Moving away from US cloud services
342 comments
·March 18, 2025frereubu
> Wrapping up - Migrating away from US cloud services was easier than I expected.
This is absolutely not the main takeaway and I find it difficult to see how he could write this - there are gaping holes. Git repos (it's too difficult). NPM (ditto). Startpage uses Google's index. The only meaningful switch he mentions is Proton, but as other comments have pointed out they have vendor lock-in problems. The real takeaway from this is that it's currently impossible in any meaningful sense. It feels like there's a real opportunity here for European companies to step up and make a big play, but will they? I really, really hope so. I'd jump ship in a heartbeat if I could.
Edit: To be clear, the reasons in brackets were the author's, not mine.
Skinney
> Git repos (it's too difficult)
Sourcehut
> Startpage uses Google's index.
If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
In any case, even if a european is a proxy for an american service, you need to prove that there is a market for an european equivalent for change to happen.
arthurmorgan
TIL that Sourcehut is or has been moving to the EU/Netherlands, thanks!
bayindirh
They have moved to Netherlands. They were planning, but Murphy knocked (kicked?) on the door as a massive DDOS, so they expedited the move, a lot.
palotasb
> Sourcehut
Is it there yet?
> Notice: sr.ht is currently in alpha, and the quality of the service may reflect that. As such, payment is currently optional for most features, and only encouraged for users who want to support the ongoing development of the site. For a summary of the guarantees and limitations that the alpha entails, see this reference.
myaccountonhn
I've used it for a few years and it's been stable and without issue. builds.sr.ht is the best CI that I've ever used. I think the only time it has been down has been due to DDOS.
Would I run the git server of a multi-national bank on it? Probably not. A standard SAAS? Yeah if my team felt it was important to use EU companies.
Otherwise you could also self-host with a VM, then you can use gitea or gitolite with systemd oneshot services.
benhurmarcel
For git there's also Codeberg
Sebb767
> If they have enough users/make enough money, they'll make their own. Ecosia and Qwant (both european search engines) are working together to make their own index.
"There might be an option in the future if there are sufficient users" is a quite different milestone compared to fully switching away from US-based services.
null
null
soygem
[dead]
danieldk
I agree that some of the hard parts were glanced over. Besides that, everyone seems to talk about the cloud and nobody about the other big, if not bigger, dependency. Our use of Windows and macOS (and Google Android and iOS if you will) on the vast majority of client devices.
If
Time and time again, data-sharing agreements between the EU and the US get busted, showing there's just no legal compatibility between EU privacy rights and US spying laws. [...] With the current political situation in the US, it's also starting to become clear that our entire digital infrastructure is at the mercy of US policies. It is no longer safe to rely on US clouds for our governments and societies, as the US government can shut it down at will.
are your worries, rolling out government-required backdoors, lockouts, etc. in operating systems is going to be a huge issue. To shut down a large portion of Europe's infrastructure, the US government only has to order three companies to do so.
margorczynski
I think there were (and are) attempts of replacing at least the desktop systems with some variant of Linux but I think the dependency on Office remains the main problem in doing so - Windows lets you integrate all that pretty seamlessly with how the system works and is administered.
China is probably much more aggressive in this than Europe as for them the US has been a rival (or even enemy) for a long time.
pzo
he mentioned also Quad9 - Cloudflare DNS replacement. I didn't know about and will probably switch to it. My other picks:
SEARCH: qwant (france)
LLM: mistral (france), librechat.ai, openwebui
VPN: mullvad (sweden), protonVPN (swiss)
AUTH: OpenID (sadly seems like not many sevices implement it)
CLOUD: Hetzner (germany), OVHCloud (france)
MAPS: here wego, openstreetmap
EMAIL: protonMail (swiss), fastmail (australia)
DNS: mullvad (sweden), quand9 (swiss), nextDNS
TRANSLATE: DeepL (germany)
BROWSER: zen-browser, vivaldi (norway)
SOCIAL: nostr, mastadon (germany)
IM: elements (uk), matrix (uk)
EDIT: correction that fastmail is australian
hampus
Fastmail is based in Australia [1], not Germany.
hnbad
Fastmail's servers are apparently located in the United States[1] - and the Netherlands, but there doesn't seem to be a way to know in which country your specific mailboxes are stored.
> Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.
So as far as warrantless surveillance is concerned, Fastmail is no better than if it were a US company or subsidiary thereof. They may themselves not be in a position where they would have to comply with US requests that would be illegal in Australia but whoever is operating their US-based DC absolutely is and they admit as much, even if they handwave this scenario as being no different from an ordinary hacking attempt[2].
[1]: https://www.fastmail.com/blog/fastmails-servers-are-in-the-u...
[2]: Of course the flaw in this comparison is that an ordinary hacker can't make on-site staff comply with their demands and prohibit them from disclosing the hack. To do so without the authority of the law, you'd need a Hollywood action movie level of criminal enterprise that would usually involve taking a retired police officer's granddaughter hostage for some reason.
mhitza
For dns there is also dns0.eu, which I've been using without issues for a year (or more, since it popped up in the HN feed).
semi-extrinsic
For DNS, Gandi is also French?
