[o_m]

What they don't mention is that some of their data centers are delivered by Equinix, an American company, so it doesn't matter that it is in Finland (same with Sweden and Poland). It is inherently insecure if you are trying to get away from USA.

https://upcloud.com/data-centers

[ahofmann]

Your argument oversimplifies the issue and ignores critical nuances. While it's true that Equinix is a US-based company, the physical location of the data centers and the legal jurisdiction they operate under matter significantly. A data center in Finland, Sweden, or Poland falls under EU regulations, including the GDPR and local data protection laws, which impose strict requirements on data handling.

Equinix may provide the infrastructure, but US intelligence agencies can’t simply access data in these jurisdictions, unlike in the US, where providers are directly subject to laws like the CLOUD Act.

Even if we assume hypothetical US access to the hardware, modern encryption can somewhat ensure that raw data remains protected. The real risk isn’t just physical access—it’s legal and architectural control. A European provider using strong encryption and operating under EU law still offers far better privacy guarantees than a US-based alternative.

If your threat model includes avoiding US influence entirely, then yes, you might want a provider with no US ties whatsoever. But for most users, especially those seeking GDPR-compliant hosting, a European provider using Equinix infrastructure is still a meaningful step up from hosting directly with a US provider. Dismissing it as "inherently insecure" is unhelpful and disregards the real-world protections offered by EU jurisdiction and encryption.

The goal isn’t perfection but practical improvement. If you have better alternatives, share them constructively instead of undermining efforts to move away from US-dominated cloud services.

[sofixa]

Equinix only provide the physical space and power, and things can be set up with them not even having physical access to your room/cage, other than forcing it (which would be visible). While they could be an attack vector, with modern hardware even having physical access is not a guarantee to having access to the data (TPM2 and disk encryption are trivial to set up).

The risk is much lower than e.g. AWS.

[Aeolun]

Sorta, but it’s like saying that using Chinese equipment for your telecommunications infrastructure is fine.

It’s not a great thing to have your infra hosted anywhere that can be legally compelled by a US government.

[Iulioh]

One of the best "facility tours" i saw recently

(LTT - Equinix data center in Toronto )

https://www.youtube.com/watch?v=wumluVRmxyA