> Ghost's founder, John O'Nolan, wrote in a blog post: "we’ve elected to move the default location for all customer data from the UK to DigitalOcean’s [Amsterdam] data centre. The Netherlands is ranked #2 in the world for Freedom of Press, and has a long history of liberal institutions, laws and funds designed to support and defend independent journalism."
But DigitalOcean is a US company... why not choose a local Dutch provider?
Just because they're less vulnerable doesn't mean they're less willing to fulfill overly broad requests or requests without merit. Do they have an open stance on user protection?
Why go to the Netherlands in the first place. We're the #1 in the world for wiretapping our own citizens.
(Except of course when those wiretaps involve prominent members of the government talking to fellow politicians suspected of corruption, then those wiretaps magically fail...)
If you move your operation to the Netherlands to avoid government snooping, you're going to have a bad time.
Great. I'm glad they're taking the initiative and voting with their (would be) money. That seems to be about the only way to "vote" these days. I'm really surprised more companies aren't doing the same in the US and other countries with equally bad privacy and software laws. I fully support leaving economies in countries that have laws hostile to privacy and software (UK, US, etc.). Hopefully more companies will do the same, enough to have an actual impact on the economy as a whole and therefore potentially make the idiot lawmakers reverse their idiocy.
It's not so easy to move your servers to Europe from the US. Yes they may be more private there and not subject to seizure, but the added latency would be debilitating.
It might make sense for privacy apps or services but for the vast majority of web applications these threats of surveillance aren't really worth the move.
It makes me wonder about the viability of a CDN system that's targeted at US end users, but is located outside of the USA. CDN nodes could possibly be set up in Vancouver, Toronto, Winnipeg, Montreal, Tijuana, Juarez, and Monterrey. But that would still leave a huge gap where the USA's population density is the greatest, in the states bordering WADC.
I think if you're going to do a CDN system like that, you might as well just assume any CDN can be compromised. I would structure it where the data "nut" is in The Netherlands, and there are CDN servers everywhere caching pages with various TTLs. If you're TTL was low enough (like 5 minutes) you could lose a CDN and only have a fraction of your data seized.
It definitely runs the risk that a CDN isn't just seized but "bugged".
As much as I'd love this to have an impact, the cynic in me thinks that from the point of view of the UK government, this is 3 companies of no significance, so why would they care?
It will take some much heavier-weight businesses before the government will even be interested in listening.
If you really worry about this sort of thing do not move your data to a subsidiary of a US company. Then you might as well leave the data in the US or the UK.
I wish more French companies did the same after the recently passed surveillance law. But even those that promised they would do it like OVH, changed their minds after the law passed.
But DigitalOcean is a US company... why not choose a local Dutch provider?