Kelteseth
Add Netcup for great and cheap hosting from Germany. I've been a customer for years.
kiney
can confirm. Great for small and cheaps VPSes
McDyver
For encrypted mail, there is also tuta.com (previously Tutanota), Germany based
jb1991
Do you know anything about another popular German mail provider, mailbox.org?
jb1991
I’m curious about mailbox.org, which markets themselves as “privacy made in Germany“
attendant3446
I used mailbox.org for several years until they forced everyone into more expensive plans by adding irrelevant features like office and cloud storage. This kind of behaviour from them was disappointing.
schroeding
Can only recommend them - not too expensive, you can also use your own domains and they support at-rest auto encryption of all incoming mail with a PGP public key you give them (which of course does not prevent them from saving incoming mail as clear text somewhere else, but prevents others from reading all existing mail should they get access to your mailbox later)
eliaskg
Discovered them recently. Price looks absolutely fair for what you get. It offers up to ten external addresses for sending and has a web interface so it looks like a solid Gmail alternative.
margorczynski
I think German law makes that impossible - basically you need to assume the government can access your data at any time.
Heliosmaster
nextdns seems to be a US company, by French founders https://help.nextdns.io/t/y4hmv0n/who-is-behind-nextdns
Foobar8568
Yes, but nobody competes with AWS, Azure or GCP, everything else is easy. And most likely, most of the services/saas you mentionned relies on "US" cloud infrastructure.
mhitza
> Yes, but nobody competes with AWS, Azure or GCP
Scaleway is positioned in the same space.
hnlmorg
OVH and Scaleaway?
If not used the latter but the former was excellent back when I used to use them. They were a little more focused on traditional compute and lacks the general breadth of services that the likes of AWS offer. But if you’re in a position where you’re able to choose a cloud platform provider based on the location of their HQ, then the chances are you’re requirements from said cloud provider are pretty basic.
scoopr
There is also https://UpCloud.com
bamboozled
How do you think all these massive companies will successfully continue to operate in a country where the rule of law is no longer respected?
Like I understand how that might sound like hyperbole, but everything I'm reading seems to indicate the USA is on an express train to hackville.
Lutger
That is only the case if you think of migrating as an all-or-nothing. The services that he did manage to migrate went quite smoothly. If he would get stuck with one or two services, was it still worth it to migrate the ones he did manage? If you think it has all been in vain, then yes - its a different takeaway. But obviously Martijn does things step by step and I imagine he is happy even with the progress he made.
In other words, the question is 'is it easy to migrate to a service for which decent alternatives exist', rather than 'do decent alternatives exist for every service you depend on?'
You takeaway depends on what question you are most concerned with.
danmaz74
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
I think that this will depend a lot on expectations about politics in the USA in the medium/long term. Making this kind of investments makes sense if you expect the aggressive hostility that the current administration brought against Europe (and all other US traditional allies) to continue for a long time, and not just a couple years.
MartijnHols
I expected it to be much harder to move away from these services I heavily relied on like Microsoft 365. Before I started migrating it figured I was so entangled in their web, that switching to an alternative would be a tremendous task. After actually migrating these services, I managed to migrate 90% within a few hours per service. This is nowhere near the amount of effort I expected it needed. Because of that, I'm also optimistic about migrating Git and NPM. While I don't think NPM will be any different, I suppose my optimism about Git might be misguided because of the amount of customization that goes into setting up CI/CD. Still, since only one out of all of the services might be hard - one that doesn't handle any PII - I stand by saying the overall effort was easier than expected.
kriops
Git has full name and email in all commits, fyi.
mhitza
> It feels like there's a real opportunity here for European companies to step up and make a big play, but will they?
Big plays are possible only with big capital, and that isn't what happens in the EU tech market.
Lack of serious VCs is a problem on one hand, but to blame is also the EU Horizon program which will favor large established companies (which innovate very little), and the fact that the funding direction changes with hype cycles (in 2020 that was digital transformation, in 2024 it was AI and similar).
0x073
VC is almost every time grow and sell (to us).
So i think lack of vc can be good.
blitzar
The "easy" stuff was easy as the external face is a custom domain. This should be understood as a lesson for future choices.
Generic / not heavily propriety services which are pointed to by something you own (i.e. a domain name) can be migrated to new services. Web hosting, s3 hosting, email hosting etc.
Migrating from @gmail is not possible without scrapping an identity and starting over.
noirscape
A shame that OP recommends Proton. The fact they don't support open email protocols like IMAP/SMTP without an extremely frustrating proxy setup is what ultimately turned me away from their service. Being able to "just" use a native mail client is pretty much a must.
The vendor lock-in from something like Proton feels way worse as a result.
Can't speak to Proton Pass, but it strikes me as a replacement that seems unnecessary: if Bitwarden is a problem, the server can be selfhosted, something which the OP seems to be familiar with.
Some of the others feel of more... questionable issues to have with US cloud services; it's hard to find problems with Dockerhub and NPM that aren't just general problems with these services/the company behind them (mainly NPM). Maybe that's just because the public/private concern for both of those services is pretty different than the others mentioned here.
