382 comments

[ 6.9 ms ] story [ 5689 ms ] thread
I moved from GitHub to self-hosted gitolite. I use a (standard) Makefile in each repo, which my deploy job runs (make test, make build, etc). I use githooks to do various automation.

It's really not that much different to GH Actions, and not more work. But it's much faster, and easier to work with.

If you're working in a team, then PRs are hard to replace.

What drew you to gitolite over alternatives (e.g., Forgejo)?
My company is looking into a move from GitLab to https://forgejo.org (Codeberg, essentially). Seems way easier to self host. Seems fine so much for all my team's needs.
This looks interesting, I have self hosted gitlab but it is so slow and I don't need most of the features it offers. Thanks for sharing!
Yeah, we've been using gitea for five years, and from administrator's point of view it's one of the easiest things to self host. Updates can happen automatically and require very little downtime, and it's light on server resources.

In comparison, Gitlab was a massive pain and became close to unusable on that same server before we migrated to gitea, even though Gitlab was used just for code hosting, and gitea is used for everything it supports (container image and package repositories, issues, etc).

For code review and merge workflow gerrit used to be good a decade ago, it's probably good today, too. Github PRs are strictly worse today than what I remember from gerrit back then.
Gerrit is great if your team is willing to work in a rebase based workflow!

We handled huge repos on Gerrit (and a huge number of them) at my previous employer with very few problems. It does take a certain effort to self-host it, but then what doesn't.

what advantage does gitlolite over gitea? If i wanted to replace GitHub my intuition would be to replace it with gitea. It seems to have similar interface, pull requests, workers etc to gh.
Gitolite is a bare bones git server. Gitea is a forge. They’re not remotely in the same class of software. Gitolite doesn’t even have a web view for the repos, you need a separate package like cgit for that; never mind project management features.
On my first team in 2011 we used Phabricator before the company sprung for github enterprise. Phabricator was fine; you could even just copy/paste the output of `git diff` into a form on the UI as an alternative to pushing to a monitored branch.
My problem is that I do not want to replace one centralilzed service with another. I do not see any difference between the US and the EU (or Australia) in handling privacy. Most politicians are super keen on destroying privacy for people, for the "good cause". There are so many examples of this I lost count. We need strong encryption and true peer-to-peer networks where the connection is going through random routes (impossible to predict) and there is no government controll of any of the nodes it touches.
Perfect is the enemy of good. The EU has it's flaws, but if you can't see the difference between the US privacy climate and the EU privacy climate then you need a reality check.
Yup, in the USA you can still have VPN server that is not storing logs, something that is simply illegal in European Union countries.

In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way, as any criminal who needs an anonymous card would pull in to the retailer some drunk or homeless person and get that SIM anyway. But "normals" can forget about privacy, unless they want to play with something like silent.link.

True regarding logs.

False regarding SIM cards.

European.

Not true regarding logs given mullvad is the only half-trustworthy vpn provider out there.
You remember Lavabit?

We also have Mullvad.

I have a few traveler esims from Europe. I didn't need to show any ID and I paid cash.
> In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way

This is illegal in some European countries but not all. I more than bought one phone and one SIM card with cash in the past.

There is always a degree of incoherence in people's beliefs and actions.

A good one along the lines of your comment, IMHO, is how most Europeans are very happy to promote ID cards and to be asked for theirs all the time while always complaining about "privacy" and against "surveillance".

For instance in France you must show your ID to buy even a prepaid SIM card, but then again the police can ask to see your ID with little justification. Or how they ask for ID when checking your ticket in the TGV high-speed train...

Are you insinuating that if you're in the US, you could refuse to show your ID to a police officer when they ask for it?

Go ahead and try that, tell us how it goes...

(No, there is no requirement to be carrying your ID card in any EU countries that I'm aware of. However, most jurisdictions require you to state your identity if questioned by police as a suspect. At least here in Sweden, if you're a suspect they are allowed to detain you "for identification" if you refuse.)

Why the aggressive tone?

I am not expert in the US, and it has actually nothing to do with my comment, but I believe that police in the US might ask you to identify yourself in some circumstances (which is quite different from having to show an ID).

What I mentioned regarding France is that you must show an ID (passport, ID card or driving license) or face being detained at the police station when asked by police. You do not need to be a suspect of anything to be required to show an ID.

I was certainly not going for an agressive tone. I'm trying to say that police all over the world will want to know whom they are talking to, especially if you're a suspect. I don't think it's a world of difference between the US and an "average EU country" there.
In all of Eu countries I visited, only FI and DE asked for id when buying a prepaid sim card. And prepaid sim card days are almost over, as there is Airalo etc.
Strange as I have never heard that you would have to show your ID when buying a prepaid sim card in Finland. And I have also bought them several times and I think that I have sometimes bought them with cash.
For me it's not even about privacy, it's pretty clear that no matter where I host things, if I don't have control of the hardware and the TLS termination then there's no privacy I can guarantee.

However there's still a case to be made for some form of digital sovereignty.

It's no longer considered a complete paranoid delusion that the US could snap its fingers and put tariffs/sanctions on digital goods served from US companies or consider the EU to be proscribed and cut access entirely.

I used to allow myself to think of the consequences of such a situation, after all the US very famously stated that they have no such thing as allies, only temporary allegiances, and as a brit: that is a sobering thought, because we cosy up to them a lot - even going so far as to join them in an illegal war.

However, if you consider the economic harm that would be caused by microsoft just cutting access to Office365, disabling the licenses used or even cutting access to EntraID and managed sharepoints and/or Teams. Most of the EU would not lose billions in lost productivity, they would lose trillions.

What a crazy economic risk, and that's just one product. Nearly all digital services in the EU depend nearly entirely on Azure/AWS & GCP.

Even the ones that don't depend on hosting, still depend on Google Workspace or Office365; both of which depend heavily upon online services which may not always be online during heavy tensions.

I know this is difficult to reason about, but we really have our heads in the alligators mouth when it comes to our digital capability- it will be hard to remove it, and many people are enjoying the echo and will actively fight against attempts for change.

You might be interested in Peergos (lead here). It is E2EE, built on a P2P protocol (libp2p) and thus self hostable. We don't have onion routing yet though.

https://peergos.org

I find the Proton tools to be a joy to use and I use them for my business. For clients, I can't do that to them. Microsoft completely dominates and people just expect to be able to video call, chat, work on docs, etc. MS365 remains incredible value for money and pretty optimal for normies.
I recently had to use MS365 for a short time and I hated every moment.
Absolutely. Microsoft stuff is so mediocre and incompetent.

They get away with it because they're pretty much the only game in town for enterprise. So there is no drive for them to improve in any way.

But really, companies choose Microsoft because it's all connected (easy to manage for them) and fairly cheap if you take the whole package and because "nobody ever got fired for picking Microsoft". But AAA third-party solutions are always way better in terms of UX and features. Picking Microsoft tools always feels like you're settling for less.

I manage a lot of the microsoft 365 stuff at work and I really hate my job. Also the condescending attitude of their employees and 'consultants'.

I found O365 to be much better suited for Windows admins on large teams, IMO.
Would you recommend moving from Google Workspace to Proton? Including emails and so on.
Well, there are no (classical) office tools. There is a text editor, but no spreadsheet. Their "Drive" solution is very mvp, you can collaborate on text docs, but it's very minimal.

Email is great, looks great, fast, nice feature set. Calendar is mvp-ish, I can accept invites and they go into the calendar and they have nice links to Teams or Meet etc, pretty seamless. They also have widget for a iPhone now, but it's early days.

ProtonPass is great, at least as great as BitWarden, sharing credentials with family and colleagues is a lot easier (not that "organizations" stuff, just click, share, done).

My iPhone syncs pictures to Proton Drive, but the app needs to be opened to do that, which is annoying. Other than that, works well, pics are safe. I really want a Linux client and an API (or rsync endpoint?) so I can push backups there (I have 3 TB drive for the family/business combined).

Their Bitcoin wallet was wasted effort if you ask me, would have preferred video chat or something. Make it more like NextCloud with a dashboard perhaps.

But when they make a new product, it's mvp but generally immediately works very well. I have a lot of trust in their solutions to just work.

But you can use almost everything on the free tier, so just try it out! The migration tool also works really well.

