European Cloud, Global Reach(upcloud.com) |
European Cloud, Global Reach(upcloud.com) |
We should not be bragging about that "security", those cookie pop-ups are just a pointless annoyance. At least I guess we can all agree that there is far more to data security :-)
The cookie-banner just seems like a very strange "security" measure; but GDPR seems very strange as far as I can tell. It was sparked by the "forget me" campaign a few years ago I guess, and most people probably agree with the intent, but it has led to very strange set of rules.
They are blatantly lying in many of their offerings ( zero cost egress see the rustc comment) and so much more.
Wha? Why are you lying. Why are you being deceptive.
How can I trust a company which is this level of deceptive.
But the linked pages in that comment say they do have zero cost egress. If you cross their "fair use" amount they drop the upload speed to 100mbps for the rest of the month.
I have no idea if it's cheap or not but how is this kind of advertising legal?
Otherwise EU is worse in terms of privacy. UK (while not officially in Europe) goes even beyond, requiring backdooor to iCloud and non-eu providers.
Please elaborate how the EU is worse (UK doesn't count). Worse than what other country and how?
France has had similar proposals floating in their parliament. The latest iteration has been rejected
https://www.techradar.com/computing/cyber-security/france-re...
But the fact that such proposal is drafted and periodically brought up to this level, isn’t good, and it might be approved in the future.
Example of data collection by the German government
https://privacysniffs.com/data-retention-law/germany/
Australia's Encryption-Busting Law
https://www.wired.com/story/australia-encryption-law-global-...
What makes you think that EU governments don’t collect data from companies such as Hetzner or OVH, the same way that US collects from Microsoft or Google?
You mean the EU. The UK is definitely in Europe
Furthermore, in the EU, there is no such a strong equivalent to the 4th Amendment. Law enforcement and intelligence agencies can access your cloud data without needing a warrant—unless the data is stored in the US in which case a US judge would have to approve it. This is one of the reasons they are so eager to keep it "home".
The craziest thing is what happened with Encrochat and SkyECC. These two services made the critical mistake of trusting OVH to host their servers, and then OVH literally placed law enforcement and intelligence agency backdoors on them. Eventually, they even used these backdoors to send malware to users' devices, not caring whether they were located in the EU or not.
While all this was happening, the founder of OVH appeared on a popular YouTube tech channel and proudly explained that, unlike Amazon and Google, they weren’t sniffing their customers’ data. What a liar!
You're commenting under an article that explicitly says how US intelligence agencies and police get around the need for warrants. Many rights in the US are more theoretical than practical if someone in power decides so.
Also, there are strong expectations of privacy in the EU, as well as due process, warrants, etc. There are of course abuses, and especially "terrorism" can enable some shortcuts (to be fair, often for very good reason multiple EU countries have had tens to hundreds of dead from terrorist attacks that could and should have been prevented), but I don't have the impression it's in any way even close to as bad as the US. Do you have any information/sources to the contrary?
XTB at whatever speed they offer, then unlimited at 100 meg is different from XTB free and the rest chargeable.
It shouldn't be.
> that basically barely knew what info they stored about anyone
Aha, might have been the core problem, wouldn't it?
> It was virtually impossible to follow GDPR in that company
So, sounds like the regulation worked exactly like expected? If you're not following proper procedures for storing data, it should be hard to comply with a regulation that is trying to force you to have proper procedures for storing data.
A bit like complaining that fraud is hard because of those pesky police officers. Yes, this is the intention.
> The cookie-banner just seems like a very strange "security" measure
The whole cookie-banner thing is vastly misunderstood by companies, and at best just malicious compliance. Again, not the fault of the regulation but the companies who don't put users best interest first, but their own. Hard to blame them though, that's the purpose of their existence after all, most of the time.
GDPR did not lead to any actual changes for the company, except they set up a fancy web-page about how serious we where about GDPR. That's the intention?
Many companies cannot possibly remove the info GDPR demands, as they barely know they have it, and they will use minimal efforts to fiddle with this stuff. From what I saw, GDPR is just another example of legislation, that looks good on paper; and the intention is certainly good. But no real change followed; at least where I worked.
The intention, I believe, is that it discourages from collecting superfluous data. The easiest way to address the GDPR is to not collect any data at all. If you do, then it becomes harder.
> as they barely know they have it, and they will use minimal efforts to fiddle with this stuff.
Big companies have a real incentive to act. I believe the GDPR has forced BigTech to make at least some changes, because it was better to make those changes than to pay the fine.
In my experience, smaller companies don't really care and don't really want to know, and tend to collect as muich data as they can just because they can and "it may be useful later". Many times they never use the collected data.
