ES version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
64% Positive
Analyzed from 6463 words in the discussion.
Trending Topics
#european#https#data#more#cloud#don#self#com#hosted#cloudflare
Discussion (198 Comments)Read Original on HackerNews
One thing I noticed right away, is that all companies were asked "Can we fully host this from within EU or our country" from the various people in audience. Every single one. Many of the startups had slides prepared for this.
Definitely a change, because it is not something I can recall being important just a couple of years ago.
I work as a consultant and freelancer across a bunch of companies, some American but mostly European ones. Last ~8 months or so, the sentiment about "Hosting our data in EU or even our own country" has drastically changed, I don't think I've seen such a clear shift in public opinion so fast before. The amount of migrations I've helped moving data from US to EU already is higher this calendar year than all the other years of my career.
Database runs in France, front end in Belgium, Operations in Spain...
EU Fairness dictates they all need to get a slice of the pie so this will be interesting (and by that I mean absurdly hilarious).
It’s just that they started to execute now?
But yeah, in recent times the sentiment became more urgent. If I were to guess, with zero data in front of me and just judging by what I remember, I think the sentiment really changed first with the ICC blockade that happened last year, then it got really fueled on by the US threats to Greenland's sovereignty, I think that's when organizations and people really got stressed out about moving ASAP.
I’m hearing it from “normal” people too which is actually quite weird. To the point of going back to paper for some stuff.
The answer was that they simply didn't trust GCP or AWS or Azure to see their data and know how much silly money they were making in the niche industry they almost completely monopolize.
I recently interviewed with a lower-case-m megacorp in a similar situation and they host on-prem for the same reason, at great expense and hassle in facilities all over the country.
Seems like theres room in the market for some kind of an On Prem Private Cloud Stack that emulates GCP/AWS etc but locally maybe?
Cloud-In-A-Box anyone?
It's more like cloud-in-a-rack, but that's what https://oxide.computer/ is trying to do isn't it?
The "cloud" rose to prominence from a small period of tiem where Amazon had a lot of extra cloud capacity outside of Black Friday, etc, and linux networking issues that needed architecture to be a certain way.
Those linux networking issues have been long since solved, but the "cloud" was discovered to be incredibly profitable and sticky in the name of convenience and proliferated.
A lot of the "cloud" software is open source software that was packaged to have a web and api front end, and that service renamed to something specific to AWS, etc.
Designing startups from the beginning to be able to be hosted in different places will become a norm.
Im sorry to say it, but i feel a lot of Europeans have lost a good deal of trust in the US.
You guys have to work a lot harder to fix your issues.
It didn't come without a bit of pain, but glad I've done it - and to come with this I've ended up building a whole terraform setup for cross provider / cross region high availability within Europe.
So far my key mappings included:
- Cloudflare -> Bunny CDN (and honestly I am so impressed with Bunny so far)
- AWS (or similar) -> Hetzner + OVH; I'm also looking at Civo.com for UK presence.
- GitHub -> Forgejo. I do actually still operate in GitHub for development only work, however Forgejo is mirrored within my European private network, and thats where deployment workflows happen.
- Google Analytics -> Self hosted Umami.
I'll be doing a writeup fairly soon on the entire process.
At some point deciders at EU companies are going to notice that Hetzner and/or OVH are also not a bit but much cheaper than AWS.
I know it was created in Ireland and didn't hear anything about it changing ?
[1] https://www.europarl.europa.eu/thinktank/en/document/EPRS_AT...
I would also say though, you have to be a bit careful about "they are discussing" because there are many people across different countries with different agendas, and a huge amount of discussion between people. Your link for example is a pretty good bit of background info, clearly saying VPNs aren't just about accessing porn
> In the corporate world, VPNs are essential for secure remote work, allowing employees to access company systems without compromising sensitive information. For individual users, VPNs prevent tracking by internet service providers, advertisers and potential cybercriminals. They are also used to access educational or entertainment content that may be restricted in certain countries, including authoritarian regimes, supporting freedom of information and digital inclusivity, as censorship becomes more difficult to enforce through VPN use.
It links off to sites discussing possible approaches to age verification which highlights that various approaches in France didn't meet the regulators requirements because of a lack of privacy.
I think this is a different kind of concern about how your products must work compared to worrying that with little to no notice your country may be cut off due to a diplomatic spat from some specific service.
I agree that there is a ton of bullshit as well though. Gotta dox myself with imprints for example, so I cant share my work with people without also doxing myself. Also as a hobbyist you pretty much need all the business documents as well, like a privacy policy even if its just a small public app on the playstore. Also gotta make sure that data of European citizens never leaves Europe and and and... Lots of things to remember.
And before anyone asks, yes I know an imprint usually is only required for businesses, but nowadays pretty much everything could have business intent.
I avoid doing any business in Germany these days. I tried to get a VPS from Hetzner but they demanded a copy of my ID and didn't accept that I blanked out my citizen number. Which is actually recommended by our national police for identify theft risk.
I moved to Scaleway instead. Much better company.
And this is a bad thing why exactly ?!?!?!
If you respect your users data and right to privacy then you've got nothing to hide by publishing an EU compliant privacy policy.
It might be "just a small app", but I and many other people still very much still "do give a damn" about what the hell you do with my data, where you store it, how long you store it and how I can exercise my GDPR rights.
We don't have any "ideal" places anymore.
And we need to defend what we support and believe.
But it turn out surveillance works just fine if you only focus on the meta data. Knowing who takes to whom, and which sites people visit is much more valuable (and much cheaper) than scanning the actual payload.
And why collect all that data yourself if ad companies are happy to sell it to you, ie to the government? (Huh, maybe that's why Facebook changed its name to Meta, come to think of it)
I have seen "parallel [dial-up] modem banks" for "lawful interception", then specialized Ethernet cards for DPI, watched traffic analysis dashboard of a REDACTED country live, did DPI on powerful-enough systems myself for personal testing.
I have gone through USENET, flame wars, IRC; did my own MITM, etc. Always knew about echelon, how escrow based Encryption canceled last moment, etc. etc. etc.
At least, the barriers were higher then. These barriers required people to be considerate, well-targeted and selective. Now we don't have any of these. The overhead is almost non-existent for these things.
Doing dragnet operations were costly, and this allowed curious yet good-hearted people to understand the environment they lived in. Now, we're all blacklisted by default and whitelisted as long as we don't touch the wrong paving stone on the internet.
It used to be other way around.
TL;DR: I'm not 15 years old.
It's horrible everywhere. If you're in the EU go donate to: https://epicenter.works/ They're a citizen rights NGO working against all that BS in the EU (and in Austria, where they're from).
Oh FFS!
Governments discussing such things doesn't _remotely_ mean there is a political will for them, or that they will be voted into law. Governments are expected to research and discuss paths of legislation (and in this case, come to the conclusion banning VPNs is both harmful and ridiculous).
This is how our democracies work!
Implying government discussions will be approved legislation is, at best ignorant, at worst trolling.
Utah, meanwhile, has an actual law in place that makes site owners (!) responsible for their users using VPNs: https://www.tomshardware.com/software/vpn/utah-becomes-first...
Just like with encryption, there will always be an idiot politician somewhere discussing banning it. Mr Google tells me, for example, that lawmakers in Michigan (US) recently proposed " Anticorruption of Public Morals Act" which contained VPN banning clauses.
Frankly, until such time as it actually NEARS, let alone BECOMES legislation, the only thing posts such as yours are doing is spreading FUD.
The clue is in the URL you post "thinktank". It not even EU parliament, let alone been through the parliament debates, let alone passed to votes, let alone passed to being implemented by member states .... its just a random idea someone wrote down.
And quite frankly, I would still much rather be in the EU's digital environment than that of the US.
It's a result from the "European Parliamentary Research Service", hosted on the official website of the European parliament. And it is fully inline with recent attempted and success legislation of the same parliament. I am not sure why you would call this a "random idea" and an established member of the Parliamentary Research Service as "someone".
And if we go to the homepage for "European Parliamentary Research Service", we see:
So a Member of Parliament asked them to conduct this piece of RESEARCH, so what ? It may or may not ever see the light of day in parliament !Across all publication types, the "European Parliamentary Research Service" published 1034 documents in 2025 and, 486 documents so far in 2026. And for this specific publication type ("At a glance"), they published 285 in 2025 and 113 so far this year.
How many of those hundreds of documents per year of RESEARCH actually make it all the way through to legislation I don't know .... but I think you'll find its a safe bet that its a fraction.
Not implementation.
Feels a bit ironic... though this website is hosted on Cloudflare Workers so using an American company anyway?
