Hacker News new | ask | show | jobs
by serbuvlad 264 days ago
Is it not worth it to keep private data flowing through companies which we could hold to account and, perhaps later on, restrict from such practices, than flowing through a jurisdiction over which we have no control and which does not much care about our opinion?
1 comments
jdsnape 264 days ago
Is it possible? The EU is finding now that it is hard to keep data from the USA, which as a jurisdiction falls as much into that category as China does.

I would argue it is not possible to ever consider the internet 'safe' because you happen to flow through country x, and not country y. Instead, we must keep working on the protocols that we use to try to reduce exposure as much as possible.

link
serbuvlad 264 days ago
Depends. Obviously Tanzania can't do it. Neither could the EU, the tech sector's not big enough. But the US could. And you can always keep it to "geopolitical allies", or at least away from "geopolitical enemies".

> I would argue it is not possible to ever consider the internet 'safe' because you happen to flow through country x, and not country y. Instead, we must keep working on the protocols that we use to try to reduce exposure as much as possible.

Firstly, there are only three ways that I know of to keep metadata (not content, which can simply be encrypted) away from the people that route your packets.

1) Onion routing (Tor). This cannot be used for general purpose multimedia usage because of slow speeds (any slow middle node can make it slow, and the higher you speed you require your nodes to bee, the fewer nodes you have, lowering the security of your network)

2) VPNs. This obviously pushes the problem of trust back to the VPN company. Which is fine, it only needs to be more trustworthy than the ISP. But jurisdiction is a very important topic here, which only makes my point more so.

3) Put everything on one of a few global CDNs. That way, all network traffic is just encrypted requests to Google, Cloudflare, Amazon and Azure servers. This obviously has the problem that the CDN company now know what you're doing.

Unfortunately, the EU doesn't seem interested in private protocols.

https://www.europarl.europa.eu/doceo/document/E-10-2025-0032...

link
jacquesm 263 days ago
> Neither could the EU, the tech sector's not big enough.

Sorry? You're aware of the fact that the EU tech sector has several parties that could do this by themselves if they felt the need to do so?

link