a huge issue. To shut down a large portion of Europe's infrastructure, the US government only has to order three companies to do so.
I think there were (and are) attempts of replacing at least the desktop systems with some variant of Linux but I think the dependency on Office remains the main problem in doing so - Windows lets you integrate all that pretty seamlessly with how the system works and is administered.
China is probably much more aggressive in this than Europe as for them the US has been a rival (or even enemy) for a long time.
he mentioned also Quad9 - Cloudflare DNS replacement. I didn't know about and will probably switch to it. My other picks:
SEARCH: qwant (france)
LLM: mistral (france), librechat.ai, openwebui
VPN: mullvad (sweden), protonVPN (swiss)
AUTH: OpenID (sadly seems like not many sevices implement it)
CLOUD: Hetzner (germany), OVHCloud (france)
MAPS: here wego, openstreetmap
EMAIL: protonMail (swiss), fastmail (australia)
DNS: mullvad (sweden), quand9 (swiss), nextDNS
TRANSLATE: DeepL (germany)
BROWSER: zen-browser, vivaldi (norway)
SOCIAL: nostr, mastadon (germany)
IM: elements (uk), matrix (uk)
EDIT: correction that fastmail is australian
Fastmail is based in Australia [1], not Germany.
[1]: https://www.fastmail.com/company/about/
Fastmail's servers are apparently located in the United States[1] - and the Netherlands, but there doesn't seem to be a way to know in which country your specific mailboxes are stored.
> Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.
So as far as warrantless surveillance is concerned, Fastmail is no better than if it were a US company or subsidiary thereof. They may themselves not be in a position where they would have to comply with US requests that would be illegal in Australia but whoever is operating their US-based DC absolutely is and they admit as much, even if they handwave this scenario as being no different from an ordinary hacking attempt[2].
[1]: https://www.fastmail.com/blog/fastmails-servers-are-in-the-u...
[2]: Of course the flaw in this comparison is that an ordinary hacker can't make on-site staff comply with their demands and prohibit them from disclosing the hack. To do so without the authority of the law, you'd need a Hollywood action movie level of criminal enterprise that would usually involve taking a retired police officer's granddaughter hostage for some reason.
Fastmail can't be trusted.
Australia has some fairly draconian digital laws that authorities can issue notices requiring developers to assist with an investigation. This can include technical assistance which could require companies to build capability for law enforcement to break the encryption used in their services.
https://www.theguardian.com/australia-news/2024/nov/05/sessi...
https://www.404media.co/encrypted-chat-app-session-leaves-au...
Fastmail can be trusted because it's operated by trustworthy individuals, with a company from a country that's still an ally.
If you don't want surveillance, you'd better not use email.
It can't be trusted because it is incorporated in Australia which has draconian digital survellience laws.
Operated by trustworthy individuals is a moot point when they are compelled by law to build in a backdoor if asked. Even a warrant canary is forbidden.
You're repeating the same information as in the comment I'm replying to.
The surveillance laws, no matter how often you repeat the word "draconian", are irrelevant because…
Email isn't safe, and most of your email probably ends up on Google's or Microsoft's servers anyway, in which case US companies can be coerced by the US government to give them everything they have, while not being able to tell the public about it. And they do just that, a fact that came to light with Snowden's revelations. Australia cannot be worse than the US.
For emails, the government surveillance is irrelevant, as it happens anyway. And solutions like Proton Email are just privacy theatre that also happen to interact poorly with established standards (e.g., SMTP, IMAP).
I also fear Australia much less than I fear the US these days. I have always feared the US, especially due to their massive security apparatus, but at least I considered them valuable allies. These days we'll just add some extra fear points due to the techno-fascists in charge, voted-in by the people with a popular vote.
Whenever I see such comments on popular forums, such as HN, I lose faith in humanity a little, either because people don't think about the threat model (this being vibes-based) or the consequences of boycotting the underdogs, or because they are disingenuous about it.
Fastmail is a fine service, built and operated by trustworthy people, which also contribute to standards (e.g. JMAP) and to open source. A service that's also not monetized by ad-tech, unlike what the Big Tech email services are doing.
> Fastmail is a fine service, built and operated by trustworthy people
Yes, but their data centers aren't because they're operated by someone else in the US.
Fastmail is slightly better than using a US-based e-mail provider but it's still de facto US-based e-mail even if the company you sign up with sits in Australia. They don't control their own data centers and their data centers are in the US (whether they have additional data centers elsewhere doesn't matter if they're not transparent about which data center your data will go to).
“Warrantless surveillance” was yesterday's concern, back when Snowden's revelations were in the news.
Today the concern is war, both economic and literal.
From that perspective, I'll gladly use Australian, or Canadian online services, while avoiding using US ones for as much as possible. Note, I don't think it will be long before services like Fastmail will start moving their servers. Again, yesterday the US was an ally, whereas today the writing is on the wall.
For encrypted mail, there is also tuta.com (previously Tutanota), Germany based
Tuta comes with a caveat - you cannot use it in any other mail client (I think there are similar limitations with Proton as well).
Anyone looking for alternatives - stay away from mailboxo.org. It's a pathetic service. Stuck in past (they have a suite that makes you kick a table leg), very disgustingly bad customer service (it's almost non existent), and yeah they use 2FA inside the password.
Tuta is many times better if you can live with not being able to use another client. (They have pretty decent apps on all platforms though)
Do you know anything about another popular German mail provider, mailbox.org?
mailbox.org were good, but they decided to become more than just a mail provider and forced users into other, more expensive plans, adding office and cloud storage.
There is also posteo.de. It doesn't support custom domains, but I use it in combination with simplelogin.io (I think French, but now owned by Proton).
Yeah, I appreciate posteo's stance but when I tried using my domain via forwarding service it was a pain.
SimpleLogin, by the way, is now owned by Proton which is run by a founder (CEO?) who is a vocal Trump supporter. Nothing wrong with that of course, just saying.
I have commented just above it. tl;dr - I'd avoid it like plague at this point.
For dns there is also dns0.eu, which I've been using without issues for a year (or more, since it popped up in the HN feed).
For DNS, Gandi is also French?
different kind of DNS service.
More for email from EU: there is runbox (Norway; I have used it, really good except that their new suite has been in beta for over a century), mailo.com (france; on new pages I had to explicitly set translation from top right corner), inbox.eu (Latvia; haven't tried it). There are more: soverin, infomaniak has mail service, sartmail (used it; was costly for my personal usage iirc), and migadu (kinda well known), mailfence (liked it) etc.
Of course there is - Tuta (no imap/pop3 client support) and Posteo (no custom domain) - which are both excellent if you can live with these limitations.
The ones I would not consider (personally): mailbox (germany; but they are really. bad now - I have commented below about it), proton (I'd avoid it; reason was on hn recently).
Add Netcup for great and cheap hosting from Germany. I've been a customer for years.
can confirm. Great for small and cheaps VPSes
Also see https://european-alternatives.eu/alternatives-to
I thought fastmail was Australian..
Australia is in Eurovision so it counts
So is Israel, but a lot of people moved away from a popular VPN provider once it was purchased by an Israeli company.
Thanks for the info, I am a Private Internet Access customer and didn't realise til now. I now feel disgusted and will definitely be switching to another provider when my subscription ends. Luckily I only use it for Linux ISOs and changing region for streaming services so not much to spy on.
nextdns seems to be a US company, by French founders https://help.nextdns.io/t/y4hmv0n/who-is-behind-nextdns
I’m curious about mailbox.org, which markets themselves as “privacy made in Germany“
I used mailbox.org for several years until they forced everyone into more expensive plans by adding irrelevant features like office and cloud storage. This kind of behaviour from them was disappointing.
Can only recommend them - not too expensive, you can also use your own domains and they support at-rest auto encryption of all incoming mail with a PGP public key you give them (which of course does not prevent them from saving incoming mail as clear text somewhere else, but prevents others from reading all existing mail should they get access to your mailbox later)
Discovered them recently. Price looks absolutely fair for what you get. It offers up to ten external addresses for sending and has a web interface so it looks like a solid Gmail alternative.
I think German law makes that impossible - basically you need to assume the government can access your data at any time.
I thought EU privacy laws were better than US laws.
The difference is that in the US, it will sweep it up anyway, and in the EU, it can access it only with a court order.
Yes, but nobody competes with AWS, Azure or GCP, everything else is easy. And most likely, most of the services/saas you mentionned relies on "US" cloud infrastructure.
How do you think all these massive companies will successfully continue to operate in a country where the rule of law is no longer respected?
Like I understand how that might sound like hyperbole, but everything I'm reading seems to indicate the USA is on an express train to hackville.
Bribery.
https://www.cbsnews.com/news/trump-tech-ceos-meta-amazon-don...
(the risk is of course that the administration is not stable enough to stay bribed, or intra-oligarch fighting breaks out between Musk and one of the others)
Yes, plus for example helping out with surveillance, finding and stopping dissidents.
Fascism tends to be (I read/learned recently) friendly to big corporations, as long as they are loyal to the regime.
Doesn't this just start to go from productive efforts to stupid ones?
Why aren't we all flying on Russian made planes and using Russian cloud products?
I don't get what you're saying? There was a brief fad for using the other Chinese short video service, Rednote (Xiaohongshu) for about five minutes while TikTok was banned in the US, but mostly this discussion is about data sovereignty for Europeans who want to use European products for better legal protection.
(people have long since moved away from the Russian-bought social network, Livejournal; it's very occasionally useful to look something up on Yandex if you think it may have been delisted)
If you look into the history of some of our most recent, major disasters, they've happened under the watch of authoritarian governments. Two that spring to mind would be Chernobyl and Covid.
Companies running under those governments should surely be susceptible to similar issues because the fish rots from the head down. The culture and fear of speaking out and there for steering things in the right direction would be really dangerous for a company like Amazon and the AWS ecosystem.
> Yes, but nobody competes with AWS, Azure or GCP
Scaleway is positioned in the same space.
STACKIT too.
OVH and Scaleaway?
If not used the latter but the former was excellent back when I used to use them. They were a little more focused on traditional compute and lacks the general breadth of services that the likes of AWS offer. But if you’re in a position where you’re able to choose a cloud platform provider based on the location of their HQ, then the chances are you’re requirements from said cloud provider are pretty basic.
True, I missed out what scaleway have done over the years, but after being literally burnt by OVH, and hearing that scaleway was operating in similar fashion, I gave up looking at their offering.
There is also https://UpCloud.com
This is a great list, thanks. Slowly going to be following suit.
ENAIL: Mailbox.org (germany)
That is only the case if you think of migrating as an all-or-nothing. The services that he did manage to migrate went quite smoothly. If he would get stuck with one or two services, was it still worth it to migrate the ones he did manage? If you think it has all been in vain, then yes - its a different takeaway. But obviously Martijn does things step by step and I imagine he is happy even with the progress he made.
In other words, the question is 'is it easy to migrate to a service for which decent alternatives exist', rather than 'do decent alternatives exist for every service you depend on?'
You takeaway depends on what question you are most concerned with.
