The United States has emerged as the largest investor in commercial spyware—a global industry that has enabled the covert surveillance of journalists, human rights defenders, politicians, diplomats, and others, posing grave threats to human rights and national security.
That’s why I am moving away from all US services, selfhosting and well vetted European services are the only viable way forward.
For individuals who want encryption, wouldn’t client-side checks (aka self hosting) be better than trusting all European services?
womp womp
Well vetted in that context might mean audited by 3rd parties that can show that even the services themselves do not have access to the data thanks to E2EE, HE, etc.
Regardless of which service it is, it shouldn’t be selected on national lines (this “Buy European”/“Use European” crutch is reactionary nationalist bs), but rather on pragmatic terms: F/LOSS. Because even European services and legislation don’t have your best interests in mind:
Border-transcending, fully transparent and easily accessible and auditable F/LOSS software is what should be strived for.
It’s definitely a shortcut bus since the EU start GDPR it does force a lot of services, in the EU and elsewhere, to at least show some of the practices that are privacy threatening.
There are plenty of services in the EU that are not better than in the US and elsewhere so “buying EU” does not always mean buying better.
Yet… there are also not geopolitical changes that can’t be ignored. Sure the US had the NSA, 5 eyes, etc before with new regulations and examples like Microsoft, US company, that can’t even tell its relatively big French government client that its data will NOT cross the boarder despite the promise of doing so initially.
So again, yes it’s a shortcut, a heuristic, imperfect by definition, but at least it prompts most users to become customers, namely pay for services rather than get them for free and try to insure that they are indeed private then IMHO it’s an interesting trend.
PS: note that I didn’t even suggest “Buy European” so I’m not even sure why that was addressed to me specifically but because it’s a recurrent trend happy to try to address the concerns.
PS2: the EU is not Europe, the EU does not represent all countries, all members state have their own regulation, the EU itself includes the Parliament, Commission, Council, etc and Members of the European Parliaments go from the far right to the far left so to somehow imply it is all for privacy or all for surveillances is an oversimplification of a much more complex situation.
It really isn’t that complicated. All these major EU services adhering to the oh-so-sacred GDPR doesn’t mean or guarantee anything in the grand scheme of things for as long as they run their services with Google Ad Services, AWS, Cloudflare, etc…
No matter how many times GDPR violations have been paid for, these services aren’t exactly punished for doing what they do when they pay their dues in pennies.
Even if they don’t use or embed tracking into their services like “promised” (which we don’t even know or can confirm since most of them are closed-source), they’re still under EU jurisdiction, any request for data from the service’s respective origin EU country HAS to be fulfilled and they can just make up any pretense (e.g. “think of the children!!” and like we see there linked in the article about “Enhanced Border Security Partnership”). They’ll also gladly incorporate literal spyware (Pegasus), with the EU’s full approval.
So yes, blindly switching from US to EU services, believing that EU services are so great because muh GDPR, doesn’t actually achieve “more privacy”, it is simply nationalist delusion, you can read every single article linked to see why.