Important to note that the migration works well one way only. If you later want to migrate out it'll be more painful.
Yeah, there are no export tools, but technically it would be up to the other party (like Google or MS) to make those right? When you want to go Proton -> Google ;)

I guess with the bridge you can move your mail uit via imap, the Drive you can just download it all. Calendar will be annoying I think because there are no open protocols like caldav (by design, and I do miss that!!!).

I'll give a different point of view.

I switched my personal email from Google Workspace to Proton. My use case wasn't privacy (especially when 99% of my email is sent to and received from people using Gmail, Office 365, etc.) I was interested in trying Proton more to support a plurality of service providers.

As such, I'm probably not Proton's target customer. That means the compromises Proton makes to enable E2E are not worth it to me.

Some examples:

* Search is like going back 20 years.

* The lack of automatic filtering (e.g. Gmail's automatically applied Promotions, Updates, etc labels) has made the signal to noise ratio in my personal inbox so low that I'm considering just taking the app off my phone or suppressing notifications, at least. I don't have the time to set up manual filters for everything that comes in.

* The lack of automatic filtering and decent search means that my personal email is now pretty much useless.

Similarly, it's pretty hard to migrate away from because you can't just use IMAP to shift your email history to another provider.

This isn't a negative review of Proton. This is just to say that choosing Proton Mail means living with the compromises necessary to enable their main feature (privacy) and I don't care enough about that one feature to make those compromises worthwhile (because my email is going through so many non-private services anyway).

Yeah this is why I chose Fastmail when migrating off Gmail - I needed something more usable, not private
Teams is a horrible, ghastly product that is absolutely impossible to avoid with clients :-( I'd prefer to stay on the free plan because it feels so soul-destroying to reward such behavior, but then you can't start calls unless invited to a meeting by someone on a paid plan (or something, it's disabled with no message).
I agree!

I switched because of their calendar integration. I needed an email tool that would send 'accept' replies to calendar invites send from outlook and google, and I landed on proton.

To any self-hosters if you have a working setup for that (email+calendar), please let me know! I couldn't find anything decent.

Since you are switching anyways you could try to adopt local first and that way you make sure you don't have yet another cloud dependency ie political dependency.
>At the very least, think twice before signing up for new US services. Consider European services instead.

To be clear, this Europe?

https://www.europol.europa.eu/media-press/newsroom/news/euro...

Pretty much every country has interests groups trying to push backdoors into end-to-end encrypted services, what's your point?
Not everybody's chief has a nickname "Zensursula" (German word for censorship ("Zensur") and her given name ("Ursula")).
This is such a forced pun.
She got that nickname for her push to mandate provider-level blocking of requests to foreign servers distributing CSAM while working as the German minister for family affairs, which critics argued would create a slippery slope by establishing a practice of forcing ISPs to implement network request blocking (IP bans). This push materialised in the Zugangserschwerungsgesetz, which while being passed in 2010 was never actually applied and eventually repealed. Around the same time the German minister for the interior argued for police powers to use trojans (computer viruses) for investigations, which likewise passed and seemingly has been used with very mixed success - it's worth noting that the use of this practice by US federal law enforcement was already well-documented at the time.

The USA PATRIOT Act on the other existed and had been used extensively (as far as we know) before expiring in 2020. But even without the USA PATRIOT Act, the US is well-documented in using warrantless surveillance: https://proton.me/blog/us-warrantless-surveillance

The existence of nicknames is a weird metric to judge a jurisdiction's attitude to privacy by when you have actual evidence of behavior you can compare directly.

EU governments trying to push for special powers for law enforcement to sabotage encryption and failing (remember: the UK is not in the EU anymore) is very different from what US federal agencies and law enforcement are not only permitted to do but also are doing and have been doing for decades. It's probably not necessary to point out the limits corporations face under EU privacy laws compared to the US.

Trying to pass the law (and fail) is bit different than having laws like patriot act and rooms like 641A.
I wonder if shifting to cloud providers in the EU will lead to the rise of giant European cloud companies in both technology and infrastructure, or if this is just a short-term trend.
There isn't even a short-term trend. We saw posts like this a few years ago (in the blog post even admits he tried this before) and they went nowhere, just like this "movement" will.
I mean, let’s divide it into before and after the Trump era. Will we see the same trend once the new sheriff in town steps down for peace?
From a tech standpoint, nothing changed with Trump. The NSA had all the backdoors before Trump.
It's not just about backdoors; on a broader level, we're shifting toward a protectionist economic model, which contrasts sharply with globalism.
Bold of you to assume that the new sheriff in town (or any successors) will ever step down.
From perspective outside of US it is not that relevant (in this context) if there is change after this. Because as we have seen in 2016 and now - there is no stability.
I'd like that. Personally, I prefer to self host all my stuff.

But I can't do that to our clients. I want to provide them with something that makes them independent from us, something they can just hire any random agency or freelancer to work on. That leaves AWS and Azure as strong options.

There's a number of European cloud providers (https://www.stackit.de looks especially interesting), but I'm looking for too-big-to-fail options. Hetzner sure is that, but you don't get managed relational databases, object storage and a couple of other things that typical web apps rely on.

I know I can host stuff like Postgres and MinIO myself on Hetzner cloud instances. But when it comes to _managed_ services for this stuff, from a too-big-too-fail provider, I'm drawing a blank when it comes to European providers right now.

> I want to provide them with something that makes them independent from us, something they can just hire any random agency or freelancer to work on.

I have the same attitude and regularly find (sales) people not understanding why I'm doing this. They are pathologically looking for my angle. But there's none.

I totally have an angle, I consider our reputation to be our most important asset. There's a lot of devs and agencies out there. It's a whole lot harder to find good _and_ trustworthy ones. Being that is my angle. We got close to 100 % of our business from recommendations, and I like that. Wouldn't really want to spam strangers for finding gigs.

Of course, a lot of agencies do just that. And I've also seen more than one situation where an agency held their client hostage, not giving them access to their own code, hosting environment and what not.

Sure, it's not 100 % angle. It's also to a large degree professional ethics. But I can easily rationalise it into business value, and am probably not far off.

OVH supports object storage and managed relational databases.

It's not on the level of AWS at the moment, but getting there fast.

There was enough computing demand from Europe before this 'shift' (it's one tech enthusiast here). Large US cloud just opened DCs in Europe. No European cloud provider wanted to step up and provide the level of service US giants offer.
Honestly I doubt it. For now, the really big users, companies and large organisations are waiting it out. If they can sort of get by for the next four years, then they aren't going to make the switch, and frankly neither would I.
I think the trend should be away from these cloud providers in general and to smaller companies that offer both a paid service and a self hosted option as a way of providing you with an exit strategy. Ente is a good example of this
I moved my side project websites off of US VPS providers to an old MacBook Air 2015 I had lying around.
Side projects? What critical data did you have in them? Honestly curious.

I am all in to move away from google, dropbox, etc.

When I started in tech, Freedom was key. You put a value in your freedom to run and modify your code.

Over time that has not only regressed to just free to run, but not even that - you have to have permission to run your stuff

It’s easier to be a vassal. I won’t say good luck though. Live in favour of the king and you’ll be fine. Until the king does something and you get to kiss his ring.

One relatively simple thing we're missing on the Swedish cloud market is someone offering OIDC SSO, Chat, Video meetings, e-mail, calendar and file sharing.

I can't even say which European company offers this, Proton maybe?

Being a long time open source advocate I think it can be done, but system integration would never be as good as MS or Google.

But this simple platform would get a lot of SMB's to migrate.

Legally Proton is not based in European Union nor European Economic Area. Switzerland is extra EU just like USA, China or Russia
You cant compare switzerland to china or russia lol

its more like EU is 10, switzerland is 11 or 12

Then compare it to Singapore.
it is still better than russia or china, comparable to switzerland

I might argue it is better than switzerland, most asia pacific data center is in singapore for southern hemisphere

The European Commission has recognized the Swiss Data Protection Act as equivalent to the GDPR. This allows data to continue to flow freely between Switzerland and the EU.
Yaeh, but they also gave that seal to the US authorities even though everyone clearly knew that this was based purely on wishful thinking.
No not like USA, China or Russia. Switzerland has very strong ties with the EU and synchronises with the EU on most legal developments.

It is part of Schengen, free movement of people (try moving to the US from Europe), aligned their data protection law with GDPR etc.