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
I think that this will depend a lot on expectations about politics in the USA in the medium/long term. Making this kind of investments makes sense if you expect the aggressive hostility that the current administration brought against Europe (and all other US traditional allies) to continue for a long time, and not just a couple years.
I expected it to be much harder to move away from these services I heavily relied on like Microsoft 365. Before I started migrating it figured I was so entangled in their web, that switching to an alternative would be a tremendous task. After actually migrating these services, I managed to migrate 90% within a few hours per service. This is nowhere near the amount of effort I expected it needed. Because of that, I'm also optimistic about migrating Git and NPM. While I don't think NPM will be any different, I suppose my optimism about Git might be misguided because of the amount of customization that goes into setting up CI/CD. Still, since only one out of all of the services might be hard - one that doesn't handle any PII - I stand by saying the overall effort was easier than expected.
Git has full name and email in all commits, fyi.
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
Big plays are possible only with big capital, and that isn't what happens in the EU tech market.
Lack of serious VCs is a problem on one hand, but to blame is also the EU Horizon program which will favor large established companies (which innovate very little), and the fact that the funding direction changes with hype cycles (in 2020 that was digital transformation, in 2024 it was AI and similar).
VC is almost every time grow and sell (to us).
So i think lack of vc can be good.
The "easy" stuff was easy as the external face is a custom domain. This should be understood as a lesson for future choices.
Generic / not heavily propriety services which are pointed to by something you own (i.e. a domain name) can be migrated to new services. Web hosting, s3 hosting, email hosting etc.
Migrating from @gmail is not possible without scrapping an identity and starting over.
Not to mention that Proton relies exclusively on US-based companies for payment management (Strip, PayPal, ...).
Transitive dependencies are always a worse problem than direct dependencies, because they are out of your view and control.
But good thinking to get started with moving towards more autarky.
Qwant is an EU search engine, NPM allows you to specify a git repo and that git repo can be hosted on a gitlab instance or an EU provider. It’s not impossible to switch these providers, you just give up on major conveniences.
> > Wrapping up - Migrating away from US cloud services was easier than I expected. > This is absolutely not the main takeaway and I find it difficult to see how he could write this
He explains why he writes this, but this is an incredibly silly complaint because you can’t know what his expectations were.
> The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems.
Which the author had with Microsoft 365 as well. Considering reducing vendor lock in wasn’t a goal of what they were trying to do, it’s not clear why you’re even raising that point.
> The real takeaway from this is that it's currently impossible in any meaningful sense.
It’s not clear how you got to this conclusion in any way whatsoever. In fact, this is an entirely ridiculous assertion.
Essentially your entire comment is “the author didn’t aim to do what I wanted them to aim to do therefore the author is wrong”.
I second that. Plus, there was no business critical workloads migration in place.
> European companies to step up
... and drown in regulations and taxes. There's a reason why the vast, vast majority of IT startups are not in the EU.
Source: am a startup in the EU.
There shouldn't, in theory, be a heavier regulatory or tax burden on an EU company operating in Europe than on a US multinational operating in Europe.
There is in practice, which is how we got into this situation.
As far as i know, most of the actual tough regulation is focused towards larger businesses with enough revenue, not startups
"there's a real opportunity here for European companies to step up" and what would be business model? From tiny fraction of people that care about this - wast majority are also the same types, that are known to be unwilling to pay for any service ever even 1 cent.
I'm not sure that's true - mainly because of some potentially big European customers in government or national infrastructure. They care enough about security and reliability, that they'd very likely choose a European provider over a US one, especially if the existing political climate continues.
Companies don't need anywhere near the profits of Google to cover continuous development and maintenance, so while a European tech giant of the size of Google might not seem that likely, a European office suite certainly is more likely.
Bert Hubert has previously written about how the entire European telecoms industry with the exception of Britain has outsourced not only equipment but also network operations to Huawei:
https://berthub.eu/articles/posts/5g-elephant-in-the-room/
European national infrastructure providers don't care.
I work in this, not everyone is so deep in cahoots with Huawei.
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
Or for the EC to stop their "rearm" BS, and actually do something useful for the people by helping such companies. This is the real battleground for European independence and freedom.
The US demanded rearmament for years, and the combination of US and Russia has now forced Europe - including previous neutrals Sweden and Finland - into rearmament. Only a proper, just, end to the war in Ukraine can remove the need for it now.
No it is not. Proton mail won't stop Putin from knocking on the next door after Ukraine.
A shame that OP recommends Proton. The fact they don't support open email protocols like IMAP/SMTP without an extremely frustrating proxy setup is what ultimately turned me away from their service. Being able to "just" use a native mail client is pretty much a must.
The vendor lock-in from something like Proton feels way worse as a result.
Can't speak to Proton Pass, but it strikes me as a replacement that seems unnecessary: if Bitwarden is a problem, the server can be selfhosted, something which the OP seems to be familiar with.
Some of the others feel of more... questionable issues to have with US cloud services; it's hard to find problems with Dockerhub and NPM that aren't just general problems with these services/the company behind them (mainly NPM). Maybe that's just because the public/private concern for both of those services is pretty different than the others mentioned here.
What's a good alternative to Proton? Still haven't migrated my business away from Google Workspace, and I was thinking Proton would be a good alternative, but apparently not if they don't even support IMAP/SMTP.
Mailbox looks very solid, although I don't have long-term experience: https://mailbox.org
It provides email, online storage, video conferencing, calendar etc., all of it privacy-preserving by default. You explicitly don't have to provide any personal details.
Seconded. I'm using mailbox.org for my business for 4 years now, and haven't had any problems so far.
Fastmail[0] is what I use for my personal email. They support all the standards, but are also pushing things forward with standardising the JMAP protocol[1] which is much better suited to mobile clients than IMAP.
They only have email and calendaring though, no equivalent of Drive/Docs/Sheets.
[0] https://www.fastmail.com [1] https://jmap.io
I have used Fastmail for well over a decade, but they have their servers in the US, so I have been looking at alternatives.
And Australian law doesn't quite offer the same protections as GDPR. In fact, being a Five Eyes country, it's effectively the opposite.
Australian businesses have to provide GDPR protections to EU citizens, regardless, just as EU companies operating in Australia have to obey Australian law.
I also have a feeling the Five Eyes agreement is about to end.
I also have a feeling the Five Eyes agreement is about to end.
That's certainly possible, but as long as the servers are in the US, that's not really meaningful I think?
I am very very happy with Fastmail. I know they have some presence in the US but I think they scaled that down and are entirely an Australian company.
Their integration with 1password and masking email aliases is also very useful [0].
If however you want to host your own emails, I did once write an extensive guide [1].
[0] https://www.fastmail.com/features/masked-email/
[1] https://flurdy.com/docs/postfix/
https://tuta.com/
Second Tuta. Their feature list might be limited when compared to Proton or Fastmail, but their core email service is solid.
It's an alternative to Proton because it doesn't support open standards (like IMAP), but it has the same problem - vendor lock-in.
https://glesys.com/services/email
https://european-alternatives.eu/category/email-providers
I myself use neither [0] but that's my nihilism defaulting on convenience.
[0] I've moved my own domain to iCloud+ custom domain offering.
Not mailbox.org (!) unlike many have suggested. In last few years mailbox has gone into the gutters in almost every aspect (almost) - I am stuck there because of a large recharge/purchase I had done and they don't do prorated refunds anymore.
There are other options - tuta, posteo, runbox etc (I have just made a longer comment and I am sure you can find more on the net).
IMHO - we should not ignore other things when looking for a service replacement I mean aspects of a service other than privacy and for me responsiveness and customer service comes near the top or at the top.
I use migadu with thunderbird. Can't complain. Cheap and does what I need it to.
https://www.migadu.com/index.html
I use Zoho for my personal email. They aren’t European but they aren’t American.
Crucially though it’s easy enough to migrate to another provider of self just by updating my mx records.
Note - Zoho is from the country I live in. You ought to expect nought privacy from here, or maybe even negative (yeah, that can be a thing :D).
context: Zoho is incorporated in US and made in India.
Mailbox.org is one I like
For a more business oriented replacement that can (mostly) replace gmail, google drive, docs, sheets, etc.. Zoho One is pretty good.
Maybe I'm missing something, but: just use a local ISP? We use Hostpoint (Switzerland) for our websites and email.
Fastmail should offer tenancy outside of the US, either in Australia or in the EU/Singapore.
I am migrating away from Proton. In theory they check all marks, in practice they fail in delivering baseline functionality in all categories.
1. The Web interface email is so-so, but the proxy email bridge is really heavy and takes a huge amount of disk space. It also makes my computer start flying from time to time. The iOS email client(very important as they dont support standard protocols) is just useless. The text is rendered like an image which I need to pinch to zoom in and slide across the text. There is no way for the font size to be increased to a legible amount. The images in attachment are not in a carroussel so I need to open1/close1/open2/close2/open3/close3 if there are 3 attached images. In an email client this is absolutely basic.
2. ProtonDrive: It took a long while before rclone was supported and for their web client to be working, "ok". Anyway it is basically unusable as a backup cloud service because it takes forever to encrypt in the browser. I just gave up and have no idea what is the state of sync of my files there. I just moved to backblaze and am waiting for my Proton subscription to expire.
3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
4. ProtonCalendar is proprietary and not compatible with generic tools in iOS or linux or Android.
I gave up trying their other services as I just expect them to be as incomplete.
I mean: Email is the thing that needs to work right and every time I need to see some email together with my wife I feel like this goofy person that complicates what for everyone else is one of the most basic tasks in using a computer.
If I could I would just cancel and ask my money back, unfortunately they do not do that.
> 3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
Even residential IPs are being blocked nowadays, we have Cloudflare to thank for that.
Yes! I run Firefox on Linux and I constantly get captcha'd everywhere (by that typical cloudflare loading page) because I'm not part of the 95% that runs Windows or Mac. Cloudflare is an awful thing for the internet.
We're clearly in the non-Chrome, non-Windows/macOS minority that Big Tech can pretty much safely ignore.
I run Firefox on Linux and I rarely encounter Cloudflare captchas.
cloudflare seethes at firefox users that have strict tracking protections enabled. OTOH it's still much less violent than hCaptcha or google. Especially if you install their PoW pass extension.
Ahhh and yes, I have this too. Not only the Firefox tracking protection but also uBlock origin with all the lists enabled (and some custom ones too).
And yes I see your edit, Sometimes with google captcha I just end up in a never ending loop.
Strange, I get them so much.
It might be because I tweaked my user agent. I had to do this, because Microsoft is being obstinate and disabling a lot of M365 features if you're on Firefox on Linux. When I set my UA to Edge it suddenly works totally fine. I'm just a bit stuck with M365 due to my work, unfortunately.
In that case you might want to consider keeping a separate Firefox profile for M365. Then you can have the alternative UA string only in that profile.
So you answered the question right? You are blaming CF yet your change is causing CF to detect you as an untrusted browser. Not their fault.
No because there's nothing "untrusted" about my browser. Just because I'm not a slave of big tech?
It's not really "big tech slavery", cmon. A large majority of bots on the internet try to fake their User Agent to pretend to be someone else. Unfortunately, your browser does the same. When they compare your browsers signature with the expected user agent and real user agent, they find discrepancy and flag your browser as suspicious.
