I'm Icelandic. This person seems to have done more research than most, but there's a common misconception that Iceland's some sort of Internet freedom haven. It isn't, and I think most of that came from foreign coverage of the IMMI back in 2010-ish[1]. That would have made Internet freedom in Iceland exceptional, but it never passed into law.
Also, you should be careful in paying attention to international reports of "xyz never happens in Iceland". Yeah maybe it doesn't, but 1/3 million people live there, it could just be due to the small sample size, not that it's less likely to happen.
Using Iceland to get away from the Five Eyes? Really? What does this person think Iceland's undersea network cables are connected to? Unless the traffic is local to the country it doesn't make a difference in that regard.
Author here. Thanks for explaining your thoughts as you are Icelandic. Really appreciate that. It's not too easy to do research in a non English speaking country. I'm not a native English speaker, so forgive the typos.
I wrote this article a few months back and since then some things changed. Somebody also enlightened me about the cooperation of Iceland with the US government [1], although no source has been linked. I think governments spying on data is something you can prevent with strong encryption and keeping the data out of the those countries that are known for it a.k.a. Five Eyes. That's what we do with our customers data.
I agree with your statement that "xyz never happens in Iceland" shouldn't be a reason for choosing a country. I'm still very confident it's better not to put our servers in any Five Eyes country.
For the speed I do think Iceland is not optimal. See the pings from this comment [2]. I realized this after moving to Iceland that the speeds where indeed slower than from Digital Ocean in Amsterdam.
I don't think your argument about the connection with cables are relevant. If you send your data encrypted it will not be possible to read the packets, right? Or maybe I don't get your point.
I'm thinking of moving our servers to Germany or The Netherlands. There are a few downsides with that for example the environmental impact. We are looking into other solutions to have no carbon footprint with Simple Analytics [3].
Which I think means watching data move across the lines.
If you'd like to pull your tinfoil hat even tighter: Germany, Netherlands, Iceland are listed above as broader members of signals intelligence sharing partnerships, as well as members of NATO. They have a discussion here of their policies and activities related to Cyber Defense:
If a government wants to take your hard drives it will. Unless there's explicit laws against the seizure of physical media, you're mostly relying on them either not having a sophisticated enough internal intelligence capacity that can do it quietly, or trusting in social reaction to a mostly boring, questionable infringement of property rights.
The parent's point is this. You don't own the undersea cables and Iceland doesn't either. How many companies own these cables that come into Iceland? Are those companies all from Five Eyes countries? What if the undersea cable company says stop sending traffic to this domain or we cut off your access from the data center or ISP provider side? What happens if the Five Eyes place travel/trade restrictions on Iceland unless physical data related to some alleged incident is turned over? The point being that sure no physical access is an improvement but maybe not a panacea. You may have protected data but how does that help you if it can't leave or enter your servers? The internet doesn't have to remain as free and open as it is now.
I suppose that the encryption is relevant no matter where you operate from. Does that protect metadata? I assume that all they can learn is that person X is visiting a site that uses your service, which is pretty unhelpful for spooks. In that case, the main security or privacy concern probably revolves around government data requests and/or data center security
Yeah, if you don't want to be surveilled by "Five Eyes" which includes the United States, United Kingdom and Canada, it's odd that you'd choose an island whose only high-bandwidth connections to the outside world go through those countries.
I do not believe that the five eyes have the ability to break modern encryption. But they probably have influence in Iceland in general. But I doubt they spoof the whole island. That would probably very noticeable.
(This comment to which I'm replying was apparently downvoted, presumably by people who disagree. It's a reasonable comment though I disagree with it, hence my reply)
> I do not believe that the five eyes have the ability to break modern encryption.
Do not be so sure. The Snowden documentation shows that they have many tools, from actual private attacks on the encryption itself to attacks on the endpoints (e.g. undocumented zero-day exploits) that can get data pre-encryption and/or post-encryption. And they don't limit themselves to endpoints in their own countries (that would be foolish for any intelligence agency to do).
