There's an immediate solution: local-first software.
Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider.
With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security.
It used to be emailed around, and when you explained to people that "encrypted" email usually exposes your plaintext to relays they'd shrug. If they bothered with encryption at all, which most people and providers didn't until big tech started pushing the issue a decade ago.
How is that relevant to data storage, locality and access now? Secure endpoints don’t have to be managed by huge companies running data lakes which could be anywhere.
The current best security practices can be used by any organisation. I respect the engineering that Google have done. gRPC is excellent and local first software can absolutely use it, accessing data locality verified endpoints.
In my experience, the best practice for sharing "health data? Government data? Corporate data? Financial data?" within an organization is to use a secure cloud platform with native data sharing functionality. The original comment's suggestion for "local-first software" doesn't work, because organizations frequently need to forward private data between individual workstations and the staff are going to do it using email if you don't give them something better.
Health data can reside within your hospital's network. Government data within your government's network. Etc,...
I think the point is that your doctor or civil servant or local sushi shop shouldn't have to reach to AWS/GCP/Oracle each time they want to look up an MRI or building permit or loyalty points card status.
The data should reside exactly where they’re needed and nowhere else. For the UK NHS that’s probably in a UK data centre run by a UK company. Not AWS.
The fundamental problem with SaaS and pure server side applications is we do not know where the data are. With local first we can verify data locality.
Unfortunately the American companies are using their monopolies to price out everyone else. You're now in a situation where it's harder and harder to find people in the UK that can operate data centre services at the speed and quality of the cloud providers. The UK/EU needs it's own GCP/AWS/Azure alternatives. Unfortunately there's not really anyone close.
Sure! I'm just talking about data residence. They can transfer data over the internet (or some inter-hospital network) no problem. It's just a matter of "local-first".
What about it? My work place (university) also stores its data local (internal network/storage) because that is where it is needed 99.99% of the time and bandwidth costs money. On the off chance that someone needs to access something from the outside wie have an host of ways to do that.
We could also have everything on a cloud in a foreign country with a mad king, but what would be the benefits of that?
I really like this idea but I have a few questions.
Suppose I am an indian developer interested to work with European Data sovereignity because imo I value privacy personally just as much as the EU population and it would be great to be more connected and wishing to connect with them more.
So I have thought of using EU options in my servers/services if I use them for the most part and I can even swap out to completely European if need be.
So let's say to be a part of this? should I be an European company? If so, I even looked at it on how to establish a company in Europe rather easily (preferably a lean company) and It seems that Estonia seems the best way for me to create an EU company from my country without too much hassle but the costs of operation does feel like a lot for just starting out let's say.
I am also not sure about the fact that given I live in India, Some data sharing arrangement can be generated or would I have to actually migrate to say EU (which although I love EU, I currently appreciate my country as well and migration is a hassle right now)
I wish if such a manifesto could work for India and EU and a deeper integration could be made between the two countries about such tech related software or other as I have been a vocal supporter of European tech providers like hetzner,ovh etc. and they are even cheaper than american hyperscalers in many/most cases.
When I worked at AWS, there was GovCloud, and only American citizens residing in American soil and connecting from American soil were able to give support to these customers. So even if you were legally authorised to work in the US and resided in the US, you couldn't work with GovCloud customers.
Or if you are an American temporarily residing in Romania or Canada, then you also can't work with GovCloud customers.
I expect the same situation will happen to you. But I am just speculating.
A European sovereign cloud is desperately needed for highly sensitive government, military, and national security workloads, and these must be thoroughly vetted to ensure compliance.
But for anything else, like personal e-mail or e-commerce? I'm sure there will be a lot of flexibility for non-European contributions, but it will probably be like it currently is: open source projects spanning the globe.
I don't really intend my services to be used by EU Govt's but rather just individuals/businesses even and if the EU govt. actually requires it at that point, I genuinely don't mind travelling to European and living there if things do come out as this (if EU provides me & maybe my family a visa ie) & am willing to cooperate consultancy work with EU govt. or others as well
My focus was on the more of a Eu-alternatives kind of thing. I want my idea of privacy to be aligned and EU seems perfect for that. I want to provide sustainability in an idea & can establish an EU company or partner up with one.
My question is that I would still live in India for the most part starting out & I might be unable to make an EU company in the start too but if I am required, then I will do so
Aside from this, I am willing to use only EU services internally for my product as well as I mentioned.
is there any way that I can still align myself with the EU-alternatives mission?
