> At UpCloud, we are committed to complying with European data protection laws and compliance with ISO 27001. This international standard not only signifies our dedication to maintaining a high level of information security but also ensures that we adhere to recognized best practices in managing and safeguarding your data.
If you want to be Europe only that includes not terminating your SSL at a US CDN provider like Cloudflare...
European presences of US providers are still US providers with all the implications of that for privacy, applicability of US laws, government interference and a potential trade war.
Because if the actual services they used were not going through cloudflare then it would not really matter to users.
It turns out their management web UI (for orders etc.) also goes through cloudflare so that is a potential problem (and I now plan to switch away from Upcloud for that reason - its silly to route that through Cloudflare).
That said, their servers and their managent are in Europe.
> We are eliminating any concerns over data transfer fees. This means you’ll enjoy Internet traffic from our cloud services without any fear of accumulating costs.
> How does this differentiate UpCloud from competitors?
> By pioneering the zero-cost egress model, we’re not just changing the game for UpCloud; we’re challenging the entire cloud industry to reevaluate their pricing models and spearhead the
industry towards predictable budgeting on cloud computing costs.
While the actual bandwidth limit (https://upcloud.com/fair-transfer-policy) is the same as DigitalOcean and at least an order of magnitude lower than other EU providers like OVH and Hetzner.
> Even if you exceed your monthly share, don’t worry, there are no excess fees. We will simply notify you of reaching the fair transfer policy and may reduce the bandwidth of your Cloud Servers to 100 Mbps for the rest of the month.
EDIT For completeness, there is also:
> If you believe to require more transfer per month than the Fair Transfer Policy provides, you may opt in to a paid transfer model at €0.01/GB. This affords you completely unlimited egress with no restrictions.
A soft capped network capacity is different from a hard spending cap. They have different risk models, benefits and drawbacks.
Personally I prefer a cap on spending given that the risk of runaway costs has a bigger impact than the risk of runaway of legit network traffic. I suspect most people feel that they are more cable of catching and addressing runaway success, rather than an runaway network problem caused by an undiscovered bug or attack (often intentionally done during off-hours in the middle of the night).
While this is technically true, it is almost every time false in this case. The network traffic scales with the CPU resources, you use on UpCloud. I know that, because I used their services.
But it would have been enough to just read the links, that are posted here.
I encourage everyone to do the same, before posting stuff that is irrelevant and/or plain wrong.
You're misrepresenting UpCloud's offering. Their "zero-cost egress" is completely truthful - they don't charge extra fees for data transfer, unlike other providers.
The fair usage policy you linked sets reasonable bandwidth allocations (just like DO), but crucially, they don't charge as much as AWS/GCP. And this is the main selling point here: the egress fees of the big cloud providers are straight up bonkers. UpClouds isn't.
Calling this "lying" is dishonest. They're transparent about both the policy and its industry context. If you want higher baseline allocations, that's fair feedback. But it's a different discussion than accusing them of deception.
I'm European and European providers need to start by not being dishonest, we can't just give 'em some slack just because they are "ours". I'm not putting my data into a company that can't even be honest about their actual reliability.
There's "zero cost egress" mentioned all over the page but the limits on https://upcloud.com/fair-transfer-policy are comparable to other hosts like DigitalOcean: the cheapest 7 EUR VPS has a limit of 1TB of bandwidth. (For comparison, Hetzner offers 20TB on their EU VPS for under $5.)
> Say goodbye to unpredictable egress costs and hello to our zero egress fee initiative. Unlike other cloud providers, we don’t charge for outbound traffic (‘egress’). This gives you the freedom to distribute your content and scale your business without the constant worry of unexpected bills.
No I don't think so. You have to able to take your own data out for free. But delivering it to everybody else can be charged.
Edit: Not allowed to comment on your reply anymore. I read it as a confirmation of what I said. Charging for egress in general is allowed. Only the egress to take your own data elsewhere must be free.
Chapter VI: Switching between data processing services
The Data Act will also entirely remove switching charges, including charges for data egress (i.e. charges for data transit), from 12 January 2027. This means that providers won’t be able to charge their customers for the operations that are necessary to facilitate switching or for data egress. However, as a transitional measure during the first 3 years after the Data Act’s entry into force (from 11 January 2024 to 12 January 2027), providers may still charge their customers for the costs incurred in relation to switching and data egress.
