Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
csense 15 hours ago

This applies to any company, doesn't it?

Your home country can tell you "Give us your data" and you have to comply.

"I will never give up customer data" is a very tough promise to keep, if the government threatens you with your business license being revoked, your servers and domains being forcibly seized by the police, and you personally going to jail.

(Under the current US administration, we can add "A close examination of the immigration status of all foreign nationals employed by your company, followed by probable deportation or jail" to the list of potential consequences for resisting the government.)

autoexec 14 hours ago | parent | next [-]

The trick is to collect as little data as possible and to get rid of what you need to collect as quickly as you can. This is in direct opposition to the practices of companies like Microsoft which wants to spy on their users and profit from the data they collect though.

There's also an open question of how possible it is to run a system that doesn't collect/store data in a way that makes it possible to be collected by the government. The US government can force companies to compromise their systems or shut down their services if they refuse. In the past they've even threatened that shutting down a service instead of compromising it could still get operators in legal trouble.

At this point anyone who wants to keep the US government out of their data should avoid using any US company.

9 hours ago | parent | next [-]
[deleted]
9 hours ago | parent | prev | next [-]
[deleted]
ebb_earl_co 13 hours ago | parent | prev [-]

This is why I still prefer Signal; this practice seems to be their modus operandi even though they, too, were affected by AWS us-east-1 catastrophe

autoexec 9 hours ago | parent [-]

Signal used to never collect data on users, but they've changed that a while ago and now they keep user's name, photo, phone number, and a list of their contacts permanently in the cloud protected from the government by nothing except by a leaky enclave and a pin (https://web.archive.org/web/20250117232443/https://www.vice....)

More recently they've started collected the contents of messages into the cloud too, yet to this very day their privacy policy opens with the lie: "Signal is designed to never collect or store any sensitive information." which hasn't been true for a very very long time. I consider their refusal to update their privacy policy to be a massive dead canary warning people that the service has already been compromised, but feel free to take your chances.

hashiyakshmi 6 hours ago | parent [-]

You're able to disable the pin feature to prevent that data from being saved though, so it definitely isn't a requirement.

I'm also not sure where you've read that they collect the contents of messages, because as far as I'm aware they still aren't doing that and I can't find any info online that indicates that they are (other than their secure backup feature that's opt-in only I suppose)

autoexec 2 hours ago | parent [-]

Actually you can't. If you choose not to set a pin, Signal just chooses one for you and uses that to upload all your data, only you won't be able to access it. There is no way to prevent your data from being sent to the cloud. For more info see here: https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin... and https://community.signalusers.org/t/what-contact-info-does-t...

The fact that Signal users are still unaware of where their data is going and when should tell you all you need to know about how trustworthy the service is. Not being 100% clear about the risks people take when using software which is promoted for use by people whose freedom and/or lives depend on it being secure is a very bad look for Signal.

As for message backups they are at least opt-in (for now anyway) and you can learn more about them here: https://signal.org/blog/introducing-secure-backups/

charles_f 13 hours ago | parent | prev | next [-]

Well this is especially significant because Microsoft is currently building a sovereign datacenter in France (nicknamed "Bleu"). I'm wondering what the consequence of that testimony will be.

https://blogs.microsoft.com/on-the-issues/2025/04/30/europea...

cesarb 13 hours ago | parent | prev | next [-]

> This applies to any company, doesn't it? Your home country can tell you "Give us your data" and you have to comply.

Not all countries have an equivalent to the USA CLOUD Act.

satellite2 15 hours ago | parent | prev | next [-]

Of course. But what if the holding lives in a country that don't enforce this (or is too weak to). Then all the subsidiaries are really sovereign from the host country perspective.

It seems the solution is ages old. Don't have the holding incorporated in an empire...

vladvasiliu 13 hours ago | parent | next [-]

How would this work in practice? If the empire wants to get at your data, why do you think it would shy away from pressuring a country so weak that it can't afford to enforce this on their companies?

stetrain 13 hours ago | parent | prev [-]

Then the empire just says that they want the data or you won't be allowed to operate in the empire, which would be bad for profits and anger shareholders.

LarsKrimi 10 hours ago | parent | prev | next [-]

> "I will never give up customer data" is a very tough promise to keep

If you don't have a spine, sure

That's what US companies are seen as from a European perspective: Spineless and untrustable

It's a great sales argument for locally grown software though, so I'm not complaining :)

xorcist 14 hours ago | parent | prev | next [-]

That's not so. In a democratic state of law, the police can not unilaterally decide to seize you servers, and the politicians cannot tell the police to do so. Separation of powers is a thing.

pjmlp 13 hours ago | parent | next [-]

Nice theory, that even on US isn't really working nowadays.

recursive 13 hours ago | parent | prev [-]

What would stop them from doing that?

vmnb 6 hours ago | parent [-]

Capital flight

throwawayffffas 13 hours ago | parent | prev [-]

Well yes but that is all the more reason for EU entities to use EU companies for data storage.