The real solution is to only modify your user agent for the MS apps you have trouble with, and all your captchas will disappear.
No they don't because I had them too before I started using M365 and had to edit the UA. Maybe not as much, but I think the tracking protection also has a lot to do with it like another poster said.
I get banned within 5 minutes when I browse Hermes or LV websites, fun stuff...
I got banned from dash.cloudflare.com because apparently opening a few new tabs quickly is enough…
That would be extremely stupid from their part as it checks with a browser merely restarting with or recalling the latest session.
well, I can trigger it again and post a screencap if you don't believe me. Shall I?
What are you migrating to?
Have you considered mailbox.org? I rarely hear much about this German mail provider that supposedly prioritizes privacy.
How would you support E2E without the proxy? Not that the majority of people’s emails are truly E2E anyway on Proton, but still.
Decryption / encryption in email client.
If (more) email clients handled this you wouldn't need protonmail.
Ok but are you going to send a petition to Apple or what? How are you going to practically solve this problem without a proxy?
Also the CEO is praising the current Republican administration https://x.com/andyyen/status/1864436449942110660
You're looking at this in black and white. The CEO praised one of the administrations picks for being tough on big tech. While I think he's wrong in his statement on who stands for "the little guys" praising one pick for her stance on big tech does not mean he wholly supports the administration and it's actions.
“Other than that, Mrs. Lincoln, how was the play?”
Not all things require an equal reaction. Someone saying "this pick has a good track record" doesn't require the same level of drama as if he had said everything this administration does is awesome.
Yeah, I was a Protonmail evangelist but their mobile app sucks and their client software has nonconsensual surveillance embedded in it that you have to remember to turn off.
I'm looking at new email providers and the inability to use Thunderbird on Windows and Android is why I ruled out Proton.
Yes I'm not a fan of Proton either. Especially because they hammer so much on their "Encryption" thing while 95% of the mails you get will come unencrypted from one of the big tech parties, Google, Microsoft, Amazon. So what is the point, really? And because of this indeed it is very hard to connect to it.
Email is just dead as a tech. It's no surprise nobody uses it for sensitive content anymore but instead just uses it as a notification service ("Please log in to our portal to read your message").
I don't personally like bitwarden either because it uses a master password, I prefer "pass" which encrypts each password with your GPG key (which can be stored on a yubikey for hardware security). But yeah self hosted bitwarden is a good option too and very popular.
> It's no surprise nobody uses it for sensitive content anymore
I get password reset links for pretty much every website on email. Few things as sensitive as that.
I also receive and send documents, signed or for signing, with pretty sensitive information, over email.
I agree it shouldn't be used for those but it certainly still is.
There's so many organisations moving away from it though. Email password recovery yes. But really, what does Proton's E2EE add to this? The email is still sent unencrypted across the internet. And only gets encrypted when it gets to their mailbox. It's not as if someone could easily break into gmail either. Unless they know your password but then Proton is just as vulnerable.
I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.
Many emails aren't sent unencrypted any more — just not E2E encrypted. It's harder to stop an active MITM from downgrading the connection, but the bulk of non-spam messages to my server come in with TLS. And while it's not going to be possible for most people, I have pinned most of my larger destinations to require TLS with a suitable certificate, so I can have confidence that my outbound email won't transit the Internet unencrypted.
Obviously if you're a client of a big hosting service that you don't trust then E2E has value. But that's not the whole problem, or the whole solution.
Encryption at rest is still worth something.
>It's not as if someone could easily break into gmail either. Unless they know your password...
Google employees, the NSA, hackers, ... they can all break into your Gmail without knowing your password.
I agree. My comment was not related to Proton in any way, only as a counter to the idea that e-mail is on the way out.
Yes, there are companies and services getting away from it but there's still a lot of sensitive information flowing through it.
>Email is just dead as a tech.
It's really the only game in town for messaging. Like sure, there are a zillion incompatible alternative systems out there but email is the only system with worldwide adoption. ... and its federated. ... and it actually works somewhat reliably. ... and it's actually fairly secure these days, using a network of trusted email servers.
Like sure, it would be great if we could make end to end encryption usable for regular people for the email case. It would also be equally great if we could make E2EE usable for regular people for all the other cases.
Why is IMAP/SMTP so important?
What exactly are people missing out on by Proton not having this support?
Our choice of email client.
Scripts that automatically pull emails and archive them locally or process them in some way.
Interesting how for a (junior) dinosaur, like me, this was never a problem: I still run my mail, web, nextcloud, xmpp, forgejo, etc server on a former thin client under a cupboard. With a symmetrical fiber 1G connection it's been surprisingly reliable.
FAQ:
Yes, you can run self hosted mail.
Yes, it's complex.
No, it's not hard, but it takes time, as it is complex - if you want to understand it. If not, go for something like https://maddy.email/
Yes, I have a fixed IP address with a reverse DNS entry configured.
My ISP is zen.co.uk.
Yes, I have reverse DNS, DKIM, DMARC, SPF, even mta-sts.
No, I'm not switching from XMPP to Matrix - it's too server heavy, XMPP is more client oriented, which is my preference.
I know about the UK's online safecty act, I used https://onlinesafetyact.co.uk/ra_my_self_hosted_single_user_... as a template to create mine. I think the act itself is basically useless and just paperwork, but something along it's ideas is actually needed.
I block many AI crawlers from accessing code and photos, as eg. Claude is so aggressive that it's code crawlers makes my system sluggish, and I have no will to let anyone use my photos beyond printing them for their wall as decoration.
I self host a mail server too. Static IPs are not available for a residential connection where I live which makes PTR and SPF records hard. What I've been doing is using Oracle's "always free" VM to host VyOS as an ingress/egress router. It's been pretty easy to set up the mail server itself using iRedMail.
I've had some problems with spamhaus and outlook because that whole IP range is not trustworthy but otherwise it's just worked (Spamhaus was nice enough to put me on a whiltelist).
I know hosting at Oracle is not moving away from US cloud services but I set this up two years ago and this could be achieved using any cheap or free VPS.
Can you please write more details about "I block many AI crawlers from accessing code and photos"? The bots are trying to access your nextcloud instance? I'm also self hosting a few services, including nextcloud.
No, not nextcloud, it's the photos on my website. They are CC-BY-NC-ND-4.0 licensed, which genAI doesn't respect in any form.
I added these in nginx.conf:
and then in each site's config: But it's far from perfect. For better results, https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blo... is probably better, but it was a tad too much for my needs.Thanks!
If you have a fixed IP with a good reputation then 95% of your email problems are solved. If you use a client (like the iphone email client), your setup is really simple (as in set it up once and forget about it). Providers will also try re-sending email if it doesn't reach you, so availability is not that big of a deal.
That being said, the major issue starting up is having that highly reputable ip/domain.
Maybe one really needs 'the cloud' (whatever that is) or the accompanying services, I don't know, but I do know that good old webhosting is still around. At least here in The Netherlands. Good for email, good for websites and webapps, good for data storage.
There are enough options to choose from the decentralized menu of hosting offerings. Most are cheap enough also, but watch out for the slightly bigger webhosting companies that are taken over one-by-one by some group of investors wanting to play AWS (and upping the prices by 400% or so).
The cloud, speaking for small-to-medium companies, is two things; a directory server with file storage, email, and an attached suite of productivity tools (e.g. Microsoft 365 or Google Workspace), and virtual, distributed infrastructure (e.g. AWS, Google Cloud, or Azure).
You can build the offerings commonly sold as "cloud" yourself, but it requires a ludicrously unreasonable amount of engineering work to reinvent the wheel and end up with a shitty solution that gets your users frustrated, guaranteed.
We need a European contender (or multiple!) that can actually compete in one or both of these disciplines. There is going to be a huge market for this very soon.
I think a ton of services would actually run just fine on a single old fashioned Linux machine without any fancy cloud stuff, we've just been conditioned to think that it's somehow wrong.
I did not necessarily need an explanation of what 'the cloud' is or isn't. I came to believe it's definition is vague on purpose. I found out it's (almost) the same old internet with new shiny marketing labels on it (I say 'almost' because clubs like Netflix probably need their movies stored near the end user for seamless HD streaming). With the end goal of getting everyone's data on someone else's server (so they can control it, eventually without your permission). It works because programmers who might understand technically what it is, usually don't call the shots when some Big Tech salesperson offers shiny new apps from the US.
Luckily, I don't need a cloud. Not someone else's cloud, not even building my own cloud. Why? Because the technical progress required for me to save, work, share and publish stuff online (or locally on my computer) was already there from the '90s. And luckily, it's not standing still. Although every exec and marketing boy wants you to believe the only good stuff is the next hyped up stuff.
We see the same thing happening with LLMs and AI. It's marketing fluff all around, by people who so fully believe in it that it becomes scary. And it's hard to argue against it, because it is impressive what LLMs can do. It's also bullshite and has nothing to do with reasoning, or thinking, or whatever human capabilities are projected onto a digital parrot (I don't want to ruffle some feathers, pun intended, a lot of people probably have good use for LLMs and it's still interesting that people work on these systems).
A computer, an internet connection and some webhosting get's you more than far enough for most use cases. Without vendor lock-in.
There's more to technology than only technology.
> I did not necessarily need an explanation of what 'the cloud' is or isn't.
You obtuse "whatever that is" sure made it sound like you did.
> Luckily, I don't need a cloud. […] A computer, an internet connection and some webhosting get's you more than far enough for most use cases. Without vendor lock-in.
That is the kind of stuff you can only say if you're not concerned about anyone but yourself.
I have employees that need to send emails, do calls with customers, work on digital documents, and collaborate efficiently. If they drop their laptop, or it gets stolen, I don't want these documents to get lost, or compromised. I need them to sign in to a myriad of services securely, using a single identity that I can centrally block if their account is compromised or the contract terminated.
All of that isn't what some "marketing boy" wants me to believe, but hard requirements to do business, and protect the privacy of our employees and our customers.
I'll just state for the record that these particular use cases make up something like 90% of what my employer uses Office 365 for, and it's absolutely impossible to do our business without it right now. If we had to solve document storage by plain old file-server storage, we wouldn't even be compliant with local laws.
I find it really annoying when tradional hosters (indeed in NL and DE for instance) move to the grifting 'pay per use'; the same VPS that I could beat over the head for millions req/month for 5 euros, now costs, for the same usage, 50+ euros because suddenly i'm paying for the cpu, memory, disk, network etc that I use. It costs them $0 extra, so that's all profit. I had it a few time now ; you can recognise it either indeed if they get taken over by some large investment firm and/or when they start offering more and more 'cloud services' next to their VPSs; once they have the infrastructure up and running, they start screwing over people. Mind you, if the service was better, then maybe, but it's not; it's just vastly more expensive.
I would like to see a movement more along the lines of "Moving away from cloud services", not just US services. Our computers are faster than ever, internet bandwidth is not a problem, public IPs affordable. Why not self host when possible?