It's very different from the countries you mention who don't make any effort to align with EU and are our adversaries in many cases.

Proton is nowhere near M365 capability set unfortunately. M365 really caters for the big enterprise. Data Loss Protection, integrated security, it has a lot of that stuff in the backend. Not to mention all the gaps in user-facing apps like chat, video, office suite.

Perhaps they will get there but they're nowhere near there right now. You could use it together with MS Office standalone but then you're still dependent on Microsoft.

Um, after “simple” you’ve listed six different kinds of services. Just operating that any kind of nontrivial scale will require quite a bit of headcount.
I get decentralized is a thing but maybe "being able to easily migrate my stuff to another service" could be a thing too.
The biggest elephants in the room are cloud providers, but I didn't find an easy alternative yet (hetzner, ovhcloud). ATM, the idea to the business is sold, that data resides somewhere near by in a datacenter, EU proximity. However, the EU businesses are realising that, well, whole region is at a mercy of one person.
OVH and Hetzner are excellent companies. I doubt there would be any problem with them in the future.
Both companies are excellent, and I'd absolutely trust them with my business, but neither can replace something like AWS. The friends I have at companies who are actively using AWS are all relying on a fairly large number of AWS only services. Either they'd need to stand up their own replacements and host those services on VMs, or in some cases rewrite parts of their stack.

E.g. if you're using AWS Cognito then you're not going anywhere.

IMHO Aws is designed for totally embracing their philosophy and language. You don't understand two Aws Devs talking to each other. Even organizations are internally structured for Aws operations. This create something even stronger than a dependency.
Making yourself a subsided of Amazon was never wise. You exist as long as Amazon allows you to. It’s modern feudalism.
> Making yourself a subsided of Amazon was never wise

True, but the AWS pricing doesn't make sense otherwise. If you're not using the managed services, then the value proposition is no longer there. Using those services is what allows you to build massive systems for relatively cheap, with much less staff. We had a project that was to be moved from on-prem to Azure (same deal), it went from thousands of Euros per month to fitting into the a free-tier, but only because we could use managed services. Spinning up the same VMs would cost more than hosting it ourselves.

Exactly! You can get a bare minimum, like a virtual machine (EC2) or storage (S3), which probably enough for small and medium enterprises (SME). However, if we move beyond, I'm not sure as I don't have experience with them. Now, if I'm building a prototype, I want something quick and just a lack of Cognito is a deal breaker.
(comment deleted)
Other notable EU cloud providers are also STACKIT, IONOS, Cloud Ferro and Exoscale
OVH is an absolute joke.

People are really quick to forget the fire that destroyed one of their data centers a few years ago and which did not get addressed in any way by OVH for months.

They also learned nothing from it, and are repeating the exact same mistakes.

I stopped hosting even my personal blog on OVH because of how garbage it is.

Yes they are such chaos internally. Even their support tells you different things every time. I kept having issues around my IRC bouncer on one of my servers (kimsufi, their budget brands). Some support people said yeah no issue as long as you don't do anything illegal. Others said I'd get insta-banned, and sometimes I did have issues and had to call them to get re-enabled.

Now, I have to admit I haven't been a customer of them for 10 years due to exactly this. But yes the fires exposed a lot of the same I left them for.

I left to go to DigitalOcean but it became too expensive and then I found Scaleway which I'm a happy customer of for years now.

Problem with Hetzner is they don't have the self hosted DCs in pacific region yet. They have Singapore for their PaaS solution, but if you want those cheap second hand servers then have to be in EU
What is their PaaS solution? Hetzner Cloud is IaaS.
koyeb.com is an EU (France) alternative to fly.io
Have you used Koyeb? I really like fly.io, though it would of course be ideal if they weren't US-based.
How about Scaleway?
I like them a lot but they only have EU DCs, if you are looking for Global (or at least Asia) you're out of luck for now. Perhaps this disconnect from US services might give them the impulse to spread out though! I'm really happy with them as a customer and I don't have needs beyond Europe anyway.
I've found Scaleway for AWS-style managed backend services fronted by Bunny (https://bunny.net/ - also EU-based & owned, but with global CDN DCs) works well! Bunny have nearly 30 DCs in Asia alone.
I think this is less of an issue than people actually think - if it gets to the point where this becomes a real problem, individual EU countries can force the datacenter owners like Google/MS to change ownership structure for these datacenters to EU-based subsidiaries or completely new companies if they want to continue to operate.
I wouldn't buy that - if there is a dead switch then sorry, I don't want to pay that with my business.
Virtually all foreign companies that set-up shop in Europe (or anywhere else) do so by setting up local subsidiaries.

Google, Amazon, Facebook, Apple, etc. When you deal with all of these guys in Europe you deal with their local subsidiary(ies), not the US mothership.

I'm aware of their use of subsidiaries, but is this true for ownership of the buildings and hardware, or just something done for tax purposes?
Usually everything is through subsidiaries. For tax and profit allocation purposes the way it works is that you set up subsidiaries in tax-friendly jurisdictions and then channel the profits to them through contracts between subsidiaries.

The general point is what does "moving away from US cloud services" mean, then?

Does it mean not using infrastructure actually located in the US? Or does it mean effectively boycotting US-owned companies that may be fully located, including infrastructure, in Europe?

This doesn't matter as far as the concerns about US warrantless surveillance laws go because those laws also apply to subsidiaries of US companies. IIRC Microsoft tried to argue that its EU subsidiary could not comply with US requests and lost.
I wonder if there will be some kind of setup like AWS did in China - with a local partner managing the DC.
Hetzner is great value, but their networking has a few issues:

1) Networking is mostly limited to 1Gbps. Even private networking. You can request a 10Gbps NIC, but it has to be housed in the correct data center and adds a $48 monthly fee.

2) Private networking is IPv4 only so dual-stack private networking isn't possible. Also each public IPv6 address is /64. Would be nice to get a /56 to setup dual-stack IPv6.

3) Can't specify a subnet to assign a server to when using hcloud API/Terraform. You have to specify the required IP on the subnet explicitly.

4) As I understand it, the private network traffic isn't truly secure between tenants, so needs to be encrypted between nodes anyway.

Still, I'm betting they'll fix these issues as their offering grows.

Schwarz Group seems to be getting traction in that space. (stackit)
About Bitwarden, i have a setting to use European server when I connect to and register a new account.

Wouldn’t it have been easier to just migrate from Bitwarden us server to European server ?

Proton pass free tier lack feature compared to Bitwarden.

Beside id argue that no cloud is better than European cloud. There is keepass for instance, with syncthing it works pretty well.

Even on European servers, it’s still controlled by a US organisation, so if Bitwarden is required to shut down access, they will. For an example where this happens, this court verdict from The Netherlands shows Microsoft's Dutch branch refusing to grant access to data (on its EU servers) of a Dutch company, to a Dutch curator who by law must be given access, because of trade sanctions on the majority owner: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:RBAMS:2...
You can run vault warden just fine.

Open source

Beats

Closed source

Beats

Managed service from Europe

Beats

Managed service from America

Anyone knows a good github/lab alternative that is hosted in Europe? That article scared me of the potential loss of my code.
It's pretty easy to self-host a gitlab instance using docker.
codeberg? git as remote repo also works just with a remote host over SSH.
We switched to self hosted gitea, so far so good.
[flagged]
Something important to keep in mind... It's the current US leadership blowing up relationships, not the other way around.
That's arguable. If you're in an unequal relationship the best way to go about them is to reset them to a base equal state and then build the relationship again.
"Equal" is a very relative concept, and trying to move from unequal to that in a month or two after decades of having a reputation of being a stable partner is only going to make it more difficult.
The US has been vocal about Europe having to spend more on defense as part of NATO. Yet most countries didn't, preferring to spend the money on other things. Governments of the largest European economies have been so full of themselves, yet now their strongest ally is asking them to actually deliver.

I understand that for Europeans this might cause a negative reaction, but the reaction is pure emotion, not an attempt to understand both sides of the partnership.

The current administration has been pushing things very fast, that is true. Maybe too fast. But it is also refreshing to see that you can get rid of bureaucracy if there is a strong will.

And let's not forget that the change in the US administration has had a direct impact on the debate around de-regulation and making the business environment in the EU more friendly for entrepreneurs and new business. But it came only as a reaction to what Trump is doing, not as part of a clear strategy or execution plan.