Going beyond everyday attacks, one famous war effort gave us programmable electric computers in order to break encryption, and there is no disputing how much value came out of that for the winners of that war. Any country with the means will have been pouring in resources to recreate that advantage ever since.
If private industry is on the cusp of quantum computing, then to me it’s a safe bet that intelligence agencies have had it for years.
However, an advantage like this disappears the moment that evidence of its existence surfaces. It wouldn’t be used except in existential scenarios for that country.
> ... it’s a safe bet that intelligence agencies have had it for years.
I'm not so sure; indeed there are examples of that (consider NSA setting the s-box parameters to make DES more secure) but at the same time there are so many "experiments" under way just I the course of everyday business (that happen to apply to dual use tech) that the military often finds itself a generation or so behind COTS / consumer tech.
> However, an advantage like this disappears the moment that evidence of its existence surfaces. [Thus] It wouldn’t be used except in existential scenarios for that country.
We've become more sophisticated since operation mincemeat (http://www.themanwhoneverwas.com). Such tech can be used for parallel construction: I discover via magic snooping that odyssey7 is planning something I don't like, and is doing it with odyssey6 who has poor security. I snoop on odyssey6 and build my case from that. Or I also learn that odyssey7 smokes pot, so break their car's tail light, have a cop stop them, search car, and magically find evidence used to build the real charge. Or whatever. The real breakthrough is hidden.
I often read comments where people say something along the lines of, “X is considered impossible with current technology but I bet the intelligence agencies have had it for years”.
It seems reasonable that incremental developments might have been made sooner by government than academic researchers or industry. Indeed, there are examples. But leaps like quantum computing?
I’m not ascribing this to you but I’ve noticed that there’s often a crossover between people who, on the one hand, believe government is pretty much incapable while, on the other hand, having some near magic ability to make huge technical leaps.
Wartime is different, as then it’s pretty much all hands on deck.
DoD spending in recent decades has reflected a sense that there's perpetually an r > 0 chance that we'll be in the middle of World War III in twenty years, and that we're willing to spend what it takes to ensure technological advantages for when that happens. Throughout world history, military technology has been a determining factor in when many civilizations stopped existing. The mission of the DoD is to secure the U.S. in perpetuity, so this is their core competency.
Private industries, which can only approach moonshots tepidly out of fiduciary responsibility, are already making good progress on this. My hunch is merely based on the liklihood that the DoD - which spends unfathomable amounts on R&D and does not answer to shareholders - has been going at this longer and much stronger than any private organization.
The aggregate amount spent does not mean the government pays individuals more. I'm pretty sure the NSA can't compete with private industry for salaries. So that would cast some doubt on whether they can utilize the most talented.
Do you have any proof or other verifiable evidence of these claims? Or are you just assuming that those statements are true?
As far as I'm aware, there is no evidence at all that the commonly recommend encryption algorithms have any serious vulnerabilities when used properly. Now, it's easy to say that researchers would be given gag orders if they found the "magic back door", but that's all just speculation and fear-mongering really.
Additionally, it would be in the US's best interest for there to be no backdoor. Any vulnerability in RSA for example could be exploited against them.
of what claims?(i only made one) the great firewall of China is well known to exist as is their activity of logging everything. I said their ability to crack things might surprise you, but did not make any claims. I do not know for sure what they can crack but I do know their capabilities are not publicly known, this is coming from those that work there as well as court filings.
All of this seems quite a distraction for an analytics company.
Just locate your servers where it makes business sense. Secure them against hackers and unauthorised access in general, as you should. Ignore the CIA/NSA.
It's mostly a piece of content marketing. The service he provides is mostly about respecting user's privacy. Reminds me a bit of Duckduckgo's strategy.
In more seriousness, not all is purely making money. Some people prefer to make a difference in some things they have control over even if this doesn't increase profits. I find this a lot better than e.g. getting more money and then donating to charities that try to stop what the company is contributing to.
I haven't searched the topic well to know if it makes a difference or not, but it _seems_ like the authors are trying to improve something for ethical reasons and parent author is saying it is just a distraction and to focus only on making more money. I strongly disagree and encourage simple analytics to keep up their ethics for as long as possible.
