Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am an American and I just want to point out that my latest startup (http://www.efficito.com) is a Limited UK company, and my co-founder is from the Netherlands. It would certainly be to my advantage if things change. We offer cloud-based ERP, and you might be interested to know our main hosting server is currently in the Czech Republic. We are also paranoid about security (all access is encrtpted, and we are looking at encrypted storage for virtual machines, and much more).

I would love for things to change. I really would. What I worry though is about attention span of even decision makers on the business side, and what the alternatives are. The ideal situation would be a bunch of smaller private social networks able to interop (the Diaspora model) but it isn't clear there is a financial way to make this work.

So I hope it changes. I really do. I just am somewhat pessimistic :-P



I'm a UK citizen with a startup http://microco.sm that has gone to some lengths to avoid US domains, companies and laws.

All of our domains are EU based, the company is UK based, and whilst we've used Linode for blog and basic site-hosting and will use Cloudflare for CDN, we are putting nothing on the server of a US company that could be a risk to privacy.

All of our data we are keeping within the EU which we feel holds much better standards and has stricter laws on data protection, and for user-generated content we feel that the EU E-commerce Act is better than the DMCA and risk created by the copyright lobby in the US.

Ultimately what this means is that for our core data and API, European companies with no US parent or holding company will win our hosting business.

We will still use US companies, but in a way that is little more than transport and performance increases for US-based users. But even then, we are not requiring real identity and we are implementing SSL everywhere and are happy if users use VPNs or Tor to connect.

Why all the fuss? I believe that through a persons' interests one can determine political affiliation. So I believe that to allow people to organise themselves freely around their hobbies and pastimes, that we must consider this and protect them from any entities that might use that information against the individuals. Further I believe that when people of shared interest come together that they are likely to organise to protect and preserve that interest, and this means that interest groups galvanise ad-hoc lobby groups and activists.

I also hope it changes, but I'm going to act as if I believe it will get worse on all fronts.


What I'm saying is that I foresee a hybrid approach in which company data officers will help guide all identifiable data and transactions to EU or local sovereign cloud companies, and that only data that is not personally identifiable, containing company secrets or in the form of aggregated data will be stored on US-linked cloud companies.

This seems to be the best approach and respects EU data protection laws, consumer expectations and rights, and still offers the company flexibility on choosing based on price/performance.


you'll be putting all your traffic through cloudflare?

if they do your SSL termination that makes all your careful US-avoidance completely redundant.

additionally, if you include some JS hosted on cloudflare, then that's susceptible to being tapped by the US intelligence agencies too.


No, I'll be putting some of my traffic through Cloudflare as we use several domain names, and each for a specific purpose.


also if they want to intercept a few of your high profile users, the fact you're using SSL really isn't going to stop them, when they can issue valid certs for your domain without asking you.

short of SSL pinning being widely deployed: you're powerless to stop them, and while it's an admirable goal, it's ultimately disingenuous to suggest that you can safeguard your user's privacy.


I'm not suggesting that I can safeguard user privacy, but doing something is better than doing nothing, and certainly I can do what I am able to. Ultimately the user is far more likely to give up their privacy by posting identifiable information online, and through graph analysis revealing their associates too.

What I can do though is: Leave the core data in Europe, not store anything that I do not need to offer the service (and I don't need your real identity), educate users and encourage the use of Tor and VPNs, implement what measures I can do protect users (SSL).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: