Ask HN: Why not have an EU browser?
5
oosigurdson about 12 hours ago 17 comments
FR version is available. Content is displayed in original English for accuracy.
I've been wondering, why don't we have a chrome fork that only accepts sites hosted in the EU? If a site is hosted in the EU then it can be fully regulated by the EU.
This would make it easier for citizens to know that their data is is safe (according to EU standards) and avoids the regulatory complexities of trying to enforce rules in other countries.
Thoughts?
Discussion (17 Comments)Read Original on HackerNews
USA could have Pax-Americana chain - and governments could offer tax discounts to those that use it. Maybe just a "Pax chain" but with different, officially-sanctioned tokens and even sub-tokens based on geographies or alliances?
1. Do ASN scan of the IP where the DNS entry for that webpage points to
2. Analyze the web resources the page is referring to (much the way urlsca.io does)
If I was implementing that, then with 1. I would probably immediately hit the issue of some/most of the pages being behind a proxy (cloudflare, etc.). With 2. if you had Google Analytics tag on it (and most of the pages do?), then it would show a lot of references to the US.
My point is, that it might be hard to implement not only becasue of whether it makes sense, but also because of: how would you do it?
If you were thinking the way for instance broadcasting companies restrict their content based on where you try to watch a movie from (they only allow certain countries), then I think that's a totally different setup.
Actually I started thinking about the idea you are proposing a lot, but in a more general way. With all the recent development in geopolitics, on whether I can have all the data and technology in EU. The natural move was to verify how much of the solution I already have, ie. host the data itself on Hetzner Cloud. But I think EU is still far behind when it comes to the glue, ie. the software part and the analytical part. Practically every company needs some sort of tracking and most of those solutions that we currently have immediately put you outside of EU.
I am currently experimenting for instance with umami to swap out Google Analytics. They have a solution that you can self-host. But again, this is some effort compared to ready off the shelf GA that 99% of companies probably would use.
Cloudflare is going to provide you with a local IP for whatever you are proxying to. This actually makes it relatively simple, Cloudflare would just need an EU checkbox on their proxy. If you enable that you are subject to EU regulations, otherwise the site would not be available in the EU. It would be very easy for Cloudflare to implement such a filter.
In terms of other services (analytics etc), companies would just eventually have to host EU based services (some already do that).
* It would be very easy for Cloudflare to implement such a filter. *
What you are stating, the way I understand it, is that in order to implement your original idea (EU browser), one would need the second thing as well, which is force Claudeflare by EU regulations to expose the IP of the server behind a proxy? Maybe it would be easy to implement for Claudflare, but how would you otherwise convince them to do that?
Looks like a pretty big scope creep to me.
https://en.wikipedia.org/wiki/Cloud_Act
For example Microsoft admits it 'cannot guarantee' data sovereignty.
https://www.theregister.com/off-prem/2025/07/25/microsoft-ex...
The user experience would be somewhat poor.
https://en.wikipedia.org/wiki/CLOUD_Act
"The European Parliament raised substantial doubts whether the new agreement reached by Ursula von der Leyen actually conforms with EU laws, as it still does not sufficiently protect EU citizens from US mass surveillance and fails to enforce basic human digital rights in the EU. Under the Trump administrations doubts have arisen as to the future of the Framework."
https://en.wikipedia.org/wiki/EU%E2%80%93US_Data_Privacy_Fra...
"The CLOUD Act allows United States authorities to request data from cloud providers and other covered service providers regardless of where the data is physically stored. The act is not limited to companies based in the United States. It applies to "all electronic communication service or remote computing service providers that operate or have a legal presence in the U.S". Courts can require parent companies to provide data held by their subsidiaries."
https://en.wikipedia.org/wiki/Cloud_Act#Extraterritorial_Sco...
A company can host servers in different location and serving in different location. Server location ≠data jurisdiction
What does GDPR says? it applies based on who processes data about EU residents, not where servers sit.
It Could also break internet for EU users.
Massive amounts of users in EU uses Wiki, GitHub, and even most of the open source infrastructures are hosted outside EU
Like, if you are in Germany and want to travel to the UK then you need to use a UK site to get an Electronic Travel Authorization. UK is not in the EU, so you'll need another browser.
Norway and Switzerland are also not part of the EU.
And then there's something odd about thinking that if you connect to Facebook's data center in Ireland then that interaction with Facebook is fully regulated by the EU and the data is safe.
Nor is it like EU-based servers are automatically outside the reach of the US CLOUD Act, if the server is operated by a subsidiary of a US company.
I'm thinking it would just be a warning. The EU citizen can then decide if they want to take on the associated risks of using a non-EU compliant site.