A little bit off-topic, but regarding this (sarcastic) quote:
> Europeans can’t do web and mail. There is absolutely no provider here who can do such complicated tasks.
We really can't, though. Because it's not just web and mail, it's Cloudflare and Google Workspace. There just are no EU alternatives for this. There just aren't. You can do parts of it, of course, but if you're running a business, you can't waste endless resources on building your own internal Cloudflare and Google Workspace alternative.
This is a real problem and I wish there were more real alternatives to services like these. Even Proton, which arguably replaces parts of Google Workspace, isn't even EU-based.
redrblackr · 22h ago
There is Nextcloud which is not only eu-based but open source as well. You choose what parts you run but it competes with most of workspace and office 365 (everything but the arguably obscure stuff*). I use all three (g-workspace, office 365 and nextcloud) and I strongly prefer nextcloud excluding my private preference of open source - even more so from an administrative perspective (fuck the workspace admin pages, they causes me so much trouble)
*except email-server which although easy to add on trough stalwart or external email provider is technically not part of the nextcloud ecosystem (webmail is however)
AndroTux · 21h ago
I don't know what you're smoking if you prefer Nextcloud over Google Workspace from an admin point of view, but hey, good for you.
But no, Nextcloud is not comparable to Google Workspace. Not as a user (their office web implementation is spotty at best, constantly crashes and disconnects; their calendar, meeting and chat apps are barebones; the clients regularly corrupt files or have issues syncing, etc.), and definitely not as an administrator: You have to constantly deal with manually updating the instance, re-enabling "incompatible" apps for some reason, deal with the updater taking 4 hours to download the zip file because their servers are overloaded again, updating the database server or PHP version because it will soon no longer be supported, etc. How is that better than having to navigate the Google Workspace admin interface every few months?
StopDisinfo910 · 21h ago
Proton is Swiss. That’s part of the CEE. It’s like Norway, EU-adjacent. They are part of a lot of the agreements and their laws track the EU closely where it matters. It makes sense to include in a lot of discussions surrounding sovereignty.
> you can't waste endless resources on building your own internal Cloudflare
The EU has multiple level 1 network operators that would be ideally positioned to build an alternative to Cloudfare if it was truly required. It’s not like they start from zero.
because the CEO of a company based on a different continent got suckered into believing Trump's campaign promises, which were mostly pretty decent... you're now doubting wherever the company he's the CEO of actually wants to monitor it's users?
I mean it was obvious that Trumps administration was gonna be spicy to say the least - but their messaging was most definitely way closer aligned to the working man vs the campaign Harrises team cooked up.
I wouldn't fault him at all, he likely just watched a Trump clip and posted his comment without any deeper meaning.
He definitely shouldn't have made that comment, but everyone makes the occasional not particularly well thought out statement... And he's a human too - and self aware enough to have other people/his employees overrule whatever he personally wants to say.
I'm not a proton user myself though. I believe the clients are the only parts that are open source, and a closed source backend thats security oriented is an oxymoron as far as I'm concerned. But I'm not particularly informed about proton either, so ymmv.
AndroTux · 14h ago
If a CEO of a company like Proton is that gullible that he falls for someone like Trump (IN 2025!), I have even less hope for my data being in secure hands.
> and a closed source backend thats security oriented is an oxymoron as far as I'm concerned.
Exactly. You're basically just trusting that this guy will always make the right decisions. I remember being in the same boat with Google. Don't be evil and all that.
Wow, that looks surprisingly interesting. How come I have never heard of them before, given that they apparently are around for more than 20 years? Have you used their services? Are they any good?
wkat4242 · 22h ago
There's decent companies doing web and mail here. Most of them don't have a global CDN but for digital sovereignty that's not really an issue. Putting servers in other jurisdictions means they are vulnerable to local laws.
And also, you have to start somewhere. And the American companies often employ business practices we frown on here. Like Google datamining their users. Microsoft linking their services together and abusing their market position. Meta pirating to train their AIs.