Is that for all egress or just for switching providers? "Move all my data from GCP to AWS, no cost" is quite a different thing from "Host video files for free"
> In order to foster competition, the gradual withdrawal of the charges associated with switching between different providers of data processing services should specifically include data egress charges imposed by a provider of data processing services on a customer. Standard service fees for the provision of the data processing services themselves are not switching charges. Those standard service fees are not subject to withdrawal and remain applicable until the contract for the provision of the relevant services ceases to apply. This Regulation allows the customer to request the provision of additional services that go beyond the provider’s switching obligations under this Regulation. Those additional services, can be performed and charged for by the provider when they are performed at the customer’s request and the customer agrees to the price of those services in advance.
Why, exactly? Cloud providers don't pay per GB themselves, since they make their own peering agreements, and the only reason we users end up paying $/GB in transfer is because people end up paying for that premium when companies offer it.
It doesn't have to be like that, and it seems like this provider agrees with the idea of not upselling $/GB transfer costs, since they themselves don't pay it like that either.
I'm curious to see how it goes, as others mentioned, they're not the first (nor will be the last) to offer this no-nonsense pricing scheme.
I didn't expect the comments in here to be so negative.
It's a decent service in itself and a good alternative to many other traditional VM-based hosting companies, which Europe is absolutely full of. They are not really competing with the hyperscalers, nor even Digital Ocean in my opinion, but rather providers that likely sell pre-committed OpenStack clusters and such.
I don't believe they are fully clear of American-owned companies in their entire dependency chain, nor do I believe that it's possible to do that today. Companies like Equinix provide a damn good solution for homogenized infrastructure that is invaluable for cloud providers.
> I didn't expect the comments in here to be so negative.
Wait until the US properly wakes up and you'll see what negative can be on HN :)
> nor do I believe that it's possible to do that today.
Why not? Granted, a lot of the internet infrastructure is maintained by US entities, but it doesn't have to be that way, afaik. I'm fairly sure there are companies doing worse/better in this regard, but at least it's moving in the right direction.
Our company's biggest remaining problem is finding a reliable IdP that isn't primarily for individuals, self-hosted or based on Active Directory. There are some alternatives, but they are mainly country-specific (like Freja) or not well integrated enough with e.g. OAuth. We've considered at some point to pivot our company to focus on a fully European IdP, as we feel it's a fundamental missing puzzle piece!
UpCloud works well enough. In our experience, the available features work very reliably (for half a decade now). There are a few rough edges here and there during configuration. On the other hand, some things went smoother and faster than on one of the big hyperscalers. Simplicity can be a feature in itself...
One thing not mentioned yet: We had very good experience multiple times with technical support, being available 24/7, doing proper hand-offs and getting back to us if an issue wasn't resolved, and being technically knowledgeable.
And there are always humans on the other side which can be talked to. (Looking at you, MS for org validation for trusted signing ...)
> Hetzner behaves pretty much like DO, with servers that can be changed in the corresponding management panel. Or what aspect do you think is different?
Parent is comparing Hetzner Dedicated with Upcloud VPS, not Hetzner VPS with Upcloud VPS, I'm not sure you missed this.
But in case it's not a misunderstood question: Dedicated instances are "real" hardware you have full control over, for better or worse, while VPSes are managed by your provider, and are virtualized on top of "real" hardware.
Usually you have better performance and isolation (and higher price :) ) with dedicated servers compared to VPSes, but it also usually means less flexibility. Typically you cannot just "upgrade" a dedicated server to another instance without dealing with the migration yourself, while most VPS providers offer a one-click upgrade/downgrade of instances.
Edit: I see parent now edited their comment to say "Hetzner dedi cloud" where as when I wrote my comment it just said "Hetzner dedi" so seems I'm the one who misunderstood parents comment :)
Yeah, that's exactly it and the confusion/edit fits ;) If I'm not missing something those dedicated cloud servers are dedicated in that they are not shared ressources, but can otherwise be managed like the shared "droplets".
