I'd wish there were movement for the privacy-conscious services to escape any regulation, not just choose the currently-politically-correct one. Like piracy sites did in 00-10s (abuse-proof hosting in Ecuador, shady domain registrar from SEA, zero search indexing) or crypto companies now (net of shell companies where not a single one is responsible for anything).
My point is, if you trust the company you're using, also trust it to use any means necessary to protect you from bad actors, don't rely on the laws here. Both the corporate and the state ones. If you don't trust it, don't give it anything you cannot afford to leak or lose.
Specifically, EU data protection laws are good to protect regular customers from the big corporations, but they offer little protection against the EU (and the member states) themselves. And if the risk you're hedging against is "yourself turning to big corp and abusing customers" moving to EU is okay, but not in any other case.
> I'd wish there were movement for the privacy-conscious services to escape any regulation, not just choose the currently-politically-correct one.
Not possible. Anywhere that an entity is able to exist will also see some form of regulation. Regulation is the attempt of society to balance the benefits and harms of business such that its benefits reach as many people as possible, and its harms minimized or eliminated.
Too much regulation is just as bad as too little, and we have centuries of data demonstrating the need for a balanced approach.
As for the nod to piracy sites, what you’re suggesting is instead civil protesting of hostile regulations that harm society to benefit business interests. That’s excellent but the answer there is better regulations, not a lack of regulations.
I used those piracy websites, but there is some incredibly naivety in the thought that people trusted those.
I certainly trust governments where the rule of law applies more than I trust corporations. I certainly would not input any real data in a service hosted in Equador with a registrar in God-knows-where.
That does not mean that governments get unquestionable faith, but there's still the pretence that they protect their citizens. Corporations only seek profit.
> You don't get to opt in to the laws you like and ignore the ones you don't like.
Well, maybe you shouldn't, or maybe you should, but you definitely can if you have the technical know-how. Probably best example is ThePirateBay which people and organizations have tried to take down for more than 20 years, yet it persists.
They're quite literally still alive while still choosing what laws they want to follow.
Obviously, that you can make this choice also means you get to chose if to even expose yourself to the potential consequences of that too, as Silk Road would attest to.
All privacy-conscious services are already based in countries that have privacy-conscious laws.
And most privacy-conscious services generally protect you to a certain level by the amount of data they don't keep. Mulvad, for example, when raided kept everything they had. Because they could prove that the data that the warrant was for was not stored on their equipment. PRQ, they're quite happy to work with you without knowing who you are.
If you want to keep yourself private from law enforcement or intelligence agencies, then you shouldn't be using standard services without your own layer of encryption and privacy steps in between. You're always going to be at the behest of some government, that's just how the law works.
That might make sense from the point of view that only considers the service provider and the host.
> And if the risk you're hedging against is "yourself turning to big corp and abusing customers" moving to EU is okay, but not in any other case.
I mean, this seems like a silly concern (just don’t abuse the customers, lol). But, he can now reasonably offer to his customers the fact that he’ll be bound by EU privacy laws.
In the case of something like SourceHut which has consistently made decisions in favor of having a slow/sustainable business model instead of going for massive growth, this seems to make a lot of sense. He probably isn’t too worried about having to eventually backstab his customers, so why not make the value proposition clear?
Like what if the big plan here is to offer clear business terms backed by customer-friendly local laws and make a nice middle class salary for the rest of his life, while living in a nice friendly country?
> Like piracy sites did in 00-10s (abuse-proof hosting in Ecuador, shady domain registrar from SEA, zero search indexing) or crypto companies now (net of shell companies where not a single one is responsible for anything).
And they were only able to do so under the auspices of corrupt politicians in said country. For example, Crypto firms in UAE purchasing property in projects closely affiliated with the Emirs of the Emirate they are domiciled in [0]. And Vietnam cracking down on shady domain registrars for streaming in order to unlock trading opportunities such as not being treated as a "Non-Market Economy".
Tech will always be subordinate to the government, and any techno-libertarian ideal faces that harsh reality fairly quickly.
Sure go into some desert without them knowing and do your thing there. As soon as tou plan to interact with other people you will have to deal with the fact that societes like to create rules for themselves.
There is a word for people who like to unilaterally break social contracts for their own benefits and it has not a lot of positive connotations.
Note: that I totally get the sentiment of wanting to get away from all these complications especially in technically minded people. But the sooner we realize that this can either be lived political resistance or antisocial/sociopathic exploitation the better. Even in an ideal society individuals will have to be bound to certain rules, otherwise everybody will have to fear everybody else violating their boundaries. And different societies will find different forms of rules with different evaluations of how to do things.
TL;DR: Don't want to deal with the rules of a society? Don't interact with it. You cant have your cake and eat it too.