Without those things the services will be more expensive, but they'll also be more honourable. I see a lot of people really defeatist these days "why care about privacy because you have none anyway" and this is mostly because of American companies.
c_hagau · 20h ago
https://mailbox.org is hosted entirely in Germany and, at least in my experience, has been absolutely rock solid. It's also very affordable for private use. No Google, no AWS, no Cloudflare.
(I'm not affiliated with them, just a happy customer.)
Yeah, I'll use Tuta if I want an email service that I can't use IMAP with, and then I still have to find a replacement for the 95% of other services Google Workplace offers.
frida-rici-12 · 21h ago
I use Tuta, quite happy with it. The app is available on F-Droid, and I can sync contacts to my phone, which is very convenient.
Sure, it does not have everything Google has, but I mainly need Mail and Calendar, and for this it’s great. They are also working on a Drive.
Sure, not file & coop workspace etc., but it works quite well for me for more than 25 years
TheChaplain · 22h ago
It's not a matter of technical limitations, it's EU regulation and laws that make it so expensive to run that the margins are not enough.
Large actors can do it because they have other revenue sources, and they have resources to deal with the legal matters.
I am not saying regulations are bad, they are not, but every paragraph takes a small piece of the cake. And the cake is not infinite, so at a certain point people will go away because "I earn more on doing something else".
pas · 20h ago
the moment Google launched Gmail with free 1GB inbox many years ago the groupware suite market effectively died, the only other real player is Microsoft.
and likely Google/MSFT will deploy a copy here ran without direct interference from the US, and it'll probably chug along until the first really big lawful intercept disagreement (but there are a bunch of "mutual legal assistance treaties" so it'll take a while, and by then AI will eat us for paperclip NFTs anyway)
FirmwareBurner · 22h ago
>t's EU regulation and laws that make it so expensive to run that the margins are not enough.
Not exactly. The EU regional market fragmentation and domestic protectionism of each country is a way bigger nerf to scaling tech companies domestically.
That's why all EU tech unirons aim straight for the US to sell their products/services there first, and only once they reach escape velocity there, then open themselves to EU customers.
supermatt · 1d ago
joindns4eu is not dns4eu. Its effectively a marketing website, probably subcontracted to a design agency. It has nothing to do with the actual operation of dns4eu.
I'd prefer that they weren't spending funds on using US infrastructure for their marketing (and hopefully this publicity will effect a change), but its a real stretch to make out that it in any way undermines the mission of dns4eu - namely providing a public resolver that isn't slurping up request data for their own purposes.
graemep · 23h ago
Nonetheless, the fact that a digital sovereignty project ends up using American infrastructure for its website and email is a pretty good demonstration of how deeply embedded reliance on the US is.
supermatt · 23h ago
Yeah, thats exactly why projects like this are being spearheaded.
graemep · 23h ago
It does not seem to be working though. They could have used EU infrastructure for their for their email and website, and did not bother to. Its not as though there is no alternative.
I suspect people pushing to host websites in the EU will default to using American DNS and email providers etc.
The real problem is lack of motivation, not lack of options and it is a lot easier for people to keep on using Cloudflare and Gmail and AWS etc.
input_sh · 23h ago
I'm sure if they did that someone here would complain about which routers they're using, or where where did the processors for those routers get manufactured, or where did the rare earth metals for those processors come from, or which company owns the mine extracting machines, or...
Nothing gets done without some pragmatism.
graemep · 22h ago
Choices of things like routers are limited, and even more so further up the chain which is also less visible.
On the other hand there are lots of good options for hosting a website or email in the EU (and even more if you are also happy to host elsewhere in Europe).
Pragmatism is one thing, zero effort is another.
input_sh · 21h ago
I don't disagree that there are valid EU alternatives for hosting, I'm saying it's irrelevant to their goal.
Allow me to make an analogy: imagine someone switching to Linux desktop and then installing Slack or Discord because they can't be bothered to convince other people to use Matrix. Is that completely unacceptable or is it a healthy compromise and still a win overall?
