> Wrapping up - Migrating away from US cloud services was easier than I expected.
This is absolutely not the main takeaway and I find it difficult to see how he could write this - there are gaping holes. Git repos (it's too difficult). NPM (ditto). Startpage uses Google's index. The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems. The real takeaway from this is that it's currently impossible in any meaningful sense. It feels like there's a real opportunity here for European companies to step up and make a big play, but will they? I really, really hope so. I'd jump ship in a heartbeat if I could.
Edit: To be clear, the reasons in brackets were the author's, not mine.
If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
In any case, even if a european is a proxy for an american service, you need to prove that there is a market for an european equivalent for change to happen.
> Notice: sr.ht is currently in alpha, and the quality of the service may reflect that. As such, payment is currently optional for most features, and only encouraged for users who want to support the ongoing development of the site. For a summary of the guarantees and limitations that the alpha entails, see this reference.
I've used it for a few years and it's been stable and without issue. builds.sr.ht is the best CI that I've ever used. I think the only time it has been down has been due to DDOS.
Would I run the git server of a multi-national bank on it? Probably not. A standard SAAS? Yeah if my team felt it was important to use EU companies.
Otherwise you could also self-host with a VM, then you can use gitea or gitolite with systemd oneshot services.
> If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
"There might be an option in the future if there are sufficient users" is a quite different milestone compared to fully switching away from US-based services.
I agree that some of the hard parts were glanced over. Besides that, everyone seems to talk about the cloud and nobody about the other big, if not bigger, dependency. Our use of Windows and macOS (and Google Android and iOS if you will) on the vast majority of client devices.
If
Time and time again, data-sharing agreements between the EU and the US get busted, showing there's just no legal compatibility between EU privacy rights and US spying laws. [...] With the current political situation in the US, it's also starting to become clear that our entire digital infrastructure is at the mercy of US policies. It is no longer safe to rely on US clouds for our governments and societies, as the US government can shut it down at will.
are your worries, rolling out government-required backdoors, lockouts, etc. in operating systems is going to be a huge issue. To shut down a large portion of Europe's infrastructure, the US government only has to order three companies to do so.
I think there were (and are) attempts of replacing at least the desktop systems with some variant of Linux but I think the dependency on Office remains the main problem in doing so - Windows lets you integrate all that pretty seamlessly with how the system works and is administered.
China is probably much more aggressive in this than Europe as for them the US has been a rival (or even enemy) for a long time.
Fastmail's servers are apparently located in the United States[1] - and the Netherlands, but there doesn't seem to be a way to know in which country your specific mailboxes are stored.
> Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.
So as far as warrantless surveillance is concerned, Fastmail is no better than if it were a US company or subsidiary thereof. They may themselves not be in a position where they would have to comply with US requests that would be illegal in Australia but whoever is operating their US-based DC absolutely is and they admit as much, even if they handwave this scenario as being no different from an ordinary hacking attempt[2].
[2]: Of course the flaw in this comparison is that an ordinary hacker can't make on-site staff comply with their demands and prohibit them from disclosing the hack. To do so without the authority of the law, you'd need a Hollywood action movie level of criminal enterprise that would usually involve taking a retired police officer's granddaughter hostage for some reason.
Australia has some fairly draconian digital laws that authorities can issue notices requiring developers to assist with an investigation. This can include technical assistance which could require companies to build capability for law enforcement to break the encryption used in their services.
It can't be trusted because it is incorporated in Australia which has draconian digital survellience laws.
Operated by trustworthy individuals is a moot point when they are compelled by law to build in a backdoor if asked. Even a warrant canary is forbidden.
You're repeating the same information as in the comment I'm replying to.
The surveillance laws, no matter how often you repeat the word "draconian", are irrelevant because…
Email isn't safe, and most of your email probably ends up on Google's or Microsoft's servers anyway, in which case US companies can be coerced by the US government to give them everything they have, while not being able to tell the public about it. And they do just that, a fact that came to light with Snowden's revelations. Australia cannot be worse than the US.
For emails, the government surveillance is irrelevant, as it happens anyway. And solutions like Proton Email are just privacy theatre that also happen to interact poorly with established standards (e.g., SMTP, IMAP).
I also fear Australia much less than I fear the US these days. I have always feared the US, especially due to their massive security apparatus, but at least I considered them valuable allies. These days we'll just add some extra fear points due to the techno-fascists in charge, voted-in by the people with a popular vote.
Whenever I see such comments on popular forums, such as HN, I lose faith in humanity a little, either because people don't think about the threat model (this being vibes-based) or the consequences of boycotting the underdogs, or because they are disingenuous about it.
