This is absolutely not the main takeaway and I find it difficult to see how he could write this - there are gaping holes. Git repos (it's too difficult). NPM (ditto). Startpage uses Google's index. The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems. The real takeaway from this is that it's currently impossible in any meaningful sense. It feels like there's a real opportunity here for European companies to step up and make a big play, but will they? I really, really hope so. I'd jump ship in a heartbeat if I could.
Edit: To be clear, the reasons in brackets were the author's, not mine.
Sourcehut
> Startpage uses Google's index.
If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
In any case, even if a european is a proxy for an american service, you need to prove that there is a market for an european equivalent for change to happen.
Is it there yet?
> Notice: sr.ht is currently in alpha, and the quality of the service may reflect that. As such, payment is currently optional for most features, and only encouraged for users who want to support the ongoing development of the site. For a summary of the guarantees and limitations that the alpha entails, see this reference.
Would I run the git server of a multi-national bank on it? Probably not. A standard SAAS? Yeah if my team felt it was important to use EU companies.
Otherwise you could also self-host with a VM, then you can use gitea or gitolite with systemd oneshot services.
"There might be an option in the future if there are sufficient users" is a quite different milestone compared to fully switching away from US-based services.
If
Time and time again, data-sharing agreements between the EU and the US get busted, showing there's just no legal compatibility between EU privacy rights and US spying laws. [...] With the current political situation in the US, it's also starting to become clear that our entire digital infrastructure is at the mercy of US policies. It is no longer safe to rely on US clouds for our governments and societies, as the US government can shut it down at will.
are your worries, rolling out government-required backdoors, lockouts, etc. in operating systems is going to be a huge issue. To shut down a large portion of Europe's infrastructure, the US government only has to order three companies to do so.
China is probably much more aggressive in this than Europe as for them the US has been a rival (or even enemy) for a long time.
SEARCH: qwant (france)
LLM: mistral (france), librechat.ai, openwebui
VPN: mullvad (sweden), protonVPN (swiss)
AUTH: OpenID (sadly seems like not many sevices implement it)
CLOUD: Hetzner (germany), OVHCloud (france)
MAPS: here wego, openstreetmap
EMAIL: protonMail (swiss), fastmail (australia)
DNS: mullvad (sweden), quand9 (swiss), nextDNS
TRANSLATE: DeepL (germany)
BROWSER: zen-browser, vivaldi (norway)
SOCIAL: nostr, mastadon (germany)
IM: elements (uk), matrix (uk)
EDIT: correction that fastmail is australian
> Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.
So as far as warrantless surveillance is concerned, Fastmail is no better than if it were a US company or subsidiary thereof. They may themselves not be in a position where they would have to comply with US requests that would be illegal in Australia but whoever is operating their US-based DC absolutely is and they admit as much, even if they handwave this scenario as being no different from an ordinary hacking attempt[2].
[1]: https://www.fastmail.com/blog/fastmails-servers-are-in-the-u...
[2]: Of course the flaw in this comparison is that an ordinary hacker can't make on-site staff comply with their demands and prohibit them from disclosing the hack. To do so without the authority of the law, you'd need a Hollywood action movie level of criminal enterprise that would usually involve taking a retired police officer's granddaughter hostage for some reason.
Australia has some fairly draconian digital laws that authorities can issue notices requiring developers to assist with an investigation. This can include technical assistance which could require companies to build capability for law enforcement to break the encryption used in their services.
https://www.theguardian.com/australia-news/2024/nov/05/sessi...
https://www.404media.co/encrypted-chat-app-session-leaves-au...
If you don't want surveillance, you'd better not use email.
Operated by trustworthy individuals is a moot point when they are compelled by law to build in a backdoor if asked. Even a warrant canary is forbidden.
The surveillance laws, no matter how often you repeat the word "draconian", are irrelevant because…
Email isn't safe, and most of your email probably ends up on Google's or Microsoft's servers anyway, in which case US companies can be coerced by the US government to give them everything they have, while not being able to tell the public about it. And they do just that, a fact that came to light with Snowden's revelations. Australia cannot be worse than the US.
For emails, the government surveillance is irrelevant, as it happens anyway. And solutions like Proton Email are just privacy theatre that also happen to interact poorly with established standards (e.g., SMTP, IMAP).
I also fear Australia much less than I fear the US these days. I have always feared the US, especially due to their massive security apparatus, but at least I considered them valuable allies. These days we'll just add some extra fear points due to the techno-fascists in charge, voted-in by the people with a popular vote.
Whenever I see such comments on popular forums, such as HN, I lose faith in humanity a little, either because people don't think about the threat model (this being vibes-based) or the consequences of boycotting the underdogs, or because they are disingenuous about it.
Fastmail is a fine service, built and operated by trustworthy people, which also contribute to standards (e.g. JMAP) and to open source. A service that's also not monetized by ad-tech, unlike what the Big Tech email services are doing.
Yes, but their data centers aren't because they're operated by someone else in the US.
Fastmail is slightly better than using a US-based e-mail provider but it's still de facto US-based e-mail even if the company you sign up with sits in Australia. They don't control their own data centers and their data centers are in the US (whether they have additional data centers elsewhere doesn't matter if they're not transparent about which data center your data will go to).
Today the concern is war, both economic and literal.
From that perspective, I'll gladly use Australian, or Canadian online services, while avoiding using US ones for as much as possible. Note, I don't think it will be long before services like Fastmail will start moving their servers. Again, yesterday the US was an ally, whereas today the writing is on the wall.
Anyone looking for alternatives - stay away from mailboxo.org. It's a pathetic service. Stuck in past (they have a suite that makes you kick a table leg), very disgustingly bad customer service (it's almost non existent), and yeah they use 2FA inside the password.
Tuta is many times better if you can live with not being able to use another client. (They have pretty decent apps on all platforms though)
There is also posteo.de. It doesn't support custom domains, but I use it in combination with simplelogin.io (I think French, but now owned by Proton).
SimpleLogin, by the way, is now owned by Proton which is run by a founder (CEO?) who is a vocal Trump supporter. Nothing wrong with that of course, just saying.
Of course there is - Tuta (no imap/pop3 client support) and Posteo (no custom domain) - which are both excellent if you can live with these limitations.