It's also highly unlikely that the group of people working on that DNS resolver is the same group of people that made a website for it, as these sorts of sites tend to be outsourced to some tiny web design companies. One of my previous jobs was in one of those tiny companies and a part of my responsiblity was to maintain some of Eurotunnel's servers, so would you blame me for their decision to rebrand themselves to far less descriptive Getlink which happened around the same time?
graemep · 19h ago
> I don't disagree that there are valid EU alternatives for hosting, I'm saying it's irrelevant to their goal.
It is irrelevant to their narrow goal, but it is very much relevant to their broader goal.
> Allow me to make an analogy: imagine someone switching to Linux desktop and then installing Slack or Discord because they can't be bothered to convince other people to use Matrix.
That is a very different situation. There are no real barriers to an organisation choosing to host its websites where ever they choose.
> It's also highly unlikely that the group of people working on that DNS resolver is the same group of people that made a website for it,
That is often true, but in this case it implies management do not understand, or are not committed to the underlying goals. It would be very easy to have insisted that all hosting is in Europe.
> One of my previous jobs was in one of those tiny companies and a part of my responsiblity was to maintain some of Eurotunnel's servers, so would you blame me for their decision to rebrand themselves to far less descriptive Getlink
Not you, but I would blame their management.
evgle · 23h ago
You're not gonna succeed at your core business if you handicap yourselves with subpar products. What I would give to use zoom, google docs, outlook instead of the current european ones at work.
Airbus used american products and customers to get big and then built european alternatives, it just makes a ton more sense.
bootsmann · 23h ago
Gotta start somewhere I guess. EUVD also runs on Azure but that's still a step forward from NVD which runs on Azure and is American itself.
bayindirh · 23h ago
EU was cozy with US cloud operators which built and ran datacetners in the EU soil. They have special agreements for data isolation and data travel limitationss (i.e.: Data can't leave the said datacenter or the continent).
After the last election, they decided that it's not safe in the long term, and started to build their own infra. It'll take some time.
wkat4242 · 21h ago
Yes exactly. It's hard to understate the shock that happened to the deep trust that existed between the EU and US. And I don't think that will return even if the US changes back. Trust is hard to build and easy to lose.
graemep · 19h ago
True, but why did they trust the US so much in the first place? It is not as though no-one has ever warned of the dangers before this year!
Given that one of the EU's aims is to be a peer to the US and China (the term I recall them using is a "multi-polar world") they should not be reliant on anyone to this extent.
wkat4242 · 18h ago
> True, but why did they trust the US so much in the first place? It is not as though no-one has ever warned of the dangers before this year!
Similar background, a long history of standing together (e.g. the war, marshall plans, NATO etc)
Trump is pretty unprecedented, even though some previous presidents weren't very friendly with the EU (like the "Freedom Fries" issue under George W Bush, when France opposed the invasion of Iraq - which eventually ended up based on complete lies so the French were totally right).
> Given that one of the EU's aims is to be a peer to the US and China (the term I recall them using is a "multi-polar world") they should not be reliant on anyone to this extent.
True. Europe has been too comfortable with the situation. It's also because it's hard to get everyone aligned. Politics is very nation-aligned, not EU-aligned.
mitjam · 22h ago
I would call it laziness as it’s certainly possible to run a mail and Web service at a EU hoster or cloud. It‘s also sad and telling that they don‘t (care?) and even dishonest, as they don’t list the providers as subcontractors in their privacy statement.
graemep · 19h ago
Well spotted. Cloudflare at least should be mentioned as they can collect IP addresses which are PII. They also load scripts from Google, again exposing, at a minimum, IP addresses.
There is a reference to their cookie policy but to link to it.
quuxberlin · 23h ago
It's the site you find when you search for dns4eu.
raverbashing · 23h ago
Yeah
Honestly this "deep dive" borders on self loathing
"oh but their email is not in the EU" ok it's a fair criticism, but for some people nothing is good enough
Then we wonder why nothing goes ahead in the EU because once you do something it gets flooded with tire kickers and bikeshedders criticizing everything
lpcvoid · 1d ago
I have migrated domains from Cloudflare to deSEC.io the past days, and it's been going very well. It's a German nonprofit which is part of DNS4EU as a consortium member.