Even if that were true, closely defending the interests of the US conflicts with defending the interests of the EU.

Besides, the example of the sanctions to the ICC provide a concrete case of unacceptable risk due to the new US policies. Even assuming that sanctioning the ICC in favour of Israel is defending the interests of the US.

> becoming more popular as propaganda by certain European politics and ideologists kicks in.

So nothing to do with the new administration—interesting take?

> The only thing that has changed since the latest elections in the US is that there is a government that more closely defends the interests of the US.

This is a huge understatement of the current political situation in the US, where old allies are suddenly being treated extremely unfriendly and where stability is no longer something you can count on given how quickly the situation has deteriorated since Trump took office. While it is allegedly being done to "more closely defend the interests of the US" the ends may not justify the means.

We don't have an issue with the approach on a fundamental level here in the EU, but we would have liked this move to have been made in a more progressive fashion, as it makes the US look like a very unpredictable commercial & military partner.

> Getting rid of good relationships with the US will weaken European tech (and not just tech) even more.

Forcing EU to improve their own tech and military development is something that is being done in response to the US' lack of predictability, nobody's being "fooled" by talking heads, people just generally love the feeling of safety and predictability.

I'd like to understand why you're assuming this will weaken European tech though - what is this based on specifically? We can develop our own versions of anything you make in the US, we have the engineers and the US is no longer really leading even in AI initiatives thanks to the Chinese open sourcing their AI tech.

You seem to be living in an alternate universe where US can be seen as a reliable partner and would never abuse its power in tech.
> more closely defends the interests of the US.

Uhm, you did notice the threats of invasion and annexation to allies, didn't you? This is not "more closely defending interests", this is a 180° change of policy after half a century. Maybe this feels like some minor issue to you, but generally, countries take direct threats to their sovereignity extremely seriously.

And the thing is - while Europe didn't do the whole "growth above all" thing in recent years, it still has the best median quality of life in the entire world. Maybe there is a point, where it's just good enough?

Maybe the price of eternal exponential growth is too high.

I've been hearing those doomsday "europe is going to get destroyed economically" stories for my entire life. Yet the median quality of life and other societal markers kept going up.

Do you really not notice what you are doing to supposed allies, without whom the US is essentially nothing? This is a two way street. And without protection from the US, why should american outstanding political influence be a thing anymore? The US and its citizens aren't special, just one country among many others now.

This comment makes me think of the Gell-Mann amnesia effect but applied to comments. If I was unaware of what has been happening for the past few weeks I would find this comment reasonable and well nuanced. I realize that many times I read something on hn on a subject I know almost nothing about and leave thinking I've learned something.
Privacy rights in the EU are being eroded as we speak. Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.

Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.

counterpoint: not everyone needs a hyperscaler. Especially with open source like Kubernetes out there. Of course the more experience companies have managing it, better the service becomes. But I don't see why it can't happen within EU.
dude, EU is home for around 500 million people. (correct me if I'm wrong). EU definitely needs a hyperscaler. Every single one of these people will need a digital identity along with their compute rights.
wouldn't it work with 100 not-so-hyper scalers as well though? It does not have to be AWS, GCP, Azure.
> Privacy rights in the EU are being eroded as we speak. Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.

Last time I checked not even the US is proposing to install AI agents on everybody's phone to surveil your encrypted messages (look up chat control, last meeting not even 2 months ago). Soon people will start looking for non-EU VPNs to install Signal (the CEO said they would leave EU if the law passed).

> Also, sorry, but the idea that EU countries are in any position to build a serious hyperscaler is pure fiction. Growth, funding, risk, innovation - those are alien concepts to European entrepreneurs.

Disagree, some of the EU clouds are already well on their way.

> Disagree, some of the EU clouds are already well on their way.

Feel free to drop a few links. Digital EU projects tend to be absolute disasters run by bureaucrats. They always result in some 100 page long document, talking about planning a plan for creating a planning framework. Also throw in the words sovereign and digital transformation, for maximum corpo-political bullshit.

Sure there's more bureaucracy here but in the end they work out fine.

Galileo works perfectly as a counterpart to GPS. GDPR was also a resounding success.

Is that the GDPR that has polluted the web with cookie notices?
Yes but that's only one tiny aspect of GDPR. Unfortunately this is an aspect where they caved in to corporate lobbying, they should have just mandated the obedience of the "do not track" flag (or a similar thing). That browsers set it by default is not a problem because the whole idea of GDPR is that tracking should be opt-in, not opt-out. But really this is a tiny part of GDPR. It is not just about the web even. And as annoying as the cookiewalls are, they also make the user more aware (I mean, why do you want permission to share my data with 572 "trusted partners"??). It also enforced some concepts that should already have been standard, like the purpose principle, explicit permission ("opt-in") etc.

It has really made companies much more aware of data handling. At work we have data protection officers now, privacy advocates, every app we onboard now has to be reviewed in terms of what the data is used for, where it ends up, if we have agreements with them in terms of what it's used for etc. This is really great because before we had pretty much nothing like that. It was just move fast and break things, including customers' privacy that would get broken. And our company is one that doesn't make any money from tracking our customers, so it wasn't really targeted as us, but it still drove so much improvement.

I think it will become much better now that we are disconnecting europe from US services. The main reason that tracking-informed ads are so much more valuable than context-informed ads, is that Google and Meta etc are promoting them. They control the auctions, and tracking is their moat. Nobody has such pervasive tracking networks as them.

The disconnection from these services could really be the trigger for an EU-based context-informed advertising service.

Yes ChatControl is a worry indeed. But we have been successfully fighting it for a long time. And it is only pushed by a small number of politicians.

Surprisingly enough the drive to do this does not come from within Europe but from the US (Ashton Kutcher and "Thorn"). They have managed to pocket some influential politicians.

Not sure why you're getting downvoted. This is factually true:

Chat control: EU Ombudsman criticises revolving door between Europol and chat control tech lobbyist Thorn

> Breyer welcomes the outcome: “When a former Europol employee sells their internal knowledge and contacts for the purpose of lobbying personally known EU Commission staff, this is exactly what must be prevented. Since the revelation of ‘Chatcontrol-Gate,’ we know that the EU’s chat control proposal is ultimately a product of lobbying by an international surveillance-industrial complex. To ensure this never happens again, the surveillance lobbying swamp must be drained.”

Source: https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-c...

> And it is only pushed by a small number of politicians.

Including the chief Ursula von der Leyen and her commission.

> Unless people there get off their high horse, they'll succumb to the same level of authoritarianism and surveillance as in the states.

We are very far away from the status quo in the US. Some countries are overtaken by extreme right, which is worrying. But it's nothing like the US where the entire country went to shit overnight.

Also, we don't have this singular president entity which has so much power that everything can be turned upside down in just one election. We have a president but she has very little power and influence compared to the way it is in the US.

Also, our multi-party system prevents the two-party zero-sum setup that is present in the US where parties go to ever extreme methods to make the other side look bad (because a lose for one is a win for the other). For us it doesn't work that way.

(comment deleted)
A shame that OP recommends Proton. The fact they don't support open email protocols like IMAP/SMTP without an extremely frustrating proxy setup is what ultimately turned me away from their service. Being able to "just" use a native mail client is pretty much a must.

The vendor lock-in from something like Proton feels way worse as a result.

Can't speak to Proton Pass, but it strikes me as a replacement that seems unnecessary: if Bitwarden is a problem, the server can be selfhosted, something which the OP seems to be familiar with.

Some of the others feel of more... questionable issues to have with US cloud services; it's hard to find problems with Dockerhub and NPM that aren't just general problems with these services/the company behind them (mainly NPM). Maybe that's just because the public/private concern for both of those services is pretty different than the others mentioned here.

Yes I'm not a fan of Proton either. Especially because they hammer so much on their "Encryption" thing while 95% of the mails you get will come unencrypted from one of the big tech parties, Google, Microsoft, Amazon. So what is the point, really? And because of this indeed it is very hard to connect to it.

Email is just dead as a tech. It's no surprise nobody uses it for sensitive content anymore but instead just uses it as a notification service ("Please log in to our portal to read your message").