Might sound a bit strange but I want to come into Eu but I can't because immigration is hard/expenses and I want to come to Europe when I finally figure out things/have a decent product in the first place.
Some people told me to create an EU company which holds an Indian company as a consultancy firm and you can be part of both and manage to establish a Data sharing policy given that I can access EU data from Indian soil so If I can do something about it.
I am not really familiar with EU laws tho so I am interested to hear more from people actually interested.
I think (or maybe hope) that open source is going to be a large part of the European data sovereignty strategy.
America has had decades to privately run and develop their own software alternatives and everything (Windows, Office, Google) is extremely deeply established now and hard to compete against. I mean, can you imagine building a proprietary x86_64 operating system from scratch not based on Linux? And writing the code is just a small part of the work. You also need drivers from manufacturers like Realtek and Nvidia. You need people buying your product. You need marketing.
It's just not going to happen. Open source is the only way forward for EU, in my opinion.
And therefore, I think you will be able to contribute as much as you want to these open source efforts. Even testing and translations are already great initiatives, but if you can also write code, that's even better!
I am a bit more interested on the side of infrastructure though (having the idea in backburner playing with ways of having direct ssh firecracker vm's with docker images)
Usually I try to open source it & release it usually in permissive licenses (Full disclosure to experiment with ideas I use LLM's sometimes)
I don't really want Europe to replace America only now switching to India. Our ideals might match right now but y'know we live in a multi polarized world now and we just have to look for what's great for Europe from European perspective and so on & as an Indian, I appreciate it given that we have points of common interests regarding privacy.
So my point was that I already open source projects. But the reason I feel a lot of issues is that open source project -> actual deployment pipeline is still messy for the average person and this is the idea I was / still am targeting with firecracker vm's where someone can pay for an open source service to be deployed on vps for some time (Alright now a lot of options have come like sprites but i have been talking about from 2-3 months maybe 4 back when no implementation existed and even right now the one click button solution ui/ux I wanted to create still hasn't been created)
Like instead of being bound to your service with tos as a saas, I am hoping to treat each as a vps and the tos which would surround that which would be more permissive.
I was gonna build more on it but then ramflation happened so probably gonna have the idea internally till the bubble bursts or when its good enough (a big chunk of me not open sourcing it is that its really hacky and consists huge LLM help right now especially with gliderlabs/ssh library part & I don't want to create yet another AI slop)
I know hindi (the most widely spoken language in India) and I am down to provide some translations to Open source too
The issue with Open source without any offering is that (i have written about it) is that there is zero funding and incentive. Heck, I am the person who made a post about how to promote open source/fix this issue & After months of thinking, I kind of feel providing EU privacy friendly solution might be the best bet. (https://news.ycombinator.com/item?id=45558430) [Ask HN: Why are most people not interested in FOSS/OSS and can we change that]
A lot of it felt like a chicken and egg problem to me. People want better UI/UX but developers build for dev first and there needs to be a real incentive in most cases to have great UI/UX which might include some financial benefits plus open source still has some large issues in funding which is why I thought of the cloud idea as well (I want to establish a railway like pricing model where you get charged for what you use but its still reasonable and there can be a deploy to cloud option and developers who create open source projects gets the funding in first place or have a more flexible way to earn from their project, similar to BYOK but way more user friendly)
Anyways my point is that I feel deeply aligned with EU right now. I just want to ask for some EU laws given I am still living in Indian state right now and just more information about it.
At its heart, this is about Europe for Europe. People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now. And there’s been a long line of foreign - American - businesses which have promised that European data will always stay on European soil. And it’s quite clear that promise was not always kept.
I’m sure your desire to help is genuine. But Europe might need to find their own feet with an initiative like this before accepting help from foreigners.
I'd look at it in another way, hyperscalers exist due to code contributed from all around the world, often in the form of open source, Europe going closed and competing against the rest of the world (literally) isn't going to be a path forward.
Clients of mine are on hyperscalers due to the ease of deployment,etc but they are focused on lock-in, if ease could be attained in combination with portability then an ecosystem could exist where mid-scaler providers (that exists in abundance in Europe) could have a better chance against the behemoths.
I believe this is one of the drivers for IBM Sovereign Core Announcement recently [0].