Not only that, but they also have charged and are attempting to jail the creators of these phones/end-to-end messaging apps.
With what is happening it is becoming pretty much impossible to provide backdoor free communication tools within the EU.
"Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise."
- Assistant US Attorney Serrin Turner
If you think this was about European legal system, you are mistaken. If Americans were hacking European servers without due process involving European authorities, this was probably highly illegal here.
Silk Road, SkyECC, EncroChat, TorMail+Freedom Hosting.
What do they all have in common?
Their servers were found or their encryption were broken under mysterious circumstances involving classified "techniques". In 3 out 4 cases malware was sent from the services to their users once taken over.
All were hosted in the EU, even stranger, all of them had servers hosted by OVH. Although SR was not directly hosted by OVH Ross Ulbricht had a vnc server (virtual desktop) there which he apparently used to administrate the SR main server and on another OVH server he had a deadmanswitch and his will.
In a sense this is the counterpart to the survival bias. But in this case we only know where the taken down services were hosted, we don't know where the survivors are being hosted.
All this has serious Crypto AG vibes. Back then it was: trust us, we are from Switzerland, we are neutral....
Wouldn't that require some kind of actual policing? Here (in Norway) at least, police does not use any of their time trying to access random data systems looking for personal info stored in violation with GDPR. This is not something anyone fears, so as long as you say you are OK, you are OK.
> Big companies have a real incentive to act.
The company I worked for was almost as big as they come here in Norway (handled extremely sensitive personal information also). We are full of clown tech companies here as well (just like your 'Epic Health Journals' etc.). These kind of companies cannot comply with these types of rules, they cannot even make their own systems work properly.
Maybe a dumb question, but have you actually reported the company to your DPA? I think the DPAs have some agency to perform investigations on their own, but currently they're mostly acting on user complaints, whistleblowers and self-reporting by the organization itself, so if none of the people involved (on either side) reports the organization, the DPA won't know where to even begin.
Seemingly you have a good inside view with clear evidence of breaking GDPR, so I assume you've reported this organization then?
Read carefully the sections related to the encrypted containers and the OVH servers and tell me your opinion: https://www.justice.gov/d9/press-releases/attachments/2019/0...
The term cryptanalysis is very, very broad, it could be anything.
The Freedom Hosting operator was in the process of moving his servers away from OVH, and they somehow found the last server remaining at OVH.
If you want to be Europe only that includes not terminating your SSL at a US CDN provider like Cloudflare...
I just hit "Gateway time-out Error code 504" from Cloudflare trying to open https://upcloud.com/pricing
Started working for me while typing this.
Nothing is perfect and European providers need to start somewhere. We all know there are tradeoffs and limitations but there's no need for a pile on.
This is from their FAQ: https://upcloud.com/products/zero-cost-egress
> What exactly does zero-cost egress mean?
> We are eliminating any concerns over data transfer fees. This means you’ll enjoy Internet traffic from our cloud services without any fear of accumulating costs.
> How does this differentiate UpCloud from competitors?
> By pioneering the zero-cost egress model, we’re not just changing the game for UpCloud; we’re challenging the entire cloud industry to reevaluate their pricing models and spearhead the industry towards predictable budgeting on cloud computing costs.
While the actual bandwidth limit (https://upcloud.com/fair-transfer-policy) is the same as DigitalOcean and at least an order of magnitude lower than other EU providers like OVH and Hetzner.
> Even if you exceed your monthly share, don’t worry, there are no excess fees. We will simply notify you of reaching the fair transfer policy and may reduce the bandwidth of your Cloud Servers to 100 Mbps for the rest of the month.
EDIT For completeness, there is also:
> If you believe to require more transfer per month than the Fair Transfer Policy provides, you may opt in to a paid transfer model at €0.01/GB. This affords you completely unlimited egress with no restrictions.
The fair usage policy you linked sets reasonable bandwidth allocations (just like DO), but crucially, they don't charge as much as AWS/GCP. And this is the main selling point here: the egress fees of the big cloud providers are straight up bonkers. UpClouds isn't.
Calling this "lying" is dishonest. They're transparent about both the policy and its industry context. If you want higher baseline allocations, that's fair feedback. But it's a different discussion than accusing them of deception.
Avoid ANY company that makes this claim.
I'm European and European providers need to start by not being dishonest, we can't just give 'em some slack just because they are "ours". I'm not putting my data into a company that can't even be honest about their actual reliability.