SourceHut isn't under Dutch law because it's the best legal jurisdiction to run a code hosting service from. It's because the sole trader who runs this particular code hosting service personally moved to the Netherlands, so that's the easiest place for him to run his business from.
Also, this diff does not say his business has left US jurisdiction:
- before: "You must obey all local, US, and Dutch laws"
- after: "You must obey all local, US, European, and Dutch laws and regulations"
The country with the most surveillance laws in the books and the most documented phone taps is probably not the most surveilled country on earth (at least, for the worst countries I expect law enforcement to just do whatever they want and not leave a paper trial because… why would they bother? Nobody is going to scrutinize them anyway).
Of course, this puts the conversation in a tricky spot. The less-bad actors (no country is great in this context) should have the most well documented abuses, the worst will just do it without bookkeeping. So it is, unfortunately, a “prove a negative” sort of thing.
I’m not sure which is worse, the impersonal, automated, regulatory padded cells of US gov/tech hegemons, or the potentially very personal attention of a local lord with very strong opinions[0].
If you do read Drew DeVault's The Stallman Report, please also consider reading the rebuttal at https://stallmansupport.org/ and perhaps consider reading the DeVault Report at https://dmpwn.info/
This makes sense. And this is only accelerating - I talk to businesses in Germany and there's a genuine, non-insignificant number of people who want their data to be /physically/ in Europe.
Take this to its logical conclusion and basically, every company will need to segregate their data in regions. Most cloud platforms aren't really designed this way but it's coming.
There was a data locality law that India passed and Stripe had to do this massive migration project to segregate this data. I shudder to imagine what a more complex system would look like under such data locality laws.
Hetzner and OVH are both great value for money, you'll find bad stories for every big hoster but they are professional (Someone will post the OVH fire story as a reply of that most likely, but that's not something that happens regularly) and a lot of the VPS resellers will sell you stuff that is hosted there too.
In the last years, many of the smaller German hosting companies were acquired by larger corporations. Netcup is owned by Anexia (Austria) now, Contabo was acquired by KKR (US), Hosteurope by Godaddy (US). If you're looking for hosting in the EU, you probably also want to avoid US-owned providers.
Leaseweb is quite cheap these days, though they seem to have stopped serving non-business customers. Budget hosts like Hetzner and Contabo may suffice, but make sure to check if they bothered to patch their servers (Contabo's EPYC servers are running on outdated microcode that allows leaking CPU cache between VMs for instance).
OVH is also popular but I found their network speeds kind of limiting. It's been a while since I last checked out their offerings, though.
Part of it seems to simply because the owner moved[1] and it makes sense to move his company with him. Given that Source Hut have physical hardware and operating that from across the ocean probably gets tiresome pretty fast it also makes to move the hardware. So now the owner, and the hardware is in Europe. At that point you kinda have to live be the local rules anyway and having your business being a US business makes little sense and provides no actual benefits.
The political and regulatory climate in the US is quite volatile and has been for years, and perhaps they also disagree with the lack of data protection rights.
They have a bit of an ethical track record where they've disallowed use of their services for crypto commodity projects and the like, for example.
This doesn’t track at all. I’m not an expert but from what I heard startups are moving away from Europe not the other way round. It does seem to be a political or lifestyle choice as a sibling comment pointed out.
Edit: I mean ideological not exactly political choice.
>I have felt a kind of dissonance with my home country of the United States for a long time now, and I have found it very difficult to resolve. I am not of one mind with my peers in this country on many issues; social, economic, and political. Even limiting this inquiry to matters related to FOSS, it’s quite clear that the FOSS community in Europe is much stronger than in America. In the United States, capitalism is the secular religion, and my values, in FOSS and otherwise, are incompatible with the American ethos.
Readit News
My point is, if you trust the company you're using, also trust it to use any means necessary to protect you from bad actors, don't rely on the laws here. Both the corporate and the state ones. If you don't trust it, don't give it anything you cannot afford to leak or lose.
Specifically, EU data protection laws are good to protect regular customers from the big corporations, but they offer little protection against the EU (and the member states) themselves. And if the risk you're hedging against is "yourself turning to big corp and abusing customers" moving to EU is okay, but not in any other case.
Not possible. Anywhere that an entity is able to exist will also see some form of regulation. Regulation is the attempt of society to balance the benefits and harms of business such that its benefits reach as many people as possible, and its harms minimized or eliminated.
Too much regulation is just as bad as too little, and we have centuries of data demonstrating the need for a balanced approach.
As for the nod to piracy sites, what you’re suggesting is instead civil protesting of hostile regulations that harm society to benefit business interests. That’s excellent but the answer there is better regulations, not a lack of regulations.
I certainly trust governments where the rule of law applies more than I trust corporations. I certainly would not input any real data in a service hosted in Equador with a registrar in God-knows-where.