Yep, I just finished moving most of my stuff to a bunch of small (but stupidly powerful) machines in my and my parents house. They sync and work very well. It's a nice feeling, finally everything is hosted and backed up and in my own hands. Of coourse, this is not for business, although I would have no issues hosting small busness on here; it's more robust than most single vps solutions.
Doesn't that go against the whole "one local, one local external storage, one remote" backup redundancy?
Maybe, but i'm not running a bank here and I do, regurarly, stick in an external drive to run a backup. It's pretty well protected all in all. Definitely better than 'if google kills my account for no reason at all'.
For hobby projects this has always been an option, but a business will prefer the reliability and value add offered by cloud services.
It is important to not lock yourself into any cloud provider. For example using services like Firebase, which are very good, means you cannot *easily* move to self host once your business idea turns out to be a success.
Tailscale makes this easier than ever to do. I'm looking to move most of my Lambda functions off of AWS and into KNative on my Kubernetes cluster at home.
Why move away though? The cloud subsidizes for "free" a lot of powerful services that the average user can only dream of self-hosting.
And the price is what? Your browsing history? Personalized Ad's? Provided you don't AdBlock that is!
I like the symbiotic relationship. I do believe in safeguarding yourself from getting locked out of your life due to your Google acc getting banned but outside of that I see no harm in getting free service in exchange for data. It's a fair deal.
And the price is what? Your browsing history? Personalized Ad's? Provided you don't AdBlock that is!
Regardless of what you think of using your private data in exchange for free services, the problem with the cloud owned by US companies is that to us outside the US it seems like any kind of blackmail now seems fair game.
Since Vance threatened to drop NATO support if the EU regulates Musk's platforms [1], temporarily holding hostage our data to 'win' a trade war does not seem that far-fetched anymore.
Also, if the US ends up trying to make good on their threat to annex Canada or Greenland, then we are strongly dependent on a hostile state. We learned some lessons from being dependent on Russian gas.
[1] https://www.independent.co.uk/news/world/americas/us-politic...
Whether the price is fair or not is obviously up to you. I personally don't like the deal, so I would rather use alternatives.
IMO your quotation marks around _free_ do a lot of heavy lifting.
> public IPs affordable
Not until we start considering all non-IPv6-supporting ISPs to be a no-go.
Yeah the pricing for memory in most cloud instances is so atrocious that you pay enough to buy a whole DDR5 stick in a few months already. Or an entire ARM SBC that will outperform that stingy offer in every way.
Cloud also has networked SSDs so they can keep the machines and partitions separate, which really limits their speed and throughput and increases latency. Nothing beats a PCIe attached NVMe.
My problem is that I do not want to replace one centralilzed service with another. I do not see any difference between the US and the EU (or Australia) in handling privacy. Most politicians are super keen on destroying privacy for people, for the "good cause". There are so many examples of this I lost count. We need strong encryption and true peer-to-peer networks where the connection is going through random routes (impossible to predict) and there is no government controll of any of the nodes it touches.
Perfect is the enemy of good. The EU has it's flaws, but if you can't see the difference between the US privacy climate and the EU privacy climate then you need a reality check.
Yup, in the USA you can still have VPN server that is not storing logs, something that is simply illegal in European Union countries.
In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way, as any criminal who needs an anonymous card would pull in to the retailer some drunk or homeless person and get that SIM anyway. But "normals" can forget about privacy, unless they want to play with something like silent.link.
> In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way
This is illegal in some European countries but not all. I more than bought one phone and one SIM card with cash in the past.
There is always a degree of incoherence in people's beliefs and actions.
A good one along the lines of your comment, IMHO, is how most Europeans are very happy to promote ID cards and to be asked for theirs all the time while always complaining about "privacy" and against "surveillance".
For instance in France you must show your ID to buy even a prepaid SIM card, but then again the police can ask to see your ID with little justification. Or how they ask for ID when checking your ticket in the TGV high-speed train...
Are you insinuating that if you're in the US, you could refuse to show your ID to a police officer when they ask for it?
Go ahead and try that, tell us how it goes...
(No, there is no requirement to be carrying your ID card in any EU countries that I'm aware of. However, most jurisdictions require you to state your identity if questioned by police as a suspect. At least here in Sweden, if you're a suspect they are allowed to detain you "for identification" if you refuse.)
Why the aggressive tone?
I am not expert in the US, and it has actually nothing to do with my comment, but I believe that police in the US might ask you to identify yourself in some circumstances (which is quite different from having to show an ID).
What I mentioned regarding France is that you must show an ID (passport, ID card or driving license) or face being detained at the police station when asked by police. You do not need to be a suspect of anything to be required to show an ID.
I was certainly not going for an agressive tone. I'm trying to say that police all over the world will want to know whom they are talking to, especially if you're a suspect. I don't think it's a world of difference between the US and an "average EU country" there.
Mullvad is based in Sweden which is part of the EU: https://mullvad.net/en/help/no-logging-data-policy
Obviously, it goes without saying you should never trust something you can't verify, regardless of which country the VPN operator is based in.
I have a few traveler esims from Europe. I didn't need to show any ID and I paid cash.
In all of Eu countries I visited, only FI and DE asked for id when buying a prepaid sim card. And prepaid sim card days are almost over, as there is Airalo etc.
Strange as I have never heard that you would have to show your ID when buying a prepaid sim card in Finland. And I have also bought them several times and I think that I have sometimes bought them with cash.
You remember Lavabit?
We also have Mullvad.
True regarding logs.
False regarding SIM cards.
European.
Not true regarding logs given mullvad is the only half-trustworthy vpn provider out there.
You might be interested in Peergos (lead here). It is E2EE, built on a P2P protocol (libp2p) and thus self hostable. We don't have onion routing yet though.
https://peergos.org
For me it's not even about privacy, it's pretty clear that no matter where I host things, if I don't have control of the hardware and the TLS termination then there's no privacy I can guarantee.
However there's still a case to be made for some form of digital sovereignty.
It's no longer considered a complete paranoid delusion that the US could snap its fingers and put tariffs/sanctions on digital goods served from US companies or consider the EU to be proscribed and cut access entirely.
I used to allow myself to think of the consequences of such a situation, after all the US very famously stated that they have no such thing as allies, only temporary allegiances, and as a brit: that is a sobering thought, because we cosy up to them a lot - even going so far as to join them in an illegal war.
However, if you consider the economic harm that would be caused by microsoft just cutting access to Office365, disabling the licenses used or even cutting access to EntraID and managed sharepoints and/or Teams. Most of the EU would not lose billions in lost productivity, they would lose trillions.
What a crazy economic risk, and that's just one product. Nearly all digital services in the EU depend nearly entirely on Azure/AWS & GCP.
Even the ones that don't depend on hosting, still depend on Google Workspace or Office365; both of which depend heavily upon online services which may not always be online during heavy tensions.
I know this is difficult to reason about, but we really have our heads in the alligators mouth when it comes to our digital capability- it will be hard to remove it, and many people are enjoying the echo and will actively fight against attempts for change.
I find the Proton tools to be a joy to use and I use them for my business. For clients, I can't do that to them. Microsoft completely dominates and people just expect to be able to video call, chat, work on docs, etc. MS365 remains incredible value for money and pretty optimal for normies.
I recently had to use MS365 for a short time and I hated every moment.
Absolutely. Microsoft stuff is so mediocre and incompetent.
They get away with it because they're pretty much the only game in town for enterprise. So there is no drive for them to improve in any way.
But really, companies choose Microsoft because it's all connected (easy to manage for them) and fairly cheap if you take the whole package and because "nobody ever got fired for picking Microsoft". But AAA third-party solutions are always way better in terms of UX and features. Picking Microsoft tools always feels like you're settling for less.
I manage a lot of the microsoft 365 stuff at work and I really hate my job. Also the condescending attitude of their employees and 'consultants'.
I found O365 to be much better suited for Windows admins on large teams, IMO.
Teams is a horrible, ghastly product that is absolutely impossible to avoid with clients :-( I'd prefer to stay on the free plan because it feels so soul-destroying to reward such behavior, but then you can't start calls unless invited to a meeting by someone on a paid plan (or something, it's disabled with no message).
I agree!
I switched because of their calendar integration. I needed an email tool that would send 'accept' replies to calendar invites send from outlook and google, and I landed on proton.
To any self-hosters if you have a working setup for that (email+calendar), please let me know! I couldn't find anything decent.
Would you recommend moving from Google Workspace to Proton? Including emails and so on.
I'll give a different point of view.
I switched my personal email from Google Workspace to Proton. My use case wasn't privacy (especially when 99% of my email is sent to and received from people using Gmail, Office 365, etc.) I was interested in trying Proton more to support a plurality of service providers.
As such, I'm probably not Proton's target customer. That means the compromises Proton makes to enable E2E are not worth it to me.
Some examples:
* Search is like going back 20 years.
* The lack of automatic filtering (e.g. Gmail's automatically applied Promotions, Updates, etc labels) has made the signal to noise ratio in my personal inbox so low that I'm considering just taking the app off my phone or suppressing notifications, at least. I don't have the time to set up manual filters for everything that comes in.
* The lack of automatic filtering and decent search means that my personal email is now pretty much useless.
Similarly, it's pretty hard to migrate away from because you can't just use IMAP to shift your email history to another provider.
This isn't a negative review of Proton. This is just to say that choosing Proton Mail means living with the compromises necessary to enable their main feature (privacy) and I don't care enough about that one feature to make those compromises worthwhile (because my email is going through so many non-private services anyway).
Yeah this is why I chose Fastmail when migrating off Gmail - I needed something more usable, not private
Well, there are no (classical) office tools. There is a text editor, but no spreadsheet. Their "Drive" solution is very mvp, you can collaborate on text docs, but it's very minimal.
Email is great, looks great, fast, nice feature set. Calendar is mvp-ish, I can accept invites and they go into the calendar and they have nice links to Teams or Meet etc, pretty seamless. They also have widget for a iPhone now, but it's early days.
ProtonPass is great, at least as great as BitWarden, sharing credentials with family and colleagues is a lot easier (not that "organizations" stuff, just click, share, done).
My iPhone syncs pictures to Proton Drive, but the app needs to be opened to do that, which is annoying. Other than that, works well, pics are safe. I really want a Linux client and an API (or rsync endpoint?) so I can push backups there (I have 3 TB drive for the family/business combined).
Their Bitcoin wallet was wasted effort if you ask me, would have preferred video chat or something. Make it more like NextCloud with a dashboard perhaps.
But when they make a new product, it's mvp but generally immediately works very well. I have a lot of trust in their solutions to just work.
But you can use almost everything on the free tier, so just try it out! The migration tool also works really well.
Important to note that the migration works well one way only. If you later want to migrate out it'll be more painful.
Yeah, there are no export tools, but technically it would be up to the other party (like Google or MS) to make those right? When you want to go Proton -> Google ;)
I guess with the bridge you can move your mail uit via imap, the Drive you can just download it all. Calendar will be annoying I think because there are no open protocols like caldav (by design, and I do miss that!!!).
The biggest elephants in the room are cloud providers, but I didn't find an easy alternative yet (hetzner, ovhcloud). ATM, the idea to the business is sold, that data resides somewhere near by in a datacenter, EU proximity. However, the EU businesses are realising that, well, whole region is at a mercy of one person.