The ones I would not consider (personally): mailbox (germany; but they are really. bad now - I have commented below about it), proton (I'd avoid it; reason was on hn recently).
Like I understand how that might sound like hyperbole, but everything I'm reading seems to indicate the USA is on an express train to hackville.
https://www.cbsnews.com/news/trump-tech-ceos-meta-amazon-don...
(the risk is of course that the administration is not stable enough to stay bribed, or intra-oligarch fighting breaks out between Musk and one of the others)
Fascism tends to be (I read/learned recently) friendly to big corporations, as long as they are loyal to the regime.
Why aren't we all flying on Russian made planes and using Russian cloud products?
(people have long since moved away from the Russian-bought social network, Livejournal; it's very occasionally useful to look something up on Yandex if you think it may have been delisted)
Companies running under those governments should surely be susceptible to similar issues because the fish rots from the head down. The culture and fear of speaking out and there for steering things in the right direction would be really dangerous for a company like Amazon and the AWS ecosystem.
If not used the latter but the former was excellent back when I used to use them. They were a little more focused on traditional compute and lacks the general breadth of services that the likes of AWS offer. But if you’re in a position where you’re able to choose a cloud platform provider based on the location of their HQ, then the chances are you’re requirements from said cloud provider are pretty basic.
In other words, the question is 'is it easy to migrate to a service for which decent alternatives exist', rather than 'do decent alternatives exist for every service you depend on?'
You takeaway depends on what question you are most concerned with.
I think that this will depend a lot on expectations about politics in the USA in the medium/long term. Making this kind of investments makes sense if you expect the aggressive hostility that the current administration brought against Europe (and all other US traditional allies) to continue for a long time, and not just a couple years.
Big plays are possible only with big capital, and that isn't what happens in the EU tech market.
Lack of serious VCs is a problem on one hand, but to blame is also the EU Horizon program which will favor large established companies (which innovate very little), and the fact that the funding direction changes with hype cycles (in 2020 that was digital transformation, in 2024 it was AI and similar).
So i think lack of vc can be good.
Generic / not heavily propriety services which are pointed to by something you own (i.e. a domain name) can be migrated to new services. Web hosting, s3 hosting, email hosting etc.
Migrating from @gmail is not possible without scrapping an identity and starting over.
Transitive dependencies are always a worse problem than direct dependencies, because they are out of your view and control.
But good thinking to get started with moving towards more autarky.
He explains why he writes this, but this is an incredibly silly complaint because you can’t know what his expectations were.
> The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems.
Which the author had with Microsoft 365 as well. Considering reducing vendor lock in wasn’t a goal of what they were trying to do, it’s not clear why you’re even raising that point.
> The real takeaway from this is that it's currently impossible in any meaningful sense.
It’s not clear how you got to this conclusion in any way whatsoever. In fact, this is an entirely ridiculous assertion.
Essentially your entire comment is “the author didn’t aim to do what I wanted them to aim to do therefore the author is wrong”.
... and drown in regulations and taxes. There's a reason why the vast, vast majority of IT startups are not in the EU.
Source: am a startup in the EU.
There is in practice, which is how we got into this situation.
Companies don't need anywhere near the profits of Google to cover continuous development and maintenance, so while a European tech giant of the size of Google might not seem that likely, a European office suite certainly is more likely.
https://berthub.eu/articles/posts/5g-elephant-in-the-room/
European national infrastructure providers don't care.
Or for the EC to stop their "rearm" BS, and actually do something useful for the people by helping such companies. This is the real battleground for European independence and freedom.
The vendor lock-in from something like Proton feels way worse as a result.
Can't speak to Proton Pass, but it strikes me as a replacement that seems unnecessary: if Bitwarden is a problem, the server can be selfhosted, something which the OP seems to be familiar with.
Some of the others feel of more... questionable issues to have with US cloud services; it's hard to find problems with Dockerhub and NPM that aren't just general problems with these services/the company behind them (mainly NPM). Maybe that's just because the public/private concern for both of those services is pretty different than the others mentioned here.
It provides email, online storage, video conferencing, calendar etc., all of it privacy-preserving by default. You explicitly don't have to provide any personal details.
They only have email and calendaring though, no equivalent of Drive/Docs/Sheets.
I also have a feeling the Five Eyes agreement is about to end.
That's certainly possible, but as long as the servers are in the US, that's not really meaningful I think?
Their integration with 1password and masking email aliases is also very useful [0].
If however you want to host your own emails, I did once write an extensive guide [1].
I myself use neither [0] but that's my nihilism defaulting on convenience.
[0] I've moved my own domain to iCloud+ custom domain offering.
There are other options - tuta, posteo, runbox etc (I have just made a longer comment and I am sure you can find more on the net).
IMHO - we should not ignore other things when looking for a service replacement I mean aspects of a service other than privacy and for me responsiveness and customer service comes near the top or at the top.
Crucially though it’s easy enough to migrate to another provider of self just by updating my mx records.
For a more business oriented replacement that can (mostly) replace gmail, google drive, docs, sheets, etc.. Zoho One is pretty good.
1. The Web interface email is so-so, but the proxy email bridge is really heavy and takes a huge amount of disk space. It also makes my computer start flying from time to time. The iOS email client(very important as they dont support standard protocols) is just useless. The text is rendered like an image which I need to pinch to zoom in and slide across the text. There is no way for the font size to be increased to a legible amount. The images in attachment are not in a carroussel so I need to open1/close1/open2/close2/open3/close3 if there are 3 attached images. In an email client this is absolutely basic.
2. ProtonDrive: It took a long while before rclone was supported and for their web client to be working, "ok". Anyway it is basically unusable as a backup cloud service because it takes forever to encrypt in the browser. I just gave up and have no idea what is the state of sync of my files there. I just moved to backblaze and am waiting for my Proton subscription to expire.
3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
4. ProtonCalendar is proprietary and not compatible with generic tools in iOS or linux or Android.
I gave up trying their other services as I just expect them to be as incomplete.
I mean: Email is the thing that needs to work right and every time I need to see some email together with my wife I feel like this goofy person that complicates what for everyone else is one of the most basic tasks in using a computer.