CER10TY
What's a good alternative to Proton? Still haven't migrated my business away from Google Workspace, and I was thinking Proton would be a good alternative, but apparently not if they don't even support IMAP/SMTP.
carschno
Mailbox looks very solid, although I don't have long-term experience: https://mailbox.org
It provides email, online storage, video conferencing, calendar etc., all of it privacy-preserving by default. You explicitly don't have to provide any personal details.
adwn
Seconded. I'm using mailbox.org for my business for 4 years now, and haven't had any problems so far.
oakesm9
Fastmail[0] is what I use for my personal email. They support all the standards, but are also pushing things forward with standardising the JMAP protocol[1] which is much better suited to mobile clients than IMAP.
They only have email and calendaring though, no equivalent of Drive/Docs/Sheets.
flurdy
I am very very happy with Fastmail. I know they have some presence in the US but I think they scaled that down and are entirely an Australian company.
Their integration with 1password and masking email aliases is also very useful [0].
If however you want to host your own emails, I did once write an extensive guide [1].
danieldk
I have used Fastmail for well over a decade, but they have their servers in the US, so I have been looking at alternatives.
null
hovering_nox
attendant3446
It's an alternative to Proton because it doesn't support open standards (like IMAP), but it has the same problem - vendor lock-in.
bodash
Second Tuta. Their feature list might be limited when compared to Proton or Fastmail, but their core email service is solid.
SSLy
https://european-alternatives.eu/category/email-providers
I myself use neither [0] but that's my nihilism defaulting on convenience.
[0] I've moved my own domain to iCloud+ custom domain offering.
chgs
I use Zoho for my personal email. They aren’t European but they aren’t American.
Crucially though it’s easy enough to migrate to another provider of self just by updating my mx records.
SSLy
context: Zoho is incorporated in US and made in India.
Saris
Mailbox.org is one I like
For a more business oriented replacement that can (mostly) replace gmail, google drive, docs, sheets, etc.. Zoho One is pretty good.
Lanolderen
I use migadu with thunderbird. Can't complain. Cheap and does what I need it to.
ptsneves
I am migrating away from Proton. In theory they check all marks, in practice they fail in delivering baseline functionality in all categories.
1. The Web interface email is so-so, but the proxy email bridge is really heavy and takes a huge amount of disk space. It also makes my computer start flying from time to time. The iOS email client(very important as they dont support standard protocols) is just useless. The text is rendered like an image which I need to pinch to zoom in and slide across the text. There is no way for the font size to be increased to a legible amount. The images in attachment are not in a carroussel so I need to open1/close1/open2/close2/open3/close3 if there are 3 attached images. In an email client this is absolutely basic.
2. ProtonDrive: It took a long while before rclone was supported and for their web client to be working, "ok". Anyway it is basically unusable as a backup cloud service because it takes forever to encrypt in the browser. I just gave up and have no idea what is the state of sync of my files there. I just moved to backblaze and am waiting for my Proton subscription to expire.
3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
4. ProtonCalendar is proprietary and not compatible with generic tools in iOS or linux or Android.
I gave up trying their other services as I just expect them to be as incomplete.
I mean: Email is the thing that needs to work right and every time I need to see some email together with my wife I feel like this goofy person that complicates what for everyone else is one of the most basic tasks in using a computer.
If I could I would just cancel and ask my money back, unfortunately they do not do that.
pmdr
> 3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
Even residential IPs are being blocked nowadays, we have Cloudflare to thank for that.
wkat4242
Yes! I run Firefox on Linux and I constantly get captcha'd everywhere (by that typical cloudflare loading page) because I'm not part of the 95% that runs Windows or Mac. Cloudflare is an awful thing for the internet.
Foobar8568
I get banned within 5 minutes when I browse Hermes or LV websites, fun stuff...
PhilippGille
What are you migrating to?
jb1991
Have you considered mailbox.org? I rarely hear much about this German mail provider that supposedly prioritizes privacy.
cedws
How would you support E2E without the proxy? Not that the majority of people’s emails are truly E2E anyway on Proton, but still.
JohnTHaller
I'm looking at new email providers and the inability to use Thunderbird on Windows and Android is why I ruled out Proton.
Tubbe
Also the CEO is praising the current Republican administration https://x.com/andyyen/status/1864436449942110660
9283409232
You're looking at this in black and white. The CEO praised one of the administrations picks for being tough on big tech. While I think he's wrong in his statement on who stands for "the little guys" praising one pick for her stance on big tech does not mean he wholly supports the administration and it's actions.
wkat4242
Yes I'm not a fan of Proton either. Especially because they hammer so much on their "Encryption" thing while 95% of the mails you get will come unencrypted from one of the big tech parties, Google, Microsoft, Amazon. So what is the point, really? And because of this indeed it is very hard to connect to it.
Email is just dead as a tech. It's no surprise nobody uses it for sensitive content anymore but instead just uses it as a notification service ("Please log in to our portal to read your message").
I don't personally like bitwarden either because it uses a master password, I prefer "pass" which encrypts each password with your GPG key (which can be stored on a yubikey for hardware security). But yeah self hosted bitwarden is a good option too and very popular.
cassianoleal
> It's no surprise nobody uses it for sensitive content anymore
I get password reset links for pretty much every website on email. Few things as sensitive as that.
I also receive and send documents, signed or for signing, with pretty sensitive information, over email.