I was thinking that maybe the felt difference is in some additional services like block storage (though I think hetzner has a complete offering, without checking the details right now) or in the limitations of the scaling.
Hetzner also has real dedicated servers and sure, your explanation gets the difference there. I appreciate that you gave the comment a real reply in any case :)
Initially I wrote "Hetzner Cloud", and then changed to "Hetzner Dedi Cloud", to emphasize that those are more performant VPSes. Shared cloud instances cost even less: €25/month for 16 cores.
It's still cloud, billed by the hour, but Hetzner makes a distinction between shared cloud, where your cores can be oversubscribed, and dedicated cloud, where core is core.
If there’s any hardware issue on your dedicated box it might take a lot of time until your box gets back up (hours, days…). On a vps it’s less likely to happen in the first place (hvs are usually better quality) and if that happens migration takes minutes.
OTOH, with dedicated servers you can have bad neighbors in the same rack, but with VPS you can have bad neighbors in the same server. I'm using both dedicated servers and VPS on Hetzner, and, anecdotally, I see more consistent network latency on dedicated servers than on VPS.
The prices mentioned in the top comment are for a Hetzner VPS. A dedicated server (bare metal) on Hetzner with the same specs costs a fraction of that price.
Apologies in advance for the thread hijacking, but I wonder if there would be enough interest in a turn-key solution for a fully suite of open source SaaS alternatives, hosted in a European cloud (Hetzner and/or OVH).
The idea would be to take any existing commonly used service at a startup and set up the FOSS equivalent, unify them with SSO via OIDC and charge by the a flat rate based on the amount of resources.
I've already built something similar for social media platforms, so I think I would just have to expand my catalog to do it.
Ok. That's good to know. If you don't mind some follow-up questions:
- What services are you/your company relying on and you'd like to switch to an open alternative?
- How much are you/your company spending on these services?
- What is the threshold of pain (retraining, missing features, known issues) would you/your company be willing to accept for solutions that are not 1:1 replacements for the current systems?
- Email -> Some EU or Swiss-based email provider, I'd recommend Migadu
- Figma -> Penpot
I'd have to know a bit more about you mean by "various cloud services", but if you just mean "applications we run ourselves", it sounds more like a small consultancy project than a packaged product that can be offered.
In any case, I think I could help. Would you like to maybe send me an email? raphael (at) communick.com
Amusing to see all the comments complaining there is no 100% European tech stach covering everything from servers, CPUs, motherboards to laptops and office/word processing suites.
That is true, but none of those are 100% from US (or China) either.
It’s almost as if our global economy is a complex beast with lots of interdepencies…
My advice: Go read the seminal “I, Pencil” essay from the 50s. Now do the same exercise witha computer system that involves both hardware and software.
I restrict my usage of infrastructure providers to publicly listed companies. The transparency is just so much better. You can get a lot of info on how they run their business and where they are going.
For now, that limits my choices in Europe to IONOS and OVH.
OVH's interface is pretty chaotic. But the services themselves seem reliable so far. IONOS seems pretty solid in all aspects, but a bit cheesy in their constant battle to upsell you more services.
What they don't mention is that some of their data centers are delivered by Equinix, an American company, so it doesn't matter that it is in Finland (same with Sweden and Poland). It is inherently insecure if you are trying to get away from USA.
Your argument oversimplifies the issue and ignores critical nuances. While it's true that Equinix is a US-based company, the physical location of the data centers and the legal jurisdiction they operate under matter significantly. A data center in Finland, Sweden, or Poland falls under EU regulations, including the GDPR and local data protection laws, which impose strict requirements on data handling.
Equinix may provide the infrastructure, but US intelligence agencies can’t simply access data in these jurisdictions, unlike in the US, where providers are directly subject to laws like the CLOUD Act.
Even if we assume hypothetical US access to the hardware, modern encryption can somewhat ensure that raw data remains protected. The real risk isn’t just physical access—it’s legal and architectural control. A European provider using strong encryption and operating under EU law still offers far better privacy guarantees than a US-based alternative.