If I could I would just cancel and ask my money back, unfortunately they do not do that.
Even residential IPs are being blocked nowadays, we have Cloudflare to thank for that.
It might be because I tweaked my user agent. I had to do this, because Microsoft is being obstinate and disabling a lot of M365 features if you're on Firefox on Linux. When I set my UA to Edge it suddenly works totally fine. I'm just a bit stuck with M365 due to my work, unfortunately.
The real solution is to only modify your user agent for the MS apps you have trouble with, and all your captchas will disappear.
Email is just dead as a tech. It's no surprise nobody uses it for sensitive content anymore but instead just uses it as a notification service ("Please log in to our portal to read your message").
I don't personally like bitwarden either because it uses a master password, I prefer "pass" which encrypts each password with your GPG key (which can be stored on a yubikey for hardware security). But yeah self hosted bitwarden is a good option too and very popular.
I get password reset links for pretty much every website on email. Few things as sensitive as that.
I also receive and send documents, signed or for signing, with pretty sensitive information, over email.
I agree it shouldn't be used for those but it certainly still is.
I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.
Obviously if you're a client of a big hosting service that you don't trust then E2E has value. But that's not the whole problem, or the whole solution.
>It's not as if someone could easily break into gmail either. Unless they know your password...
Google employees, the NSA, hackers, ... they can all break into your Gmail without knowing your password.
Yes, there are companies and services getting away from it but there's still a lot of sensitive information flowing through it.
It's really the only game in town for messaging. Like sure, there are a zillion incompatible alternative systems out there but email is the only system with worldwide adoption. ... and its federated. ... and it actually works somewhat reliably. ... and it's actually fairly secure these days, using a network of trusted email servers.
Like sure, it would be great if we could make end to end encryption usable for regular people for the email case. It would also be equally great if we could make E2EE usable for regular people for all the other cases.
FAQ:
Yes, you can run self hosted mail.
Yes, it's complex.
No, it's not hard, but it takes time, as it is complex - if you want to understand it. If not, go for something like https://maddy.email/
Yes, I have a fixed IP address with a reverse DNS entry configured.
My ISP is zen.co.uk.
Yes, I have reverse DNS, DKIM, DMARC, SPF, even mta-sts.
No, I'm not switching from XMPP to Matrix - it's too server heavy, XMPP is more client oriented, which is my preference.
I know about the UK's online safecty act, I used https://onlinesafetyact.co.uk/ra_my_self_hosted_single_user_... as a template to create mine. I think the act itself is basically useless and just paperwork, but something along it's ideas is actually needed.
I block many AI crawlers from accessing code and photos, as eg. Claude is so aggressive that it's code crawlers makes my system sluggish, and I have no will to let anyone use my photos beyond printing them for their wall as decoration.
I've had some problems with spamhaus and outlook because that whole IP range is not trustworthy but otherwise it's just worked (Spamhaus was nice enough to put me on a whiltelist).
I know hosting at Oracle is not moving away from US cloud services but I set this up two years ago and this could be achieved using any cheap or free VPS.
I added these in nginx.conf:
map $http_user_agent $blocked_user_agent {
default 0;
"~*AI2Bot" 1;
"~*AI2Bot-Dolma" 1;
"~*Amazonbot" 1;
"~*anthropic-ai" 1;
"~*anthropic.com" 1;
"~*Applebot" 1;
"~*Applebot-Extended" 1;
"~*AwarioBot" 1;
"~*AwarioRssBot" 1;
"~*AwarioSmartBot" 1;
"~*Bytespider" 1;
"~*CCBot" 1;
"~*ChatGPT-User" 1;
"~*ClaudeBot" 1;
"~*Claude-Web" 1;
"~*cohere-ai" 1;
"~*cohere-training-data-crawler" 1;
"~*DataForSeoBot" 1;
"~*Diffbot" 1;
"~*DuckAssistBot" 1;
"~*FacebookBot" 1;
"~*FriendlyCrawler" 1;
"~*Googlebot-Extended" 1;
"~*Google-CloudVertexBot" 1;
"~*Google-Extended" 1;
"~*GoogleOther" 1;
"~*GoogleOther-Image" 1;
"~*GoogleOther-Video" 1;
"~*GPTBot" 1;
"~*iaskspider/2.0" 1;
"~*ICC-Crawler" 1;
"~*ImagesiftBot" 1;
"~*img2dataset" 1;
"~*ISSCyberRiskCrawler" 1;
"~*Kangaroo Bot" 1;
"~*Meltwater" 1;
"~*Meta-ExternalAgent" 1;
"~*Meta-ExternalFetcher" 1;
"~*OAI-SearchBot" 1;
"~*Omgili" 1;
"~*Omgilibot" 1;
"~*openai.com" 1;
"~*PanguBot" 1;
"~*peer39_crawler" 1;
"~*PerplexityBot" 1;
"~*PetalBot" 1;
"~*Scrapy" 1;
"~*Seekr" 1;
"~*SemrushBot" 1;
"~*SemrushBot-OCOB" 1;
"~*Sentibot" 1;
"~*Sidetrade indexer bot" 1;
"~*Timpibot" 1;
"~*TurnitinBot" 1;
"~*VelenPublicWebCrawler" 1;
"~*webmeup-crawler.com" 1;
"~*Webzio-Extended" 1;
"~*YouBot" 1;
}
location / {
if ($blocked_user_agent) {
access_log /var/log/nginx/blockedbot.log ncsa;
return 401;
}
That being said, the major issue starting up is having that highly reputable ip/domain.
There are enough options to choose from the decentralized menu of hosting offerings. Most are cheap enough also, but watch out for the slightly bigger webhosting companies that are taken over one-by-one by some group of investors wanting to play AWS (and upping the prices by 400% or so).
You can build the offerings commonly sold as "cloud" yourself, but it requires a ludicrously unreasonable amount of engineering work to reinvent the wheel and end up with a shitty solution that gets your users frustrated, guaranteed.
We need a European contender (or multiple!) that can actually compete in one or both of these disciplines. There is going to be a huge market for this very soon.
