Continuing the discussion from Introducing Lumo, the AI where every conversation is confidential | Proton
Yeah, that was surprising to me. Do we know where in the EU they are moving to? Do we know if their Swiss legal jurisdiction could still pose a problem even if the data itself is outside of Switzerland? Raises a lot of questions…
@Proton_Team - hope you can clarify this soon. This is going to be a popular thread/post so might as well..
I don’t think we know where yet, but if they move to Germany, Tuta is going to be delighted. Legally, they will be on equal footing. I definitely expect some snark.
This morning, I found out about the CLOUD ACT, which was sneak-passed in 2018 in the US. Maybe I had learned about it then, but I have no recollection of it.
Two days ago, it was reported that last month, in a sworn testimony before the French Senate, the Chief Legal Officer of Microsoft in France admitted that EU data, and hence the data of any country stored on Microsoft servers, is not safe from snooping. And of course this applies to the data saved on any American company’s servers.
This explains why European cities are dropping Microsoft over privacy concerns. European companies, and I guess by extension the EU, are really gearing up to become a beacon for privacy.
The EU needs to stop trying to backdoor all encryption first.
Agreed. I’ve been seeing #DigitalSovereignty trend on Twitter in the last couple of weeks, and they were all tweets from European companies, including privacy companies like Tuta.
I don’t want people to fall into the trap of believing that just because a company is European, it means their data is protected and free from prying eyes. I have no doubt that many European companies will engage in privacy washing, and it’s probably going to work on a lot of people.
This reinforces the job of spreading awareness and educating people of privacy, data security, etc. that entities like PG, Techlore, companies like Proton, Tuta, Mullvad, etc., and communities like this have.
We always need more people educating, more options be made available, and more support from anyone who likes and agrees and can afford to support such institutions.
The translated article speculates:
“Andy Yen points out that the majority of computer servers, at the heart of Proton’s business, have been relocated to Germanic and Norwegian data centres as early as 2021 in the face of the threat of passing under the surveillance of the SCPT service. They were all previously settled in Switzerland.
Leave Geneva, to go where? The latter mentions several possible relocations. Before admitting that “Germany would certainly be the most obvious alternative”.”
That’s a bummer, Germany is probably the most obvious no-go that comes to mind for me 
This caught my attention more than the actual Lumo announcement. I thought of upgrading but it doesn’t seem like Lumo is particularly good at this time, and I would like to know more about the LLMs Lumo is using, as I don’t know if they have plans to update beyond October 2023 (current info date).
That being said, I’m interested in a more private LLM. On that note, I don’t know if it’s been discussed in this forum, but I recently tried the Dia browser, and after 20 minutes, was freaked out by the website reading absolutely every page I read. If that’s the future of the internet, I’m slightly terrified for privacy and further dumbing down of society.
Why is that? Isn’t Germany known for its strong privacy laws?
Yes. They do have strong privacy laws and policies. I do not have the specifics for it off the top of my head but Germany is a fine place to be for a privacy company. Tuta is based in Germany.
jonah, can you elaborate for us? Why is Germany an obvious no-go? (just wanting to learn)
They are very Tor hostile and from an infrastructure perspective practically everything in the EU is being centralized in Germany and/or the Netherlands, which is giving their governments power disproportionate to what they should have. We ditched Hetzner entirely because Germany is not a friendly jurisdiction.
This is all relative. Germany is of course far better than like Brazil or India or any number of other countries really. But in the EU there are many countries I would prefer before a German deployment.
Edit: Not to mention it will mean all the email providers we recommend will house their data in Germany now. What a nightmare, so much for user choice.
I understand your point about centralization. However, legally it seems to me that Germany is really really solid. What other countries would you prefer before it?
Yes. This was shared yesterday in another thread.
Yeah, I was moving all the discussion about this particular topic to its own thread so it isn’t mixed with the other discussion about Lumo itself. I just made the process more difficult than it needed to be 
Spain or France seem more likely than Germany. Every infrastructure job proton has listed on their careers page lists Barcelona as one of, or the only, EU location you can work at. Paris is also an option on three out of four.
Is Spain even a good candidate? Not only is the government complicit is deploying spyware against political dissidents, but Barcelona has essentially become the targeted spyware capital of the world outside of Israel. So many spyware companies have moved there after media attention forced them to rebrand and change jurisdictions.
What other European countries would be worth considering if you are the Proton CEO?
Iceland is often mentioned as having great privacy laws, but it’s maybe too far away and my understanding is that Proton wants to have physical control over their servers?
Not sure what’s the most privacy-friendly country in the EU, I once heard Estonia and another time Romania but not sure if that’s even true.
What about a “flying under the radar” non-EU country like Bosnia or Serbia?
Interested to know too what others think is the “lesser devil” countries in the EU? Imho its tricky to a large-ish business ala Proton to change jurisdiction, its not like they can just push a button.