Fastmail is a fine service, built and operated by trustworthy people, which also contribute to standards (e.g. JMAP) and to open source. A service that's also not monetized by ad-tech, unlike what the Big Tech email services are doing.
> Fastmail is a fine service, built and operated by trustworthy people
Yes, but their data centers aren't because they're operated by someone else in the US.
Fastmail is slightly better than using a US-based e-mail provider but it's still de facto US-based e-mail even if the company you sign up with sits in Australia. They don't control their own data centers and their data centers are in the US (whether they have additional data centers elsewhere doesn't matter if they're not transparent about which data center your data will go to).
“Warrantless surveillance” was yesterday's concern, back when Snowden's revelations were in the news.
Today the concern is war, both economic and literal.
From that perspective, I'll gladly use Australian, or Canadian online services, while avoiding using US ones for as much as possible. Note, I don't think it will be long before services like Fastmail will start moving their servers. Again, yesterday the US was an ally, whereas today the writing is on the wall.
Tuta comes with a caveat - you cannot use it in any other mail client (I think there are similar limitations with Proton as well).
Anyone looking for alternatives - stay away from mailboxo.org. It's a pathetic service. Stuck in past (they have a suite that makes you kick a table leg), very disgustingly bad customer service (it's almost non existent), and yeah they use 2FA inside the password.
Tuta is many times better if you can live with not being able to use another client. (They have pretty decent apps on all platforms though)
mailbox.org were good, but they decided to become more than just a mail provider and forced users into other, more expensive plans, adding office and cloud storage.
There is also posteo.de. It doesn't support custom domains, but I use it in combination with simplelogin.io (I think French, but now owned by Proton).
Yeah, I appreciate posteo's stance but when I tried using my domain via forwarding service it was a pain.
SimpleLogin, by the way, is now owned by Proton which is run by a founder (CEO?) who is a vocal Trump supporter. Nothing wrong with that of course, just saying.
More for email from EU: there is runbox (Norway; I have used it, really good except that their new suite has been in beta for over a century), mailo.com (france; on new pages I had to explicitly set translation from top right corner), inbox.eu (Latvia; haven't tried it). There are more: soverin, infomaniak has mail service, sartmail (used it; was costly for my personal usage iirc), and migadu (kinda well known), mailfence (liked it) etc.
Of course there is - Tuta (no imap/pop3 client support) and Posteo (no custom domain) - which are both excellent if you can live with these limitations.
The ones I would not consider (personally): mailbox (germany; but they are really. bad now - I have commented below about it), proton (I'd avoid it; reason was on hn recently).
Thanks for the info, I am a Private Internet Access customer and didn't realise til now. I now feel disgusted and will definitely be switching to another provider when my subscription ends. Luckily I only use it for Linux ISOs and changing region for streaming services so not much to spy on.
I used mailbox.org for several years until they forced everyone into more expensive plans by adding irrelevant features like office and cloud storage. This kind of behaviour from them was disappointing.
Can only recommend them - not too expensive, you can also use your own domains and they support at-rest auto encryption of all incoming mail with a PGP public key you give them (which of course does not prevent them from saving incoming mail as clear text somewhere else, but prevents others from reading all existing mail should they get access to your mailbox later)
Discovered them recently. Price looks absolutely fair for what you get. It offers up to ten external addresses for sending and has a web interface so it looks like a solid Gmail alternative.
Yes, but nobody competes with AWS, Azure or GCP, everything else is easy.
And most likely, most of the services/saas you mentionned relies on "US" cloud infrastructure.
(the risk is of course that the administration is not stable enough to stay bribed, or intra-oligarch fighting breaks out between Musk and one of the others)
I don't get what you're saying? There was a brief fad for using the other Chinese short video service, Rednote (Xiaohongshu) for about five minutes while TikTok was banned in the US, but mostly this discussion is about data sovereignty for Europeans who want to use European products for better legal protection.
(people have long since moved away from the Russian-bought social network, Livejournal; it's very occasionally useful to look something up on Yandex if you think it may have been delisted)
If you look into the history of some of our most recent, major disasters, they've happened under the watch of authoritarian governments. Two that spring to mind would be Chernobyl and Covid.
Companies running under those governments should surely be susceptible to similar issues because the fish rots from the head down. The culture and fear of speaking out and there for steering things in the right direction would be really dangerous for a company like Amazon and the AWS ecosystem.
If not used the latter but the former was excellent back when I used to use them. They were a little more focused on traditional compute and lacks the general breadth of services that the likes of AWS offer. But if you’re in a position where you’re able to choose a cloud platform provider based on the location of their HQ, then the chances are you’re requirements from said cloud provider are pretty basic.