I agree it shouldn't be used for those but it certainly still is.
wkat4242
There's so many organisations moving away from it though. Email password recovery yes. But really, what does Proton's E2EE add to this? The email is still sent unencrypted across the internet. And only gets encrypted when it gets to their mailbox. It's not as if someone could easily break into gmail either. Unless they know your password but then Proton is just as vulnerable.
I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.
upofadown
>Email is just dead as a tech.
It's really the only game in town for messaging. Like sure, there are a zillion incompatible alternative systems out there but email is the only system with worldwide adoption. ... and its federated. ... and it actually works somewhat reliably. ... and it's actually fairly secure these days, using a network of trusted email servers.
Like sure, it would be great if we could make end to end encryption usable for regular people for the email case. It would also be equally great if we could make E2EE usable for regular people for all the other cases.
sneak
Yeah, I was a Protonmail evangelist but their mobile app sucks and their client software has nonconsensual surveillance embedded in it that you have to remember to turn off.
pmlnr
Interesting how for a (junior) dinosaur, like me, this was never a problem: I still run my mail, web, nextcloud, xmpp, forgejo, etc server on a former thin client under a cupboard. With a symmetrical fiber 1G connection it's been surprisingly reliable.
FAQ:
Yes, you can run self hosted mail.
Yes, it's complex.
No, it's not hard, but it takes time, as it is complex - if you want to understand it. If not, go for something like https://maddy.email/
Yes, I have a fixed IP address with a reverse DNS entry configured.
My ISP is zen.co.uk.
Yes, I have reverse DNS, DKIM, DMARC, SPF, even mta-sts.
No, I'm not switching from XMPP to Matrix - it's too server heavy, XMPP is more client oriented, which is my preference.
I know about the UK's online safecty act, I used https://onlinesafetyact.co.uk/ra_my_self_hosted_single_user_... as a template to create mine. I think the act itself is basically useless and just paperwork, but something along it's ideas is actually needed.
I block many AI crawlers from accessing code and photos, as eg. Claude is so aggressive that it's code crawlers makes my system sluggish, and I have no will to let anyone use my photos beyond printing them for their wall as decoration.
bsafta
Can you please write more details about "I block many AI crawlers from accessing code and photos"? The bots are trying to access your nextcloud instance? I'm also self hosting a few services, including nextcloud.
pmlnr
No, not nextcloud, it's the photos on my website. They are CC-BY-NC-ND-4.0 licensed, which genAI doesn't respect in any form.
I added these in nginx.conf:
map $http_user_agent $blocked_user_agent {
default 0;
"~*AI2Bot" 1;
"~*AI2Bot-Dolma" 1;
"~*Amazonbot" 1;
"~*anthropic-ai" 1;
"~*anthropic.com" 1;
"~*Applebot" 1;
"~*Applebot-Extended" 1;
"~*AwarioBot" 1;
"~*AwarioRssBot" 1;
"~*AwarioSmartBot" 1;
"~*Bytespider" 1;
"~*CCBot" 1;
"~*ChatGPT-User" 1;
"~*ClaudeBot" 1;
"~*Claude-Web" 1;
"~*cohere-ai" 1;
"~*cohere-training-data-crawler" 1;
"~*DataForSeoBot" 1;
"~*Diffbot" 1;
"~*DuckAssistBot" 1;
"~*FacebookBot" 1;
"~*FriendlyCrawler" 1;
"~*Googlebot-Extended" 1;
"~*Google-CloudVertexBot" 1;
"~*Google-Extended" 1;
"~*GoogleOther" 1;
"~*GoogleOther-Image" 1;
"~*GoogleOther-Video" 1;
"~*GPTBot" 1;
"~*iaskspider/2.0" 1;
"~*ICC-Crawler" 1;
"~*ImagesiftBot" 1;
"~*img2dataset" 1;
"~*ISSCyberRiskCrawler" 1;
"~*Kangaroo Bot" 1;
"~*Meltwater" 1;
"~*Meta-ExternalAgent" 1;
"~*Meta-ExternalFetcher" 1;
"~*OAI-SearchBot" 1;
"~*Omgili" 1;
"~*Omgilibot" 1;
"~*openai.com" 1;
"~*PanguBot" 1;
"~*peer39_crawler" 1;
"~*PerplexityBot" 1;
"~*PetalBot" 1;
"~*Scrapy" 1;
"~*Seekr" 1;
"~*SemrushBot" 1;
"~*SemrushBot-OCOB" 1;
"~*Sentibot" 1;
"~*Sidetrade indexer bot" 1;
"~*Timpibot" 1;
"~*TurnitinBot" 1;
"~*VelenPublicWebCrawler" 1;
"~*webmeup-crawler.com" 1;
"~*Webzio-Extended" 1;
"~*YouBot" 1;
}
location / {
if ($blocked_user_agent) {
access_log /var/log/nginx/blockedbot.log ncsa;
return 401;
}
null
bsafta
Thanks!
dracotomes
I self host a mail server too. Static IPs are not available for a residential connection where I live which makes PTR and SPF records hard. What I've been doing is using Oracle's "always free" VM to host VyOS as an ingress/egress router. It's been pretty easy to set up the mail server itself using iRedMail.