I don't personally like bitwarden either because it uses a master password, I prefer "pass" which encrypts each password with your GPG key (which can be stored on a yubikey for hardware security). But yeah self hosted bitwarden is a good option too and very popular.

> It's no surprise nobody uses it for sensitive content anymore

I get password reset links for pretty much every website on email. Few things as sensitive as that.

I also receive and send documents, signed or for signing, with pretty sensitive information, over email.

I agree it shouldn't be used for those but it certainly still is.

There's so many organisations moving away from it though. Email password recovery yes. But really, what does Proton's E2EE add to this? The email is still sent unencrypted across the internet. And only gets encrypted when it gets to their mailbox. It's not as if someone could easily break into gmail either. Unless they know your password but then Proton is just as vulnerable.

I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.

I agree. My comment was not related to Proton in any way, only as a counter to the idea that e-mail is on the way out.

Yes, there are companies and services getting away from it but there's still a lot of sensitive information flowing through it.

Many emails aren't sent unencrypted any more — just not E2E encrypted. It's harder to stop an active MITM from downgrading the connection, but the bulk of non-spam messages to my server come in with TLS. And while it's not going to be possible for most people, I have pinned most of my larger destinations to require TLS with a suitable certificate, so I can have confidence that my outbound email won't transit the Internet unencrypted.

Obviously if you're a client of a big hosting service that you don't trust then E2E has value. But that's not the whole problem, or the whole solution.

Encryption at rest is still worth something.

>It's not as if someone could easily break into gmail either. Unless they know your password...

Google employees, the NSA, hackers, ... they can all break into your Gmail without knowing your password.

>Email is just dead as a tech.

It's really the only game in town for messaging. Like sure, there are a zillion incompatible alternative systems out there but email is the only system with worldwide adoption. ... and its federated. ... and it actually works somewhat reliably. ... and it's actually fairly secure these days, using a network of trusted email servers.

Like sure, it would be great if we could make end to end encryption usable for regular people for the email case. It would also be equally great if we could make E2EE usable for regular people for all the other cases.

Yeah, I was a Protonmail evangelist but their mobile app sucks and their client software has nonconsensual surveillance embedded in it that you have to remember to turn off.
I am migrating away from Proton. In theory they check all marks, in practice they fail in delivering baseline functionality in all categories.

1. The Web interface email is so-so, but the proxy email bridge is really heavy and takes a huge amount of disk space. It also makes my computer start flying from time to time. The iOS email client(very important as they dont support standard protocols) is just useless. The text is rendered like an image which I need to pinch to zoom in and slide across the text. There is no way for the font size to be increased to a legible amount. The images in attachment are not in a carroussel so I need to open1/close1/open2/close2/open3/close3 if there are 3 attached images. In an email client this is absolutely basic.

2. ProtonDrive: It took a long while before rclone was supported and for their web client to be working, "ok". Anyway it is basically unusable as a backup cloud service because it takes forever to encrypt in the browser. I just gave up and have no idea what is the state of sync of my files there. I just moved to backblaze and am waiting for my Proton subscription to expire.

3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.

4. ProtonCalendar is proprietary and not compatible with generic tools in iOS or linux or Android.

I gave up trying their other services as I just expect them to be as incomplete.

I mean: Email is the thing that needs to work right and every time I need to see some email together with my wife I feel like this goofy person that complicates what for everyone else is one of the most basic tasks in using a computer.

If I could I would just cancel and ask my money back, unfortunately they do not do that.

> 3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.

Even residential IPs are being blocked nowadays, we have Cloudflare to thank for that.

Yes! I run Firefox on Linux and I constantly get captcha'd everywhere (by that typical cloudflare loading page) because I'm not part of the 95% that runs Windows or Mac. Cloudflare is an awful thing for the internet.
I run Firefox on Linux and I rarely encounter Cloudflare captchas.
cloudflare seethes at firefox users that have strict tracking protections enabled. OTOH it's still much less violent than hCaptcha or google. Especially if you install their PoW pass extension.
Ahhh and yes, I have this too. Not only the Firefox tracking protection but also uBlock origin with all the lists enabled (and some custom ones too).
And yes I see your edit, Sometimes with google captcha I just end up in a never ending loop.
Strange, I get them so much.

It might be because I tweaked my user agent. I had to do this, because Microsoft is being obstinate and disabling a lot of M365 features if you're on Firefox on Linux. When I set my UA to Edge it suddenly works totally fine. I'm just a bit stuck with M365 due to my work, unfortunately.

So you answered the question right? You are blaming CF yet your change is causing CF to detect you as an untrusted browser. Not their fault.
No because there's nothing "untrusted" about my browser. Just because I'm not a slave of big tech?
It's not really "big tech slavery", cmon. A large majority of bots on the internet try to fake their User Agent to pretend to be someone else. Unfortunately, your browser does the same. When they compare your browsers signature with the expected user agent and real user agent, they find discrepancy and flag your browser as suspicious.

The real solution is to only modify your user agent for the MS apps you have trouble with, and all your captchas will disappear.

No they don't because I had them too before I started using M365 and had to edit the UA. Maybe not as much, but I think the tracking protection also has a lot to do with it like another poster said.
In that case you might want to consider keeping a separate Firefox profile for M365. Then you can have the alternative UA string only in that profile.
We're clearly in the non-Chrome, non-Windows/macOS minority that Big Tech can pretty much safely ignore.
I get banned within 5 minutes when I browse Hermes or LV websites, fun stuff...
I got banned from dash.cloudflare.com because apparently opening a few new tabs quickly is enough…
That would be extremely stupid from their part as it checks with a browser merely restarting with or recalling the latest session.
well, I can trigger it again and post a screencap if you don't believe me. Shall I?
Have you considered mailbox.org? I rarely hear much about this German mail provider that supposedly prioritizes privacy.
What's a good alternative to Proton? Still haven't migrated my business away from Google Workspace, and I was thinking Proton would be a good alternative, but apparently not if they don't even support IMAP/SMTP.
Second Tuta. Their feature list might be limited when compared to Proton or Fastmail, but their core email service is solid.
It's an alternative to Proton because it doesn't support open standards (like IMAP), but it has the same problem - vendor lock-in.
I use Zoho for my personal email. They aren’t European but they aren’t American.

Crucially though it’s easy enough to migrate to another provider of self just by updating my mx records.

context: Zoho is incorporated in US and made in India.
Note - Zoho is from the country I live in. You ought to expect nought privacy from here, or maybe even negative (yeah, that can be a thing :D).
Mailbox looks very solid, although I don't have long-term experience: https://mailbox.org

It provides email, online storage, video conferencing, calendar etc., all of it privacy-preserving by default. You explicitly don't have to provide any personal details.

Seconded. I'm using mailbox.org for my business for 4 years now, and haven't had any problems so far.
Fastmail[0] is what I use for my personal email. They support all the standards, but are also pushing things forward with standardising the JMAP protocol[1] which is much better suited to mobile clients than IMAP.

They only have email and calendaring though, no equivalent of Drive/Docs/Sheets.

[0] https://www.fastmail.com [1] https://jmap.io

I have used Fastmail for well over a decade, but they have their servers in the US, so I have been looking at alternatives.
And Australian law doesn't quite offer the same protections as GDPR. In fact, being a Five Eyes country, it's effectively the opposite.
Australian businesses have to provide GDPR protections to EU citizens, regardless, just as EU companies operating in Australia have to obey Australian law.

I also have a feeling the Five Eyes agreement is about to end.

I also have a feeling the Five Eyes agreement is about to end.

That's certainly possible, but as long as the servers are in the US, that's not really meaningful I think?

(comment deleted)
Maybe I'm missing something, but: just use a local ISP? We use Hostpoint (Switzerland) for our websites and email.
Mailbox.org is one I like

For a more business oriented replacement that can (mostly) replace gmail, google drive, docs, sheets, etc.. Zoho One is pretty good.

Not mailbox.org (!) unlike many have suggested. In last few years mailbox has gone into the gutters in almost every aspect (almost) - I am stuck there because of a large recharge/purchase I had done and they don't do prorated refunds anymore.

There are other options - tuta, posteo, runbox etc (I have just made a longer comment and I am sure you can find more on the net).

IMHO - we should not ignore other things when looking for a service replacement I mean aspects of a service other than privacy and for me responsiveness and customer service comes near the top or at the top.