Luckily, I don't need a cloud. Not someone else's cloud, not even building my own cloud. Why? Because the technical progress required for me to save, work, share and publish stuff online (or locally on my computer) was already there from the '90s. And luckily, it's not standing still. Although every exec and marketing boy wants you to believe the only good stuff is the next hyped up stuff.
We see the same thing happening with LLMs and AI. It's marketing fluff all around, by people who so fully believe in it that it becomes scary. And it's hard to argue against it, because it is impressive what LLMs can do. It's also bullshite and has nothing to do with reasoning, or thinking, or whatever human capabilities are projected onto a digital parrot (I don't want to ruffle some feathers, pun intended, a lot of people probably have good use for LLMs and it's still interesting that people work on these systems).
A computer, an internet connection and some webhosting get's you more than far enough for most use cases. Without vendor lock-in.
There's more to technology than only technology.
You obtuse "whatever that is" sure made it sound like you did.
> Luckily, I don't need a cloud. […] A computer, an internet connection and some webhosting get's you more than far enough for most use cases. Without vendor lock-in.
That is the kind of stuff you can only say if you're not concerned about anyone but yourself.
I have employees that need to send emails, do calls with customers, work on digital documents, and collaborate efficiently. If they drop their laptop, or it gets stolen, I don't want these documents to get lost, or compromised. I need them to sign in to a myriad of services securely, using a single identity that I can centrally block if their account is compromised or the contract terminated.
All of that isn't what some "marketing boy" wants me to believe, but hard requirements to do business, and protect the privacy of our employees and our customers.
And the price is what? Your browsing history? Personalized Ad's? Provided you don't AdBlock that is!
I like the symbiotic relationship. I do believe in safeguarding yourself from getting locked out of your life due to your Google acc getting banned but outside of that I see no harm in getting free service in exchange for data. It's a fair deal.
Regardless of what you think of using your private data in exchange for free services, the problem with the cloud owned by US companies is that to us outside the US it seems like any kind of blackmail now seems fair game.
Since Vance threatened to drop NATO support if the EU regulates Musk's platforms [1], temporarily holding hostage our data to 'win' a trade war does not seem that far-fetched anymore.
Also, if the US ends up trying to make good on their threat to annex Canada or Greenland, then we are strongly dependent on a hostile state. We learned some lessons from being dependent on Russian gas.
[1] https://www.independent.co.uk/news/world/americas/us-politic...
IMO your quotation marks around _free_ do a lot of heavy lifting.
Not until we start considering all non-IPv6-supporting ISPs to be a no-go.
Cloud also has networked SSDs so they can keep the machines and partitions separate, which really limits their speed and throughput and increases latency. Nothing beats a PCIe attached NVMe.
In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way, as any criminal who needs an anonymous card would pull in to the retailer some drunk or homeless person and get that SIM anyway. But "normals" can forget about privacy, unless they want to play with something like silent.link.
This is illegal in some European countries but not all. I more than bought one phone and one SIM card with cash in the past.
A good one along the lines of your comment, IMHO, is how most Europeans are very happy to promote ID cards and to be asked for theirs all the time while always complaining about "privacy" and against "surveillance".
For instance in France you must show your ID to buy even a prepaid SIM card, but then again the police can ask to see your ID with little justification. Or how they ask for ID when checking your ticket in the TGV high-speed train...
Go ahead and try that, tell us how it goes...
(No, there is no requirement to be carrying your ID card in any EU countries that I'm aware of. However, most jurisdictions require you to state your identity if questioned by police as a suspect. At least here in Sweden, if you're a suspect they are allowed to detain you "for identification" if you refuse.)
I am not expert in the US, and it has actually nothing to do with my comment, but I believe that police in the US might ask you to identify yourself in some circumstances (which is quite different from having to show an ID).
What I mentioned regarding France is that you must show an ID (passport, ID card or driving license) or face being detained at the police station when asked by police. You do not need to be a suspect of anything to be required to show an ID.
Obviously, it goes without saying you should never trust something you can't verify, regardless of which country the VPN operator is based in.
We also have Mullvad.
However there's still a case to be made for some form of digital sovereignty.
It's no longer considered a complete paranoid delusion that the US could snap its fingers and put tariffs/sanctions on digital goods served from US companies or consider the EU to be proscribed and cut access entirely.
I used to allow myself to think of the consequences of such a situation, after all the US very famously stated that they have no such thing as allies, only temporary allegiances, and as a brit: that is a sobering thought, because we cosy up to them a lot - even going so far as to join them in an illegal war.
However, if you consider the economic harm that would be caused by microsoft just cutting access to Office365, disabling the licenses used or even cutting access to EntraID and managed sharepoints and/or Teams. Most of the EU would not lose billions in lost productivity, they would lose trillions.
What a crazy economic risk, and that's just one product. Nearly all digital services in the EU depend nearly entirely on Azure/AWS & GCP.
Even the ones that don't depend on hosting, still depend on Google Workspace or Office365; both of which depend heavily upon online services which may not always be online during heavy tensions.
I know this is difficult to reason about, but we really have our heads in the alligators mouth when it comes to our digital capability- it will be hard to remove it, and many people are enjoying the echo and will actively fight against attempts for change.
They get away with it because they're pretty much the only game in town for enterprise. So there is no drive for them to improve in any way.
But really, companies choose Microsoft because it's all connected (easy to manage for them) and fairly cheap if you take the whole package and because "nobody ever got fired for picking Microsoft". But AAA third-party solutions are always way better in terms of UX and features. Picking Microsoft tools always feels like you're settling for less.
I manage a lot of the microsoft 365 stuff at work and I really hate my job. Also the condescending attitude of their employees and 'consultants'.
I switched because of their calendar integration. I needed an email tool that would send 'accept' replies to calendar invites send from outlook and google, and I landed on proton.
To any self-hosters if you have a working setup for that (email+calendar), please let me know! I couldn't find anything decent.
I switched my personal email from Google Workspace to Proton. My use case wasn't privacy (especially when 99% of my email is sent to and received from people using Gmail, Office 365, etc.) I was interested in trying Proton more to support a plurality of service providers.
As such, I'm probably not Proton's target customer. That means the compromises Proton makes to enable E2E are not worth it to me.
Some examples:
* Search is like going back 20 years.