If your threat model includes avoiding US influence entirely, then yes, you might want a provider with no US ties whatsoever. But for most users, especially those seeking GDPR-compliant hosting, a European provider using Equinix infrastructure is still a meaningful step up from hosting directly with a US provider. Dismissing it as "inherently insecure" is unhelpful and disregards the real-world protections offered by EU jurisdiction and encryption.
The goal isn’t perfection but practical improvement. If you have better alternatives, share them constructively instead of undermining efforts to move away from US-dominated cloud services.
Equinix only provide the physical space and power, and things can be set up with them not even having physical access to your room/cage, other than forcing it (which would be visible). While they could be an attack vector, with modern hardware even having physical access is not a guarantee to having access to the data (TPM2 and disk encryption are trivial to set up).
Interesting to see on Front page I tried submitting UpCloud to HN so many times I gave up on it.
One of the best part of UpCloud is their flexible plan. You could have something like 64 Core and 8 or 16 GB Memory with very little storage and the whole thing is charged by the hour. You can have a 64 Core server that is under $700 USD a month. If you only care about CPU core that is reaching dedicated server pricing without long term commitments while having the flexibility.
Edit: I cant remember if they are real CPU core or vCPU as one 1 thread. Some vendor in the past few years started to use vCPU as single Core only. Some dont.
What difference does it make if 99% of your devices are still running on Microsoft Windows?
I'm a European DevOps engineer who specializes in Microsoft Azure, and I'd like to switch to European alternatives. But I struggle to see how we can ever become independent of Microsoft of all devices are still running Windows and 365 / Office.
Time to adopt Linux and other OSS? In some ways the experience is worse, but in some ways better. No Telemetry and none of the annoying ads being shoved into your face all the time. I still see software companies choosing to build on top of M$ tech stack and I cannot understand why. Why keep throwing money at M$ when a free OS is available!
edit: I understand why you would want to build on Windows if your user base is there. But why use it on the server side? The only reason I can think of is people who have only worked on Windows will keep using it, but at some point one has to get rid of this addiction.
Guess it depends on the context? If you need to run Windows Servers and run Microsoft services then well, you're better off with Microsoft, most likely.
But for other workloads, it won't matter what the client software is, but again, really depends on the context.
So, even more KYC? Blood sample is required, as well as at least three independent proofs of residence and subscription available only for select cities in the EU?
If we want to compete with the US, we have to fix the main problem with european services: relax regulations, not tighten.
With the staff of PCLOB getting dismantled, it's been brought up if the US even fulfill their part of the agreement and thus using US cloud based stuff might soon be illegal in the EU.
Having worked as Cloud Solution Architect at Microsoft Germany/Azure, let me tell you:
Nope this gap can not be closed by any US company alone due to the Us Patriot Act - which forces any US company (including e.g. a German subsidiary) to allow access to all data for national security purposes.
Having worked at AWS, no, it's a separate partition under a separate legal entity, and the EU framework is specifically designed to counter Patriot Act, CLOUD Act and the like. It's gonna be similar to AWS China, and potentially more restrictive in some senses. That leaving aside regions we're not allowed to talk about.
> This should be disclaimer at your first message when you compared AWS with UPCloud.
Fair, my bad. Still obviously misleading.
1. DB instances "starting at $144", I have a $63 in my basket at the moment, and also Aurora Serverless charges on resources used and can be potentially cheaper depending on the workload.
2. "$82.8 /mo" for a 2 core 8GB server is actually just under 50.
3. European DC locations: 8 for both. Unsure what UpCloud means for them here[0], they look like actual, individual DCs, but AWS has 8 European regions. Each region has normally 3 AZs which are physically separate DCs (which can be in proximity or not) and can be composed of multiple DCs each. Plus there are localzones depending from certain regions, each with at least one DC (and there are 11 of those). So the AWS number is certainly over 30 if we compare apples to apples.
The rest I don't have time to dive in, or are just opinions (certifications needed for proficiency? really?)
>TBH, I would not trust AWS with countering the Patriot Act.
AWS China wouldn't have happened if they didn't offer enough safeguards. Complying with Patriot Act will guarantee enormous fines for AWS in the EU, so I'm sure legal and finance did their homework for AWS not to end up between a rock and a hard place.