I understand the pragmatism with going with CF, but I'd lie if I didn't also say using CF as the front for your entire "European Digital Stack" kind of makes the blog-post feel less authentic compared to my initial impression, because of that.
NSA collaborator or not, the mere existence of something like Cloudflare, which also tries to nudge you into skipping internal http/tls and just use that at the front, makes it highly likely that NSA is already deep in their infrastructure, just like they've been in the past for literally any big technology company in the US.
But yeah, zero citations, zero evidence, just based on history and what the goal of the organization is, it's pretty clear what's going on already.
Matomo charges 22 euros for 50k hits/month.[0] Basically, it's unusable for anything other than a hobby site - especially with the number of crawlers nowadays.
If you self host for free, you're missing basically all of the good parts of web analytics such as funnel analysis as they lock all of those features being paid subs.
[0]https://matomo.org/pricing/
In my case, my motivation was that I want to use LLMs to query the data with agents. This whole thing was surprisingly easy to setup and a positive thing is that you don't have a scary extra data controller doing shady things with the data.
[0]: https://www.uxwizz.com/
I think it's fair that GA is free and Google gets some benefits from using the data for their ad network.
Off topic: that’s a beautiful website
https://en.wikipedia.org/wiki/CLOUD_Act
So If like it but it is a headache on high traffic sites. If anyone have an easy solution I would gladly accept it.
If you architect the underlying infra right it still works like a charm. But I admit people need to know what they are doing. I was quite impressed with both infra teams.
But as always, if you do not want tu use auto scaling US cloud based services, you need to enasure you have the right scaling and the necessary technical expertise at hand.
I am not sure how you scale Matomo we could not vertically scale anymore, we never did MySQL clusters because it just was not cost efficient for internal reasons.
But given how often GitHub and AWS East 1 go down, this is good.
One bad day at Amazon shouldn’t stop Europeans from doing laundry.
The cloud should have been localized from the start.
There are definitely technical gaps though. eg bunny still uses one unified api key. CF I can lock to an IP and set granular permissions
No ddos protection yet.
Just install your favorite desktop + mobile mail apps and you're fine.
If that can't be done with Protonmail, and you want to move your email out of the US, suggest FastMail, based in Australia.
This changed when they were the first folks out there to get a dynamic interface in the browser (some of you may fondly or not so fondly remember the days of DHTML, XMLHTTPRequest, and the like). Fast forward 10 or 15 years and now GMail is the standard by which everything else is measured.
I'm sure there are some things that are objectively better, but a surprising amount of preference comes from familiarity.
Did he move also the CDN stack? :)
I have also rid myself of Google Analytics for a personal website. Replaced with a local solution that parses logs and builds reports that give me quite a bit of information. Its a more ethical type of analytics leaving no cookies behind and no trackers at all. All info is from the web server logs, you can grok quite a bit of insight from this alone.
Email is the biggest challenge, I have mapped out the entire migration steps for Google Workspace to Proton but have not yet pulled the trigger. The main thing is coordination with the rest of my family who use the domain for their email as well, they don't share my obsession with "digital sovereignty" so there is some negotiation around time tables :-) The Proton family plan will cut the bill in about half.
Password management --> KeepassXC with db on local nas. For personal use I feel you can't beat self hosted for password management.
Compute, Digital Ocean I continue to use and has servers in Toronto which works for me geographically. It's very low down my list of migration plans, they just work and they have treated me pretty good over the years.
Storage all self hosted (ownCloud and Openmediavault). Are they the best options, maybe not but they just work. No cloud based storage at all (Google/Apple etc etc). If I ever throw something out there it is gpg encrypted).
Offsite backups, two local copies to seperate drives (dejadup) on my NAS and offsite storage.
There are still some other services I need to consider. I do have Claude Pro. I run local LLM's for a lot of stuff with OpenwebUI but its not a full replacement.
CDN - Also use Cloudflare free tier. Have to give it more thought, it just works so well.
DNS is fully self hosted using dns-crypt-proxy / dnssec to Quad9 and Mullvad DNS. Works great. I actually blackhole any hits to google dns at the router, media and iot devices love to ignore your dns settings.
Github for code hosting. I know, Microsoft, but it works and is not a hill I am willing to die on just yet.
Photos self hosted with Immich on Proxmox. It's been pretty solid.
VPN, Wireguard to the home and have also integrated Tailscale for some things, which has been handy for extending connectivity and supporting my dad in a different city. Apparently they are based in Canada so that is a bonus. I use the free tier for now but am considering the paid version just to support them.
