[willtemperley]

There's an immediate solution: local-first software.

Keeping app data purely server-side is no longer viable for customers with data sovereignty requirements, and having a toggle button saying 'Keep my data in Europe' isn't enough either because it places too much trust in the SaaS provider.

With network monitoring verifying local applications are accessing user-verified endpoints, privacy reduces to OS-level security.

[concinds]

Cool. That covers approximately 0% of the data out there. What about your health data? Government data? Corporate data? Financial data?

[willtemperley]

How do you think all of that data used to be managed before we decided the best thing was to trust big tech with everything?

[SpicyLemonZest]

It used to be emailed around, and when you explained to people that "encrypted" email usually exposes your plaintext to relays they'd shrug. If they bothered with encryption at all, which most people and providers didn't until big tech started pushing the issue a decade ago.

[willtemperley]

How is that relevant to data storage, locality and access now? Secure endpoints don’t have to be managed by huge companies running data lakes which could be anywhere.

The current best security practices can be used by any organisation. I respect the engineering that Google have done. gRPC is excellent and local first software can absolutely use it, accessing data locality verified endpoints.

[SpicyLemonZest]

In my experience, the best practice for sharing "health data? Government data? Corporate data? Financial data?" within an organization is to use a secure cloud platform with native data sharing functionality. The original comment's suggestion for "local-first software" doesn't work, because organizations frequently need to forward private data between individual workstations and the staff are going to do it using email if you don't give them something better.

[whateverboat]

With lot of errors and huge cost.

[concinds]

"Local-first software" refers to single-user consumer apps like Obsidian. It's not remotely on-topic here.

[atoav]

What about it? My work place (university) also stores its data local (internal network/storage) because that is where it is needed 99.99% of the time and bandwidth costs money. On the off chance that someone needs to access something from the outside wie have an host of ways to do that.

We could also have everything on a cloud in a foreign country with a mad king, but what would be the benefits of that?

[jszymborski]

Health data can reside within your hospital's network. Government data within your government's network. Etc,...

I think the point is that your doctor or civil servant or local sushi shop shouldn't have to reach to AWS/GCP/Oracle each time they want to look up an MRI or building permit or loyalty points card status.

"local" is a relative term here.

[moi2388]

You don’t want hospitals to share data in case you are in another city and have to go to the hospital?

[willtemperley]

The data should reside exactly where they’re needed and nowhere else. For the UK NHS that’s probably in a UK data centre run by a UK company. Not AWS.

The fundamental problem with SaaS and pure server side applications is we do not know where the data are. With local first we can verify data locality.

[reeredfdfdf]

Here in Finland our government decided that best place to store national election related data (including the votes) is AWS data center in Sweden.

Looking forward to Jeff deciding which party wins next year!

[moi2388]

Sounds good on paper. But now 2 additional healthcare providers need my data, and my data is now in 3 locations.

Or we do this centrally, ie cloud, and only need a single security implementation and audit.

The problem isn’t the cloud, it’s private cloud by foreign companies with zero consequences for failures.

[flumpcakes]

Unfortunately the American companies are using their monopolies to price out everyone else. You're now in a situation where it's harder and harder to find people in the UK that can operate data centre services at the speed and quality of the cloud providers. The UK/EU needs it's own GCP/AWS/Azure alternatives. Unfortunately there's not really anyone close.

[willtemperley]

Sounds like you've already captiulated to big tech.

Governements could and absolutely should be subsidisng home-grown data centres. And taxing the hell out of every square metre of AWS and Google data centres. Why not have a data tax for foreign companies?

[jszymborski]

Sure! I'm just talking about data residence. They can transfer data over the internet (or some inter-hospital network) no problem. It's just a matter of "local-first".