[dominikz]

Let's step back for a second and analyze your proposal by breaking it down. The first issue I came across is what's the definition of 'site hosted in the EU', ie. how a browser would check that? Let's analyze what options we have (not saying the list covers everything):

1. Do ASN scan of the IP where the DNS entry for that webpage points to

2. Analyze the web resources the page is referring to (much the way urlsca.io does)

If I was implementing that, then with 1. I would probably immediately hit the issue of some/most of the pages being behind a proxy (cloudflare, etc.). With 2. if you had Google Analytics tag on it (and most of the pages do?), then it would show a lot of references to the US.

My point is, that it might be hard to implement not only becasue of whether it makes sense, but also because of: how would you do it?

If you were thinking the way for instance broadcasting companies restrict their content based on where you try to watch a movie from (they only allow certain countries), then I think that's a totally different setup.

Actually I started thinking about the idea you are proposing a lot, but in a more general way. With all the recent development in geopolitics, on whether I can have all the data and technology in EU. The natural move was to verify how much of the solution I already have, ie. host the data itself on Hetzner Cloud. But I think EU is still far behind when it comes to the glue, ie. the software part and the analytical part. Practically every company needs some sort of tracking and most of those solutions that we currently have immediately put you outside of EU.

I am currently experimenting for instance with umami to swap out Google Analytics. They have a solution that you can self-host. But again, this is some effort compared to ready off the shelf GA that 99% of companies probably would use.

[osigurdson]

I think the verification would start at the origin site - wherever the page located. All traffic originating from the client side bundle or on the server would have to stay in the EU.

Cloudflare is going to provide you with a local IP for whatever you are proxying to. This actually makes it relatively simple, Cloudflare would just need an EU checkbox on their proxy. If you enable that you are subject to EU regulations, otherwise the site would not be available in the EU. It would be very easy for Cloudflare to implement such a filter.

In terms of other services (analytics etc), companies would just eventually have to host EU based services (some already do that).

[dominikz]

Recently I have been doing some OSINT on a web page and tried exactly what you are mentioning: check the origin of the web server behind CloudFlare. I tried anthropic's claude help, but it turned out to be impossible (at least for the two of us: me & claude).

* It would be very easy for Cloudflare to implement such a filter. *

What you are stating, the way I understand it, is that in order to implement your original idea (EU browser), one would need the second thing as well, which is force Claudeflare by EU regulations to expose the IP of the server behind a proxy? Maybe it would be easy to implement for Claudflare, but how would you otherwise convince them to do that?

Looks like a pretty big scope creep to me.

[leonidasrup]

Cloudflare is a US company and as such is subject to CLOUD Act.

https://en.wikipedia.org/wiki/Cloud_Act

For example Microsoft admits it 'cannot guarantee' data sovereignty.

https://www.theregister.com/off-prem/2025/07/25/microsoft-ex...