[mtgx]

> If you use some provider in another country, the attack vector has to be way larger, right?

If you just mean "Google has more resources than most European services, so it's probably more secure", you have a point, but it's not entirely accurate, and that's because of how Google handles encryption. It prefers to keep the encryption keys to itself, so from that point of view it will always be more vulnerable than services that don't do that - small or large.

And if you meant "because the NSA wouldn't target Google, or it would just target those companies more" then I believe that's completely false. Google is absolutely a high priority target for the NSA. Any large company is, no matter where it is. We've learned that by now.

Also because Google actually did get completely owned by the NSA a few years ago:

https://www.theguardian.com/technology/2013/oct/30/google-re...

[linkregister]

The NSA can do way more than just sniffing some network links, please don't call that "completely owned."

According to the Snowden leaks, the NSA has done more comprehensive infiltrations, e.g. Belgacom, Petrobras, etc.

[rl3]

Sorry, but mass collection on inter-datacenter links operated by one of the largest technology companies on the planet should qualify as "completely owned", at least in spirit.

If you insist on using the technical definition, then I'd argue it's very possible that Google could be completely owned after all, in every sense of the term.

What Snowden leaked was essentially a glorified TS PowerPoint repository. Crown jewels such as partner company names didn't even make it into that level of access, and for good reason. If the NSA happened to be installing persistent implants on target systems belonging to Google's senior leadership, it'd be so compartmented you'd never hear about it.

In other words, we probably wouldn't know if Google was completely owned.