“ Technically, IBM Sovereign Core builds on open-source technology from the Red Hat ecosystem. The software uses OpenShift, among other things, and is designed to run on existing infrastructure. Organizations can deploy the platform in on-premises data centers, regional cloud environments, or through local service providers.”
> People from other countries “contributing” technology solutions to European businesses and government is what got Europe into the strange mess they’re in now.
Well, if Europe existed without them, then Europe likely wouldn't have ever home-grown all the advances from the more entrepreneurially-minded countries.
> Some data sharing arrangement can be generated...
The EU and India are starting to work on formalizing a data transfer mechanism similar to the EU-US Data Transfer Mechanism (DTM) as part of the EU-India TTC [0] (a US-EU TTC was a a precursor to formalizing the EU-US DTM).
Depending on how the EU-India FTA shakes out (signing after Republic Day on January 27th), it might make it easier to "India-wash" American services exports (which is already what is happening).
The fact that an EU "sovereign" cloud like STACKIT is using American-Israeli security software [1] (though they did open an office in Prague to outsource some development, but is largely done in Israel I believe) and Google Workspaces [2] as part of it's sovereign cloud initiative highlights how it's all HN bark with little-to-no bite.
That said, kudos to SpaceTime [3] for trying to leverage the momentum to build a GTM channel via NukeProof.
> I don't know what you mean by India-wash though?
For examples - should EU-US digital services be impacted by larger diplomatic spat, as much of GCP's development and leadership is colocated in HYD, if needed leadership and operations could become part of Google Cloud India Pvt Ltd [0], so an "American" BigTech company like Google Cloud can continue to operate like normal. Most American (and Israeli) tech companies have an Indian subsidiary that can do such a motion.
> Personally I meant either hosting open source software or building my own open source software and hosting it for the most part imo
You can contribute OSS on your own, but from personal experience the EU is primarily looking to it's private sector players who themselves are largely using American (but developed in India) or Israeli closed source products under the hood, or at most open-core. A Stallman or Doctorow style open source advocate isn't getting much airtime in the corridors that matter.
Heck, this initiative is itself a lead-gen initiative by closed source SpaceTime [1].
> I hope it's nothing deregoratory
It's more derogatory to EU initiatives than India. All these flashy announcements hide the fact that most businesses and organizations in the EU continue to operate using non-EU developed software and continue to do so. Yet any attempt at building a durable long term foundation a la the Draghi report is ignored, as Draghi himself pointed out a couple months back [2].
Heck, the much touted EU-Mercosur FTA has just been frozen barely a couple hours ago [3]
Now it does make sense, I do think that Europe should look at Open source more too and contribute as such.
I do agree with what you are saying but supposing the geopolitical spat between America and Europe, It doesn't make sense to me why European countries might trust Indian subsidiaries of American companies.
Sure they might sound sovereign but in reality, they aren't. SO what's the point?
Why not get Independent Indian developers and the startup culture established around it (Although one of the issues I feel with this approach is that VC capital does include America, personally I wish to stay away from much of VC money)
> It's more derogatory to EU initiatives than India. All these flashy announcements hide the fact that most businesses and organizations in the EU continue to operate using non-EU developed software and continue to do so. Yet any attempt at building a durable long term foundation a la the Draghi report is ignored, as Draghi himself pointed out a couple months back [2].
Agreed.
I do feel like a reason why I wanted to establish EU company was to show my acknowledgement of Open source and privacy focus and to get more EU businesses interested. But right now, I feel like I am way more willing to have Open source or at the very least if restrictive, then creating source available software & still having an EU presence & an appreciation towards it.
But like, EU definitely needs to focus on Open source offerings more so than looking for EU alternatives in general which as you mention might be built using closed source products of American companies. It still doesn't effectively prevent the lock-in or worries in case of a geopolitical spat for EU in reality but only on the papers.
To be honest, I am open to open sourcing much of my products (ideologically) but the problems I feel in open source is that its hard to even make a developer salary comparatively even in India.
Open source definitely needs more funding. Probably EU can fund Open source without any bias could be great too?
With permits and fees and accounting assistance you'd probably land around 1500 per year having a OÜ company in Estonia. If you aren't going to make more than that I don't really see the point of having a company, you might as well save up that amount in cash and hold it in case you personally become liable from whatever activity you want to do.
Yea probably doesn't make sense for just starting out.
I think this might be the only option available right? Do you know of any other option perhaps cheaper than this?