> AWS China wouldn't have happened if they didn't offer enough safeguards.
AWS China vs. AWS EU: Data centers in China are managed by Chinese companies, whereas DCs in the EU are managed by USA companies.
From a regulatory perspective, it's two different worlds. The Patriot Act can happen in the EU, not in China.
This is why GDPR does allow that EU user data is transferred to non-EU countries, but not to the USA.[0]
Furthermore, a discernible trend has emerged, attributable to the inadequacies in privacy regulations and suboptimal Trump geopolitical strategies with the EU, the EU is actively seeking better cloud services [1].
This is missing the point. Everything they offer is storage, VPS, Load balancer, one managed key-value store and two managed databases. For the price a little higher than, say, Digital Ocean. But where is managed cache, message broker, e-mail service. It is not enough to be European, they need to offer something competitive.
I guess they can win some clients, given current hostility of Europe against Trump, but what if in two years Trump will be off the news, people would not care anymore about being anti_USA or what if in 4 year Dems will figure out why they lost in 2024 and find someone less lame, who will win election, whom Europe will like again?
The changes happening in US are not going anywhere, and they haven't even properly started with them.
Nobody knows the future but one thing is clear and set in stone - trust has been broken. If you have any life or relationship experience, you know trust is always hard to build and easy to lose. Its extremely hard and lengthy to build again once it has been shattered (which it has been already).
Stab in the back is remembered for decades, spit in the face even more. Quadruple that for matters of national security.
We have known about NSA spyops for more than a decade now, with actual impact on our tech. Nobody cares. But now that trump is in office, we suddenly have an issue with the US? Ridiculous.
No, by arbitrarily shutting down US military hardware on bipolar whims of a single person. You know, ie F'35s costing tens of billions becoming useless in real war very quickly. If a country can't protect its airspace its game over. Or by throwing whole Ukraine under the bus. Or by stating US won't protect NATO allies if they don't contribute 2,3,5% or whatever is the current number du jour. Or invading its closest allies... how fucked up is that, tell it to anybody a decade ago and you would get laughed at for being a conspiracy crank.
NSA findings are an afterthought in all this, we talk about existential threats with literal sworn enemy at our doors right now willing to capture, murder and steal all it can and stating it semi-constantly.
> Everything they offer is storage, VPS, Load balancer, one managed key-value store and two managed databases. For the price a little higher than, say, Digital Ocean. But where is managed cache, message broker, e-mail service. It is not enough to be European, they need to offer something competitive
And don't forget managed Kubernetes. You can get pretty far with the services they provide and the Kubernetes ecosystem.
For a more complete offering, check out Scaleway - French, regions in a couple of locations, and a wide array of services, up to e-mail service, message broker, quantum computers, AI inference.
Scaleway is indeed the closest thing we have to AWS, Google Cloud and Azure by a European company. They are fast building out a comprehensive managed cloud with IAM, managed databases, containers, etc. I do hope they succeed. I've only used them for hobby projects, so my experience is limited to lighter workloads. But the UI is pretty good, and they have APIs and CLI for all operations.
This is akin to Trump talking about the hostility of Ukraine against Russia. The US are the bullies here, not the other way round.
> but what if in two years Trump will be off the news, people would not care anymore about being anti_USA
Time will tell, but this is the first time in the life of all living Europeans that the US threatens them militarily. And many US citizens not only seem to not care, but they seem to find it okay (and even say that the Europeans are the ones being hostile to the US).
IMO, something has been broken this time. Europeans see the US as a national security concern. At this speed, this feeling will just get stronger in the next two years, and honestly I am not convinced that any results in two years could "just repair the damage" immediately. The trust has been broken now, it will take time to come back (assuming the US do come back from this).
I don’t think it will ever come back. EU and USA are different ideologically, if we look beyond the naive notion of democracy. It’s social market economy/social democracy vs libertarian capitalism. A lot of differences, even in how our cities are designed. Europe may liberalize a bit, but I cannot imagine America having universal healthcare or abandoning suburbs. This sets us apart and with ongoing ideological polarization those differences will be exploited and amplified by the people like JD.