Fastmail should offer tenancy outside of the US, either in Australia or in the EU/Singapore.
How would you support E2E without the proxy? Not that the majority of people’s emails are truly E2E anyway on Proton, but still.
Decryption / encryption in email client.

If (more) email clients handled this you wouldn't need protonmail.

Ok but are you going to send a petition to Apple or what? How are you going to practically solve this problem without a proxy?
Why is IMAP/SMTP so important?

What exactly are people missing out on by Proton not having this support?

Our choice of email client.

Scripts that automatically pull emails and archive them locally or process them in some way.

Also the CEO is praising the current Republican administration https://x.com/andyyen/status/1864436449942110660
You're looking at this in black and white. The CEO praised one of the administrations picks for being tough on big tech. While I think he's wrong in his statement on who stands for "the little guys" praising one pick for her stance on big tech does not mean he wholly supports the administration and it's actions.
“Other than that, Mrs. Lincoln, how was the play?”
Not all things require an equal reaction. Someone saying "this pick has a good track record" doesn't require the same level of drama as if he had said everything this administration does is awesome.
I'm looking at new email providers and the inability to use Thunderbird on Windows and Android is why I ruled out Proton.
Regarding Startpage: https://www.startpage.com/privacy-please/startpage-articles/...

https://web.archive.org/web/20210729190016/https://support.s...

The original link is dead for some reason: https://support.startpage.com/index.php?/Knowledgebase/Artic...

TL;DR: Startpage appears owned by an ad company? https://web.archive.org/web/https://www.bizjournals.com/losa...

Could someone explain to me how an ad company and a privacy company work together? Seems like opposing interests?

Maybe Ecosia will be a good alternative later on: https://blog.ecosia.org/eusp/

Another suggestion would be https://searx.space/

Searx is great (I use SearXNG personally) but be aware that it's something that lifts along on the main search engines. It's not a search engine, just a meta one. It still depends on the big US ones for its results. Just like Kagi for that matter (though they do have a small crawler themselves, their main results are metasourced from various large engines)
I don't like all of his suggestions, like startpage.

But I have very good experience with Scaleway, much more so than OVH or Hetzner. Hetzner demanded ID photos for everything. And OVH is a chaos. Scaleway is more like an Amazon type cloud and their support is really good and direct. Also cheaper than Amazon (and without the whole ratmaze of fee structures!)

Man, I bet it feels clean and fresh like stepping out of the shower after playing sport in the sun for hours.
> Wrapping up - Migrating away from US cloud services was easier than I expected.

This is absolutely not the main takeaway and I find it difficult to see how he could write this - there are gaping holes. Git repos (it's too difficult). NPM (ditto). Startpage uses Google's index. The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems. The real takeaway from this is that it's currently impossible in any meaningful sense. It feels like there's a real opportunity here for European companies to step up and make a big play, but will they? I really, really hope so. I'd jump ship in a heartbeat if I could.

Edit: To be clear, the reasons in brackets were the author's, not mine.

> Git repos (it's too difficult)

Sourcehut

> Startpage uses Google's index.

If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.

In any case, even if a european is a proxy for an american service, you need to prove that there is a market for an european equivalent for change to happen.

TIL that Sourcehut is or has been moving to the EU/Netherlands, thanks!
They have moved to Netherlands. They were planning, but Murphy knocked (kicked?) on the door as a massive DDOS, so they expedited the move, a lot.
(comment deleted)
> Sourcehut

Is it there yet?

> Notice: sr.ht is currently in alpha, and the quality of the service may reflect that. As such, payment is currently optional for most features, and only encouraged for users who want to support the ongoing development of the site. For a summary of the guarantees and limitations that the alpha entails, see this reference.

https://sourcehut.org/pricing

I've used it for a few years and it's been stable and without issue. builds.sr.ht is the best CI that I've ever used. I think the only time it has been down has been due to DDOS.

Would I run the git server of a multi-national bank on it? Probably not. A standard SAAS? Yeah if my team felt it was important to use EU companies.

Otherwise you could also self-host with a VM, then you can use gitea or gitolite with systemd oneshot services.

> If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.

"There might be an option in the future if there are sufficient users" is a quite different milestone compared to fully switching away from US-based services.

(comment deleted)
he mentioned also Quad9 - Cloudflare DNS replacement. I didn't know about and will probably switch to it. My other picks:

SEARCH: qwant (france)

LLM: mistral (france), librechat.ai, openwebui

VPN: mullvad (sweden), protonVPN (swiss)

AUTH: OpenID (sadly seems like not many sevices implement it)

CLOUD: Hetzner (germany), OVHCloud (france)

MAPS: here wego, openstreetmap

EMAIL: protonMail (swiss), fastmail (australia)

DNS: mullvad (sweden), quand9 (swiss), nextDNS

TRANSLATE: DeepL (germany)

BROWSER: zen-browser, vivaldi (norway)

SOCIAL: nostr, mastadon (germany)

IM: elements (uk), matrix (uk)

EDIT: correction that fastmail is australian

Fastmail is based in Australia [1], not Germany.

[1]: https://www.fastmail.com/company/about/

Fastmail's servers are apparently located in the United States[1] - and the Netherlands, but there doesn't seem to be a way to know in which country your specific mailboxes are stored.

> Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.

So as far as warrantless surveillance is concerned, Fastmail is no better than if it were a US company or subsidiary thereof. They may themselves not be in a position where they would have to comply with US requests that would be illegal in Australia but whoever is operating their US-based DC absolutely is and they admit as much, even if they handwave this scenario as being no different from an ordinary hacking attempt[2].

[1]: https://www.fastmail.com/blog/fastmails-servers-are-in-the-u...

[2]: Of course the flaw in this comparison is that an ordinary hacker can't make on-site staff comply with their demands and prohibit them from disclosing the hack. To do so without the authority of the law, you'd need a Hollywood action movie level of criminal enterprise that would usually involve taking a retired police officer's granddaughter hostage for some reason.

Fastmail can't be trusted.

Australia has some fairly draconian digital laws that authorities can issue notices requiring developers to assist with an investigation. This can include technical assistance which could require companies to build capability for law enforcement to break the encryption used in their services.

https://www.theguardian.com/australia-news/2024/nov/05/sessi...

https://www.404media.co/encrypted-chat-app-session-leaves-au...

Fastmail can be trusted because it's operated by trustworthy individuals, with a company from a country that's still an ally.

If you don't want surveillance, you'd better not use email.

It can't be trusted because it is incorporated in Australia which has draconian digital survellience laws.

Operated by trustworthy individuals is a moot point when they are compelled by law to build in a backdoor if asked. Even a warrant canary is forbidden.

You're repeating the same information as in the comment I'm replying to.

The surveillance laws, no matter how often you repeat the word "draconian", are irrelevant because…

Email isn't safe, and most of your email probably ends up on Google's or Microsoft's servers anyway, in which case US companies can be coerced by the US government to give them everything they have, while not being able to tell the public about it. And they do just that, a fact that came to light with Snowden's revelations. Australia cannot be worse than the US.

For emails, the government surveillance is irrelevant, as it happens anyway. And solutions like Proton Email are just privacy theatre that also happen to interact poorly with established standards (e.g., SMTP, IMAP).

I also fear Australia much less than I fear the US these days. I have always feared the US, especially due to their massive security apparatus, but at least I considered them valuable allies. These days we'll just add some extra fear points due to the techno-fascists in charge, voted-in by the people with a popular vote.

Whenever I see such comments on popular forums, such as HN, I lose faith in humanity a little, either because people don't think about the threat model (this being vibes-based) or the consequences of boycotting the underdogs, or because they are disingenuous about it.

Fastmail is a fine service, built and operated by trustworthy people, which also contribute to standards (e.g. JMAP) and to open source. A service that's also not monetized by ad-tech, unlike what the Big Tech email services are doing.

> Fastmail is a fine service, built and operated by trustworthy people

Yes, but their data centers aren't because they're operated by someone else in the US.

Fastmail is slightly better than using a US-based e-mail provider but it's still de facto US-based e-mail even if the company you sign up with sits in Australia. They don't control their own data centers and their data centers are in the US (whether they have additional data centers elsewhere doesn't matter if they're not transparent about which data center your data will go to).

“Warrantless surveillance” was yesterday's concern, back when Snowden's revelations were in the news.