_joel · 1d ago
for ns in $(dig NS deSEC.io +short); do for ip in $(dig +short $ns); do echo "$ns -> $ip"; whois $ip | grep -i -E "(country|city|netname|orgname)" | head -3; echo; done; done
It looks like you discovered their global anycast network. Check out their homepage for more information.
m3adow · 1d ago
Never heard of them before, but they look interesting, thanks for that. I'll transfer one of my .eu.org domains for testing it out.
pepa65 · 16h ago
deSEC.io is great, been using them more than 3 years. I wish they offered DDNS (like 1984.hosting does).
benjojo12 · 23h ago
Claiming that AS60068 is not a "EU" because of "GB" code on their whois is really quite an ignorant way of determining that claim.
With that being said actually depends on what is good enough for you, but it's relatively clear that the DNS resolver IPs that are looking up are based in the czech republic.
As I mentioned in another comment "207 Regent Street" (the address in their whois) is a well known virtual office type address in the UK.
As someone (who himself is admittedly in the UK) who is desperately trying to move more more to European products, this kind of absolutism it's just really exhausting on should really be a shared goal. I will happily use/buy good services from the UK,EU,Swiss,etc etc if they are comparable (even just for my own feature use case) to the US ones.
graemep · 19h ago
Also British and I agree. We should have shared goals with a number of other countries in Europe and in the rest of the world. There is a lot of scope for things to be done in cooperation - e.g. shared development of systems and deployment to datacentres in each country that uses it.
karel-3d · 23h ago
I think they don't actually block DNS queries, mostly related to football (soccer for Americans) pirating, that are required to be blocked in Italy, France and Portugal; so probably they break Italian, French and Portugese laws. (Don't quote me on that.)
Also they don't seem to block Russia Today, which might be required in other countries? But that might be on a different layer. Not up to date on that.
pimterry · 23h ago
How do those regulations work? Is it that anybody providing DNS in any way must block resolution of these addresses, or is it that anybody acting as an ISP must block resolution on their default DNS service?
The latter seems more likely - it's much easier to regulate businesses providing a defined service rather than all servers supporting an arbitrary protocol.
karel-3d · 23h ago
I don't know the details. They have ordered Google, Cisco and Cloudflare to block these on their public resolvers (so not just ISPs). I will google "Piracy Shield" to see the details.
edit: it seems it's local court orders, ordering those specific companies to poison the DNS; it's not a law. So DNS4EU is fine for now.
supermatt · 19h ago
It is the ISPs operating within the country that have been ordered to censor those. Those aren’t enforceable at EU level.
karel-3d · 17m ago
Cloudflare and Google are not ISPs?
supermatt · 16m ago
Sure they are - and if they operate in those countries then they have to abide by court orders, obviously.
rozumbrada · 23h ago
The last hop showed in the BGP route is AS60068 (cdn77) which is a Czech company with global physical network. It does not mean the data are going through GB, it's not that easy.
In the era of relatively complicated company ownership structures (especially in a capital heavy business such as Datacamp), the company on the whois does have the same level of meaning as you seem to expect it to.
207 Regent Street, it's a relatively well known virtual office type address, I would be shocked to learn that there were any datacamp employees at that address)
rmoriz · 22h ago
Virtual office addresses don't help to make it better.
_joel · 1d ago
Is the domain chosen actually served by DNS4EU or is this a case of a design company doing some work for a client (the EU) and using their infra? I've seen that happen before. If not then, yea, the author's bang on.
and one can see that they essentially have 2 upstream peers, one from HU and the other from GB, which is the main point of discussion here and open to scrutiny for sure.
quuxberlin · 1d ago
That's the policy. In real life I only found AS60068.
tazjin · 23h ago
Their resolver resolves sites that should be censored in the EU, so it doesn't look like a government-aligned project.
ju-st · 1d ago
> $ dig ns joindns4.eu +short
> ns63.cloudns.net.
> ns64.cloudns.uk.
> ns61.cloudns.net.
And US and UK have control over the TLDs of the nameservers.
miyuru · 22h ago
Nowadays nameservers are pretty resilient and fast, I am questioning why we need public resolvers in the first place.