I've had some problems with spamhaus and outlook because that whole IP range is not trustworthy but otherwise it's just worked (Spamhaus was nice enough to put me on a whiltelist).
I know hosting at Oracle is not moving away from US cloud services but I set this up two years ago and this could be achieved using any cheap or free VPS.
rambambram
Maybe one really needs 'the cloud' (whatever that is) or the accompanying services, I don't know, but I do know that good old webhosting is still around. At least here in The Netherlands. Good for email, good for websites and webapps, good for data storage.
There are enough options to choose from the decentralized menu of hosting offerings. Most are cheap enough also, but watch out for the slightly bigger webhosting companies that are taken over one-by-one by some group of investors wanting to play AWS (and upping the prices by 400% or so).
9dev
The cloud, speaking for small-to-medium companies, is two things; a directory server with file storage, email, and an attached suite of productivity tools (e.g. Microsoft 365 or Google Workspace), and virtual, distributed infrastructure (e.g. AWS, Google Cloud, or Azure).
You can build the offerings commonly sold as "cloud" yourself, but it requires a ludicrously unreasonable amount of engineering work to reinvent the wheel and end up with a shitty solution that gets your users frustrated, guaranteed.
We need a European contender (or multiple!) that can actually compete in one or both of these disciplines. There is going to be a huge market for this very soon.
chpatrick
I think a ton of services would actually run just fine on a single old fashioned Linux machine without any fancy cloud stuff, we've just been conditioned to think that it's somehow wrong.
rambambram
I did not necessarily need an explanation of what 'the cloud' is or isn't. I came to believe it's definition is vague on purpose. I found out it's (almost) the same old internet with new shiny marketing labels on it (I say 'almost' because clubs like Netflix probably need their movies stored near the end user for seamless HD streaming). With the end goal of getting everyone's data on someone else's server (so they can control it, eventually without your permission). It works because programmers who might understand technically what it is, usually don't call the shots when some Big Tech salesperson offers shiny new apps from the US.
Luckily, I don't need a cloud. Not someone else's cloud, not even building my own cloud. Why? Because the technical progress required for me to save, work, share and publish stuff online (or locally on my computer) was already there from the '90s. And luckily, it's not standing still. Although every exec and marketing boy wants you to believe the only good stuff is the next hyped up stuff.
We see the same thing happening with LLMs and AI. It's marketing fluff all around, by people who so fully believe in it that it becomes scary. And it's hard to argue against it, because it is impressive what LLMs can do. It's also bullshite and has nothing to do with reasoning, or thinking, or whatever human capabilities are projected onto a digital parrot (I don't want to ruffle some feathers, pun intended, a lot of people probably have good use for LLMs and it's still interesting that people work on these systems).
A computer, an internet connection and some webhosting get's you more than far enough for most use cases. Without vendor lock-in.
There's more to technology than only technology.
anonzzzies
I find it really annoying when tradional hosters (indeed in NL and DE for instance) move to the grifting 'pay per use'; the same VPS that I could beat over the head for millions req/month for 5 euros, now costs, for the same usage, 50+ euros because suddenly i'm paying for the cpu, memory, disk, network etc that I use. It costs them $0 extra, so that's all profit. I had it a few time now ; you can recognise it either indeed if they get taken over by some large investment firm and/or when they start offering more and more 'cloud services' next to their VPSs; once they have the infrastructure up and running, they start screwing over people. Mind you, if the service was better, then maybe, but it's not; it's just vastly more expensive.
nickslaughter02
I would like to see a movement more along the lines of "Moving away from cloud services", not just US services. Our computers are faster than ever, internet bandwidth is not a problem, public IPs affordable. Why not self host when possible?
anonzzzies
Yep, I just finished moving most of my stuff to a bunch of small (but stupidly powerful) machines in my and my parents house. They sync and work very well. It's a nice feeling, finally everything is hosted and backed up and in my own hands. Of coourse, this is not for business, although I would have no issues hosting small busness on here; it's more robust than most single vps solutions.
DoingIsLearning
Doesn't that go against the whole "one local, one local external storage, one remote" backup redundancy?
anonzzzies
Maybe, but i'm not running a bank here and I do, regurarly, stick in an external drive to run a backup. It's pretty well protected all in all. Definitely better than 'if google kills my account for no reason at all'.
fullstackwife
It is important to not lock yourself into any cloud provider. For example using services like Firebase, which are very good, means you cannot *easily* move to self host once your business idea turns out to be a success.
cbg0
For hobby projects this has always been an option, but a business will prefer the reliability and value add offered by cloud services.
nunez
Tailscale makes this easier than ever to do. I'm looking to move most of my Lambda functions off of AWS and into KNative on my Kubernetes cluster at home.
falleng0d
Why move away though? The cloud subsidizes for "free" a lot of powerful services that the average user can only dream of self-hosting.
And the price is what? Your browsing history? Personalized Ad's? Provided you don't AdBlock that is!
I like the symbiotic relationship. I do believe in safeguarding yourself from getting locked out of your life due to your Google acc getting banned but outside of that I see no harm in getting free service in exchange for data. It's a fair deal.
danieldk
And the price is what? Your browsing history? Personalized Ad's? Provided you don't AdBlock that is!