> (GDPR) is the best-known European standard. After all, it’s hard to miss the opportunity to reject cookies on European websites. But there’s far more to data security.
We should not be bragging about that "security", those cookie pop-ups are just a pointless annoyance. At least I guess we can all agree that there is far more to data security :-)
Yes, it has tons of regulation which at least from my experience is very difficult to implement. I used to work for a company that basically barely knew what info they stored about anyone; and they also had long relationships with tons of clients. It was virtually impossible to follow GDPR in that company, but for some reason they wanted to show everyone that they were "best in class", since they handled a lot of financial info etc. It basically just ended up with some fancy web-pages proclaiming that we were serious about GDPR, but nothing else materialized.
The cookie-banner just seems like a very strange "security" measure; but GDPR seems very strange as far as I can tell. It was sparked by the "forget me" campaign a few years ago I guess, and most people probably agree with the intent, but it has led to very strange set of rules.
> that basically barely knew what info they stored about anyone
Aha, might have been the core problem, wouldn't it?
> It was virtually impossible to follow GDPR in that company
So, sounds like the regulation worked exactly like expected? If you're not following proper procedures for storing data, it should be hard to comply with a regulation that is trying to force you to have proper procedures for storing data.
A bit like complaining that fraud is hard because of those pesky police officers. Yes, this is the intention.
> The cookie-banner just seems like a very strange "security" measure
The whole cookie-banner thing is vastly misunderstood by companies, and at best just malicious compliance. Again, not the fault of the regulation but the companies who don't put users best interest first, but their own. Hard to blame them though, that's the purpose of their existence after all, most of the time.
> A bit like complaining that fraud is hard because of those pesky police officers. Yes, this is the intention.
GDPR did not lead to any actual changes for the company, except they set up a fancy web-page about how serious we where about GDPR. That's the intention?
Many companies cannot possibly remove the info GDPR demands, as they barely know they have it, and they will use minimal efforts to fiddle with this stuff. From what I saw, GDPR is just another example of legislation, that looks good on paper; and the intention is certainly good. But no real change followed; at least where I worked.
The intention, I believe, is that it discourages from collecting superfluous data. The easiest way to address the GDPR is to not collect any data at all. If you do, then it becomes harder.
> as they barely know they have it, and they will use minimal efforts to fiddle with this stuff.
Big companies have a real incentive to act. I believe the GDPR has forced BigTech to make at least some changes, because it was better to make those changes than to pay the fine.
In my experience, smaller companies don't really care and don't really want to know, and tend to collect as muich data as they can just because they can and "it may be useful later". Many times they never use the collected data.
> is that it discourages from collecting superfluous data
Wouldn't that require some kind of actual policing? Here (in Norway) at least, police does not use any of their time trying to access random data systems looking for personal info stored in violation with GDPR. This is not something anyone fears, so as long as you say you are OK, you are OK.
> Big companies have a real incentive to act.
The company I worked for was almost as big as they come here in Norway (handled extremely sensitive personal information also). We are full of clown tech companies here as well (just like your 'Epic Health Journals' etc.). These kind of companies cannot comply with these types of rules, they cannot even make their own systems work properly.
> Wouldn't that require some kind of actual policing? Here (in Norway) at least
Maybe a dumb question, but have you actually reported the company to your DPA? I think the DPAs have some agency to perform investigations on their own, but currently they're mostly acting on user complaints, whistleblowers and self-reporting by the organization itself, so if none of the people involved (on either side) reports the organization, the DPA won't know where to even begin.
Seemingly you have a good inside view with clear evidence of breaking GDPR, so I assume you've reported this organization then?
> They are blatantly lying in many of their offerings ( zero cost egress see the rustc comment)
But the linked pages in that comment say they do have zero cost egress. If you cross their "fair use" amount they drop the upload speed to 100mbps for the rest of the month.
Why not just say that 1TB is free and the rest is chargeable? The only reason to use "zero cost" every time and then hide the limits behind accordions is to mislead.
I click "Create new cluster", I see "Cluster plan -> development" for 0 (zero) euro / month with "Up to 30 worker nodes". When it says "Cluster plan" I don't read control plane, I read cluster.