Today the concern is war, both economic and literal.

From that perspective, I'll gladly use Australian, or Canadian online services, while avoiding using US ones for as much as possible. Note, I don't think it will be long before services like Fastmail will start moving their servers. Again, yesterday the US was an ally, whereas today the writing is on the wall.

Yes, but nobody competes with AWS, Azure or GCP, everything else is easy. And most likely, most of the services/saas you mentionned relies on "US" cloud infrastructure.
> Yes, but nobody competes with AWS, Azure or GCP

Scaleway is positioned in the same space.

How do you think all these massive companies will successfully continue to operate in a country where the rule of law is no longer respected?

Like I understand how that might sound like hyperbole, but everything I'm reading seems to indicate the USA is on an express train to hackville.

Bribery.

https://www.cbsnews.com/news/trump-tech-ceos-meta-amazon-don...

(the risk is of course that the administration is not stable enough to stay bribed, or intra-oligarch fighting breaks out between Musk and one of the others)

Yes, plus for example helping out with surveillance, finding and stopping dissidents.

Fascism tends to be (I read/learned recently) friendly to big corporations, as long as they are loyal to the regime.

Doesn't this just start to go from productive efforts to stupid ones?

Why aren't we all flying on Russian made planes and using Russian cloud products?

I don't get what you're saying? There was a brief fad for using the other Chinese short video service, Rednote (Xiaohongshu) for about five minutes while TikTok was banned in the US, but mostly this discussion is about data sovereignty for Europeans who want to use European products for better legal protection.

(people have long since moved away from the Russian-bought social network, Livejournal; it's very occasionally useful to look something up on Yandex if you think it may have been delisted)

If you look into the history of some of our most recent, major disasters, they've happened under the watch of authoritarian governments. Two that spring to mind would be Chernobyl and Covid.

Companies running under those governments should surely be susceptible to similar issues because the fish rots from the head down. The culture and fear of speaking out and there for steering things in the right direction would be really dangerous for a company like Amazon and the AWS ecosystem.

OVH and Scaleaway?

If not used the latter but the former was excellent back when I used to use them. They were a little more focused on traditional compute and lacks the general breadth of services that the likes of AWS offer. But if you’re in a position where you’re able to choose a cloud platform provider based on the location of their HQ, then the chances are you’re requirements from said cloud provider are pretty basic.

True, I missed out what scaleway have done over the years, but after being literally burnt by OVH, and hearing that scaleway was operating in similar fashion, I gave up looking at their offering.
For dns there is also dns0.eu, which I've been using without issues for a year (or more, since it popped up in the HN feed).
I thought fastmail was Australian..
Australia is in Eurovision so it counts
So is Israel, but a lot of people moved away from a popular VPN provider once it was purchased by an Israeli company.
Thanks for the info, I am a Private Internet Access customer and didn't realise til now. I now feel disgusted and will definitely be switching to another provider when my subscription ends. Luckily I only use it for Linux ISOs and changing region for streaming services so not much to spy on.
For encrypted mail, there is also tuta.com (previously Tutanota), Germany based
Do you know anything about another popular German mail provider, mailbox.org?
mailbox.org were good, but they decided to become more than just a mail provider and forced users into other, more expensive plans, adding office and cloud storage.

There is also posteo.de. It doesn't support custom domains, but I use it in combination with simplelogin.io (I think French, but now owned by Proton).

Yeah, I appreciate posteo's stance but when I tried using my domain via forwarding service it was a pain.

SimpleLogin, by the way, is now owned by Proton which is run by a founder (CEO?) who is a vocal Trump supporter. Nothing wrong with that of course, just saying.

I have commented just above it. tl;dr - I'd avoid it like plague at this point.
Tuta comes with a caveat - you cannot use it in any other mail client (I think there are similar limitations with Proton as well).

Anyone looking for alternatives - stay away from mailboxo.org. It's a pathetic service. Stuck in past (they have a suite that makes you kick a table leg), very disgustingly bad customer service (it's almost non existent), and yeah they use 2FA inside the password.

Tuta is many times better if you can live with not being able to use another client. (They have pretty decent apps on all platforms though)

This is a great list, thanks. Slowly going to be following suit.
Add Netcup for great and cheap hosting from Germany. I've been a customer for years.
can confirm. Great for small and cheaps VPSes
I’m curious about mailbox.org, which markets themselves as “privacy made in Germany“
Can only recommend them - not too expensive, you can also use your own domains and they support at-rest auto encryption of all incoming mail with a PGP public key you give them (which of course does not prevent them from saving incoming mail as clear text somewhere else, but prevents others from reading all existing mail should they get access to your mailbox later)
Discovered them recently. Price looks absolutely fair for what you get. It offers up to ten external addresses for sending and has a web interface so it looks like a solid Gmail alternative.
I think German law makes that impossible - basically you need to assume the government can access your data at any time.
I thought EU privacy laws were better than US laws.
The difference is that in the US, it will sweep it up anyway, and in the EU, it can access it only with a court order.
I used mailbox.org for several years until they forced everyone into more expensive plans by adding irrelevant features like office and cloud storage. This kind of behaviour from them was disappointing.
ENAIL: Mailbox.org (germany)
More for email from EU: there is runbox (Norway; I have used it, really good except that their new suite has been in beta for over a century), mailo.com (france; on new pages I had to explicitly set translation from top right corner), inbox.eu (Latvia; haven't tried it). There are more: soverin, infomaniak has mail service, sartmail (used it; was costly for my personal usage iirc), and migadu (kinda well known), mailfence (liked it) etc.

Of course there is - Tuta (no imap/pop3 client support) and Posteo (no custom domain) - which are both excellent if you can live with these limitations.

The ones I would not consider (personally): mailbox (germany; but they are really. bad now - I have commented below about it), proton (I'd avoid it; reason was on hn recently).

I expected it to be much harder to move away from these services I heavily relied on like Microsoft 365. Before I started migrating it figured I was so entangled in their web, that switching to an alternative would be a tremendous task. After actually migrating these services, I managed to migrate 90% within a few hours per service. This is nowhere near the amount of effort I expected it needed. Because of that, I'm also optimistic about migrating Git and NPM. While I don't think NPM will be any different, I suppose my optimism about Git might be misguided because of the amount of customization that goes into setting up CI/CD. Still, since only one out of all of the services might be hard - one that doesn't handle any PII - I stand by saying the overall effort was easier than expected.
Git has full name and email in all commits, fyi.
That is only the case if you think of migrating as an all-or-nothing. The services that he did manage to migrate went quite smoothly. If he would get stuck with one or two services, was it still worth it to migrate the ones he did manage? If you think it has all been in vain, then yes - its a different takeaway. But obviously Martijn does things step by step and I imagine he is happy even with the progress he made.

In other words, the question is 'is it easy to migrate to a service for which decent alternatives exist', rather than 'do decent alternatives exist for every service you depend on?'

You takeaway depends on what question you are most concerned with.

> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?

Big plays are possible only with big capital, and that isn't what happens in the EU tech market.

Lack of serious VCs is a problem on one hand, but to blame is also the EU Horizon program which will favor large established companies (which innovate very little), and the fact that the funding direction changes with hype cycles (in 2020 that was digital transformation, in 2024 it was AI and similar).

VC is almost every time grow and sell (to us).

So i think lack of vc can be good.

I second that. Plus, there was no business critical workloads migration in place.
The "easy" stuff was easy as the external face is a custom domain. This should be understood as a lesson for future choices.

Generic / not heavily propriety services which are pointed to by something you own (i.e. a domain name) can be migrated to new services. Web hosting, s3 hosting, email hosting etc.

Migrating from @gmail is not possible without scrapping an identity and starting over.

Not to mention that Proton relies exclusively on US-based companies for payment management (Strip, PayPal, ...).

Transitive dependencies are always a worse problem than direct dependencies, because they are out of your view and control.

But good thinking to get started with moving towards more autarky.

> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?

Or for the EC to stop their "rearm" BS, and actually do something useful for the people by helping such companies. This is the real battleground for European independence and freedom.

No it is not. Proton mail won't stop Putin from knocking on the next door after Ukraine.
The US demanded rearmament for years, and the combination of US and Russia has now forced Europe - including previous neutrals Sweden and Finland - into rearmament. Only a proper, just, end to the war in Ukraine can remove the need for it now.
> > Wrapping up - Migrating away from US cloud services was easier than I expected. > This is absolutely not the main takeaway and I find it difficult to see how he could write this

He explains why he writes this, but this is an incredibly silly complaint because you can’t know what his expectations were.