Regardless of what you think of using your private data in exchange for free services, the problem with the cloud owned by US companies is that to us outside the US it seems like any kind of blackmail now seems fair game.
Since Vance threatened to drop NATO support if the EU regulates Musk's platforms [1], temporarily holding hostage our data to 'win' a trade war does not seem that far-fetched anymore.
Also, if the US ends up trying to make good on their threat to annex Canada or Greenland, then we are strongly dependent on a hostile state. We learned some lessons from being dependent on Russian gas.
[1] https://www.independent.co.uk/news/world/americas/us-politic...
fhennig
Whether the price is fair or not is obviously up to you. I personally don't like the deal, so I would rather use alternatives.
IMO your quotation marks around _free_ do a lot of heavy lifting.
spiffyk
> public IPs affordable
Not until we start considering all non-IPv6-supporting ISPs to be a no-go.
moffkalast
Yeah the pricing for memory in most cloud instances is so atrocious that you pay enough to buy a whole DDR5 stick in a few months already. Or an entire ARM SBC that will outperform that stingy offer in every way.
Cloud also has networked SSDs so they can keep the machines and partitions separate, which really limits their speed and throughput and increases latency. Nothing beats a PCIe attached NVMe.
datadeft
My problem is that I do not want to replace one centralilzed service with another. I do not see any difference between the US and the EU (or Australia) in handling privacy. Most politicians are super keen on destroying privacy for people, for the "good cause". There are so many examples of this I lost count. We need strong encryption and true peer-to-peer networks where the connection is going through random routes (impossible to predict) and there is no government controll of any of the nodes it touches.
Sander_Marechal
Perfect is the enemy of good. The EU has it's flaws, but if you can't see the difference between the US privacy climate and the EU privacy climate then you need a reality check.
piokoch
Yup, in the USA you can still have VPN server that is not storing logs, something that is simply illegal in European Union countries.
In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way, as any criminal who needs an anonymous card would pull in to the retailer some drunk or homeless person and get that SIM anyway. But "normals" can forget about privacy, unless they want to play with something like silent.link.
cbg0
Mullvad is based in Sweden which is part of the EU: https://mullvad.net/en/help/no-logging-data-policy
Obviously, it goes without saying you should never trust something you can't verify, regardless of which country the VPN operator is based in.
mmarq
> In the USA you can purchase prepaid SIM card in Wallmart with cash, put it in your phone and you have anonymous phone number, again, this is illegal in Europe in a typical stupid European way
This is illegal in some European countries but not all. I more than bought one phone and one SIM card with cash in the past.
belgiandudette
I have a few traveler esims from Europe. I didn't need to show any ID and I paid cash.
EVa5I7bHFq9mnYK
In all of Eu countries I visited, only FI and DE asked for id when buying a prepaid sim card. And prepaid sim card days are almost over, as there is Airalo etc.
mytailorisrich
There is always a degree of incoherence in people's beliefs and actions.
A good one along the lines of your comment, IMHO, is how most Europeans are very happy to promote ID cards and to be asked for theirs all the time while always complaining about "privacy" and against "surveillance".
For instance in France you must show your ID to buy even a prepaid SIM card, but then again the police can ask to see your ID with little justification. Or how they ask for ID when checking your ticket in the TGV high-speed train...
Hikikomori
You remember Lavabit?
We also have Mullvad.
jve
True regarding logs.
False regarding SIM cards.
European.
ianopolous
You might be interested in Peergos (lead here). It is E2EE, built on a P2P protocol (libp2p) and thus self hostable. We don't have onion routing yet though.
dijit
For me it's not even about privacy, it's pretty clear that no matter where I host things, if I don't have control of the hardware and the TLS termination then there's no privacy I can guarantee.
However there's still a case to be made for some form of digital sovereignty.
It's no longer considered a complete paranoid delusion that the US could snap its fingers and put tariffs/sanctions on digital goods served from US companies or consider the EU to be proscribed and cut access entirely.
I used to allow myself to think of the consequences of such a situation, after all the US very famously stated that they have no such thing as allies, only temporary allegiances, and as a brit: that is a sobering thought, because we cosy up to them a lot - even going so far as to join them in an illegal war.
However, if you consider the economic harm that would be caused by microsoft just cutting access to Office365, disabling the licenses used or even cutting access to EntraID and managed sharepoints and/or Teams. Most of the EU would not lose billions in lost productivity, they would lose trillions.
What a crazy economic risk, and that's just one product. Nearly all digital services in the EU depend nearly entirely on Azure/AWS & GCP.
Even the ones that don't depend on hosting, still depend on Google Workspace or Office365; both of which depend heavily upon online services which may not always be online during heavy tensions.
I know this is difficult to reason about, but we really have our heads in the alligators mouth when it comes to our digital capability- it will be hard to remove it, and many people are enjoying the echo and will actively fight against attempts for change.
teekert
I find the Proton tools to be a joy to use and I use them for my business. For clients, I can't do that to them. Microsoft completely dominates and people just expect to be able to video call, chat, work on docs, etc. MS365 remains incredible value for money and pretty optimal for normies.
fldskfjdslkfj
I recently had to use MS365 for a short time and I hated every moment.
wkat4242
Absolutely. Microsoft stuff is so mediocre and incompetent.