True, I missed out what scaleway have done over the years, but after being literally burnt by OVH, and hearing that scaleway was operating in similar fashion, I gave up looking at their offering.
That is only the case if you think of migrating as an all-or-nothing. The services that he did manage to migrate went quite smoothly. If he would get stuck with one or two services, was it still worth it to migrate the ones he did manage? If you think it has all been in vain, then yes - its a different takeaway. But obviously Martijn does things step by step and I imagine he is happy even with the progress he made.
In other words, the question is 'is it easy to migrate to a service for which decent alternatives exist', rather than 'do decent alternatives exist for every service you depend on?'
You takeaway depends on what question you are most concerned with.
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
I think that this will depend a lot on expectations about politics in the USA in the medium/long term. Making this kind of investments makes sense if you expect the aggressive hostility that the current administration brought against Europe (and all other US traditional allies) to continue for a long time, and not just a couple years.
I expected it to be much harder to move away from these services I heavily relied on like Microsoft 365. Before I started migrating it figured I was so entangled in their web, that switching to an alternative would be a tremendous task. After actually migrating these services, I managed to migrate 90% within a few hours per service. This is nowhere near the amount of effort I expected it needed. Because of that, I'm also optimistic about migrating Git and NPM. While I don't think NPM will be any different, I suppose my optimism about Git might be misguided because of the amount of customization that goes into setting up CI/CD. Still, since only one out of all of the services might be hard - one that doesn't handle any PII - I stand by saying the overall effort was easier than expected.
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
Big plays are possible only with big capital, and that isn't what happens in the EU tech market.
Lack of serious VCs is a problem on one hand, but to blame is also the EU Horizon program which will favor large established companies (which innovate very little), and the fact that the funding direction changes with hype cycles (in 2020 that was digital transformation, in 2024 it was AI and similar).
The "easy" stuff was easy as the external face is a custom domain. This should be understood as a lesson for future choices.
Generic / not heavily propriety services which are pointed to by something you own (i.e. a domain name) can be migrated to new services. Web hosting, s3 hosting, email hosting etc.
Migrating from @gmail is not possible without scrapping an identity and starting over.
Qwant is an EU search engine, NPM allows you to specify a git repo and that git repo can be hosted on a gitlab instance or an EU provider. It’s not impossible to switch these providers, you just give up on major conveniences.
> > Wrapping up - Migrating away from US cloud services was easier than I expected.
> This is absolutely not the main takeaway and I find it difficult to see how he could write this
He explains why he writes this, but this is an incredibly silly complaint because you can’t know what his expectations were.
> The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems.
Which the author had with Microsoft 365 as well. Considering reducing vendor lock in wasn’t a goal of what they were trying to do, it’s not clear why you’re even raising that point.
> The real takeaway from this is that it's currently impossible in any meaningful sense.
It’s not clear how you got to this conclusion in any way whatsoever. In fact, this is an entirely ridiculous assertion.
Essentially your entire comment is “the author didn’t aim to do what I wanted them to aim to do therefore the author is wrong”.
"there's a real opportunity here for European companies to step up" and what would be business model? From tiny fraction of people that care about this - wast majority are also the same types, that are known to be unwilling to pay for any service ever even 1 cent.
I'm not sure that's true - mainly because of some potentially big European customers in government or national infrastructure. They care enough about security and reliability, that they'd very likely choose a European provider over a US one, especially if the existing political climate continues.
Companies don't need anywhere near the profits of Google to cover continuous development and maintenance, so while a European tech giant of the size of Google might not seem that likely, a European office suite certainly is more likely.
Bert Hubert has previously written about how the entire European telecoms industry with the exception of Britain has outsourced not only equipment but also network operations to Huawei:
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
Or for the EC to stop their "rearm" BS, and actually do something useful for the people by helping such companies. This is the real battleground for European independence and freedom.
The US demanded rearmament for years, and the combination of US and Russia has now forced Europe - including previous neutrals Sweden and Finland - into rearmament. Only a proper, just, end to the war in Ukraine can remove the need for it now.
This is absolutely not the main takeaway and I find it difficult to see how he could write this - there are gaping holes. Git repos (it's too difficult). NPM (ditto). Startpage uses Google's index. The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems. The real takeaway from this is that it's currently impossible in any meaningful sense. It feels like there's a real opportunity here for European companies to step up and make a big play, but will they? I really, really hope so. I'd jump ship in a heartbeat if I could.
Edit: To be clear, the reasons in brackets were the author's, not mine.