Router and wireless access points all on the latest Openwrt with consumer grade equipment, some of which I picked up used for like 20 bucks. Allows me to have home, guest, media and iot vlans for proper network segregation. Is it overkill? 10 years ago maybe but today I would not run any other way.
Thanks for attending my Ted Talk.
Unless you're implying that Verisign isn't a US company, just because .com has become the conventional domain for businesses worldwide doesn't change the fact that it's US-based. Similarly, the EU's widespread adoption of Microsoft Office doesn't make it any less American.
EDIT: That was unpopular. Why?
Source: own multiple, via EU registrar
(Edit: Parent was edited after reply - parent statement is now correct)
Why not move there?
I didn‘t yet have a good idea on how to utilize it, open to ideas.
Why are there exceptions for Anthropic, GitHub and GitLab?
> Anthropic is a US company...But it satisfies something else, the sense that the organization building the thing has given serious thought to what it’s building and why.
This reads like a weak excuse. Mistral and Mistral Vibe exists and even if you don't like them, there are many non-US harnesses (Qwen code) that are available.
> GitHub stays in the picture for one specific purpose: public-facing NPM packages and issue tracking for open source software.
First of all Codeberg exists.
Secondly, at this stage relying on NPM and the Java/Typescript ecosystem is quite frankly waiting for a disaster to happen.
This post isn't absolute on moving their digital stack to Europe as it has not one but three exceptions too many.
Use OpenTofu/Terraform! Much better than messing with cloud consoles, and then your infrastructure self-documents.
I’d also put out one note to any people outside the EU looking to switch to Mistral or really any service: just because they’re a European company doesn’t mean they’ll follow the GDPR if you don’t live there. Mistral is an example: in their privacy policy, they state that they follow whatever privacy laws exist in your country.
Well, that's kinda obvious - if they want to do business in a country, they have to follow the laws of that country. That doesn't in and of itself mean that they will apply weaker privacy protections if the local laws are less strict than GDPR...
> We are patriotic Americans. We have done everything we have done for the sake of this country, for the sake of supporting U.S. national security... We believe in defeating our autocratic adversaries. We believe in defending America.
and
> So, you know, Anthropic actually has been the most lean forward of all the AI companies in working with the U.S. government and working with the U.S. military. We were the first company to, you know, put our models on the classified cloud.
> We were the first company to make custom models for national security purposes. We're deployed across the intelligence community and military for applications like cyber, you know, combat support operations, various things like this. And, you know, the reason we've done this is, you know, I-- I believe that we have to defend our country.
and
> And so we have said to the Department of War that we are okay with all use cases, basically 98% or 99% of the use cases they want to do, except for two that we're concerned about.
They had a datacenter burn down (in large part because it was fully built using wood) and lost all customer data and did not take any action for 6 months after the incident.
They're just not a serious company.
While the incident did happen, a lot of actions were taken and most of the data was recovered. OVH now also keeps backups even for clients that don't pay for it.
I was hit by that datacenter catastrophe and got my data back almost immediately, in a new VM.
I've been using them for years with little issue (no more than happened on my AWS or Azure accounts, I would say less because it's less of a mess in general).
Stop spreading false rumors.
Aside of that exceptional case - overall they are pretty great and cheap.
All else equal, a more stable backup is of course better, but any backup is better than no backups, so choosing the cheapest possible option is often the best strategy since that's the one that you're the most likely to keep using long-term.
Wooden floors contributed to the fire, they were fire resistant but that only lasts so long. Fire-doors are often the same type of wood.
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Sure now just think and give me the reason. All these moving to Europe post is getting tiring. Amazon follows the same EU rules, if not more, than Scaleway.
If you sell software and you tell your customers and prospects that everything runs in Europe, by European companies, this instills an enormous amount of trust. Risk averse sectors like manufacturing love this, and it will help you gain customers immediately.
So no, these posts are not tiring to many of us. In fact, we are only at the beginning of the beginning because many of us will be making these migrations. I wish things had run a different course.
So you are saying the reason that it is just perceived better?
Even that's quite debatable as I worked in few European companies and has never faced any backlash for choosing US vendor. Biggest European tech companies like Mistral and Klarna use many US vendors like AWS.
> The act is not limited to companies based in the United States.
more mean the US rules that hoover up all the data for the government