[cblconfederate]

posthog seems to be hosted in Digitalocean - an american company

plausible.io is hosted on AWS - an american company

snowplowanalytics.com seems to be hosted in digitalocean as well

as I understand they are equally illegal now.

[Self-hosting and maintaining is not an option for the vast majority of mom-and-pop shops]

[volderette]

Posthog as well as Snowplow are open source solutions that can be self hosted. Snowplow is always hosted in your cloud infrastructure even if you use their managed service.

[pimterry]

Fathom's EU docs (https://usefathom.com/features/eu-isolation) seem to suggest that EU-hosted but US-owned cloud infrastructure isn't sufficient either though - you're exposing any data stored/transferred through there to access by the US government.

That means Posthog self-hosted on an AWS server in Frankfurt wouldn't avoid this issue.

What're the best options for non-US owned cloud providers? AFAICT Canada or many other countries with privacy laws would be fine, it's really the US specifically that's problematic.

[merb]

well according to them they use hetzner and I'm not sure but since hetzner now has us servers they might be in the wrong, too. it has nothing to do with us companies...

[blueflow]

When creating a new VM at Hetzner, you have to explicitly pick the US location, for the exact same GDPR reasons. Hetzner has to do this or risk loosing customers because hosting in the US and/or using US services is forbidden for some kind of infrastructures.

[thinkindie]

let's be honest, no ones want to self hosts a website analytics application because in most of the cases they just want to focus on their core business, or at least that's the value proposition of SaaS. This will ultimately limit innovation to bigger companies that can afford maintaining their own infrastructure for everything.

[wgas]

This is why we went with Fathom as their edge locations are isolated regional (EU). So if I understand it correctly, core hosting is AWS, but on the edge locations run by an EU company in the EU process the data and remove the sensitive data.

For me, it makes no sense when companies like plausible say they have EU based hosting when they pay for hosting from a US-only company (DigitalOcean)

[markosaric]

All site data plausible.io stores on behalf of the customers is hosted in Germany on servers owned by Hetzner, a European-owned company. Previously it was hosted by Digital Ocean in Germany but the move to Hetzner was made last year.

[markosaric]

All site data plausible.io stores on behalf of the customers is hosted in Germany on servers owned by Hetzner, a European-owned company. Previously it was hosted by Digital Ocean in Germany but the move to Hetzner was made last year.

For our self-hosted version, you can install it with any cloud provider and in any country you wish. Even in the USA.

[skilled]

Uhm, isn't your comment misleading?

https://plausible.io/privacy-focused-web-analytics

All of the data that we do track and collect is kept fully secured, encrypted and hosted on renewable energy powered server in Germany. This ensures that all of the website data is being covered by the European Union’s strict laws on data privacy.

[JackWritesCode]

If a US company controls the servers, it’s illegal. If it’s EU-owned, it’s legal.

Plausible seems to use Netlify/AWS for analytics. Both US companies.

[skilled]

Jack, you are free to promote Fathom but I don't think you have the right to spread false information.

In fact, I don't think I will ever use or recommend Fathom to anyone after seeing you act so childish.

[JackWritesCode]

I'm confused. Open up Plausible, look for /event in your inspect element (devtools in chrome), look at the IP address that it connects to. Run that IP through ipinfo.io and see which country comes up. If it's the US, it's illegal (as per this entire thread).

What's childish about me not wanting people to potentially get fined?

[skilled]

Yes, I just checked it. It is a testing environment deployed on Cloudflare Workers. What's the problem here exactly? It is the same exact script using the same exact tech behind Plausible.

At what point exactly are they going to get fined? I don't understand so I would love to know, so as long as you actually manage to answer with somewhat of a technical depth.

Maybe you should do one of those "Fathom vs Plausible" pages on your website, then point out that Plausible is using a testing environment and because of that they will be fined.

[JackWritesCode]

Sure, happy to explain further. You have found the testing /event but there is another (make sure your ad-blockers are off).

I've put together the details here in an image, so it's easy to follow (https://imgur.com/a/9wEanqD). Hope that explains what I'm talking about.

Sending data from the EU to US-controlled cloud infrastructure is illegal. Please read the noyb article again, read the Schrems II ruling and read the EDPB's advice.

[wiredfool]

What I'm hearing from my Govt agency clients is precisely that. EU Datacenters hosted by EU Subsidiaries of American companies are not ok.

[JackWritesCode]

Correct. That's absolutely right. I'm not 100% sure how my comment wasn't clear, but I will apologize to everyone if I confused them. Anyway, Plausible updated their analytics to use Bunny yesterday, which is a win for their customers. We wrote more about this solution back in 2021 (https://usefathom.com/blog/eu-isolation) after a lot of work. We spent a lot of time looking into possible options, the law, and are pleased that our innovation is going to help other companies.

[JackWritesCode]

You are correct. Fathom Analytics is the only globally distributed provider that offers EU Isolation (keeping EU data completely away from US cloud providers). https://usefathom.com/features/eu-isolation

[nabla9]

I don't think the home country of a company matters that much.

International companies must comply to the local laws and regulations. EU is so large market that they will implement anything EU requires. For example, AWS can host and collect EU data and fully comply with EU regulations, never moving data to the US. With AWS customers can determine where their customer data will be stored, including the type of storage and geographic region of that storage.