* The lack of automatic filtering (e.g. Gmail's automatically applied Promotions, Updates, etc labels) has made the signal to noise ratio in my personal inbox so low that I'm considering just taking the app off my phone or suppressing notifications, at least. I don't have the time to set up manual filters for everything that comes in.
* The lack of automatic filtering and decent search means that my personal email is now pretty much useless.
Similarly, it's pretty hard to migrate away from because you can't just use IMAP to shift your email history to another provider.
This isn't a negative review of Proton. This is just to say that choosing Proton Mail means living with the compromises necessary to enable their main feature (privacy) and I don't care enough about that one feature to make those compromises worthwhile (because my email is going through so many non-private services anyway).
Email is great, looks great, fast, nice feature set. Calendar is mvp-ish, I can accept invites and they go into the calendar and they have nice links to Teams or Meet etc, pretty seamless. They also have widget for a iPhone now, but it's early days.
ProtonPass is great, at least as great as BitWarden, sharing credentials with family and colleagues is a lot easier (not that "organizations" stuff, just click, share, done).
My iPhone syncs pictures to Proton Drive, but the app needs to be opened to do that, which is annoying. Other than that, works well, pics are safe. I really want a Linux client and an API (or rsync endpoint?) so I can push backups there (I have 3 TB drive for the family/business combined).
Their Bitcoin wallet was wasted effort if you ask me, would have preferred video chat or something. Make it more like NextCloud with a dashboard perhaps.
But when they make a new product, it's mvp but generally immediately works very well. I have a lot of trust in their solutions to just work.
But you can use almost everything on the free tier, so just try it out! The migration tool also works really well.
I guess with the bridge you can move your mail uit via imap, the Drive you can just download it all. Calendar will be annoying I think because there are no open protocols like caldav (by design, and I do miss that!!!).
1) Networking is mostly limited to 1Gbps. Even private networking. You can request a 10Gbps NIC, but it has to be housed in the correct data center and adds a $48 monthly fee.
2) Private networking is IPv4 only so dual-stack private networking isn't possible. Also each public IPv6 address is /64. Would be nice to get a /56 to setup dual-stack IPv6.
3) Can't specify a subnet to assign a server to when using hcloud API/Terraform. You have to specify the required IP on the subnet explicitly.
4) As I understand it, the private network traffic isn't truly secure between tenants, so needs to be encrypted between nodes anyway.
Still, I'm betting they'll fix these issues as their offering grows.
People are really quick to forget the fire that destroyed one of their data centers a few years ago and which did not get addressed in any way by OVH for months.
They also learned nothing from it, and are repeating the exact same mistakes.
I stopped hosting even my personal blog on OVH because of how garbage it is.
Now, I have to admit I haven't been a customer of them for 10 years due to exactly this. But yes the fires exposed a lot of the same I left them for.
I left to go to DigitalOcean but it became too expensive and then I found Scaleway which I'm a happy customer of for years now.
E.g. if you're using AWS Cognito then you're not going anywhere.
True, but the AWS pricing doesn't make sense otherwise. If you're not using the managed services, then the value proposition is no longer there. Using those services is what allows you to build massive systems for relatively cheap, with much less staff. We had a project that was to be moved from on-prem to Azure (same deal), it went from thousands of Euros per month to fitting into the a free-tier, but only because we could use managed services. Spinning up the same VMs would cost more than hosting it ourselves.
Google, Amazon, Facebook, Apple, etc. When you deal with all of these guys in Europe you deal with their local subsidiary(ies), not the US mothership.
The general point is what does "moving away from US cloud services" mean, then?
Does it mean not using infrastructure actually located in the US? Or does it mean effectively boycotting US-owned companies that may be fully located, including infrastructure, in Europe?
Quite hard to untangle it though. So much of the internet is US centric unfortunately. And even if you figure out the first layer of vendors they in turn are likely US reliant too
At the end almost everything in life is about interests. It's clearly in the best interests of one country, or union of countries, to do their thing and reduce reliance on others.
It would be in the best interests of any one country or group of countries to not have the threats which we think we must de-risk in the first place. Free trade was the primary way we thought we could do that, or at least Europeans thought that was the way. We were wrong all these years. I admit I was one of them. I thought at some point in the near future we would collectively move past this thing called warfare. How naive.
A system that provides roles, policies and granular permissions that can be attached to specific resources like the equivalent of S3 buckets, equivalent of EC3 VMs etc.
The closest I've seen is (ironically) this opensouce project from AWS https://www.cedarpolicy.com/
It's really not that much different to GH Actions, and not more work. But it's much faster, and easier to work with.
If you're working in a team, then PRs are hard to replace.
In comparison, Gitlab was a massive pain and became close to unusable on that same server before we migrated to gitea, even though Gitlab was used just for code hosting, and gitea is used for everything it supports (container image and package repositories, issues, etc).
We handled huge repos on Gerrit (and a huge number of them) at my previous employer with very few problems. It does take a certain effort to self-host it, but then what doesn't.
For source code, BitBucket is provided by Atlassian, which while not European is Australian, so also from a trustworthy country.
https://github.com/dani-garcia/vaultwarden
I'm an EU citizen and I worry about the US as well, but we need to be careful about this migration to EU services, as in some areas the European alternatives aren't good enough and people will go back to Big Tech, instead of preferring a FOSS solution that happens to have US dependencies.
From our perspective, the US has just declared itself hostile. No organisation their right mind would use a stack dominated by Russian companies, any organisation not considering the risks of having their tech US-based right now is being careless in the extreme.
Even if Trump goes away tomorrow, this is a long term issue. America has demonstrated that it's an unreliable partner twice now. We can't make our planning on the basis of a dice roll for the Whitehouse.
But I can't do that to our clients. I want to provide them with something that makes them independent from us, something they can just hire any random agency or freelancer to work on. That leaves AWS and Azure as strong options.
There's a number of European cloud providers (https://www.stackit.de looks especially interesting), but I'm looking for too-big-to-fail options. Hetzner sure is that, but you don't get managed relational databases, object storage and a couple of other things that typical web apps rely on.