What makes you think that EU governments don’t collect data from companies such as Hetzner or OVH, the same way that US collects from Microsoft or Google?
I'm curious, do you have a source for your claims?
> German and UK citizens got canceled, fined or SWATTED for calling their elected rules stupid/corrupt on social media
Being "canceled" isn't a defined term. Being SWATted has nothing to do with state censorship, it's people abusing emergency services.
Getting a fine by the government for calling "elected rules stupid/corrupt on social media" would be the only thing you mentioned that would count as state censorship. Do you have a link to a case where this happened?
> in Germany you get a fine for downloading a song/movie
You don't get a fine for legally downloading movies.
There's an industry of lawyers profiting off of IP and copyright laws, yes.
Not being able to pirate movies isn't state censorship.
Those who make bold claims, need to back them up with evidence.
From following your other comments, you seem to be confused by Germany's version of what in the USA is known as Defamation lawsuits, and you're mixing it up with what is commonly known as "free speech", or the restriction of it.
If you want to argue in good faith, you should share some facts instead of sending people to Google. I am closely watching German politics and still have no idea what are you talking about. Maybe my search query is wrong, maybe you are just making this up.
You can express your opinion about everything and everybody, including politicians, in public as much as you want in germany. But first paragraph in the german constitution is about human dignity ("Menschenwürde"), not freedom of speech. Which means, that when you insult somebody in public, it can happen that the affected person might sue you, and that a court might judge that you hurt the person's dignity. The consequence might be, that you have to pay a fee.
Recently there were cases of police operations at the homes of people who where accused of insulting a politician. Those operations where heavily criticized in the german public and followed by a court rouling, that judged that the police overreacted in those cases.
Somehow, in certain circles, this whole story gets shortened to "If you criticize the government in germany, your home gets raided by the police".
Please tell me how you think this "protect one's honor" law doesn't get abused.
Also, an youtuber from my country made a video during the pandemic exposing the mistreatment of seasonal fruit picking workers from my country working in Germany, and the video got blocked in Germany by Youtube, most likely on request by flagging.
So do do you expect to learn about censorship of German media if you follow German media which is subject to censorship? Do you realize the irony of it all? Did you ever expect for German media to go out and say "here's how we're censoring you"? Germans are living in Plato's cave allegory and are irate when people call them out for it.
> So do do you expect to learn about censorship of German media if you follow German media which is subject to censorship?
I‘m used to work with various sources of information professionally and don’t get breaking news from Reddit. Free media do not exist. They all have certain alignments or views, they are all censored by governments etc. Russia just pushes news agenda from the top, America works in more subtle ways, through denial of access (I‘m complicit here), in Germany that’s mostly lawyers, publishers with agenda and (surprise!) privacy laws. Nevertheless it is still possible to stay updated and extract a lot of information even from censored media, sometimes reading between the lines. Overall I think German media do enjoy a lot of freedom.
I still do not understand how is this related to privacy. Yes, in democracy all things are important and connected. But the original claim was that somehow we have a problem with it. What is the problem?
If you think you truly are up against an echo chamber then it’s in your best interest not to make a big show of martyrdom, claiming to be persecuted by it. Most posts that mention being downvoted become targets for further downvoting. Don’t break the fourth wall.
It’s not about what’s right or wrong, it’s just trying to appeal to a place’s sense of shame when you’ve failed to secure any local support just makes you look bad, and like you’re grandstanding.
I'm not trying to secure support, I don't give a shit about that since I'm not running for president, I'm trying to speak my mind. If people don't want to hear it it's their loss, not mine.
The only reason I was pointing it out the downvotes is that I'm baffled about the amount of ignorance and groupthink on a website of people who see themselves as free and critical thinkers, yet display the same pre-programmed NPC behavior as bots. If a comment doesn't match their world view, they downvote without giving a second thought to look deeper into the claim.
Many on here don't seem to understand this has nothing to do with privacy.
It's about sovereignty - if DJT can turn off your digital infrastructure on a whim, you are in a very precarious position. That's why both Canada and Europe are in panic mode and looking for alternatives.