There's "zero cost egress" mentioned all over the page but the limits on https://upcloud.com/fair-transfer-policy are comparable to other hosts like DigitalOcean: the cheapest 7 EUR VPS has a limit of 1TB of bandwidth. (For comparison, Hetzner offers 20TB on their EU VPS for under $5.)
> Say goodbye to unpredictable egress costs and hello to our zero egress fee initiative. Unlike other cloud providers, we don’t charge for outbound traffic (‘egress’). This gives you the freedom to distribute your content and scale your business without the constant worry of unexpected bills.
This has to be a joke.
It doesn't have to be like that, and it seems like this provider agrees with the idea of not upselling $/GB transfer costs, since they themselves don't pay it like that either.
I'm curious to see how it goes, as others mentioned, they're not the first (nor will be the last) to offer this no-nonsense pricing scheme.
It's a decent service in itself and a good alternative to many other traditional VM-based hosting companies, which Europe is absolutely full of. They are not really competing with the hyperscalers, nor even Digital Ocean in my opinion, but rather providers that likely sell pre-committed OpenStack clusters and such.
I don't believe they are fully clear of American-owned companies in their entire dependency chain, nor do I believe that it's possible to do that today. Companies like Equinix provide a damn good solution for homogenized infrastructure that is invaluable for cloud providers.
Wait until the US properly wakes up and you'll see what negative can be on HN :)
> nor do I believe that it's possible to do that today.
Why not? Granted, a lot of the internet infrastructure is maintained by US entities, but it doesn't have to be that way, afaik. I'm fairly sure there are companies doing worse/better in this regard, but at least it's moving in the right direction.
Our company's biggest remaining problem is finding a reliable IdP that isn't primarily for individuals, self-hosted or based on Active Directory. There are some alternatives, but they are mainly country-specific (like Freja) or not well integrated enough with e.g. OAuth. We've considered at some point to pivot our company to focus on a fully European IdP, as we feel it's a fundamental missing puzzle piece!
There is also https://european-alternatives.eu/
One thing not mentioned yet: We had very good experience multiple times with technical support, being available 24/7, doing proper hand-offs and getting back to us if an issue wasn't resolved, and being technically knowledgeable.
And there are always humans on the other side which can be talked to. (Looking at you, MS for org validation for trusted signing ...)
Hetzner Dedi Cloud: 48 cores €288.49/month
Between a VPS at DO or a server at Hetzner?
The idea would be to take any existing commonly used service at a startup and set up the FOSS equivalent, unify them with SSO via OIDC and charge by the a flat rate based on the amount of resources.
I've already built something similar for social media platforms, so I think I would just have to expand my catalog to do it.
- What services are you/your company relying on and you'd like to switch to an open alternative?
- How much are you/your company spending on these services?
- What is the threshold of pain (retraining, missing features, known issues) would you/your company be willing to accept for solutions that are not 1:1 replacements for the current systems?
That is true, but none of those are 100% from US (or China) either.
It’s almost as if our global economy is a complex beast with lots of interdepencies…
My advice: Go read the seminal “I, Pencil” essay from the 50s. Now do the same exercise witha computer system that involves both hardware and software.
For now, that limits my choices in Europe to IONOS and OVH.
OVH's interface is pretty chaotic. But the services themselves seem reliable so far. IONOS seems pretty solid in all aspects, but a bit cheesy in their constant battle to upsell you more services.
Equinix may provide the infrastructure, but US intelligence agencies can’t simply access data in these jurisdictions, unlike in the US, where providers are directly subject to laws like the CLOUD Act.
Even if we assume hypothetical US access to the hardware, modern encryption can somewhat ensure that raw data remains protected. The real risk isn’t just physical access—it’s legal and architectural control. A European provider using strong encryption and operating under EU law still offers far better privacy guarantees than a US-based alternative.
If your threat model includes avoiding US influence entirely, then yes, you might want a provider with no US ties whatsoever. But for most users, especially those seeking GDPR-compliant hosting, a European provider using Equinix infrastructure is still a meaningful step up from hosting directly with a US provider. Dismissing it as "inherently insecure" is unhelpful and disregards the real-world protections offered by EU jurisdiction and encryption.
The goal isn’t perfection but practical improvement. If you have better alternatives, share them constructively instead of undermining efforts to move away from US-dominated cloud services.
One of the best part of UpCloud is their flexible plan. You could have something like 64 Core and 8 or 16 GB Memory with very little storage and the whole thing is charged by the hour. You can have a 64 Core server that is under $700 USD a month. If you only care about CPU core that is reaching dedicated server pricing without long term commitments while having the flexibility.