They get away with it because they're pretty much the only game in town for enterprise. So there is no drive for them to improve in any way.
But really, companies choose Microsoft because it's all connected (easy to manage for them) and fairly cheap if you take the whole package and because "nobody ever got fired for picking Microsoft". But AAA third-party solutions are always way better in terms of UX and features. Picking Microsoft tools always feels like you're settling for less.
I manage a lot of the microsoft 365 stuff at work and I really hate my job. Also the condescending attitude of their employees and 'consultants'.
nunez
I found O365 to be much better suited for Windows admins on large teams, IMO.
fhennig
I agree!
I switched because of their calendar integration. I needed an email tool that would send 'accept' replies to calendar invites send from outlook and google, and I landed on proton.
To any self-hosters if you have a working setup for that (email+calendar), please let me know! I couldn't find anything decent.
internet_points
Teams is a horrible, ghastly product that is absolutely impossible to avoid with clients :-( I'd prefer to stay on the free plan because it feels so soul-destroying to reward such behavior, but then you can't start calls unless invited to a meeting by someone on a paid plan (or something, it's disabled with no message).
CER10TY
Would you recommend moving from Google Workspace to Proton? Including emails and so on.
mprev
I'll give a different point of view.
I switched my personal email from Google Workspace to Proton. My use case wasn't privacy (especially when 99% of my email is sent to and received from people using Gmail, Office 365, etc.) I was interested in trying Proton more to support a plurality of service providers.
As such, I'm probably not Proton's target customer. That means the compromises Proton makes to enable E2E are not worth it to me.
Some examples:
* Search is like going back 20 years.
* The lack of automatic filtering (e.g. Gmail's automatically applied Promotions, Updates, etc labels) has made the signal to noise ratio in my personal inbox so low that I'm considering just taking the app off my phone or suppressing notifications, at least. I don't have the time to set up manual filters for everything that comes in.
* The lack of automatic filtering and decent search means that my personal email is now pretty much useless.
Similarly, it's pretty hard to migrate away from because you can't just use IMAP to shift your email history to another provider.
This isn't a negative review of Proton. This is just to say that choosing Proton Mail means living with the compromises necessary to enable their main feature (privacy) and I don't care enough about that one feature to make those compromises worthwhile (because my email is going through so many non-private services anyway).
sylens
Yeah this is why I chose Fastmail when migrating off Gmail - I needed something more usable, not private
teekert
Well, there are no (classical) office tools. There is a text editor, but no spreadsheet. Their "Drive" solution is very mvp, you can collaborate on text docs, but it's very minimal.
Email is great, looks great, fast, nice feature set. Calendar is mvp-ish, I can accept invites and they go into the calendar and they have nice links to Teams or Meet etc, pretty seamless. They also have widget for a iPhone now, but it's early days.
ProtonPass is great, at least as great as BitWarden, sharing credentials with family and colleagues is a lot easier (not that "organizations" stuff, just click, share, done).
My iPhone syncs pictures to Proton Drive, but the app needs to be opened to do that, which is annoying. Other than that, works well, pics are safe. I really want a Linux client and an API (or rsync endpoint?) so I can push backups there (I have 3 TB drive for the family/business combined).
Their Bitcoin wallet was wasted effort if you ask me, would have preferred video chat or something. Make it more like NextCloud with a dashboard perhaps.
But when they make a new product, it's mvp but generally immediately works very well. I have a lot of trust in their solutions to just work.
But you can use almost everything on the free tier, so just try it out! The migration tool also works really well.
mprev
Important to note that the migration works well one way only. If you later want to migrate out it'll be more painful.
Dzidas
The biggest elephants in the room are cloud providers, but I didn't find an easy alternative yet (hetzner, ovhcloud). ATM, the idea to the business is sold, that data resides somewhere near by in a datacenter, EU proximity. However, the EU businesses are realising that, well, whole region is at a mercy of one person.
tcldr
Hetzner is great value, but their networking has a few issues:
1) Networking is mostly limited to 1Gbps. Even private networking. You can request a 10Gbps NIC, but it has to be housed in the correct data center and adds a $48 monthly fee.
2) Private networking is IPv4 only so dual-stack private networking isn't possible. Also each public IPv6 address is /64. Would be nice to get a /56 to setup dual-stack IPv6.
3) Can't specify a subnet to assign a server to when using hcloud API/Terraform. You have to specify the required IP on the subnet explicitly.
4) As I understand it, the private network traffic isn't truly secure between tenants, so needs to be encrypted between nodes anyway.