Thank you for pointing that out! I would add that intelligence agencies and law enforcement are almost completely exempt from all those fancy GDPR requirements.
Furthermore, in the EU, there is no such a strong equivalent to the 4th Amendment. Law enforcement and intelligence agencies can access your cloud data without needing a warrant—unless the data is stored in the US in which case a US judge would have to approve it. This is one of the reasons they are so eager to keep it "home".
The craziest thing is what happened with Encrochat and SkyECC. These two services made the critical mistake of trusting OVH to host their servers, and then OVH literally placed law enforcement and intelligence agency backdoors on them. Eventually, they even used these backdoors to send malware to users' devices, not caring whether they were located in the EU or not.
While all this was happening, the founder of OVH appeared on a popular YouTube tech channel and proudly explained that, unlike Amazon and Google, they weren’t sniffing their customers’ data. What a liar!
> Furthermore, in the EU there is not something such as the 4th amendment, Law Enforcement and Intelligence agencies can grab your cloud data without requiring a warrant. Unless the data is stored in the US, which is one of the reasons they are so eager to keep it "home
You're commenting under an article that explicitly says how US intelligence agencies and police get around the need for warrants. Many rights in the US are more theoretical than practical if someone in power decides so.
Also, there are strong expectations of privacy in the EU, as well as due process, warrants, etc. There are of course abuses, and especially "terrorism" can enable some shortcuts (to be fair, often for very good reason multiple EU countries have had tens to hundreds of dead from terrorist attacks that could and should have been prevented), but I don't have the impression it's in any way even close to as bad as the US. Do you have any information/sources to the contrary?
"Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise."
To me this statement only makes sense if it explains why an American law enforcement agency can hack a foreign server without an American warrant. And it just demonstrates the limits of American privacy protection.
If you think this was about European legal system, you are mistaken. If Americans were hacking European servers without due process involving European authorities, this was probably highly illegal here.
Their servers were found or their encryption were broken under mysterious circumstances involving classified "techniques".
In 3 out 4 cases malware was sent from the services to their users once taken over.
All were hosted in the EU, even stranger, all of them had servers hosted by OVH. Although SR was not directly hosted by OVH Ross Ulbricht had a vnc server (virtual desktop) there which he apparently used to administrate the SR main server and on another OVH server he had a deadmanswitch and his will.
In a sense this is the counterpart to the survival bias. But in this case we only know where the taken down services were hosted, we don't know where the survivors are being hosted.
All this has serious Crypto AG vibes. Back then it was: trust us, we are from Switzerland, we are neutral....
It doesn’t make sense to build a conspiracy theory on randomly selected facts, when there’s an obvious explanation that in all those cases the law was broken and law enforcement acted as they were supposed to act. Other ISPs and hosting providers are cooperating with lawful requests too.
I do not see any lies or omission of important details in this document. Looks like OVH complied with some legal request and just handed over everything they had, including encrypted copies of hard drives. Americans then just cracked the root password.
Your comment needs some serious fact checking. For example, Encrochat backdoor was authorized by judge, so there was a due process. And it was not an ordinary customer.
How? They busted huge criminal network and linked the app itself to a criminal gang. This is how the law enforcement should work. Every human right, including privacy, has limits and the purpose of the law and the due process to establish where those limits should be. It would be strange to expect that privacy of a human trafficker or drug dealer is protected more than the rights of the people they harm.
They intercepted and read the messages of most users, yet the number of arrests is significantly lower than the total number of SkyECC and EncroChat users.
Not only that, but they also have charged and are attempting to jail the creators of these phones/end-to-end messaging apps.
With what is happening it is becoming pretty much impossible to provide backdoor free communication tools within the EU.
"Privacy" went down the drain long time ago. It's good to be aware of the worst offending policies of specific countries and providers. UK and Germany take inglorious lead. Is it worth considering the alternative is consolidated abuse by oligopoly of US providers? Your choice.
If you want to be Europe only that includes not terminating your SSL at a US CDN provider like Cloudflare...
I just hit "Gateway time-out Error code 504" from Cloudflare trying to open https://upcloud.com/pricing