Hetzner is great value, but their networking has a few issues:
1) Networking is mostly limited to 1Gbps. Even private networking. You can request a 10Gbps NIC, but it has to be housed in the correct data center and adds a $48 monthly fee.
2) Private networking is IPv4 only so dual-stack private networking isn't possible. Also each public IPv6 address is /64. Would be nice to get a /56 to setup dual-stack IPv6.
3) Can't specify a subnet to assign a server to when using hcloud API/Terraform. You have to specify the required IP on the subnet explicitly.
4) As I understand it, the private network traffic isn't truly secure between tenants, so needs to be encrypted between nodes anyway.
Still, I'm betting they'll fix these issues as their offering grows.
OVH and Hetzner are excellent companies. I doubt there would be any problem with them in the future.
OVH is an absolute joke.
People are really quick to forget the fire that destroyed one of their data centers a few years ago and which did not get addressed in any way by OVH for months.
They also learned nothing from it, and are repeating the exact same mistakes.
I stopped hosting even my personal blog on OVH because of how garbage it is.
Yes they are such chaos internally. Even their support tells you different things every time. I kept having issues around my IRC bouncer on one of my servers (kimsufi, their budget brands). Some support people said yeah no issue as long as you don't do anything illegal. Others said I'd get insta-banned, and sometimes I did have issues and had to call them to get re-enabled.
Now, I have to admit I haven't been a customer of them for 10 years due to exactly this. But yes the fires exposed a lot of the same I left them for.
I left to go to DigitalOcean but it became too expensive and then I found Scaleway which I'm a happy customer of for years now.
Other notable EU cloud providers are also STACKIT, IONOS, Cloud Ferro and Exoscale
Both companies are excellent, and I'd absolutely trust them with my business, but neither can replace something like AWS. The friends I have at companies who are actively using AWS are all relying on a fairly large number of AWS only services. Either they'd need to stand up their own replacements and host those services on VMs, or in some cases rewrite parts of their stack.
E.g. if you're using AWS Cognito then you're not going anywhere.
Exactly! You can get a bare minimum, like a virtual machine (EC2) or storage (S3), which probably enough for small and medium enterprises (SME). However, if we move beyond, I'm not sure as I don't have experience with them. Now, if I'm building a prototype, I want something quick and just a lack of Cognito is a deal breaker.
IMHO Aws is designed for totally embracing their philosophy and language. You don't understand two Aws Devs talking to each other. Even organizations are internally structured for Aws operations. This create something even stronger than a dependency.
Making yourself a subsided of Amazon was never wise. You exist as long as Amazon allows you to. It’s modern feudalism.
> Making yourself a subsided of Amazon was never wise
True, but the AWS pricing doesn't make sense otherwise. If you're not using the managed services, then the value proposition is no longer there. Using those services is what allows you to build massive systems for relatively cheap, with much less staff. We had a project that was to be moved from on-prem to Azure (same deal), it went from thousands of Euros per month to fitting into the a free-tier, but only because we could use managed services. Spinning up the same VMs would cost more than hosting it ourselves.
How about Scaleway?
I like them a lot but they only have EU DCs, if you are looking for Global (or at least Asia) you're out of luck for now. Perhaps this disconnect from US services might give them the impulse to spread out though! I'm really happy with them as a customer and I don't have needs beyond Europe anyway.
I've found Scaleway for AWS-style managed backend services fronted by Bunny (https://bunny.net/ - also EU-based & owned, but with global CDN DCs) works well! Bunny have nearly 30 DCs in Asia alone.
koyeb.com is an EU (France) alternative to fly.io
Have you used Koyeb? I really like fly.io, though it would of course be ideal if they weren't US-based.
Problem with Hetzner is they don't have the self hosted DCs in pacific region yet. They have Singapore for their PaaS solution, but if you want those cheap second hand servers then have to be in EU
What is their PaaS solution? Hetzner Cloud is IaaS.
Schwarz Group seems to be getting traction in that space. (stackit)
I think this is less of an issue than people actually think - if it gets to the point where this becomes a real problem, individual EU countries can force the datacenter owners like Google/MS to change ownership structure for these datacenters to EU-based subsidiaries or completely new companies if they want to continue to operate.
Virtually all foreign companies that set-up shop in Europe (or anywhere else) do so by setting up local subsidiaries.
Google, Amazon, Facebook, Apple, etc. When you deal with all of these guys in Europe you deal with their local subsidiary(ies), not the US mothership.
This doesn't matter as far as the concerns about US warrantless surveillance laws go because those laws also apply to subsidiaries of US companies. IIRC Microsoft tried to argue that its EU subsidiary could not comply with US requests and lost.
I'm aware of their use of subsidiaries, but is this true for ownership of the buildings and hardware, or just something done for tax purposes?
Usually everything is through subsidiaries. For tax and profit allocation purposes the way it works is that you set up subsidiaries in tax-friendly jurisdictions and then channel the profits to them through contracts between subsidiaries.
The general point is what does "moving away from US cloud services" mean, then?
Does it mean not using infrastructure actually located in the US? Or does it mean effectively boycotting US-owned companies that may be fully located, including infrastructure, in Europe?
I wouldn't buy that - if there is a dead switch then sorry, I don't want to pay that with my business.
I wonder if there will be some kind of setup like AWS did in China - with a local partner managing the DC.
I don't know if it migrates CI pipelines as well (which is apparently what prevents the OP from leaving github), but Codeberg has a migration tool to automate the switch from Github (and others) to Codeberg.
https://docs.codeberg.org/advanced/migrating-repos/
Codeberg looks really nice, almost a copy of github, and is hosted in Germany while you can also self-host.
Yeah the last couple weeks has made me wary of anything US based too. Not just privacy but also just overall risk. They’ve suddenly become very erratic in their decision making.
Quite hard to untangle it though. So much of the internet is US centric unfortunately. And even if you figure out the first layer of vendors they in turn are likely US reliant too
Very well written and justified.
At the end almost everything in life is about interests. It's clearly in the best interests of one country, or union of countries, to do their thing and reduce reliance on others.
Reducing reliance on others is primarily risk mitigation, which is increasingly perceived as necessary due to the rise of authoritarianism and wars, in western democracies at least. However, it is quite a sub-optimal solution, and in some cases very costly or close to impossible. It will almost always reduce economic growth, sometimes quite severely.
It would be in the best interests of any one country or group of countries to not have the threats which we think we must de-risk in the first place. Free trade was the primary way we thought we could do that, or at least Europeans thought that was the way. We were wrong all these years. I admit I was one of them. I thought at some point in the near future we would collectively move past this thing called warfare. How naive.
It's striking how little discussion there is of the underlying risks that now make the US cloud less attractive. Trump is doing a lot of damage to the US as a services provider.
I was thinking about it today, I could think of an equivalent for EC2, S3, Software defined networking, archival, load balancers etc. But, one thing I could not easily come up with a replacement for is IAM. What would be an equivalent to IAM that a smallish cloud provider could use without building it from scratch?
A system that provides roles, policies and granular permissions that can be attached to specific resources like the equivalent of S3 buckets, equivalent of EC3 VMs etc.
You're right IAM is the major missing piece that is often forgotten.
The closest I've seen is (ironically) this opensouce project from AWS https://www.cedarpolicy.com/
For hetzner object storage probably generate keys for VM's and store them in Vault or similar tool to manage credentials, which you'll likely want anyway.
I moved from GitHub to self-hosted gitolite. I use a (standard) Makefile in each repo, which my deploy job runs (make test, make build, etc). I use githooks to do various automation.
It's really not that much different to GH Actions, and not more work. But it's much faster, and easier to work with.
If you're working in a team, then PRs are hard to replace.
My company is looking into a move from GitLab to https://forgejo.org (Codeberg, essentially). Seems way easier to self host. Seems fine so much for all my team's needs.
Yeah, we've been using gitea for five years, and from administrator's point of view it's one of the easiest things to self host. Updates can happen automatically and require very little downtime, and it's light on server resources.
In comparison, Gitlab was a massive pain and became close to unusable on that same server before we migrated to gitea, even though Gitlab was used just for code hosting, and gitea is used for everything it supports (container image and package repositories, issues, etc).
This looks interesting, I have self hosted gitlab but it is so slow and I don't need most of the features it offers. Thanks for sharing!
On my first team in 2011 we used Phabricator before the company sprung for github enterprise. Phabricator was fine; you could even just copy/paste the output of `git diff` into a form on the UI as an alternative to pushing to a monitored branch.
For code review and merge workflow gerrit used to be good a decade ago, it's probably good today, too. Github PRs are strictly worse today than what I remember from gerrit back then.
Gerrit is great if your team is willing to work in a rebase based workflow!
We handled huge repos on Gerrit (and a huge number of them) at my previous employer with very few problems. It does take a certain effort to self-host it, but then what doesn't.
what advantage does gitlolite over gitea? If i wanted to replace GitHub my intuition would be to replace it with gitea. It seems to have similar interface, pull requests, workers etc to gh.
Gitolite is a bare bones git server. Gitea is a forge. They’re not remotely in the same class of software. Gitolite doesn’t even have a web view for the repos, you need a separate package like cgit for that; never mind project management features.
What drew you to gitolite over alternatives (e.g., Forgejo)?
Why not gitea?
Didn't see Coolify [0] combined with Hetzner mentioned in the article!
[0] https://coolify.io/
Infomaniak is Swiss company and is a very nice alternative to 365. It covers emails, cloud storage and office editors (via OnlyOffice editors), and plenty more services.
For source code, BitBucket is provided by Atlassian, which while not European is Australian, so also from a trustworthy country.
On Bitwarden, at least for now, it's mostly Open Source … for techies, for the server-side, there's Vaultwarden which is easy to self-host and with self-hosting of FOSS software you achieve true data sovereignty.
https://github.com/dani-garcia/vaultwarden
I'm an EU citizen and I worry about the US as well, but we need to be careful about this migration to EU services, as in some areas the European alternatives aren't good enough and people will go back to Big Tech, instead of preferring a FOSS solution that happens to have US dependencies.
For the Americans in the room with European customers, this all should be taken very seriously.
From our perspective, the US has just declared itself hostile. No organisation their right mind would use a stack dominated by Russian companies, any organisation not considering the risks of having their tech US-based right now is being careless in the extreme.
Even if Trump goes away tomorrow, this is a long term issue. America has demonstrated that it's an unreliable partner twice now. We can't make our planning on the basis of a dice roll for the Whitehouse.
I wonder if shifting to cloud providers in the EU will lead to the rise of giant European cloud companies in both technology and infrastructure, or if this is just a short-term trend.
I'd like that. Personally, I prefer to self host all my stuff.
But I can't do that to our clients. I want to provide them with something that makes them independent from us, something they can just hire any random agency or freelancer to work on. That leaves AWS and Azure as strong options.
There's a number of European cloud providers (https://www.stackit.de looks especially interesting), but I'm looking for too-big-to-fail options. Hetzner sure is that, but you don't get managed relational databases, object storage and a couple of other things that typical web apps rely on.
