[madbo1]

This is exactly why privacy by architecture matters more than privacy by policy. The Netherlands trusted a policy ("Solvinity can't access the data") but the architecture allowed it anyway. The only real solution is cryptographic sovereignty systems where even the vendor mathematically cannot access user data, regardless of what US law says. Not we promise we won't look but we literally cannot look. Building something small in this direction a mesh network where identity is a BIP-39 seed phrase and messages are E2E encrypted at the protocol level,not the application level. The goal is that even I as the developer cannot read user messages. It's still early, but this problem you're describing is exactly why it needs to exist.

[thephyber]

> identity is a BIP-39 seed phrase

So we are back to a single “something you know” factor as identity?

There’s a reason your idea doesn’t exist.

[tgv]

That would still leave the system prone to hostage taking. The US government could disrupt the tax office, hospitals, courts, etc. with a single order.

[davedx]

> The only real solution is cryptographic sovereignty systems where even the vendor mathematically cannot access user data, regardless of what US law says.

...OR, we host our data in our own countries with companies incorporated in our countries. (Sovereign cloud)

[jkl5xx]

This misses the point that parent was making. The conversation shouldn’t be “move your data to countries you can trust”. It should be “use protocols that don’t require trust in the first place”.

[rolandog]

I think both ideas should be the norm: privacy by architecture and sovereignty and/or decentralization where it makes sense.

[throawayonthe]

johnny will suddenly be able to encrypt