If someone operates a network, it is really trivial to setup a recursive server for that network.
wkat4242 · 22h ago
You don't always want your provider to log all your requests. If you use another one they have to use DPI to see it which is illegal in the EU.
johncoltrane · 1d ago
Great write-up. Note that the UK is no longer part of the EU so even those .uk domains are a bit of a red flag.
Mashimo · 1d ago
That's part of the writeup.
> Last time I checked GB was not part of the EU. And it’s also a member of FIVE eyes.
jeroenhd · 23h ago
> And it’s also a member of FIVE eyes.
I don't think they need to worry about the FIVE eyes when the
"FIVE eyes plus 3", "Nine Eyes", and "Fourteen Eyes" contain several EU countries. The larger groups aren't working together as intensively but it's not like cutting off the UK is going to stop the US from the (industrial) espionage they do in the EU.
johncoltrane · 23h ago
I know. It comes up a bit later than the .uk domains, though.
Additionally, the authoritative DNS servers include domain names with .net, which is under US-American control.
mitjam · 21h ago
CloudNS is a DNS provider in Bulgaria, offering good and cheap DNS as a service . Still, the project at the moment is just arbitraging and don’t provide own infra,
fside · 1d ago
I’m with the author. DNS4EU is being sold as “sovereignty,” but it’s just another centralized resolver sitting on the same foreign-owned infrastructure we already depend on. Shuffling everyone’s queries through one EU-branded endpoint doesn’t fix privacy or resilience—it just adds another middleman. If the EU really wants independence, it should invest in making local ISP resolvers secure and trustworthy instead of outsourcing the job yet again.
supermatt · 21h ago
> Shuffling everyone’s queries through one EU-branded endpoint doesn’t fix privacy or resilience—it just adds another middleman.
The ENTIRE point is to be a publicly funded middleman that doesn’t collect or expose user data.
It’s not about “sovereignty” over DNS - it is primarily to prevent dns providers invading user privacy. Go and read the official documentation on ENISA.
Maybe you should have at least a rudimentary understanding of it’s purpose before making uninformed judgements?
No comments yet
bux93 · 1d ago
And it should only use the I- and K- root-servers, and fund those.
To be honest, setting up a DNS4EU replica would just be a simple unbound
fside · 1d ago
Should be easy enough. But, the problem is the scale. I work at a privacy conscious EU based startup and we used to use quad9 for our infra. Shortly after we started using, we started to hit scalability issues. When the whole eu traffic was hot, our DNS query latency would also go up. To be able to keep up, we had to switch back to CF and Google. Hope there is a really good alternative one day.
quuxberlin · 1d ago
Run your own resolver. It's not that hard.
fside · 23h ago
Sure thing, but essentially it would be another thing that we have to make sure that it is protected and performant. At the time of building a startup, that’s still an item we are leaving someone else to manage.
letters90 · 22h ago
It's simple to setup a resolver, really. Basically just "apt install unbound" and you have a resolver ready.
the only thing you might have to adjust is the access control
And no support for modern protocols to hide the client IP (ODoH, Anonymized DNSCrypt). So long for privacy.
dncornholio · 23h ago
I don't think this article was written in good faith.
mrweasel · 22h ago
I think it's written to show how insanely difficult it would be to unentangle the EU from US software and services companies. That doesn't mean we can't try, but we should be realistic in our goals.
_fizz_buzz_ · 22h ago
One step at a time? It seems like there is a lot of demand for domestic EU solutions now that wasn't really there a year ago. And if there is actual demand, someone will meet this.
pandemic_region · 1d ago
> The goal of DNS4EU is to ensure the digital sovereignty of the EU by providing a private, safe, and independent European DNS resolver.
Should we also take into account the owner of the fiber that the dns requests travel on? The manufacturer of any hardware used along the way?
wkat4242 · 22h ago
Ideally, yes, we should. Because the fibre owner or equipment manufacturer could choose to shut it down at some point.