I know I can host stuff like Postgres and MinIO myself on Hetzner cloud instances. But when it comes to _managed_ services for this stuff, from a too-big-too-fail provider, I'm drawing a blank when it comes to European providers right now.
Hetzner supports object storage now: https://www.hetzner.com/storage/object-storage/
Or you might consider Scaleway, who also do managed relational databases.
> I want to provide them with something that makes them independent from us, something they can just hire any random agency or freelancer to work on.
I have the same attitude and regularly find (sales) people not understanding why I'm doing this. They are pathologically looking for my angle. But there's none.
I totally have an angle, I consider our reputation to be our most important asset. There's a lot of devs and agencies out there. It's a whole lot harder to find good _and_ trustworthy ones. Being that is my angle. We got close to 100 % of our business from recommendations, and I like that. Wouldn't really want to spam strangers for finding gigs.
Of course, a lot of agencies do just that. And I've also seen more than one situation where an agency held their client hostage, not giving them access to their own code, hosting environment and what not.
Sure, it's not 100 % angle. It's also to a large degree professional ethics. But I can easily rationalise it into business value, and am probably not far off.
OVH supports object storage and managed relational databases.
It's not on the level of AWS at the moment, but getting there fast.
There was enough computing demand from Europe before this 'shift' (it's one tech enthusiast here). Large US cloud just opened DCs in Europe. No European cloud provider wanted to step up and provide the level of service US giants offer.
Honestly I doubt it. For now, the really big users, companies and large organisations are waiting it out. If they can sort of get by for the next four years, then they aren't going to make the switch, and frankly neither would I.
I think the trend should be away from these cloud providers in general and to smaller companies that offer both a paid service and a self hosted option as a way of providing you with an exit strategy. Ente is a good example of this
There isn't even a short-term trend. We saw posts like this a few years ago (in the blog post even admits he tried this before) and they went nowhere, just like this "movement" will.
I mean, let’s divide it into before and after the Trump era. Will we see the same trend once the new sheriff in town steps down for peace?
Bold of you to assume that the new sheriff in town (or any successors) will ever step down.
From perspective outside of US it is not that relevant (in this context) if there is change after this. Because as we have seen in 2016 and now - there is no stability.
From a tech standpoint, nothing changed with Trump. The NSA had all the backdoors before Trump.
It's not just about backdoors; on a broader level, we're shifting toward a protectionist economic model, which contrasts sharply with globalism.
As a Github alternative you could consider self-hosting Forgejo (https://forgejo.org/) which is the underlying system powering codeberg (mentioned earlier) and some other public instances (https://codeberg.org/forgejo-contrib/delightful-forgejo#publ...).
As a plus they provide Forgejo Actions (https://forgejo.org/docs/latest/admin/actions/) which is pretty much similar to that other Actions, and which should make migrating that much easier. (you could replace the Alpha state Forgejo runner with the Gitea forked act runner -- as they are both essentially act runner forks); or you could run any of the CI/CD tools mentioned here: https://codeberg.org/forgejo-contrib/delightful-forgejo#ci-c...
Since you are switching anyways you could try to adopt local first and that way you make sure you don't have yet another cloud dependency ie political dependency.
I am self-hosted, then I don't mind clouds, US or not, but... I am fed up with those "clouds" which are closing their eyes on the fact that they are weaponized by hackers, to point I started to think they actually want that, aka wrecking small hosting namely more business for them.
Nearly everyday I get a scans/hack attempts(script kiddy grade for what I can see...) from some of them, this is seriously annoying and those 'scans/hack attempts' have been usually referenced by security communities, OFTEN FOR MONTHS IF NOT YEARS.
No "cloud" is spared: aws, microsoft, google, ucloud.cn (the worst), ovh, etc...
On top of that, they are "protecting" 'scanners' (onyphe/stretchoid/cyberresilience/etc), you know those guys who are scanning(when it is not some kind of script kiddy look-alike hack attempt) the whole internet, that 'for your own good' with the second line of their website being 'pricing (ahem... scan data)'. We all know that you do not scan any system without being explicitely asked for unless... military/police.... or mob.
I'd assume that self-hosting is not an option for this user?
Otherwise the alternatives would be pretty much a nobrainer for me:
Microsoft Office 365 -> Nextcloud Bitwarden -> self-hosted Bitwarden/Vaultwarden GitHub -> Sourcehut/Codeberg/Gitea/Forgejo Google search -> Searxng Reddit -> Lemmy Hackernews -> Lobsters Twitter/LinkedIn -> Mastodon / any Fediverse software
I know this going to offend many but as an outsider, it is heart wrenching to see a foolish, greedy and extremely corrupt property dealer dismantling the greatest empire in the human history, piece by piece from its soft power (VOA, USAID) to its core functions (tempering with science and education) and there's no political force in sight that can be of any significance.
> Startpage is owned by a Dutch company which is operated from its headquarters in The Hague, the Netherlands, and is a part of System1, a publicly traded company based in the United States.
I was hoping Startpage was the successor of startpagina.nl, which I used as a kid in 1995 to 'browse' the web. One of the oldest Dutch websites that I can remember. Fond memories!
Still pretty cool. It has an "View anonymously" button that basically proxies your requests through them
I don't like all of his suggestions, like startpage.
But I have very good experience with Scaleway, much more so than OVH or Hetzner. Hetzner demanded ID photos for everything. And OVH is a chaos. Scaleway is more like an Amazon type cloud and their support is really good and direct. Also cheaper than Amazon (and without the whole ratmaze of fee structures!)
Man, I bet it feels clean and fresh like stepping out of the shower after playing sport in the sun for hours.
Surprised the author didn't realise that the dropdown by login boxes has been supported for some time by BitWarden, and more importantly, the backend is open source so you can run it yourself (there's also a third party implementation that's even simpler to run yourself).
Is anyone migrating away from microservice architecture back to just big box single monolith blob like back in the 1990s/2000s?
I really liked using Hetzner and pure metal. The only real hold-back I have from switching from Google is email and doing backups.
That would be HN, i guess.
> there's just no legal compatibility between EU privacy rights and US spying laws.
“EU privacy rights” is bold framing considering what’s been going on with Apple: https://www.eff.org/deeplinks/2025/02/uks-demands-apple-brea...
Honestly the whole article except the “Wrapping up” section can be skipped and you’ll still end up with mostly the same technical takeaways.
Britain is not in the EU.
Looks unrealistic to me. Sure, for one guy with lots of energy and know how its possible. Try migrating academia, industry, entire government branches etc. That's not gonna be easy.
It isn't easy or realistic, yet. But these things always start with the guys and girls with energy and skills. They write blogposts, it gets picked up. Somebody starts making improvements, convinces their manager to do it. Slowly things start to improve, people start building tools, sharing knowledge. Some of these people also work in, or for academia, industry, government branches. Once enough people are ready to pay real euros, there will be entrepreneurs ready to provide solutions on the market, also in Europe.
I don't buy the idea that Europa has lost all the big tech so we're doomed or something. No, maybe we won't have an aws/azure/google cloud competitor any time soon. But it has never been easier to start a software product, the thousands and thousands of SaaS services we rely on can easily be build from the ground up by devs from all over the world.
> the thousands and thousands of SaaS services we rely on can easily be build from the ground up by devs from all over the world
Define easily. If it was that easy to clone Microsoft Excel (up to the most miniscule detail) I'm sure someone would have done it by now and offered it for free or for half the price. It's not that easy. You can get most of the functionality done sure but not all of it - and not having all of it wrecks the flows of all of your finance/accountant teams who won't be able to migrate or will be forced to work in different ways. Getting everything to work would take years. When Google "cloned" Excel to its own product and didn't even bother trying to make it 100% compatible with Excel because it's too much work. That's just Excel, how the heck are you going to migrate everything else?
I think with enough budget and determination it can happen in around a decade I guess, but I don't see where the motivation or determination will come from - in a few years Trump will be gone and things will be more normal again.
Europe should have thought about this like 20 years ago , it seems a bit late to me.
The truth is the dependence isn't one directional , America needs Europe as well for ASML, for pharma and for all kinds of other things. I don't think there will be a complete decoupling.
"in a few years Trump will be gone and things will be more normal again."
Oh, you sweet summer child... He is already dismantling democratic institutions at a startling rate. Vance is threatening to leave NATO as leverage to change UK laws. Do not make the assumption that the U.S. will be what it was, in ten years.
I agree, but on the other hand: it's just software. We just need to build easy few-clicks transitions for the most popular usages. Like Azure, didn't catch up with AWS on day one. They first added the most used features. The US software moat is large, but I bet the most used features of the most used services are easier to replicate.
It's a 2 step process, first you have to rebuild the thing (or most of the thing) yourself, which is already a huge undertaking. Then you need to migrate everyone from their current stack to the new one (or new ones. You probably want to give more than one option).
The migrating might even take longer than the building.
I'm betting it mostly doesn't happen but we'll see.
Europe needs a separate ecosystem to not relay only on US technology.
Even if you try to look at the situation from a detached POV I think you can't help but be baffled at how much influence the US is giving up for no apparent reason. It always felt like a house of cards here in Europe - we rely on defense from the US, we store so much of our data there, and almost all of our stuff comes from China or its area of influence.
Now there's a guy at the top of the US who doesn't understand human interactions beyond anger, disgust and mindless loyalty. Or diplomacy beyond simple monetary transactions. He and his rich friend are getting rid of anything they don't understand (or that they don't understand to be of value to them right now), and apparently that's almost everything.
We're living in interesting times.
I wonder what game theorists are doing right now. All I know is that old joke about economists can't be true, about blindly assuming that everyone acts in their own best interest. People do factor in stupidity, right? But there must have been limits, and we're clearly far beyond those.
There is no countries in Europe, it's the Europe union, the WEF. Just look at your immigration policy and birth rate. Europe is commiting suicide.
The US is waking up from that strange nightmare, going back to self gouvernance.
Don't be afraid of Trump, look instead at what is happening at home.
(all big US monopolies are trojan horses, same is true for China)
One relatively simple thing we're missing on the Swedish cloud market is someone offering OIDC SSO, Chat, Video meetings, e-mail, calendar and file sharing.
I can't even say which European company offers this, Proton maybe?
Being a long time open source advocate I think it can be done, but system integration would never be as good as MS or Google.
But this simple platform would get a lot of SMB's to migrate.
Legally Proton is not based in European Union nor European Economic Area. Switzerland is extra EU just like USA, China or Russia
You cant compare switzerland to china or russia lol
its more like EU is 10, switzerland is 11 or 12
Then compare it to Singapore.
Some comparisons: Singapore is a de-facto single party state with widespread government censorship, heavily limited civil rights, government/ruling party controlled media and heavy ethnic discrimination. Switzerland OTOH is almost a model country for such metrics.
https://freedomhouse.org/country/singapore/freedom-world/202...
https://freedomhouse.org/country/switzerland/freedom-world/2...
it is still better than russia or china, comparable to switzerland
I might argue it is better than switzerland, most asia pacific data center is in singapore for southern hemisphere
No not like USA, China or Russia. Switzerland has very strong ties with the EU and synchronises with the EU on most legal developments.