Edit: I cant remember if they are real CPU core or vCPU as one 1 thread. Some vendor in the past few years started to use vCPU as single Core only. Some dont.
I'm a European DevOps engineer who specializes in Microsoft Azure, and I'd like to switch to European alternatives. But I struggle to see how we can ever become independent of Microsoft of all devices are still running Windows and 365 / Office.
edit: I understand why you would want to build on Windows if your user base is there. But why use it on the server side? The only reason I can think of is people who have only worked on Windows will keep using it, but at some point one has to get rid of this addiction.
Guess it depends on the context? If you need to run Windows Servers and run Microsoft services then well, you're better off with Microsoft, most likely.
But for other workloads, it won't matter what the client software is, but again, really depends on the context.
So, even more KYC? Blood sample is required, as well as at least three independent proofs of residence and subscription available only for select cities in the EU?
If we want to compete with the US, we have to fix the main problem with european services: relax regulations, not tighten.
For Europe 100 years of globalisation cannot be undone so easily.
This is how they compare with AWS: https://upcloud.com/competitors-and-alternatives/aws
Nope this gap can not be closed by any US company alone due to the Us Patriot Act - which forces any US company (including e.g. a German subsidiary) to allow access to all data for national security purposes.
I guess they can win some clients, given current hostility of Europe against Trump, but what if in two years Trump will be off the news, people would not care anymore about being anti_USA or what if in 4 year Dems will figure out why they lost in 2024 and find someone less lame, who will win election, whom Europe will like again?
The risk is much lower than e.g. AWS.
It’s not a great thing to have your infra hosted anywhere that can be legally compelled by a US government.
(LTT - Equinix data center in Toronto )
Nobody knows the future but one thing is clear and set in stone - trust has been broken. If you have any life or relationship experience, you know trust is always hard to build and easy to lose. Its extremely hard and lengthy to build again once it has been shattered (which it has been already).
Stab in the back is remembered for decades, spit in the face even more. Quadruple that for matters of national security.
By what? Tariffs?
We have known about NSA spyops for more than a decade now, with actual impact on our tech. Nobody cares. But now that trump is in office, we suddenly have an issue with the US? Ridiculous.
With the massive cost of shifting infrastructure, those scared away by the current US administration is mostly gone for good.
And don't forget managed Kubernetes. You can get pretty far with the services they provide and the Kubernetes ecosystem.
For a more complete offering, check out Scaleway - French, regions in a couple of locations, and a wide array of services, up to e-mail service, message broker, quantum computers, AI inference.
This is akin to Trump talking about the hostility of Ukraine against Russia. The US are the bullies here, not the other way round.
> but what if in two years Trump will be off the news, people would not care anymore about being anti_USA
Time will tell, but this is the first time in the life of all living Europeans that the US threatens them militarily. And many US citizens not only seem to not care, but they seem to find it okay (and even say that the Europeans are the ones being hostile to the US).
IMO, something has been broken this time. Europeans see the US as a national security concern. At this speed, this feeling will just get stronger in the next two years, and honestly I am not convinced that any results in two years could "just repair the damage" immediately. The trust has been broken now, it will take time to come back (assuming the US do come back from this).
Seriously?
NSA findings are an afterthought in all this, we talk about existential threats with literal sworn enemy at our doors right now willing to capture, murder and steal all it can and stating it semi-constantly.
Nobody cares, because nobody really understands the consequences.
But now it's different. The US are threatening to invade and annex territories. Everybody understands what that means.
It turns out their management web UI (for orders etc.) also goes through cloudflare so that is a potential problem (and I now plan to switch away from Upcloud for that reason - its silly to route that through Cloudflare).
That said, their servers and their managent are in Europe.
This might fly if they were selling Bananas. But they are selling "cloud hosting". Cloudflare is literally their competitor.
Google Workspace (email / drive / docs / chat): $500 / month
Various cloud services: VPS / RDS ($1000+ / month)
Figma / Adobe: $100 / month
A bunch of other services where we spend less than $100/month.
How much pain: as long as a basic level of service exists, willing to take on pain just to not be completely dependent on US companies.
- Google Drive/Docs -> Nextcloud.
- Chat -> Matrix
- Email -> Some EU or Swiss-based email provider, I'd recommend Migadu
- Figma -> Penpot
I'd have to know a bit more about you mean by "various cloud services", but if you just mean "applications we run ourselves", it sounds more like a small consultancy project than a packaged product that can be offered.