Maybe they are trying to reach more people through blogpost and HN post, but moving the servers to another country does not seem like just theatrics at all.
It’s just a bunch of theatrics and virtue signaling. A lot of web users (like the one that didn’t want his requests going to the US) really overestimate their self-importance in the world of national security. NSA/CIA/FBI barely keep up with data regarding actual threats, they aren’t spending time worrying about random people on GitHub. (Referring to the commenter on the EasyList pull request.) Literally no one cares that you watch excessive amounts of fetish porn, visit socialist workers party websites, or have a secret crush on David Hasselhoff or sell a few grams of cocaine on the side. Your browsing history is uninteresting on its own. It might become interesting if you were to also a target of an investigation. But it isn’t like NSA has some red light that starts flashing in their headquarters based on the contents of a web search of some random guy in Bratislava or wherever.
If you are actually a terrorist, smuggler, human trafficker, weapons dealer, you aren’t commenting on pull requests to EasyList.
Most people are boring and, despite what they may think of themselves, aren’t even close to being a surveillance target. It’s also ridiculous theater to think that the country a server is physically in matters one bit.
To be clear, I am not defending NSA, I am just saying that most of us are uninteresting in that regard.
Nobody cares about your fetish porn and cocaine now. If you ever decide to run for president, suddenly a lot of people will care, and by then that info is already in the wrong hands.
You can play the statistics game and say that this will never matter for 99.9% of people, but when multiplied by all people who have info that'd hurt them if it became public (everybody!), it makes for a very powerful tool for oppression.
While I'm not going to disagree Switzerland is an OK option, you have to understand first why ProtonMail choose Switzerland.
One point being "In the US and EU, gag orders can be issued to prevent an individual from knowing they are being investigated or under surveillance. While these type of orders also exist in Switzerland, the prosecutors have an obligation to notify the target of surveillance, and the target has an opportunity to appeal in court. There are no such things as National Security Letters, and all surveillance requests must go through the courts. Furthermore, while Switzerland is party to international assistance treaties, such requests for information must hold up under Swiss law, which has much stricter privacy provisions."
I read this as, it isn't to say a government can't monitor what's going over the pipe for sigint, but if they specifically target a user for surveillance it must be disclosed to them and they have a right to appeal.
Nonetheless, if you're an American connecting to Switzerland for ProtonMail, the US govt will have some sigint, even if it's just your origin -> protonmail destination.
I'd go as far as to argue, as long as all communications are fully encrypted with the best possible encryption available (and no backdoors) it's fairly safe in any country for most general content. If you're extra concerned about privacy and surveillance (like I am), you should host in a country which has strong privacy laws but read up on the privacy laws, most of the time a country has good privacy laws for individuals, companies within the country, not foreigners.
People really have an unhealthy fascination with SIGINT. It's really not the disproportionate threat people think it is, or should be most concerned with.
Tools such as encryption, privacy-focused messaging mediums, VPNs, etc might serve to complicate an investigation by local law-enforcement agencies, but will not be able to defend against a more sophisticated targeted attack. While absolutely best practice, this is analogous to using an armored car to deliver messages from someone living on a park bench to someone living in a cardboard box.
I absolutely agree with the use of these tools, as long as you know their limitations and the threat profile they're targeted against. A messaging medium that does not store chat history will absolutely aid you in the event that your phone/computer is seized by law-enforcement to be forensically examined. However, the biggest problem is the endpoints. Using a zero-day/backdoor to root a device on the end of the messaging chain is orders of magnitude easier than trying to break encryption. Why bother using all that computing power when you can just use a rootkit to read the screen buffer in real-time?
You might be using all the best encryption tools, etc... but if SIGINT is really what you're concerned about then you'd be best off treating your PC/Phone as being the chief vulnerability.
It’s also good marketing to invoke Swiss privacy voodoo as a market differentiator. “Your email securely stored in France,” just doesn’t have the same ring to it.
