Ask HN: Why not have an EU browser?

oosigurdson about 12 hours ago 17 comments

RU version is available. Content is displayed in original English for accuracy.

I've been wondering, why don't we have a chrome fork that only accepts sites hosted in the EU? If a site is hosted in the EU then it can be fully regulated by the EU.

This would make it easier for citizens to know that their data is is safe (according to EU standards) and avoids the regulatory complexities of trying to enforce rules in other countries.

Thoughts?

⚡ Community Insights

Discussion Sentiment

17% Positive

Analyzed from 975 words in the discussion.

Discussion (17 Comments)Read Original on HackerNews

adrianwaj•about 2 hours ago

Why not have an EU-blockchain where transactions and staking are taxed and fund EU-defense and EU-whatever - including software development (eg browsers.)

USA could have Pax-Americana chain - and governments could offer tax discounts to those that use it. Maybe just a "Pax chain" but with different, officially-sanctioned tokens and even sub-tokens based on geographies or alliances?

dominikz•about 11 hours ago

Let's step back for a second and analyze your proposal by breaking it down. The first issue I came across is what's the definition of 'site hosted in the EU', ie. how a browser would check that? Let's analyze what options we have (not saying the list covers everything):

1. Do ASN scan of the IP where the DNS entry for that webpage points to

2. Analyze the web resources the page is referring to (much the way urlsca.io does)

If I was implementing that, then with 1. I would probably immediately hit the issue of some/most of the pages being behind a proxy (cloudflare, etc.). With 2. if you had Google Analytics tag on it (and most of the pages do?), then it would show a lot of references to the US.

My point is, that it might be hard to implement not only becasue of whether it makes sense, but also because of: how would you do it?

If you were thinking the way for instance broadcasting companies restrict their content based on where you try to watch a movie from (they only allow certain countries), then I think that's a totally different setup.

Actually I started thinking about the idea you are proposing a lot, but in a more general way. With all the recent development in geopolitics, on whether I can have all the data and technology in EU. The natural move was to verify how much of the solution I already have, ie. host the data itself on Hetzner Cloud. But I think EU is still far behind when it comes to the glue, ie. the software part and the analytical part. Practically every company needs some sort of tracking and most of those solutions that we currently have immediately put you outside of EU.

I am currently experimenting for instance with umami to swap out Google Analytics. They have a solution that you can self-host. But again, this is some effort compared to ready off the shelf GA that 99% of companies probably would use.

osigurdson•about 11 hours ago

I think the verification would start at the origin site - wherever the page located. All traffic originating from the client side bundle or on the server would have to stay in the EU.

Cloudflare is going to provide you with a local IP for whatever you are proxying to. This actually makes it relatively simple, Cloudflare would just need an EU checkbox on their proxy. If you enable that you are subject to EU regulations, otherwise the site would not be available in the EU. It would be very easy for Cloudflare to implement such a filter.

In terms of other services (analytics etc), companies would just eventually have to host EU based services (some already do that).

dominikz•about 7 hours ago

Recently I have been doing some OSINT on a web page and tried exactly what you are mentioning: check the origin of the web server behind CloudFlare. I tried anthropic's claude help, but it turned out to be impossible (at least for the two of us: me & claude).

* It would be very easy for Cloudflare to implement such a filter. *

What you are stating, the way I understand it, is that in order to implement your original idea (EU browser), one would need the second thing as well, which is force Claudeflare by EU regulations to expose the IP of the server behind a proxy? Maybe it would be easy to implement for Claudflare, but how would you otherwise convince them to do that?

Looks like a pretty big scope creep to me.

leonidasrup•about 9 hours ago

Cloudflare is a US company and as such is subject to CLOUD Act.

https://en.wikipedia.org/wiki/Cloud_Act

For example Microsoft admits it 'cannot guarantee' data sovereignty.

https://www.theregister.com/off-prem/2025/07/25/microsoft-ex...

speedgoose•about 11 hours ago

A very large proportion of EU/EEA websites are hosted outside EU/EEA or using companies from USA.

The user experience would be somewhat poor.

osigurdson•about 11 hours ago

These websites would logically have to move to EU based servers in order to be subjected to the kind of regulation that EU citizens want. I think it could work.

al_borland•about 10 hours ago

It seems like this would only work if EU citizens were required to use the EU browser and nothing else. At what point does protection turn into control?

osigurdson•about 1 hour ago

Presumably, EU citizens want EU regulations for privacy. I'm suggesting that an EU browser merely provides a warning when a non-EU regulated site is being visited. So, the user is in control and it avoids the scenario where the internet becomes effectively regulated by the union of all regulations from all jurisdictions.

leonidasrup•about 11 hours ago

US companies have also data centers in EU. These data centers are subject to CLOUD Act.

https://en.wikipedia.org/wiki/CLOUD_Act

osigurdson•about 11 hours ago

Does this mean that any site operated by a US company is automatically in violation of EU regulations? If so, the EU browser could logically filter these out as well. Basically the EU browser should only work for sites that are compliant with EU regulations.

leonidasrup•about 9 hours ago

EU–US Data Privacy Framework

"The European Parliament raised substantial doubts whether the new agreement reached by Ursula von der Leyen actually conforms with EU laws, as it still does not sufficiently protect EU citizens from US mass surveillance and fails to enforce basic human digital rights in the EU. Under the Trump administrations doubts have arisen as to the future of the Framework."

https://en.wikipedia.org/wiki/EU%E2%80%93US_Data_Privacy_Fra...

"The CLOUD Act allows United States authorities to request data from cloud providers and other covered service providers regardless of where the data is physically stored. The act is not limited to companies based in the United States. It applies to "all electronic communication service or remote computing service providers that operate or have a legal presence in the U.S". Courts can require parent companies to provide data held by their subsidiaries."

https://en.wikipedia.org/wiki/Cloud_Act#Extraterritorial_Sco...

hereticles•about 10 hours ago

I thought any website that wanted to operate in the EU had to follow EU regulations. How well this is enforced is another question.

Mark7499•about 5 hours ago

The idea is good, but I think it has voids

A company can host servers in different location and serving in different location. Server location ≠ data jurisdiction

What does GDPR says? it applies based on who processes data about EU residents, not where servers sit.

It Could also break internet for EU users.

Massive amounts of users in EU uses Wiki, GitHub, and even most of the open source infrastructures are hosted outside EU

Farman_24_•about 9 hours ago

The browser isn't the problem — it's the default. Most people never change defaults regardless of what's available. An EU browser solves a distribution problem, not a technology one.

eesmith•about 11 hours ago

Who would use it?

Like, if you are in Germany and want to travel to the UK then you need to use a UK site to get an Electronic Travel Authorization. UK is not in the EU, so you'll need another browser.

Norway and Switzerland are also not part of the EU.

And then there's something odd about thinking that if you connect to Facebook's data center in Ireland then that interaction with Facebook is fully regulated by the EU and the data is safe.

Nor is it like EU-based servers are automatically outside the reach of the US CLOUD Act, if the server is operated by a subsidiary of a US company.

osigurdson•about 11 hours ago

>> UK is not in the EU, so you'll need another browser.

I'm thinking it would just be a warning. The EU citizen can then decide if they want to take on the associated risks of using a non-EU compliant site.