[ahofmann]

Your argument oversimplifies the issue and ignores critical nuances. While it's true that Equinix is a US-based company, the physical location of the data centers and the legal jurisdiction they operate under matter significantly. A data center in Finland, Sweden, or Poland falls under EU regulations, including the GDPR and local data protection laws, which impose strict requirements on data handling.

Equinix may provide the infrastructure, but US intelligence agencies can’t simply access data in these jurisdictions, unlike in the US, where providers are directly subject to laws like the CLOUD Act.

Even if we assume hypothetical US access to the hardware, modern encryption can somewhat ensure that raw data remains protected. The real risk isn’t just physical access—it’s legal and architectural control. A European provider using strong encryption and operating under EU law still offers far better privacy guarantees than a US-based alternative.

If your threat model includes avoiding US influence entirely, then yes, you might want a provider with no US ties whatsoever. But for most users, especially those seeking GDPR-compliant hosting, a European provider using Equinix infrastructure is still a meaningful step up from hosting directly with a US provider. Dismissing it as "inherently insecure" is unhelpful and disregards the real-world protections offered by EU jurisdiction and encryption.

The goal isn’t perfection but practical improvement. If you have better alternatives, share them constructively instead of undermining efforts to move away from US-dominated cloud services.