I know I can host stuff like Postgres and MinIO myself on Hetzner cloud instances. But when it comes to _managed_ services for this stuff, from a too-big-too-fail provider, I'm drawing a blank when it comes to European providers right now.
Or you might consider Scaleway, who also do managed relational databases.
I have the same attitude and regularly find (sales) people not understanding why I'm doing this. They are pathologically looking for my angle. But there's none.
Of course, a lot of agencies do just that. And I've also seen more than one situation where an agency held their client hostage, not giving them access to their own code, hosting environment and what not.
Sure, it's not 100 % angle. It's also to a large degree professional ethics. But I can easily rationalise it into business value, and am probably not far off.
It's not on the level of AWS at the moment, but getting there fast.
As a plus they provide Forgejo Actions (https://forgejo.org/docs/latest/admin/actions/) which is pretty much similar to that other Actions, and which should make migrating that much easier. (you could replace the Alpha state Forgejo runner with the Gitea forked act runner -- as they are both essentially act runner forks); or you could run any of the CI/CD tools mentioned here: https://codeberg.org/forgejo-contrib/delightful-forgejo#ci-c...
Nearly everyday I get a scans/hack attempts(script kiddy grade for what I can see...) from some of them, this is seriously annoying and those 'scans/hack attempts' have been usually referenced by security communities, OFTEN FOR MONTHS IF NOT YEARS.
No "cloud" is spared: aws, microsoft, google, ucloud.cn (the worst), ovh, etc...
On top of that, they are "protecting" 'scanners' (onyphe/stretchoid/cyberresilience/etc), you know those guys who are scanning(when it is not some kind of script kiddy look-alike hack attempt) the whole internet, that 'for your own good' with the second line of their website being 'pricing (ahem... scan data)'. We all know that you do not scan any system without being explicitely asked for unless... military/police.... or mob.
Otherwise the alternatives would be pretty much a nobrainer for me:
Microsoft Office 365 -> Nextcloud Bitwarden -> self-hosted Bitwarden/Vaultwarden GitHub -> Sourcehut/Codeberg/Gitea/Forgejo Google search -> Searxng Reddit -> Lemmy Hackernews -> Lobsters Twitter/LinkedIn -> Mastodon / any Fediverse software
I was hoping Startpage was the successor of startpagina.nl, which I used as a kid in 1995 to 'browse' the web. One of the oldest Dutch websites that I can remember. Fond memories!
But I have very good experience with Scaleway, much more so than OVH or Hetzner. Hetzner demanded ID photos for everything. And OVH is a chaos. Scaleway is more like an Amazon type cloud and their support is really good and direct. Also cheaper than Amazon (and without the whole ratmaze of fee structures!)
I really liked using Hetzner and pure metal. The only real hold-back I have from switching from Google is email and doing backups.
“EU privacy rights” is bold framing considering what’s been going on with Apple: https://www.eff.org/deeplinks/2025/02/uks-demands-apple-brea...
Honestly the whole article except the “Wrapping up” section can be skipped and you’ll still end up with mostly the same technical takeaways.
I don't buy the idea that Europa has lost all the big tech so we're doomed or something. No, maybe we won't have an aws/azure/google cloud competitor any time soon. But it has never been easier to start a software product, the thousands and thousands of SaaS services we rely on can easily be build from the ground up by devs from all over the world.
Define easily. If it was that easy to clone Microsoft Excel (up to the most miniscule detail) I'm sure someone would have done it by now and offered it for free or for half the price. It's not that easy. You can get most of the functionality done sure but not all of it - and not having all of it wrecks the flows of all of your finance/accountant teams who won't be able to migrate or will be forced to work in different ways. Getting everything to work would take years. When Google "cloned" Excel to its own product and didn't even bother trying to make it 100% compatible with Excel because it's too much work. That's just Excel, how the heck are you going to migrate everything else?
I think with enough budget and determination it can happen in around a decade I guess, but I don't see where the motivation or determination will come from - in a few years Trump will be gone and things will be more normal again.
Europe should have thought about this like 20 years ago , it seems a bit late to me.
The truth is the dependence isn't one directional , America needs Europe as well for ASML, for pharma and for all kinds of other things. I don't think there will be a complete decoupling.
Oh, you sweet summer child... He is already dismantling democratic institutions at a startling rate. Vance is threatening to leave NATO as leverage to change UK laws. Do not make the assumption that the U.S. will be what it was, in ten years.
The migrating might even take longer than the building.
I'm betting it mostly doesn't happen but we'll see.
Now there's a guy at the top of the US who doesn't understand human interactions beyond anger, disgust and mindless loyalty. Or diplomacy beyond simple monetary transactions. He and his rich friend are getting rid of anything they don't understand (or that they don't understand to be of value to them right now), and apparently that's almost everything.
We're living in interesting times.
I wonder what game theorists are doing right now. All I know is that old joke about economists can't be true, about blindly assuming that everyone acts in their own best interest. People do factor in stupidity, right? But there must have been limits, and we're clearly far beyond those.
The US is waking up from that strange nightmare, going back to self gouvernance.
Don't be afraid of Trump, look instead at what is happening at home.
(all big US monopolies are trojan horses, same is true for China)
I can't even say which European company offers this, Proton maybe?
Being a long time open source advocate I think it can be done, but system integration would never be as good as MS or Google.
But this simple platform would get a lot of SMB's to migrate.
its more like EU is 10, switzerland is 11 or 12
https://freedomhouse.org/country/singapore/freedom-world/202...
https://freedomhouse.org/country/switzerland/freedom-world/2...
I might argue it is better than switzerland, most asia pacific data center is in singapore for southern hemisphere
It is part of Schengen, free movement of people (try moving to the US from Europe), aligned their data protection law with GDPR etc.
It's very different from the countries you mention who don't make any effort to align with EU and are our adversaries in many cases.
Perhaps they will get there but they're nowhere near there right now. You could use it together with MS Office standalone but then you're still dependent on Microsoft.
Wouldn’t it have been easier to just migrate from Bitwarden us server to European server ?
Proton pass free tier lack feature compared to Bitwarden.
Beside id argue that no cloud is better than European cloud. There is keepass for instance, with syncthing it works pretty well.
