|
|
|
|
|
|
by And1
31 days ago
|
|
|
If you've written about this on a blog or elsewhere, I would be very interested in hearing more about this. Can you say more here? Is this a payment gateway thing? I though if you used a visa/mastercard/etc that data is up for grabs by a foreign government, but if it's interac or some other payment method, does that ensure the data resides only in Canada? |
|
|
It was things like: Where do log statements go? Via what path? Are we sure none of those routers are in the US? Can we spin up new instances of EVERYTHING in a `-ca` region? Can we force traffic for this shop to only use those instances? What about vendors? Can we disable US-only vendors of whatever? What about backups? What things are centralized (which were good to identify)? Can we region those too? Can we disable/bypass them?
And do that for every bit and packet for a very complex system. I think that it launched with a considerable number of features just disabled. Privacy trumped everything.