It is part of Schengen, free movement of people (try moving to the US from Europe), aligned their data protection law with GDPR etc.
It's very different from the countries you mention who don't make any effort to align with EU and are our adversaries in many cases.
The European Commission has recognized the Swiss Data Protection Act as equivalent to the GDPR. This allows data to continue to flow freely between Switzerland and the EU.
Yaeh, but they also gave that seal to the US authorities even though everyone clearly knew that this was based purely on wishful thinking.
Proton is nowhere near M365 capability set unfortunately. M365 really caters for the big enterprise. Data Loss Protection, integrated security, it has a lot of that stuff in the backend. Not to mention all the gaps in user-facing apps like chat, video, office suite.
Perhaps they will get there but they're nowhere near there right now. You could use it together with MS Office standalone but then you're still dependent on Microsoft.
Um, after “simple” you’ve listed six different kinds of services. Just operating that any kind of nontrivial scale will require quite a bit of headcount.
I get decentralized is a thing but maybe "being able to easily migrate my stuff to another service" could be a thing too.
The big problem with non-Google mail services is Google itself that tends to flag mail coming from their domains as spam.
Yeah - I think this is a huge problem for people wanting to self-host email as well. It's a pretty feasible thing to do technically speaking, but you'll likely end up being filtered into a whole lot of spam folders.
About Bitwarden, i have a setting to use European server when I connect to and register a new account.
Wouldn’t it have been easier to just migrate from Bitwarden us server to European server ?
Proton pass free tier lack feature compared to Bitwarden.
Beside id argue that no cloud is better than European cloud. There is keepass for instance, with syncthing it works pretty well.
https://en.m.wikipedia.org/wiki/CLOUD_Act
It doesn't matter where the servers are located physically
Even on European servers, it’s still controlled by a US organisation, so if Bitwarden is required to shut down access, they will. For an example where this happens, this court verdict from The Netherlands shows Microsoft's Dutch branch refusing to grant access to data (on its EU servers) of a Dutch company, to a Dutch curator who by law must be given access, because of trade sanctions on the majority owner: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:RBAMS:2...
You can run vault warden just fine.
Open source
Beats
Closed source
Beats
Managed service from Europe
Beats
Managed service from America
When I started in tech, Freedom was key. You put a value in your freedom to run and modify your code.
Over time that has not only regressed to just free to run, but not even that - you have to have permission to run your stuff
It’s easier to be a vassal. I won’t say good luck though. Live in favour of the king and you’ll be fine. Until the king does something and you get to kiss his ring.
Regarding Startpage: https://www.startpage.com/privacy-please/startpage-articles/...
https://web.archive.org/web/20210729190016/https://support.s...
The original link is dead for some reason: https://support.startpage.com/index.php?/Knowledgebase/Artic...
TL;DR: Startpage appears owned by an ad company? https://web.archive.org/web/https://www.bizjournals.com/losa...
Could someone explain to me how an ad company and a privacy company work together? Seems like opposing interests?
Maybe Ecosia will be a good alternative later on: https://blog.ecosia.org/eusp/
Another suggestion would be https://searx.space/
Searx is great (I use SearXNG personally) but be aware that it's something that lifts along on the main search engines. It's not a search engine, just a meta one. It still depends on the big US ones for its results. Just like Kagi for that matter (though they do have a small crawler themselves, their main results are metasourced from various large engines)
I'm not sure how all this is going to play out but sooner than later local solutions will be enforced politically.
>Migrating away from US cloud services was easier than I expected.
So if the AI hype is worth its salt, the transition should at some point become trivial.
"Hi Mistral, can you please build a OneDrive replacement? I will host in on my Linux server at OVH. Here is the documentation for OneDrive, make sure that the software works as described in the documentation. Then install it into my server using these credentials and put the client side apps in my Apps folder"
I can't keep myself but thinking, what will happen when the mighty US tech companies that used to serve the planet get limited to 340M people in the half of the North American continent.
So far it was just convenient to have your tech thingies in the USA even if you are just providing a niche service somewhere in south Italy from Montenegro.
For years this created a positive feedback loop that fed into the centralization of capital and talent in USA, particularly in the Silicon Valley. It wasn't that Americans were writing better for loops than Europeans, it was that the global nature of the tech positioned itself at the place with least resistance and largest resources.
Unfortunately this is coming to an end as a political choice by the USA itself, so what's next then?
The moat of social networks and financial networks can indeed be broken by force if politicians choose to. This brings so much opportunity to non-Americans, it is sad for those who feel like global citizen and integrated with the whole humanity and its pretty much the dream of ant-globalists.
> git repos: too hard
I've found OneDev (selfhosted) to be an excellent alternative, unlike others which feel either half-baked or require a lot of configuration/maintenance
You'd think git repos were the easiest to migrate, just `git remote set-url ` and go. But people get locked in with Issues and CI I guess.
I think it's good that people finally does this but people in EU should've been doing this many years ago when all the news of the surveillance broke out.
For search, Yep by ahrefs is hosted in Singapore, which isn't EU but if the goal is just to get out of the US then it could be a good alternative
Self-hosted Gitea instance to replace GitHub
Their "Gitea Actions" are based on "GitHub Actions", you don't even need to rewrite your CI Yaml
i dont think its that easy as others pointed out but yes I think it would help to have some strict startups around EU maybe that force companies to comply...but then again, from indie hackers/indei makers sides, europe hasnt been too incentivized/friendly for/to start ups either compared to other parts of the world...I think this is one of the major reasons.
Anyone knows a good github/lab alternative that is hosted in Europe? That article scared me of the potential loss of my code.
codeberg? git as remote repo also works just with a remote host over SSH.
It's pretty easy to self-host a gitlab instance using docker.
We switched to self hosted gitea, so far so good.
Codeberg? Self-hosted Forgejo?
It’s amazing how much damage two persons (Trump & Musk) can cause to the whole of the US. It’s damage for generations ahead.
More like the frustrated Christians from the Heritage Foundation...
At Tech for Palestine, we've been investigating moving off many US based cloud services, with the intent of providing training, guidance, etc, for the broad population on how to do it and where to go.
Our main conclusion so far is that many of the platforms that we look at, such as Signal or Protonmail, need serious UX improvements before they can be used by any serious chunk of the population (though for a HN audience, they can mostly put up with it).
I moved my side project websites off of US VPS providers to an old MacBook Air 2015 I had lying around.
Side projects? What critical data did you have in them? Honestly curious.
I am all in to move away from google, dropbox, etc.
How do you manage it?
Simple docker compose and cloudflare tunnel
What about using data encryption in the cloud and the US spying laws? How is that even compatible?
The problem I see with this article, is that 3 of his chosen options rely on Swiss companies. And Switzerland is most definitely not the EU.
For the time being their interest are very much aligned with the EU (and logically so, from a geographical and economic standpoint), but Switzerland also has a history of happily changing sides when their "neutrality" or their financial interests are at stake.
Their historical dependency on finance (and their shady practices), combined with a high dependence on US trade, and high financial investments in the US make them particularly vulnerable to economical and financial blackmailing by the US. For a case-in-point, see the particularly weak response (or "diplomatic" response, staying charitable..) of Karin Keller-Sutter to the Trump developments, in a bid to hopefully avoid tariffs.
Therefore, companies obeying Swiss laws simply do not offer the same "privacy" guarantee as companies obeying EU law.
Secondarily, putting your trust in a company who's CEO openly supports the Republican party is, in the current context, very questionable. No matter the Proton PR denials and clean-up attempts after the facts.
Hot take: If the US and EU secret services stop sharing any intel with each other, wouldn’t it be smarter for Europeans to use American services now more than ever? Because even if they’ll get their hands on your nudes, tax docs, or pirated movies, what could they even do with it? If you use an European company on the other hand and some local government wants to fuck you up, it’s much more easier to get their dirty hands onto you, your family, and your friends.
Another interesting European hosting company is Hostinger https://www.hostinger.com/
The formatting actively prevented me from processing more than half the article's content but I agree with the premise as far as I was able to get it: if you're a EU-based company or individual it's a good idea to move away from US cloud services unless you're a subsidiary/employee of a US company.
The legal concern for EU businesses should be self-evident given that EU-US data sharing provisions have been struck down again and again with every replacement inheriting the exact same issues of the one before it. There simply is no way for US-based companies to comply with EU data protection laws while still complying with US laws granting law enforcement and federal agencies warrantless surveillance powers - they'd actively have to break US laws to comply with the EU laws.
That said, this is much more difficult for some things than others.
If you're building on AWS, there's simply no drop-in replacement. Yes, there are EU equivalents in the same category but it's very different from "simply" switching between AWS, GCP and Azure.
For package registries like NPM, moving away also means abandoning the standard ecosystem. For private packages this may be an option but for public packages at some point you will likely need to involve a US service. GitHub is kinda in the same boat - although alternatives to GitHub exist functionally, GitHub is also a platform for discoverability and ease of access. These platforms act somewhat as monopolies for these purposes simply through the network effect of so many people using them.
Even Microsoft 365 (or Google Workspace) can be somewhat difficult to avoid given that so many things simply integrate easily with it compared to whatever company-wide "productivity suite" alternative you might want to use. That's without even getting into the quality and compatibility of the tools themselves.
What seems far easier and often overlooked are the infinite number of dime-a-dozen SaaS providers: emails, monitoring, realtime, messaging, payments, etc etc. These provide an easy first step for most companies and by adopting these incrementally you can also more easily wean yourself off bulk service offerings like AWS. Of course this comes with the cost of a diverse stack: you can't simply hire an AWS certified devops guy and expect him to know how every single service works, on the contrary none of your folks might know how a given new service they need to add works.
Another consideration that's becoming increasingly relevant is the (un-?)intentional vendor lock-in imposed by AI assistants: the LLM your devs or management is using might be able to generate a SOA app built on AWS or Azure but it will likely be less helpful integrating with a EU-based specialized service provider with a fraction of the userbase. Not to mention the AI assistant itself probably runs on US-owned infrastructure and is likely provided by a US-based company.
Proton? Really?[1] Expressing personal opinions without thinking beforehand how they would land, when you're a CEO, is one thing, but the hamfisted attempts at clarification and then the PR team's scrambling afterwards to delete everything was a questionable look at best. Not inspiring confidence.
[1]: https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...
[dead]
[dead]
[flagged]
You seem to be living in an alternate universe where US can be seen as a reliable partner and would never abuse its power in tech.
Something important to keep in mind... It's the current US leadership blowing up relationships, not the other way around.
That's arguable. If you're in an unequal relationship the best way to go about them is to reset them to a base equal state and then build the relationship again.
"Equal" is a very relative concept, and trying to move from unequal to that in a month or two after decades of having a reputation of being a stable partner is only going to make it more difficult.
The US has been vocal about Europe having to spend more on defense as part of NATO. Yet most countries didn't, preferring to spend the money on other things. Governments of the largest European economies have been so full of themselves, yet now their strongest ally is asking them to actually deliver.
I understand that for Europeans this might cause a negative reaction, but the reaction is pure emotion, not an attempt to understand both sides of the partnership.