It doesn't matter where the servers are located physically
Open source
Beats
Closed source
Beats
Managed service from Europe
Beats
Managed service from America
Over time that has not only regressed to just free to run, but not even that - you have to have permission to run your stuff
It’s easier to be a vassal. I won’t say good luck though. Live in favour of the king and you’ll be fine. Until the king does something and you get to kiss his ring.
https://web.archive.org/web/20210729190016/https://support.s...
The original link is dead for some reason: https://support.startpage.com/index.php?/Knowledgebase/Artic...
TL;DR: Startpage appears owned by an ad company? https://web.archive.org/web/https://www.bizjournals.com/losa...
Could someone explain to me how an ad company and a privacy company work together? Seems like opposing interests?
Maybe Ecosia will be a good alternative later on: https://blog.ecosia.org/eusp/
Another suggestion would be https://searx.space/
>Migrating away from US cloud services was easier than I expected.
So if the AI hype is worth its salt, the transition should at some point become trivial.
"Hi Mistral, can you please build a OneDrive replacement? I will host in on my Linux server at OVH. Here is the documentation for OneDrive, make sure that the software works as described in the documentation. Then install it into my server using these credentials and put the client side apps in my Apps folder"
I can't keep myself but thinking, what will happen when the mighty US tech companies that used to serve the planet get limited to 340M people in the half of the North American continent.
So far it was just convenient to have your tech thingies in the USA even if you are just providing a niche service somewhere in south Italy from Montenegro.
For years this created a positive feedback loop that fed into the centralization of capital and talent in USA, particularly in the Silicon Valley. It wasn't that Americans were writing better for loops than Europeans, it was that the global nature of the tech positioned itself at the place with least resistance and largest resources.
Unfortunately this is coming to an end as a political choice by the USA itself, so what's next then?
The moat of social networks and financial networks can indeed be broken by force if politicians choose to. This brings so much opportunity to non-Americans, it is sad for those who feel like global citizen and integrated with the whole humanity and its pretty much the dream of ant-globalists.
I've found OneDev (selfhosted) to be an excellent alternative, unlike others which feel either half-baked or require a lot of configuration/maintenance
Their "Gitea Actions" are based on "GitHub Actions", you don't even need to rewrite your CI Yaml
Our main conclusion so far is that many of the platforms that we look at, such as Signal or Protonmail, need serious UX improvements before they can be used by any serious chunk of the population (though for a HN audience, they can mostly put up with it).
I am all in to move away from google, dropbox, etc.
For the time being their interest are very much aligned with the EU (and logically so, from a geographical and economic standpoint), but Switzerland also has a history of happily changing sides when their "neutrality" or their financial interests are at stake.
Their historical dependency on finance (and their shady practices), combined with a high dependence on US trade, and high financial investments in the US make them particularly vulnerable to economical and financial blackmailing by the US. For a case-in-point, see the particularly weak response (or "diplomatic" response, staying charitable..) of Karin Keller-Sutter to the Trump developments, in a bid to hopefully avoid tariffs.
Therefore, companies obeying Swiss laws simply do not offer the same "privacy" guarantee as companies obeying EU law.
Secondarily, putting your trust in a company who's CEO openly supports the Republican party is, in the current context, very questionable. No matter the Proton PR denials and clean-up attempts after the facts.
The legal concern for EU businesses should be self-evident given that EU-US data sharing provisions have been struck down again and again with every replacement inheriting the exact same issues of the one before it. There simply is no way for US-based companies to comply with EU data protection laws while still complying with US laws granting law enforcement and federal agencies warrantless surveillance powers - they'd actively have to break US laws to comply with the EU laws.
That said, this is much more difficult for some things than others.
If you're building on AWS, there's simply no drop-in replacement. Yes, there are EU equivalents in the same category but it's very different from "simply" switching between AWS, GCP and Azure.
For package registries like NPM, moving away also means abandoning the standard ecosystem. For private packages this may be an option but for public packages at some point you will likely need to involve a US service. GitHub is kinda in the same boat - although alternatives to GitHub exist functionally, GitHub is also a platform for discoverability and ease of access. These platforms act somewhat as monopolies for these purposes simply through the network effect of so many people using them.
Even Microsoft 365 (or Google Workspace) can be somewhat difficult to avoid given that so many things simply integrate easily with it compared to whatever company-wide "productivity suite" alternative you might want to use. That's without even getting into the quality and compatibility of the tools themselves.
What seems far easier and often overlooked are the infinite number of dime-a-dozen SaaS providers: emails, monitoring, realtime, messaging, payments, etc etc. These provide an easy first step for most companies and by adopting these incrementally you can also more easily wean yourself off bulk service offerings like AWS. Of course this comes with the cost of a diverse stack: you can't simply hire an AWS certified devops guy and expect him to know how every single service works, on the contrary none of your folks might know how a given new service they need to add works.
Another consideration that's becoming increasingly relevant is the (un-?)intentional vendor lock-in imposed by AI assistants: the LLM your devs or management is using might be able to generate a SOA app built on AWS or Azure but it will likely be less helpful integrating with a EU-based specialized service provider with a fraction of the userbase. Not to mention the AI assistant itself probably runs on US-owned infrastructure and is likely provided by a US-based company.
[1]: https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...
I understand that for Europeans this might cause a negative reaction, but the reaction is pure emotion, not an attempt to understand both sides of the partnership.
The current administration has been pushing things very fast, that is true. Maybe too fast. But it is also refreshing to see that you can get rid of bureaucracy if there is a strong will.
And let's not forget that the change in the US administration has had a direct impact on the debate around de-regulation and making the business environment in the EU more friendly for entrepreneurs and new business. But it came only as a reaction to what Trump is doing, not as part of a clear strategy or execution plan.
Uhm, you did notice the threats of invasion and annexation to allies, didn't you? This is not "more closely defending interests", this is a 180° change of policy after half a century. Maybe this feels like some minor issue to you, but generally, countries take direct threats to their sovereignity extremely seriously.
And the thing is - while Europe didn't do the whole "growth above all" thing in recent years, it still has the best median quality of life in the entire world. Maybe there is a point, where it's just good enough?
Maybe the price of eternal exponential growth is too high.