I'm not saying it's warranted, but I could see there being a lingering perception of "hey, if they were willing to hang onto all that art the Nazis stole for so long they'll probably stay out of my email."
My perception is that the general perception is that the Swiss have a reputation for neutrality, especially in regards to the contents of bank accounts and lock boxes.
Before continuing I want to make it super clear that I'm not endorsing the Nazi's stealing art/gold/whatever. With that said, were Swiss banks handing over assets to the Nazis that had been previously held for Jewish families, or were they only holding assets for the Nazis which the Nazis themselves took from Jewish families? (This question is not intending make one option sound more morally acceptable.) My perception is the latter, but I could be ignorant. If I'm not ignorant (in this domain), I don't see why these events would call into question the ability of the Swiss to securely hold assets.
That is, I think I read long ago that the confidentiality of Swiss bank accounts was compromised during WWII for the benefit of the Nazis. I thought it was common knowledge.
However, I seem to be having difficulty finding a reference with Google at the moment.
ok, so this was a "non-binding" resolution? the wiki page is so misleading for someone not familiar with the vocabulary. I read "adopted by parliament", I jump to conclusions. Maybe the page should be updated to clearly define the current status.
Kind of. Parliament can create laws, and parliament can issue parliamentary resolutions that essentially say "This parliament wants this government to do X".
This was the latter, and all parliamentary resolutions are inherently much weaker than laws because they generally only apply to that particular parliament and that particular government. And we've had many changes of both since 2010.
It's pretty hilarious he thinks he is outside the reach of the five eyes agencies. Try this thought experiment. Find the top eight largest Icelandic ISPs' AS numbers and IP space. Now look at who their BGP peers and transits are on both sides of the transatlantic submarine cables. And where those cables land.
This is exactly why I moved my personal web site from the US to Germany and not to Iceland (which was my original plan). The thing of it was that GDPR provided better protection than no GDPR, and the cables negate any other benefit anyway. But this of course pre-dated the CLOUD act which could land you in jail for complying with either it or GDPR, as one requires you to share when asked, while the other prohibits it. Data protection needs a lot more work, and some precedents must be set for enforcing US law in Europe, and of course vice versa. Happily my server holds only my own data.
“Our encrypted traffic transits the Five Eyes” and “the NSA/FBI can walk into our datacenter with a National Security Letter” are not comparable scenarios.
As an ISP, I can tell you that actual implementation of national security letters is quite rare. If you're doing something you think might legitimately result in that sort of event, go buy server colocation physically located in Russia, not Iceland. There's a number of large Russian isps with good connectivity to the DE-CIX Frankfurt.
I believe NSL's are rare today because the vast majority of companies don't have robust encryption. I'm sure when security services are looking for info they first do a scan of their wiretapped data to see if they can get the info they're looking for without an NSL.
My guess is most data, even at privacy focussed companies, ends up accidentally transmitted over a cable unencrypted at least once. It doesn't take much to forget to turn on strict HTTPS enforcement on cloudflare for example. Or to forget to encrypt your backups in transit. Or to have an employee download a database dump for testing over HTTP.
It only has to happen once for security services to keep it if it contains any data of interest to their filters.
Isn't one of the core characteristics of a NSL that you can't tell us?
It's also not the only attack model; it serves only as an example of the sort of power Five Eyes has within the five nations they wouldn't necessarily have in Iceland.
I would be curious the issues with colocation in Russia. Judging by all of the potential issues with US/EU providers, it seems they may offer a certain class of comparative "safe haven" for particular types of applications.
I.e. if it became illegal to say certain things about the US government, could I (an American citizen) hypothetically host my protest blog on a Russian provider and avoid prosecution?
Yes, you could probably safely criticize the US on a Russian-hosted blog, but in the scenario of a repeal of the First Amendment, I can't imagine the hosting location would save you from any theoretical prosecution.
> If you draw a straight line from San Francisco to Amsterdam you will cross Iceland. Simple Analytics has most customers from the US and Europe, so it makes sense to pick this geographical location.