In any case, I think I could help. Would you like to maybe send me an email? raphael (at) communick.com
If your network speed is capped, that's a bandwidth limit that can break things, especially "when your business takes off"
Personally I prefer a cap on spending given that the risk of runaway costs has a bigger impact than the risk of runaway of legit network traffic. I suspect most people feel that they are more cable of catching and addressing runaway success, rather than an runaway network problem caused by an undiscovered bug or attack (often intentionally done during off-hours in the middle of the night).
But it would have been enough to just read the links, that are posted here. I encourage everyone to do the same, before posting stuff that is irrelevant and/or plain wrong.
Edit: Not allowed to comment on your reply anymore. I read it as a confirmation of what I said. Charging for egress in general is allowed. Only the egress to take your own data elsewhere must be free.
The Data Act will also entirely remove switching charges, including charges for data egress (i.e. charges for data transit), from 12 January 2027. This means that providers won’t be able to charge their customers for the operations that are necessary to facilitate switching or for data egress. However, as a transitional measure during the first 3 years after the Data Act’s entry into force (from 11 January 2024 to 12 January 2027), providers may still charge their customers for the costs incurred in relation to switching and data egress.
https://digital-strategy.ec.europa.eu/en/factpages/data-act-...
https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng
> In order to foster competition, the gradual withdrawal of the charges associated with switching between different providers of data processing services should specifically include data egress charges imposed by a provider of data processing services on a customer. Standard service fees for the provision of the data processing services themselves are not switching charges. Those standard service fees are not subject to withdrawal and remain applicable until the contract for the provision of the relevant services ceases to apply. This Regulation allows the customer to request the provision of additional services that go beyond the provider’s switching obligations under this Regulation. Those additional services, can be performed and charged for by the provider when they are performed at the customer’s request and the customer agrees to the price of those services in advance.
This should be disclaimer at your first message when you compared AWS with UPCloud.
TBH, I would not trust AWS with countering the Patriot Act.
Fair, my bad. Still obviously misleading.
1. DB instances "starting at $144", I have a $63 in my basket at the moment, and also Aurora Serverless charges on resources used and can be potentially cheaper depending on the workload.
2. "$82.8 /mo" for a 2 core 8GB server is actually just under 50.
3. European DC locations: 8 for both. Unsure what UpCloud means for them here[0], they look like actual, individual DCs, but AWS has 8 European regions. Each region has normally 3 AZs which are physically separate DCs (which can be in proximity or not) and can be composed of multiple DCs each. Plus there are localzones depending from certain regions, each with at least one DC (and there are 11 of those). So the AWS number is certainly over 30 if we compare apples to apples.
The rest I don't have time to dive in, or are just opinions (certifications needed for proficiency? really?)
>TBH, I would not trust AWS with countering the Patriot Act.
AWS China wouldn't have happened if they didn't offer enough safeguards. Complying with Patriot Act will guarantee enormous fines for AWS in the EU, so I'm sure legal and finance did their homework for AWS not to end up between a rock and a hard place.
It is very cheap, but it is also a lot cheaper than most VPS providers.
Parent is comparing Hetzner Dedicated with Upcloud VPS, not Hetzner VPS with Upcloud VPS, I'm not sure you missed this.
But in case it's not a misunderstood question: Dedicated instances are "real" hardware you have full control over, for better or worse, while VPSes are managed by your provider, and are virtualized on top of "real" hardware.
Usually you have better performance and isolation (and higher price :) ) with dedicated servers compared to VPSes, but it also usually means less flexibility. Typically you cannot just "upgrade" a dedicated server to another instance without dealing with the migration yourself, while most VPS providers offer a one-click upgrade/downgrade of instances.
Edit: I see parent now edited their comment to say "Hetzner dedi cloud" where as when I wrote my comment it just said "Hetzner dedi" so seems I'm the one who misunderstood parents comment :)
I was thinking that maybe the felt difference is in some additional services like block storage (though I think hetzner has a complete offering, without checking the details right now) or in the limitations of the scaling.
Hetzner also has real dedicated servers and sure, your explanation gets the difference there. I appreciate that you gave the comment a real reply in any case :)
AWS China vs. AWS EU: Data centers in China are managed by Chinese companies, whereas DCs in the EU are managed by USA companies.
From a regulatory perspective, it's two different worlds. The Patriot Act can happen in the EU, not in China.
This is why GDPR does allow that EU user data is transferred to non-EU countries, but not to the USA.[0]
Furthermore, a discernible trend has emerged, attributable to the inadequacies in privacy regulations and suboptimal Trump geopolitical strategies with the EU, the EU is actively seeking better cloud services [1].
[0] https://gdpr-info.eu/issues/third-countries/
[1] https://www.wired.com/story/trump-us-cloud-services-europe/