I've been hearing those doomsday "europe is going to get destroyed economically" stories for my entire life. Yet the median quality of life and other societal markers kept going up.
Do you really not notice what you are doing to supposed allies, without whom the US is essentially nothing? This is a two way street. And without protection from the US, why should american outstanding political influence be a thing anymore? The US and its citizens aren't special, just one country among many others now.
Besides, the example of the sanctions to the ICC provide a concrete case of unacceptable risk due to the new US policies. Even assuming that sanctioning the ICC in favour of Israel is defending the interests of the US.
This is a huge understatement of the current political situation in the US, where old allies are suddenly being treated extremely unfriendly and where stability is no longer something you can count on given how quickly the situation has deteriorated since Trump took office. While it is allegedly being done to "more closely defend the interests of the US" the ends may not justify the means.
We don't have an issue with the approach on a fundamental level here in the EU, but we would have liked this move to have been made in a more progressive fashion, as it makes the US look like a very unpredictable commercial & military partner.
> Getting rid of good relationships with the US will weaken European tech (and not just tech) even more.
Forcing EU to improve their own tech and military development is something that is being done in response to the US' lack of predictability, nobody's being "fooled" by talking heads, people just generally love the feeling of safety and predictability.
I'd like to understand why you're assuming this will weaken European tech though - what is this based on specifically? We can develop our own versions of anything you make in the US, we have the engineers and the US is no longer really leading even in AI initiatives thanks to the Chinese open sourcing their AI tech.
So nothing to do with the new administration—interesting take?
Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.
We are very far away from the status quo in the US. Some countries are overtaken by extreme right, which is worrying. But it's nothing like the US where the entire country went to shit overnight.
Also, we don't have this singular president entity which has so much power that everything can be turned upside down in just one election. We have a president but she has very little power and influence compared to the way it is in the US.
Also, our multi-party system prevents the two-party zero-sum setup that is present in the US where parties go to ever extreme methods to make the other side look bad (because a lose for one is a win for the other). For us it doesn't work that way.
Last time I checked not even the US is proposing to install AI agents on everybody's phone to surveil your encrypted messages (look up chat control, last meeting not even 2 months ago). Soon people will start looking for non-EU VPNs to install Signal (the CEO said they would leave EU if the law passed).
> Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.
Disagree, some of the EU clouds are already well on their way.
Surprisingly enough the drive to do this does not come from within Europe but from the US (Ashton Kutcher and "Thorn"). They have managed to pocket some influential politicians.
Chat control: EU Ombudsman criticises revolving door between Europol and chat control tech lobbyist Thorn
> Breyer welcomes the outcome: “When a former Europol employee sells their internal knowledge and contacts for the purpose of lobbying personally known EU Commission staff, this is exactly what must be prevented. Since the revelation of ‘Chatcontrol-Gate,’ we know that the EU’s chat control proposal is ultimately a product of lobbying by an international surveillance-industrial complex. To ensure this never happens again, the surveillance lobbying swamp must be drained.”
Source: https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-c...
> And it is only pushed by a small number of politicians.
Including the chief Ursula von der Leyen and her commission.
Feel free to drop a few links. Digital EU projects tend to be absolute disasters run by bureaucrats. They always result in some 100 page long document, talking about planning a plan for creating a planning framework. Also throw in the words sovereign and digital transformation, for maximum corpo-political bullshit.
Galileo works perfectly as a counterpart to GPS. GDPR was also a resounding success.
It has really made companies much more aware of data handling. At work we have data protection officers now, privacy advocates, every app we onboard now has to be reviewed in terms of what the data is used for, where it ends up, if we have agreements with them in terms of what it's used for etc. This is really great because before we had pretty much nothing like that. It was just move fast and break things, including customers' privacy that would get broken. And our company is one that doesn't make any money from tracking our customers, so it wasn't really targeted as us, but it still drove so much improvement.
I think it will become much better now that we are disconnecting europe from US services. The main reason that tracking-informed ads are so much more valuable than context-informed ads, is that Google and Meta etc are promoting them. They control the auctions, and tracking is their moat. Nobody has such pervasive tracking networks as them.
The disconnection from these services could really be the trigger for an EU-based context-informed advertising service.
- https://www.scaleway.com/en/kubernetes-kapsule/
- https://www.exoscale.com/syslog/introducing-scalable-kuberne...
To be clear, this Europe?
https://www.europol.europa.eu/media-press/newsroom/news/euro...
The USA PATRIOT Act on the other existed and had been used extensively (as far as we know) before expiring in 2020. But even without the USA PATRIOT Act, the US is well-documented in using warrantless surveillance: https://proton.me/blog/us-warrantless-surveillance
The existence of nicknames is a weird metric to judge a jurisdiction's attitude to privacy by when you have actual evidence of behavior you can compare directly.
EU governments trying to push for special powers for law enforcement to sabotage encryption and failing (remember: the UK is not in the EU anymore) is very different from what US federal agencies and law enforcement are not only permitted to do but also are doing and have been doing for decades. It's probably not necessary to point out the limits corporations face under EU privacy laws compared to the US.
Cloudflare Tunnel installed on your box (free)
Cloudflare Email Worker connected to your domain which writes emails to a KV store (generous free tiers)
Cloudflare Worker that downloads the emails from the KV store and uses Worker TCP sockets to send it to your mail server over the tunnel via a TCP port ie 25000 (CF blocks 25)
For sending mail in blue, local mail server uses smtp2go or Azure Communication Services.
I’ve pretty much convinced that a cheap Synology rack is the best way to do this because it replaces Azure ID (Synology SSO) and Exchange (Synology Mail) which self hosted non-SaaS in the one appliance, it gets security updates, and it has a easy web interface for setting everything up.
Haven’t managed to write the Cloudflare worker code yet, but found this guys repo and he’s done pretty much all the heavy lifting: https://github.com/Sh4yy/cloudflare-email
Yeah there’s some lock-in with all the free Cloudflare stuff but you could probably get it running again without CF pretty fast if you needed to. If you have a static IP, skip the CF stuff!
OP suggested Proton but I’m not sure I’d want to go from one mail host to another. That’s just shifting trust and what I’m taking away from happenings of US at the moment is that being insulated from the events of the world is a good thing.