The current administration has been pushing things very fast, that is true. Maybe too fast. But it is also refreshing to see that you can get rid of bureaucracy if there is a strong will.
And let's not forget that the change in the US administration has had a direct impact on the debate around de-regulation and making the business environment in the EU more friendly for entrepreneurs and new business. But it came only as a reaction to what Trump is doing, not as part of a clear strategy or execution plan.
> more closely defends the interests of the US.
Uhm, you did notice the threats of invasion and annexation to allies, didn't you? This is not "more closely defending interests", this is a 180° change of policy after half a century. Maybe this feels like some minor issue to you, but generally, countries take direct threats to their sovereignity extremely seriously.
And the thing is - while Europe didn't do the whole "growth above all" thing in recent years, it still has the best median quality of life in the entire world. Maybe there is a point, where it's just good enough?
Maybe the price of eternal exponential growth is too high.
I've been hearing those doomsday "europe is going to get destroyed economically" stories for my entire life. Yet the median quality of life and other societal markers kept going up.
Do you really not notice what you are doing to supposed allies, without whom the US is essentially nothing? This is a two way street. And without protection from the US, why should american outstanding political influence be a thing anymore? The US and its citizens aren't special, just one country among many others now.
Even if that were true, closely defending the interests of the US conflicts with defending the interests of the EU.
Besides, the example of the sanctions to the ICC provide a concrete case of unacceptable risk due to the new US policies. Even assuming that sanctioning the ICC in favour of Israel is defending the interests of the US.
> The only thing that has changed since the latest elections in the US is that there is a government that more closely defends the interests of the US.
This is a huge understatement of the current political situation in the US, where old allies are suddenly being treated extremely unfriendly and where stability is no longer something you can count on given how quickly the situation has deteriorated since Trump took office. While it is allegedly being done to "more closely defend the interests of the US" the ends may not justify the means.
We don't have an issue with the approach on a fundamental level here in the EU, but we would have liked this move to have been made in a more progressive fashion, as it makes the US look like a very unpredictable commercial & military partner.
> Getting rid of good relationships with the US will weaken European tech (and not just tech) even more.
Forcing EU to improve their own tech and military development is something that is being done in response to the US' lack of predictability, nobody's being "fooled" by talking heads, people just generally love the feeling of safety and predictability.
I'd like to understand why you're assuming this will weaken European tech though - what is this based on specifically? We can develop our own versions of anything you make in the US, we have the engineers and the US is no longer really leading even in AI initiatives thanks to the Chinese open sourcing their AI tech.
> becoming more popular as propaganda by certain European politics and ideologists kicks in.
So nothing to do with the new administration—interesting take?
This comment makes me think of the Gell-Mann amnesia effect but applied to comments. If I was unaware of what has been happening for the past few weeks I would find this comment reasonable and well nuanced. I realize that many times I read something on hn on a subject I know almost nothing about and leave thinking I've learned something.
[flagged]
[flagged]
Privacy rights in the EU are being eroded as we speak. Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.
Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.
> Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.
We are very far away from the status quo in the US. Some countries are overtaken by extreme right, which is worrying. But it's nothing like the US where the entire country went to shit overnight.
Also, we don't have this singular president entity which has so much power that everything can be turned upside down in just one election. We have a president but she has very little power and influence compared to the way it is in the US.
Also, our multi-party system prevents the two-party zero-sum setup that is present in the US where parties go to ever extreme methods to make the other side look bad (because a lose for one is a win for the other). For us it doesn't work that way.
> Privacy rights in the EU are being eroded as we speak. Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.
Last time I checked not even the US is proposing to install AI agents on everybody's phone to surveil your encrypted messages (look up chat control, last meeting not even 2 months ago). Soon people will start looking for non-EU VPNs to install Signal (the CEO said they would leave EU if the law passed).
> Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.
Disagree, some of the EU clouds are already well on their way.
Yes ChatControl is a worry indeed. But we have been successfully fighting it for a long time. And it is only pushed by a small number of politicians.
Surprisingly enough the drive to do this does not come from within Europe but from the US (Ashton Kutcher and "Thorn"). They have managed to pocket some influential politicians.
Not sure why you're getting downvoted. This is factually true:
Chat control: EU Ombudsman criticises revolving door between Europol and chat control tech lobbyist Thorn
> Breyer welcomes the outcome: “When a former Europol employee sells their internal knowledge and contacts for the purpose of lobbying personally known EU Commission staff, this is exactly what must be prevented. Since the revelation of ‘Chatcontrol-Gate,’ we know that the EU’s chat control proposal is ultimately a product of lobbying by an international surveillance-industrial complex. To ensure this never happens again, the surveillance lobbying swamp must be drained.”
Source: https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-c...
> And it is only pushed by a small number of politicians.
Including the chief Ursula von der Leyen and her commission.
> Disagree, some of the EU clouds are already well on their way.
Feel free to drop a few links. Digital EU projects tend to be absolute disasters run by bureaucrats. They always result in some 100 page long document, talking about planning a plan for creating a planning framework. Also throw in the words sovereign and digital transformation, for maximum corpo-political bullshit.
Sure there's more bureaucracy here but in the end they work out fine.
Galileo works perfectly as a counterpart to GPS. GDPR was also a resounding success.
Is that the GDPR that has polluted the web with cookie notices?
Yes but that's only one tiny aspect of GDPR. Unfortunately this is an aspect where they caved in to corporate lobbying, they should have just mandated the obedience of the "do not track" flag (or a similar thing). That browsers set it by default is not a problem because the whole idea of GDPR is that tracking should be opt-in, not opt-out. But really this is a tiny part of GDPR. It is not just about the web even. And as annoying as the cookiewalls are, they also make the user more aware (I mean, why do you want permission to share my data with 572 "trusted partners"??). It also enforced some concepts that should already have been standard, like the purpose principle, explicit permission ("opt-in") etc.
It has really made companies much more aware of data handling. At work we have data protection officers now, privacy advocates, every app we onboard now has to be reviewed in terms of what the data is used for, where it ends up, if we have agreements with them in terms of what it's used for etc. This is really great because before we had pretty much nothing like that. It was just move fast and break things, including customers' privacy that would get broken. And our company is one that doesn't make any money from tracking our customers, so it wasn't really targeted as us, but it still drove so much improvement.
I think it will become much better now that we are disconnecting europe from US services. The main reason that tracking-informed ads are so much more valuable than context-informed ads, is that Google and Meta etc are promoting them. They control the auctions, and tracking is their moat. Nobody has such pervasive tracking networks as them.
The disconnection from these services could really be the trigger for an EU-based context-informed advertising service.
counterpoint: not everyone needs a hyperscaler. Especially with open source like Kubernetes out there. Of course the more experience companies have managing it, better the service becomes. But I don't see why it can't happen within EU.
K8s is an orchestration tool. You still need someone managing the physical hardware, and do it realiably at scale. That's what a hyperscaler does.
I do understand that, my point was that the pieces needed to provide it as a managed service are much easier to come up with in comparison to what AWS had to do with Fargate.
- https://www.scaleway.com/en/kubernetes-kapsule/
- https://www.exoscale.com/syslog/introducing-scalable-kuberne...
dude, EU is home for around 500 million people. (correct me if I'm wrong). EU definitely needs a hyperscaler. Every single one of these people will need a digital identity along with their compute rights.
wouldn't it work with 100 not-so-hyper scalers as well though? It does not have to be AWS, GCP, Azure.
Hetzner might get a lot of love here but it's another service that treats protonmail users as second class citizens since they ask for ID. I would avoid them just because of this.
hetzner asks for ID if you use your own domain too
>At the very least, think twice before signing up for new US services. Consider European services instead.
To be clear, this Europe?
https://www.europol.europa.eu/media-press/newsroom/news/euro...
Trying to pass the law (and fail) is bit different than having laws like patriot act and rooms like 641A.
Pretty much every country has interests groups trying to push backdoors into end-to-end encrypted services, what's your point?
Not everybody's chief has a nickname "Zensursula" (German word for censorship ("Zensur") and her given name ("Ursula")).
She got that nickname for her push to mandate provider-level blocking of requests to foreign servers distributing CSAM while working as the German minister for family affairs, which critics argued would create a slippery slope by establishing a practice of forcing ISPs to implement network request blocking (IP bans). This push materialised in the Zugangserschwerungsgesetz, which while being passed in 2010 was never actually applied and eventually repealed. Around the same time the German minister for the interior argued for police powers to use trojans (computer viruses) for investigations, which likewise passed and seemingly has been used with very mixed success - it's worth noting that the use of this practice by US federal law enforcement was already well-documented at the time.
The USA PATRIOT Act on the other existed and had been used extensively (as far as we know) before expiring in 2020. But even without the USA PATRIOT Act, the US is well-documented in using warrantless surveillance: https://proton.me/blog/us-warrantless-surveillance
The existence of nicknames is a weird metric to judge a jurisdiction's attitude to privacy by when you have actual evidence of behavior you can compare directly.
EU governments trying to push for special powers for law enforcement to sabotage encryption and failing (remember: the UK is not in the EU anymore) is very different from what US federal agencies and law enforcement are not only permitted to do but also are doing and have been doing for decades. It's probably not necessary to point out the limits corporations face under EU privacy laws compared to the US.
This is such a forced pun.
Hey so I’m pretty sure you can host your own business mail for free these days without a static IP. This is basically how it would go:
Cloudflare Tunnel installed on your box (free)
Cloudflare Email Worker connected to your domain which writes emails to a KV store (generous free tiers)
Cloudflare Worker that downloads the emails from the KV store and uses Worker TCP sockets to send it to your mail server over the tunnel via a TCP port ie 25000 (CF blocks 25)
For sending mail in blue, local mail server uses smtp2go or Azure Communication Services.
I’ve pretty much convinced that a cheap Synology rack is the best way to do this because it replaces Azure ID (Synology SSO) and Exchange (Synology Mail) which self hosted non-SaaS in the one appliance, it gets security updates, and it has a easy web interface for setting everything up.
Haven’t managed to write the Cloudflare worker code yet, but found this guys repo and he’s done pretty much all the heavy lifting: https://github.com/Sh4yy/cloudflare-email
The explicitly includes Cloudflare as one of the big services they currently used and needed to excise from their life as part of this move. Promoting consolidation from many providers to one while also switching from a generic solution to a vendor locked-in one would probably be a downgrade in their book.
I thought the whole point of this post is to get away from US clouds. So why should I choose Cloudflare and Azure in the end?
I think it’s better to have all your mail data on prem. You’d only be using US companies as a transit.
Yeah there’s some lock-in with all the free Cloudflare stuff but you could probably get it running again without CF pretty fast if you needed to. If you have a static IP, skip the CF stuff!
OP suggested Proton but I’m not sure I’d want to go from one mail host to another. That’s just shifting trust and what I’m taking away from happenings of US at the moment is that being insulated from the events of the world is a good thing.
If you don't have a static IP you could just rent a cheap VPS and host your mail server there or just use it as a gateway for your home server. No need to use Cloudflare.
isn't cloudflare a US corp ?
Not only a US Corp, it's an arm of US intelligence.