> The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems.

Which the author had with Microsoft 365 as well. Considering reducing vendor lock in wasn’t a goal of what they were trying to do, it’s not clear why you’re even raising that point.

> The real takeaway from this is that it's currently impossible in any meaningful sense.

It’s not clear how you got to this conclusion in any way whatsoever. In fact, this is an entirely ridiculous assertion.

Essentially your entire comment is “the author didn’t aim to do what I wanted them to aim to do therefore the author is wrong”.

> European companies to step up

... and drown in regulations and taxes. There's a reason why the vast, vast majority of IT startups are not in the EU.

Source: am a startup in the EU.

There shouldn't, in theory, be a heavier regulatory or tax burden on an EU company operating in Europe than on a US multinational operating in Europe.

There is in practice, which is how we got into this situation.

As far as i know, most of the actual tough regulation is focused towards larger businesses with enough revenue, not startups
"there's a real opportunity here for European companies to step up" and what would be business model? From tiny fraction of people that care about this - wast majority are also the same types, that are known to be unwilling to pay for any service ever even 1 cent.
I'm not sure that's true - mainly because of some potentially big European customers in government or national infrastructure. They care enough about security and reliability, that they'd very likely choose a European provider over a US one, especially if the existing political climate continues.

Companies don't need anywhere near the profits of Google to cover continuous development and maintenance, so while a European tech giant of the size of Google might not seem that likely, a European office suite certainly is more likely.

Bert Hubert has previously written about how the entire European telecoms industry with the exception of Britain has outsourced not only equipment but also network operations to Huawei:

https://berthub.eu/articles/posts/5g-elephant-in-the-room/

European national infrastructure providers don't care.

I work in this, not everyone is so deep in cahoots with Huawei.
I agree that some of the hard parts were glanced over. Besides that, everyone seems to talk about the cloud and nobody about the other big, if not bigger, dependency. Our use of Windows and macOS (and Google Android and iOS if you will) on the vast majority of client devices.

If

Time and time again, data-sharing agreements between the EU and the US get busted, showing there's just no legal compatibility between EU privacy rights and US spying laws. [...] With the current political situation in the US, it's also starting to become clear that our entire digital infrastructure is at the mercy of US policies. It is no longer safe to rely on US clouds for our governments and societies, as the US government can shut it down at will.

are your worries, rolling out government-required backdoors, lockouts, etc. in operating systems is going to be a huge issue. To shut down a large portion of Europe's infrastructure, the US government only has to order three companies to do so.

I think there were (and are) attempts of replacing at least the desktop systems with some variant of Linux but I think the dependency on Office remains the main problem in doing so - Windows lets you integrate all that pretty seamlessly with how the system works and is administered.

China is probably much more aggressive in this than Europe as for them the US has been a rival (or even enemy) for a long time.

> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?

I think that this will depend a lot on expectations about politics in the USA in the medium/long term. Making this kind of investments makes sense if you expect the aggressive hostility that the current administration brought against Europe (and all other US traditional allies) to continue for a long time, and not just a couple years.

Qwant is an EU search engine, NPM allows you to specify a git repo and that git repo can be hosted on a gitlab instance or an EU provider. It’s not impossible to switch these providers, you just give up on major conveniences.
Hey so I’m pretty sure you can host your own business mail for free these days without a static IP. This is basically how it would go:

Cloudflare Tunnel installed on your box (free)

Cloudflare Email Worker connected to your domain which writes emails to a KV store (generous free tiers)

Cloudflare Worker that downloads the emails from the KV store and uses Worker TCP sockets to send it to your mail server over the tunnel via a TCP port ie 25000 (CF blocks 25)

For sending mail in blue, local mail server uses smtp2go or Azure Communication Services.

I’ve pretty much convinced that a cheap Synology rack is the best way to do this because it replaces Azure ID (Synology SSO) and Exchange (Synology Mail) which self hosted non-SaaS in the one appliance, it gets security updates, and it has a easy web interface for setting everything up.

Haven’t managed to write the Cloudflare worker code yet, but found this guys repo and he’s done pretty much all the heavy lifting: https://github.com/Sh4yy/cloudflare-email

I thought the whole point of this post is to get away from US clouds. So why should I choose Cloudflare and Azure in the end?
I think it’s better to have all your mail data on prem. You’d only be using US companies as a transit.

Yeah there’s some lock-in with all the free Cloudflare stuff but you could probably get it running again without CF pretty fast if you needed to. If you have a static IP, skip the CF stuff!

OP suggested Proton but I’m not sure I’d want to go from one mail host to another. That’s just shifting trust and what I’m taking away from happenings of US at the moment is that being insulated from the events of the world is a good thing.

isn't cloudflare a US corp ?
Not only a US Corp, it's an arm of US intelligence.
The explicitly includes Cloudflare as one of the big services they currently used and needed to excise from their life as part of this move. Promoting consolidation from many providers to one while also switching from a generic solution to a vendor locked-in one would probably be a downgrade in their book.
(comment deleted)
If you don't have a static IP you could just rent a cheap VPS and host your mail server there or just use it as a gateway for your home server. No need to use Cloudflare.
> Startpage is owned by a Dutch company which is operated from its headquarters in The Hague, the Netherlands, and is a part of System1, a publicly traded company based in the United States.

I was hoping Startpage was the successor of startpagina.nl, which I used as a kid in 1995 to 'browse' the web. One of the oldest Dutch websites that I can remember. Fond memories!

Still pretty cool. It has an "View anonymously" button that basically proxies your requests through them
Looks unrealistic to me. Sure, for one guy with lots of energy and know how its possible. Try migrating academia, industry, entire government branches etc. That's not gonna be easy.
I agree, but on the other hand: it's just software. We just need to build easy few-clicks transitions for the most popular usages. Like Azure, didn't catch up with AWS on day one. They first added the most used features. The US software moat is large, but I bet the most used features of the most used services are easier to replicate.
It's a 2 step process, first you have to rebuild the thing (or most of the thing) yourself, which is already a huge undertaking. Then you need to migrate everyone from their current stack to the new one (or new ones. You probably want to give more than one option).

The migrating might even take longer than the building.

I'm betting it mostly doesn't happen but we'll see.

It isn't easy or realistic, yet. But these things always start with the guys and girls with energy and skills. They write blogposts, it gets picked up. Somebody starts making improvements, convinces their manager to do it. Slowly things start to improve, people start building tools, sharing knowledge. Some of these people also work in, or for academia, industry, government branches. Once enough people are ready to pay real euros, there will be entrepreneurs ready to provide solutions on the market, also in Europe.

I don't buy the idea that Europa has lost all the big tech so we're doomed or something. No, maybe we won't have an aws/azure/google cloud competitor any time soon. But it has never been easier to start a software product, the thousands and thousands of SaaS services we rely on can easily be build from the ground up by devs from all over the world.

> the thousands and thousands of SaaS services we rely on can easily be build from the ground up by devs from all over the world

Define easily. If it was that easy to clone Microsoft Excel (up to the most miniscule detail) I'm sure someone would have done it by now and offered it for free or for half the price. It's not that easy. You can get most of the functionality done sure but not all of it - and not having all of it wrecks the flows of all of your finance/accountant teams who won't be able to migrate or will be forced to work in different ways. Getting everything to work would take years. When Google "cloned" Excel to its own product and didn't even bother trying to make it 100% compatible with Excel because it's too much work. That's just Excel, how the heck are you going to migrate everything else?

I think with enough budget and determination it can happen in around a decade I guess, but I don't see where the motivation or determination will come from - in a few years Trump will be gone and things will be more normal again.

Europe should have thought about this like 20 years ago , it seems a bit late to me.

The truth is the dependence isn't one directional , America needs Europe as well for ASML, for pharma and for all kinds of other things. I don't think there will be a complete decoupling.

"in a few years Trump will be gone and things will be more normal again."

Oh, you sweet summer child... He is already dismantling democratic institutions at a startling rate. Vance is threatening to leave NATO as leverage to change UK laws. Do not make the assumption that the U.S. will be what it was, in ten years.