I think I can only promise at this point that if project becomes worth it ie. makes reasonably lot more than >1500 per year then the project might migrate to as such.
I was seeing an estimates of 300$-400$ on internet and I assumed that was expensive (here, the MSME's don't even require a company formation itself & you get benefits of payment dispute collection & investment from govts directly and lower rate loans and you can get it all online just using aadhaar card which everyone has)
LLC's are a bit of a mess with accounting (I actually wanted to be chartered accountant during my middle school so I saw they make a bank in fees comparatively too) but its still pretty reasonable.
Anyways, what would be the best bet, would this still be the best bet or is there anything which can allow for something say cheaper/easier? Would say having an European co-founder might help comparatively in the fees/other options?
Estonia is the easiest option, they've aimed explicitly for attracting foreigners starting companies in their jurisdiction without actually moving there. I'm not aware of any similar regulations elsewhere in the EU, typically you need at least one local on the board or something like that.
If you squeeze it you could probably get down to 3-400 euros per year starting from the second year (due to one-time fees the first year) if you do your own books and taxes and whatnot, but just paying upfront for keeping things neat according to the local bureaucracy is likely a kind of convenience you'd want.
I'd say you should start buying some services from european infra and compute providers and see if your ideas make money. You can get away with very little if you get some storage and processing time through e.g. Scaleway or Hetzner, and with a bit of fiddling I expect them to sell to you regardless of whether you have a company or not. If you start making money enter some Hetzner auction and get real hardware, cost will be predictable and typically you get a lot for the money.
Agreed agreed, I already have the past time hobby of contacting cloud providers (usually European) for custom solutions and following lowendtalk and other forums and scraping and creating datasheets of data. SO I am pretty familiar with the whole process and honestly Hetzner's pretty good/one of the best :)
{Ovh is great but it has a one time setup fee for its dedicated, personally I love hetzner auctions for the most part too but Hetzner is a little restrictive in ban first policy and they are strict so for some workflows like creating a reseller etc., Hetzner does have some flaws but still one of the best companies and their support's really feels good as well!}
Thanks for your response, I will look into the estonia thing later if I would need to seriously pivot to EU for any reason.
Currently thinking that I can use wise or anything to accept SEPA bank payments and other if need be.
I absolutely appreciate and agree with the sentiment, but can't figure out what the proposition actually is. The thesis seems to be: "Here's a problem. We want to solve it." Aaaaaaaaaaaand ... that's it. Exactly how are you going to solve it? Or, if "exactly" is too much of an ask, could we at least have a "vaguely"? Seems like it needs more meat on the bones!
It says so on the tin. "Escape the chokehold of hyperscalers" is all that matters, really. Everything else will follow nicely from it. Compute density is so good these days, you don't even need major datacenter investment. There are modular DC designs that fit in a shipping container. You tow one around, connect power, fiber, cooling lines (to intercoolers in another shipping container) and that's it. You would be surprised how much can be accomplished with so very little. There are many advantages to this approach, like being able to bring up SCIF-equivalent inspectable spaces on the cheap, but considering we're all probably going to war sooner than later, it might as well become necessary. This is akin to how SAAB, and perhaps to a larger extent Ukraine, have changed airplane logistics.
Unless you're a hyperscaler yourself, hyperscaling is overrated.
This is a good thing and a required first step, but it's a drop in the sea.
All MacOS, iOS, Windows and Android are all produced by the USA. Virtually all chips as well.
It is foolish to assume there are not backdoors in every one of them.
Meaning we should assume the USA can shut down the entire Europe's IT if they really want to.
Then you got the authentication systems, security software (antivirus, proxies like cloudflare, crowdstrike and so on), the various Saas (docs editors, drives, ticket systems, chats...), the payment systems (including Visa and swift, but also Paypal, google pay, stripe, etc), the software stores, the root DNS, the SSL root certificates and a ton of network hardware.
Given the current political situation, it's a very bad spot to be in.
The cookie banner code is broken, it doesn't show on my browser, making the website not react to cursors when scrolling, and mouse clicks aren't handled.
I only knew there is a bad cookie banner when I've opened the website in another browser.
I have ublock origin. It's impossible to use the internet without it. Removing the top layer works for fixing mouse clicks, but in cases like these I rather just drop the whole website without reading.
I mean, if a project is not able to get a functioning website, then well...
Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider.
With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security.
reply