This doesn't make sense. The normal way to do this is to terminate connections close to the users, in this case running a server in (or near) the US and a server in (or near) Europe. You don't have to pick a single point that's optimal for all users.
But if you are going to pick a single point, Iceland is not the point to pick. Connections don't follow great circle distance, they follow cables, and Iceland primarily connects via Europe. Have a look at https://www.submarinecablemap.com/ and you'll see that the only connection West from Iceland takes an indirect route via Greenland. If you run pings from SF to Amsterdam you'll see lower latencies than SF to Iceland.
A lot of the comments are fairly critical, but I think your move was praise worthy from the perspective of CO2 emissions alone. You should feel good about that.
While Iceland may not be a privacy paradise, I still think Icelandic hosted servers provide a higher barrier than US based servers for government data collection. The US government has a history of high volume warrant-free collection of user data - your setup in Icelandic appears more resilient to this approach. However, as others have pointed out, Icelandic hosted systems are still vulnerable to traffic analysis as well as physical and legal attacks on servers and key holders. The solutions to these types of problems though are more political than technical.
> A lot of the comments are fairly critical, but I think your move was praise worthy from the perspective of CO2 emissions alone.
If the goal is low or zero co2 emissions, there's a number of datacenters in north america powered from 100% hydroelectric. In British Columbia, Oregon, central/eastern WA state and in Quebec.
I see a lot of scrutiny in the comments, but the simple fact is that they are actively trying to secure their users data to whatever extent they can. This shows a great form of care from a company and pushes me as a consumer to use them. Yes Iceland has had reports of letting the US pull drives before. No I wouldn't think to plant my servers in Iceland. But the fact that they are considering all of this is a big big + in my opinion.
Most countries who have INTL fiber cables running in/out of them will have a direct link to a "surveillance" country, but as long as encryption is sufficient then the data is still relatively secure. and pulling RAM to inspect the memory is a pretty hard thing to get away from.
I think this is as thoughtful as it gets when considering user and company privacy.
> so we kind of need to trust the hosting provider
If you're worried about someone physically attacking a server to compromise encryption keys, whether the data center operator is complicit is, sorta redundant. Moving to Iceland isn't going to solve any of the attacks mentioned.
That being said, hosting in colder climates makes a lot of sense from an energy usage perspective. I think they should have focused on that first.
This all seems moot and a waste of time and energy. They just managed to significantly increase latency to all their users (in the US and Canada). Maybe if they bought co-location in Iceland and racked up their severs in a dedicated cage, ok that makes a little more sense in terms of hardening and control. However, using what amounts to a shared hosting provider, doesn’t help mitigate their concerns.
> so we kind of need to trust the hosting provider
Let me get it straight. The author is waxing about Five Eyes, country-level attacks, fiber optic taps, etc but bushes off the most direct attack as "we kind of need to trust the hosting provider?" Now that's the one weird set of priorities.
> he indeed was correct about the fact the US government is able to access the data of our users. At that time, our servers were indeed running on Digital Ocean and they could pull out our drive and read our data.
Moving servers out of US is obviously a step in the right direction. However, it's also understandable if a user wouldn't want to be tracked by 3rd parties, at all.
Even if there's no 3rd party involved, we've seen NSA tapping onto private companies (Google) internal network as well. If any analytics company grows big enough, it's definitely becoming a target for the NSA.
> it's also understandable if a user wouldn't want to be tracked by 3rd parties, at all.
For what it's worth, the author claims that Simple Analytics respects the Do Not Track (DNT) browser setting, so that user would be able to have it his way without needing to install EasyList. But of course that is something that requires a degree of trust, and DNT seems to be a failure for the most part, because of all the other parties that do not respect it.
I remember for some reason Google Analytics had may be some bad press and then we have a new era of analytics, Simple was one of them, but they refused to add aggregate data such as Browsers, Countries of Origin and Devices Info.
So I am surprised to see that have finally done it.
The other one is Fathom [1], doesn't seems to be in development anymore.