Still, I'm betting they'll fix these issues as their offering grows.
nasso_dev
How about Scaleway?
wkat4242
I like them a lot but they only have EU DCs, if you are looking for Global (or at least Asia) you're out of luck for now. Perhaps this disconnect from US services might give them the impulse to spread out though! I'm really happy with them as a customer and I don't have needs beyond Europe anyway.
pimterry
I've found Scaleway for AWS-style managed backend services fronted by Bunny (https://bunny.net/ - also EU-based & owned, but with global CDN DCs) works well! Bunny have nearly 30 DCs in Asia alone.
grahar64
Problem with Hetzner is they don't have the self hosted DCs in pacific region yet. They have Singapore for their PaaS solution, but if you want those cheap second hand servers then have to be in EU
MaKey
What is their PaaS solution? Hetzner Cloud is IaaS.
moooji
koyeb.com is an EU (France) alternative to fly.io
internet_points
Have you used Koyeb? I really like fly.io, though it would of course be ideal if they weren't US-based.
system2
OVH and Hetzner are excellent companies. I doubt there would be any problem with them in the future.
monospaced
Other notable EU cloud providers are also STACKIT, IONOS, Cloud Ferro and Exoscale
iLoveOncall
OVH is an absolute joke.
People are really quick to forget the fire that destroyed one of their data centers a few years ago and which did not get addressed in any way by OVH for months.
They also learned nothing from it, and are repeating the exact same mistakes.
I stopped hosting even my personal blog on OVH because of how garbage it is.
wkat4242
Yes they are such chaos internally. Even their support tells you different things every time. I kept having issues around my IRC bouncer on one of my servers (kimsufi, their budget brands). Some support people said yeah no issue as long as you don't do anything illegal. Others said I'd get insta-banned, and sometimes I did have issues and had to call them to get re-enabled.
Now, I have to admit I haven't been a customer of them for 10 years due to exactly this. But yes the fires exposed a lot of the same I left them for.
I left to go to DigitalOcean but it became too expensive and then I found Scaleway which I'm a happy customer of for years now.
mrweasel
Both companies are excellent, and I'd absolutely trust them with my business, but neither can replace something like AWS. The friends I have at companies who are actively using AWS are all relying on a fairly large number of AWS only services. Either they'd need to stand up their own replacements and host those services on VMs, or in some cases rewrite parts of their stack.
E.g. if you're using AWS Cognito then you're not going anywhere.
Dzidas
Exactly! You can get a bare minimum, like a virtual machine (EC2) or storage (S3), which probably enough for small and medium enterprises (SME). However, if we move beyond, I'm not sure as I don't have experience with them. Now, if I'm building a prototype, I want something quick and just a lack of Cognito is a deal breaker.
n3storm
IMHO Aws is designed for totally embracing their philosophy and language. You don't understand two Aws Devs talking to each other. Even organizations are internally structured for Aws operations. This create something even stronger than a dependency.
cbg0
I think this is less of an issue than people actually think - if it gets to the point where this becomes a real problem, individual EU countries can force the datacenter owners like Google/MS to change ownership structure for these datacenters to EU-based subsidiaries or completely new companies if they want to continue to operate.
Dzidas
I wouldn't buy that - if there is a dead switch then sorry, I don't want to pay that with my business.
thinkindie
I wonder if there will be some kind of setup like AWS did in China - with a local partner managing the DC.
mytailorisrich
Virtually all foreign companies that set-up shop in Europe (or anywhere else) do so by setting up local subsidiaries.
Google, Amazon, Facebook, Apple, etc. When you deal with all of these guys in Europe you deal with their local subsidiary(ies), not the US mothership.
cbg0
I'm aware of their use of subsidiaries, but is this true for ownership of the buildings and hardware, or just something done for tax purposes?
hnbad
This doesn't matter as far as the concerns about US warrantless surveillance laws go because those laws also apply to subsidiaries of US companies. IIRC Microsoft tried to argue that its EU subsidiary could not comply with US requests and lost.
wg0
I know this going to offend many but as an outsider, it is heart wrenching to see a foolish, greedy and extremely corrupt property dealer dismantling the greatest empire in the human history, piece by piece from its soft power (VOA, USAID) to its core functions (tempering with science and education) and there's no political force in sight that can be of any significance.
hans_castorp
I don't know if it migrates CI pipelines as well (which is apparently what prevents the OP from leaving github), but Codeberg has a migration tool to automate the switch from Github (and others) to Codeberg.
Lutger
Codeberg looks really nice, almost a copy of github, and is hosted in Germany while you can also self-host.
justmarc
Very well written and justified.
At the end almost everything in life is about interests. It's clearly in the best interests of one country, or union of countries, to do their thing and reduce reliance on others.
Lutger
Reducing reliance on others is primarily risk mitigation, which is increasingly perceived as necessary due to the rise of authoritarianism and wars, in western democracies at least. However, it is quite a sub-optimal solution, and in some cases very costly or close to impossible. It will almost always reduce economic growth, sometimes quite severely.
It would be in the best interests of any one country or group of countries to not have the threats which we think we must de-risk in the first place. Free trade was the primary way we thought we could do that, or at least Europeans thought that was the way. We were wrong all these years. I admit I was one of them. I thought at some point in the near future we would collectively move past this thing called warfare. How naive.
adamc
It's striking how little discussion there is of the underlying risks that now make the US cloud less attractive. Trump is doing a lot of damage to the US as a services provider.
> there's just no legal compatibility between EU privacy rights and US spying laws.
“EU privacy rights” is bold framing considering what’s been going on with Apple: https://www.eff.org/deeplinks/2025/02/uks-demands-apple-brea...
Honestly the whole article except the “Wrapping up” section can be skipped and you’ll still end up with mostly the same technical takeaways.