That does not mean that governments get unquestionable faith, but there's still the pretence that they protect their citizens. Corporations only seek profit.
You don't get to opt in to the laws you like and ignore the ones you don't like.
Well, maybe you shouldn't, or maybe you should, but you definitely can if you have the technical know-how. Probably best example is ThePirateBay which people and organizations have tried to take down for more than 20 years, yet it persists.
They're quite literally still alive while still choosing what laws they want to follow.
Obviously, that you can make this choice also means you get to chose if to even expose yourself to the potential consequences of that too, as Silk Road would attest to.
And most privacy-conscious services generally protect you to a certain level by the amount of data they don't keep. Mulvad, for example, when raided kept everything they had. Because they could prove that the data that the warrant was for was not stored on their equipment. PRQ, they're quite happy to work with you without knowing who you are.
If you want to keep yourself private from law enforcement or intelligence agencies, then you shouldn't be using standard services without your own layer of encryption and privacy steps in between. You're always going to be at the behest of some government, that's just how the law works.
> And if the risk you're hedging against is "yourself turning to big corp and abusing customers" moving to EU is okay, but not in any other case.
I mean, this seems like a silly concern (just don’t abuse the customers, lol). But, he can now reasonably offer to his customers the fact that he’ll be bound by EU privacy laws.
In the case of something like SourceHut which has consistently made decisions in favor of having a slow/sustainable business model instead of going for massive growth, this seems to make a lot of sense. He probably isn’t too worried about having to eventually backstab his customers, so why not make the value proposition clear?
Like what if the big plan here is to offer clear business terms backed by customer-friendly local laws and make a nice middle class salary for the rest of his life, while living in a nice friendly country?
And they were only able to do so under the auspices of corrupt politicians in said country. For example, Crypto firms in UAE purchasing property in projects closely affiliated with the Emirs of the Emirate they are domiciled in [0]. And Vietnam cracking down on shady domain registrars for streaming in order to unlock trading opportunities such as not being treated as a "Non-Market Economy".
Tech will always be subordinate to the government, and any techno-libertarian ideal faces that harsh reality fairly quickly.
[0] - https://www.occrp.org/en/project/dubai-unlocked
What's SEA?
There is a word for people who like to unilaterally break social contracts for their own benefits and it has not a lot of positive connotations.
Note: that I totally get the sentiment of wanting to get away from all these complications especially in technically minded people. But the sooner we realize that this can either be lived political resistance or antisocial/sociopathic exploitation the better. Even in an ideal society individuals will have to be bound to certain rules, otherwise everybody will have to fear everybody else violating their boundaries. And different societies will find different forms of rules with different evaluations of how to do things.
TL;DR: Don't want to deal with the rules of a society? Don't interact with it. You cant have your cake and eat it too.
Dead Comment
https://www.irishtimes.com/news/world/europe/sweeping-survei...
Also, this diff does not say his business has left US jurisdiction:
- before: "You must obey all local, US, and Dutch laws"
- after: "You must obey all local, US, European, and Dutch laws and regulations"
Of course, this puts the conversation in a tricky spot. The less-bad actors (no country is great in this context) should have the most well documented abuses, the worst will just do it without bookkeeping. So it is, unfortunately, a “prove a negative” sort of thing.
[0] https://news.ycombinator.com/item?id=41837782
Take this to its logical conclusion and basically, every company will need to segregate their data in regions. Most cloud platforms aren't really designed this way but it's coming.
There was a data locality law that India passed and Stripe had to do this massive migration project to segregate this data. I shudder to imagine what a more complex system would look like under such data locality laws.
Not super clear from the link that's the case. Maybe sourcehut will make an explicit publication to this effect.
No, that was there before too. What's new is the legal address in the bottom, that now specifies Netherlands, and a KVK+BTW identifier.
"-" prefix on a line in a diff indicates removals, "+" prefix indicates additions.
But yeah, I'd expect them to also make some sort of announcement blog post explaining the change.
Many smaller providers too.
OVH is also popular but I found their network speeds kind of limiting. It's been a while since I last checked out their offerings, though.
1) https://drewdevault.com/2021/06/07/The-Netherlands.html
They have a bit of an ethical track record where they've disallowed use of their services for crypto commodity projects and the like, for example.
Edit: I mean ideological not exactly political choice.
>I have felt a kind of dissonance with my home country of the United States for a long time now, and I have found it very difficult to resolve. I am not of one mind with my peers in this country on many issues; social, economic, and political. Even limiting this inquiry to matters related to FOSS, it’s quite clear that the FOSS community in Europe is much stronger than in America. In the United States, capitalism is the secular religion, and my values, in FOSS and otherwise, are incompatible with the American ethos.
Seems ideological to me.
Dead Comment