I live in Utah County, approximately 40 minutes south of Salt Lake City. I live less than 20 minutes away from Eagle Mountain, where they are going to build a new Facebook data center, and less than 20 minutes away from a rather large NSA data center installation in Bluffdale. We also have C7 and Rackspace 10s of minutes north of me and Adobe HQ 10 minutes away as well.
I don't know why people use Salt Lake City as a location for data centers in the sense of its cheaper to cool. We are high elevation, but we are a high-elevation desert. It's usually pretty hot here. We have winters, true, and it's way dry here, but the winters are rather mild, especially compared to places like Wisconsin or Chicago, where I am originally from. It must be because of cheap electricity and/or tax laws. We have a lot of wind power here, and some coal power as well. One thing's for sure: cooling isn't why they build datacenters here. I have no idea why but I'm not complaining either :)
This is, as it so happens, why we sweat "more" in higher humidity (given a constant temperature relative to a non-humid atmosphere), and why humidity adds to perceived temperature. We're actually still sweating either way, but when the air's already humid there's nowhere for that sweat to go, so it stays on your body (and with it, the heat it was supposed to wick away).
As mentioned in another comment, cooling towers (evaporative) work very well in high desert areas. Phoenix is pretty popular for banking corporation data centers because of relative geographic stability, but I'd guess the cooling costs are a bit higher, I know some data centers have very thick walls and very tight security in the area.
Also, it is quite a bit cooler than say Las Vegas or Phoenix, while being more central. The relatively mild winters is also a benefit in terms of geographic stability, you're less likely to see structural issues than you would in other areas of the country with more wild swings. It's also possible for certain components to be too cold as well.
Tax incentives and a relatively less expensive labor pool don't hurt either.
Thinner air makes it more difficult to effectively cool, even with cooler air. I've even seen things have an "High altitude mode" that make the fan spin harder.
There are two major reasons it is popular to site data centers in Salt Lake City. It has nothing to do with elevation.
First, the I-80 corridor is one of the most important and highest density fiber backbone routes on the continent, which runs right through the city. From a network topology standpoint, this makes it a pretty great place to aggregate massive quantities of data from around North America.
Second, it is a large city in one of the most geologically and meteorologically stable places in the continental US, far from an ocean (or anything really), which makes it a good choice for disaster recovery and backup sites. That locale has been used for this purpose for decades, not just for data centers.
tl;dr: Virtually unlimited and extremely well-connnected bandwidth in one of the least disaster-prone regions of the US.
Apple and Facebook have data centers in Prineville, OR.
Google has a GCP data center in The Dalles.
Amazon has at least one in Port of Morrow and one in Port of Umatilla.
...Now in 2019 we have data centers in various locations across the world but efficiency goals are no different if not more ambitious. So something more flexible was developed and now in production. https://engineering.fb.com/data-center-engineering/statepoin... IIRC it doesn't mean we high deserts aren't special anymore. They still are.
I use 1984 for my mail server and I've been pretty happy with them. Decent pricing, and they support OpenBSD on their VPS offerings (which is perfect since OpenSMTPD + Dovecot is my preferred mail stack).
> "Another advantage from moving to Iceland is the climate and location of the country. Servers produce a lot of heat and Reykjavík (Iceland’s capital, where most data centers are located) is on average 40.41°F (4.67°C), meaning it’s a great location to cool down the servers. For each watt used to run servers, storage and network equipment, proportionally very little is used for cooling, lighting and other overhead. "
Am I the one not understanding heat transfer ? Because if companies follow suit and this is done at scale, good luck with the rising temperatures, Iceland.
Also, you should be careful in paying attention to international reports of "xyz never happens in Iceland". Yeah maybe it doesn't, but 1/3 million people live there, it could just be due to the small sample size, not that it's less likely to happen.
Using Iceland to get away from the Five Eyes? Really? What does this person think Iceland's undersea network cables are connected to? Unless the traffic is local to the country it doesn't make a difference in that regard.
1. https://en.wikipedia.org/wiki/Icelandic_Modern_Media_Initiat...