And don't forget, since January this year a lot of those far-fetched ridiculous possibilities have proven to be reality and not so far-fetched at all. Though I'm sure this project has been in the works for much longer, it's certainly well-timed.
bibelo · 1d ago
but about the manufacturers of the components inside the hardware?
"If you wish to make an apple pie from scratch you must first invent the universe"
ExoticPearTree · 23h ago
If you want 100% EU stuff, someone needs to write a DNS resolver from scratch, host it on servers with hardware 100% made in the EU, connected using network devices made 100% in the EU.
It looks more like more political fay dreaming and wishful thinking than an actual solution.
mrweasel · 22h ago
There's a lot of "To make an apple pie from scratch, first create the universe" going on here. If it's a 100% EU service, whatever than might mean to you, do you then also need to run it on an EU designed CPU? I don't think there is any CPUs with an architecture designed in the EU, closest one is probably ARM.
That being said, I am a little disappointed. There's a lot of small wins here. Like not using CloudFlare or Gsuite.
ExoticPearTree · 20h ago
Feels like fear mongering. What is wrong with CloudFlare?
The point is that we need EU services for this and that is ridiculous. The only ones who will benefit from this will be EU companies that might not offer the same quality of service as the US companies do.
There are for example zero hyperscalers in Europe. Sure, I would like to use something EU made, but for all that's normal, offer me something similar to what AWS/Azure/GCP offer.
spiffyk · 19h ago
> someone needs to write a DNS resolver from scratch
That part is done. Knot Resolver [1] is being developed in Czechia and it is the resolver implementation powering DNS4EU [2].
> someone needs to write a DNS resolver from scratch
Should Americans stop using Linux then?
ExoticPearTree · 20h ago
They don't have a problem with European software, Europeans have a problem with American software ;)
cr3cr3 · 23h ago
DNS is inherently a globally distributed system. Recursive resolvers depend on a hierarchy of name servers—root, TLD, and authoritative—many of which are geographically and administratively dispersed. Attempting to localize DNS strictly within national or continental boundaries goes against the core architecture of how name resolution works.
This particular initiative, while branded as an EU project, appears to be the product of a consortium of private companies, CERTs, and academic partners. In practice, efforts like these often struggle with cohesion, efficiency, and long-term viability—especially when guided by complex bureaucratic processes. It’s difficult to imagine such a model offering a meaningful alternative to existing resolvers, either in terms of privacy, performance, or sovereignty.
Andrew_nenakhov · 23h ago
Totally reads as a reply generated by chatGPT or something similar. If this was written manually, congrats for mastering the style.
cr3cr3 · 23h ago
I consider HN a more serious and knowledgeable crowd, so I try to keep my replies professional and well-reasoned to reflect that. That said, I do like to use AI tools to clean up grammar and phrasing. I also write a lot of whitepapers and technical documentation at work, maybe some of that “leaked” into my response.
wkat4242 · 22h ago
To be honest I found it hard to read, it seemed to be more focused on using big words and formal language than explaining the point. Not trying to roast you, just honest criticism. I think that's what gives the "ChatGPT" feeling.
I know someone else that writes like that, he is deeply involved in government bureaucracy and they have this complex jargon that I don't know.
cr3cr3 · 15h ago
Thanks, I appreciate the feedback, really. When I type from a computer, during working hours, that happens.
fleischhauf · 23h ago
I don't know if that's something you should be congratulated for though
lmz · 22h ago
It would make them more anonymous / harder to link to other IDs if that's what they were after.
cr3cr3 · 23h ago
For using ChatGPT, or for still being capable of manual writing in the age of AI?
No comments yet
arp242 · 11h ago
> Recursive resolvers depend on a hierarchy of name servers—root, TLD, and authoritative—many of which are geographically and administratively dispersed. Attempting to localize DNS strictly within national or continental boundaries goes against the core architecture of how name resolution works.
No one is trying to "localize DNS strictly within national boundaries". Just first first step your computer makes in resolving it.
gwerbret · 23h ago
This perspective is supported by
a) the sentence structure and overall phraseology being significantly different from the user's prior posts, and
> Europeans can’t do web and mail. There is absolutely no provider here who can do such complicated tasks.
