[antonyh]

My view on this from the United Kingdom: I have no vested interest in any of the territories listed nor do I support them in any way, but my business should not be subject to the whims of overseas powers and foreign policy.

In response to this announcement I've closed down my Auth0 experiments. I refuse to be held to US enforcement when I operate outside US jurisdiction. I know other SaaS will follow suit, but we have to oppose this somehow.

As far as I'm aware, the UK does not have any sanctions imposed against Cuba for example, so Auth0's active stance on this is inappropriate for those outside US border.

[tut-urut-utut]

But isn't Auth0 a US-based company? In that case, they are obliged to implement US sanctions, regardless where their customers are located.

That applies of course to any US-based company, so in that case you would need to avoid touching anything that is based in the US. That may be possible in some cases, but if you rely on the third parties, it's almost inevitable to completely avoid US.

[denton-scratch]

The USA has a recent history of imposing extraterritorial legislation. USAians are apparently unwelcome at UK banks; transferring money from the UK to the USA risks unwelcome attention from the IRS, even if you've done nothing wrong.

This damages US businesses more than it does overseas businesses. Sure, UK banks lose some US customers. But actually they didn't have to lose those customers; all they were required to do was exercise enhanced diligence over the sources of funds transferred to USA. The UK banks chose to eject those US customers, because it was cheaper.

I don't know what to do about this. I think US legislators like extraterritorial legislation because it looks strong, and because it has a certain flavour of "fixing the world". Most USAians don't have overseas financial interests, so aren't impacted. But, for example, my US half-sister declined her share of my late father's legacy, because importing it to the USA would have been too costly as well as too much hassle.

[BrandoElFollito]

> so in that case you would need to avoid touching anything that is based in the US

This does not change much: a, say, French company is bound to follow US regulations anywhere (including in France, not to mention abroad) because the US would punish any interests of this company in the US.

This was the case with Iran, and with others.

If you are mid-to-small compared to the US/China, you are bullied.

If you are very small (like a blog or local newspaper) you may not give a fuck.

[antonyh]

I don't think the French government care much because the EU gives them more bargaining power. If they were bound beyond political pressure then we'd have French or EU embargos against Cuba for the last 60 years. France doesn't stand alone nor does the UK despite leaving the EU, which is why I object to US foreign policy spilling over political borders via internet-based tech companies.

[BrandoElFollito]

We (France) had contracts in Iran. The US decided that Iran is bad.

So far so good.

Then the US said that everyone must leave Iran, and if they do not, their presence in the US will be harmed and they will not be allowed to trade in USD.

We asked the EU for help. The EU said that this is really [bad|unfriendly|unethical|immoral|whatever] of the US to behave that way and that we are, collectively, definitely offended. But that they cannot help.

So we left Iran, together with the rest of EU companies.

---

This is just one example of the extraterritoriality that the US does, without any special concerns for international law or relations. One could say "[US|China]are big and strong so they rule", which is true. Not the kind of relationship I would like to have on a personal level.

We frown at bullies in everyday life, but accept this on a national scale.

[mrguyorama]

The US only has this power because everyone relies on the USA to do everything. Stop relying on the US and we can stop caring about how the US treats the rest of the world.

Being gay is illegal in some parts of the world but my gay friends don't care because they don't do business with those countries, don't participate in any commerce that does business in those countries, etc. Your country will cease being bound by US law when you cease to rely on the US for whatever.

[tut-urut-utut]

It's easier said than done. It would be good if USA would stop to push that reliance using its military power, economic power, media and soft power, open and covert intelligence operations with the only purpose to extend its power and influence around the world.

If USA starts treating other countries in a biblical "don't do to others what you don't like to be done to you" sense, the world would be a much better and safer place for everyone.

[antonyh]

Possibly until they grow to a point where they have divisions in UK or EU, which I think is how Facebook/Google/Microsoft are set up but I could be wrong.

There's some choices in the market, and beyond the behemoths it is still possible to avoid the US. The challenge is finding one that isn't owned by a US company and will end up with the same restrictions (like Gigya is now owned by SAP) - but any company serious about security will do the due diligence and know who own who.

[deltarholamda]

>I refuse to be held to US enforcement when I operate outside US jurisdiction. I know other SaaS will follow suit, but we have to oppose this somehow.

I'm in the US, and I'm not so sure I want to be held to US enforcement. Our government has always been a little wacky, but it's really stepped up the jiggery-pokery during the past, well, 20 years.

At this point it feels an awful lot like a past-their-prime pop star getting screechy and demanding about the brown M&Ms in the dressing room.