Just a reminder, language still a barrier to many places. We refer to EU as of a single entity but all those countries speaks their own language and even if they are well versed in English it is a completely different story to live daily in a place that most people interact in another language.
Proton comes from cities that speaks French and German, I’d assume that they would look to move to some English, French or German native speak language country to offset the trouble of moving to another place.
Yea German politicians are a big driving force in European politics and chat control and the sort often are supported by one of our big parties.
Even though the previous and the current government have in their goverment contract to not do chat control and massive data collections, the ministers for inner security always pushes it forward no matter which party they are from.
It’s an annoying pattern. Almost every single head of an interior security or law enforcement agency has the same talking point.
It’s almost like you want to make your job easier for you at the cost of basic human rights? Or your own intelligence community’s operational security? Regardless of politics?
Not joking. Right to E2EE is pretty well established in case law within U.S. courts; the U.S. has the best cloud infrastructure in the world, and it will be very easy to hire talent.
The Cloud Act is no worse than any laws in the EU for lawful access. It’s also not a factor for E2EE services.
But seriously though, U.S constitutional protections can somewhat help US-based companies. Foreigners have no protection against warrantless surveillance (see FISA).
The issue is that we don’t know if the government will respect these protections as they have ignored them in the past with bulk metadata collection. Sovereignty does have a lot of benefits if your threat model involves jurisdiction.
Unlike the US, EU residents have actual data protection legislation. If any chat control or E2EE legislation does take place, the US would most likely lobby on behalf of their Big Tech companies like they did recently to the UK.
is/was can mean different things for the stance of Germany so it’s best to just research. We do know so far that Germany and I think Netherlands are opposing Chat Control/ProtectEU yes and this may prevent from passing but things may or may not have changed.
Currently enrolled in an open course at XAMK. I am researching various stances and beliefs in Finland, and I believe it could be a nation worth including among the suitables. However, as mentioned, if Proton were to require physical controls, it could pose some significant constraints for them. It was indeed somewhat jarring to hear; I still can’t believe they made changes to their infrastructure without any real “declaration”, aside from this one regarding Lumo.
0% chance this will happen, and you will be debated by everyone in Europe who thinks Europe is just inherently superior to the US, but if we are being honest you are correct that the legal protections from government overreach afforded to companies like Signal in the US are stronger than most/all European countries.
That being said, this would still be a stupid time for any company to move to the US simply due to the chaos and unpredictability of the current administration, so even if Proton was seriously considering it I would not support such a move.
I do also think @destiny has a very valid point which is that most people in the EU are now wary of US services, whereas people in the US do not care if they use a EU service, so ignoring privacy/laws entirely it would still be a huge marketing blunder.
That would be quite a shift. I’d find last disruptive if they would decide to go to: France, Germany, Austria or Czech (last option but my preferred to be honest)
Not only “changes to infrastructure” if this is representative of the larger direction Proton as a whole is going, it’s a massive change not just to their infra but also to their legal strategy and their entire decade long marketing strategy and brand identity (I’m guessing that’s l large part of why they buried the lede in a product announcement instead of announcing it on its own). It’ll be interesting to see how this plays out
To be perfectly clear my issues with Germany (and the Netherlands) mainly stem from technical problems I have with hosting infrastructure there, and a lot of that comes from being strongly opposed to centralization.
Centralization does present a legitimate privacy problem, but Proton moving to Germany certainly would not be enough to make me recommend against Proton. I think any EU country provides a perfectly adequate jurisdiction for a service like Proton, and Germany clearly would have many practical benefits from their business perspective.
If I were to make a list, I wouldn’t be opposed to Czechia or even Poland, over in Eastern Europe. Sweden or Finland up north wouldn’t be bad either. I would be somewhat opposed to France, which has a poor history of introducing sketchy laws, even though their recent attack on E2EE thankfully failed to pass.
Out of all the countries in the world, Iceland is probably the one I hear the most positive things about when it comes to privacy in tech/hosting, but they are not in the EU technically, and also (speaking from personal experience) it is pretty impractical to host there.
I agree. Code as free speech and strong culture of individualism, combined with US Agencies having more legal constraints for domestic surveillance, make US a better choice. I am more interested to see where they go because a lot of Proton suite is “we pinky promise to not do bad things” rather than technical promises. Their VPN requires pinky promise, their non-proton to proton emails require pinky promise, and their wallet and AI require pinky promise. There is no meticulous engineering like Apple private compute, MPR, etc. I do not think they have any place to go that would serve them better unless they improve the product. For far too long Proton has sold the comfort of privsec instead of actual privsec, their reckoning comes.
I also have a strong feeling that they will go to Germany or France, if not for nothing other than to be closer to power center of EU bureaucrats so that they can sell them the “sovereign cloud”.
Also, they have been moving kind of secretly, haven’t they? However, it’s not a significant threat if you really consider it; at least I don’t envision it the way you do. In particular, the E2EE tools they offer provide “universal” level of security, so it shouldn’t pose that much of a problem. This was a necessary response from them to those proposals, and while the transition will be gradual, they are indeed relocating, and understandably, the unknown can be intimidating. They have been growing the reputation they have for a reason thought, but being a spectator in this is entertaining because, involuntarily, we raise good points even if we can’t see the same “bigger picture”. I’m going to say that, alone in some fundamental part, these points that we are getting across are going to affect some execs in hopefully the right direction. Every time some ground is shaken then… I’m always going to reach this precise URL What country is Standard Notes located in? just to reassure myself
I’ve heard nothing but good stuff about Iceland’s legal framework. So why not host there? Surely, Iceland’s government would try to lure companies like Proton to set up shop there? The EU and Canada are slowly moving towards US-style surveillance. It’s scary. If the Icelandic legal framework is legit and respects privacy, perhaps companies like Proton can engage in discussions on what’s needed to set up shop there.