We really can't, though. Because it's not just web and mail, it's Cloudflare and Google Workspace. There just are no EU alternatives for this. There just aren't. You can do parts of it, of course, but if you're running a business, you can't waste endless resources on building your own internal Cloudflare and Google Workspace alternative.
This is a real problem and I wish there were more real alternatives to services like these. Even Proton, which arguably replaces parts of Google Workspace, isn't even EU-based.
Cloudflare I don't know if there are good competitors by my own experience, but some are listed here: https://european-alternatives.eu/alternative-to/cloudflare
*except email-server which although easy to add on trough stalwart or external email provider is technically not part of the nextcloud ecosystem (webmail is however)
But no, Nextcloud is not comparable to Google Workspace. Not as a user (their office web implementation is spotty at best, constantly crashes and disconnects; their calendar, meeting and chat apps are barebones; the clients regularly corrupt files or have issues syncing, etc.), and definitely not as an administrator: You have to constantly deal with manually updating the instance, re-enabling "incompatible" apps for some reason, deal with the updater taking 4 hours to download the zip file because their servers are overloaded again, updating the database server or PHP version because it will soon no longer be supported, etc. How is that better than having to navigate the Google Workspace admin interface every few months?
> you can't waste endless resources on building your own internal Cloudflare
The EU has multiple level 1 network operators that would be ideally positioned to build an alternative to Cloudfare if it was truly required. It’s not like they start from zero.
because the CEO of a company based on a different continent got suckered into believing Trump's campaign promises, which were mostly pretty decent... you're now doubting wherever the company he's the CEO of actually wants to monitor it's users?
I mean it was obvious that Trumps administration was gonna be spicy to say the least - but their messaging was most definitely way closer aligned to the working man vs the campaign Harrises team cooked up.
I wouldn't fault him at all, he likely just watched a Trump clip and posted his comment without any deeper meaning.
He definitely shouldn't have made that comment, but everyone makes the occasional not particularly well thought out statement... And he's a human too - and self aware enough to have other people/his employees overrule whatever he personally wants to say.
I'm not a proton user myself though. I believe the clients are the only parts that are open source, and a closed source backend thats security oriented is an oxymoron as far as I'm concerned. But I'm not particularly informed about proton either, so ymmv.
> and a closed source backend thats security oriented is an oxymoron as far as I'm concerned.
Exactly. You're basically just trusting that this guy will always make the right decisions. I remember being in the same boat with Google. Don't be evil and all that.
And also, you have to start somewhere. And the American companies often employ business practices we frown on here. Like Google datamining their users. Microsoft linking their services together and abusing their market position. Meta pirating to train their AIs.
Without those things the services will be more expensive, but they'll also be more honourable. I see a lot of people really defeatist these days "why care about privacy because you have none anyway" and this is mostly because of American companies.
yes, same for GMX
Sure, it does not have everything Google has, but I mainly need Mail and Calendar, and for this it’s great. They are also working on a Drive.
Doesnt this count?
Sure, not file & coop workspace etc., but it works quite well for me for more than 25 years
Large actors can do it because they have other revenue sources, and they have resources to deal with the legal matters.
I am not saying regulations are bad, they are not, but every paragraph takes a small piece of the cake. And the cake is not infinite, so at a certain point people will go away because "I earn more on doing something else".
and likely Google/MSFT will deploy a copy here ran without direct interference from the US, and it'll probably chug along until the first really big lawful intercept disagreement (but there are a bunch of "mutual legal assistance treaties" so it'll take a while, and by then AI will eat us for paperclip NFTs anyway)
Not exactly. The EU regional market fragmentation and domestic protectionism of each country is a way bigger nerf to scaling tech companies domestically.
That's why all EU tech unirons aim straight for the US to sell their products/services there first, and only once they reach escape velocity there, then open themselves to EU customers.
I'd prefer that they weren't spending funds on using US infrastructure for their marketing (and hopefully this publicity will effect a change), but its a real stretch to make out that it in any way undermines the mission of dns4eu - namely providing a public resolver that isn't slurping up request data for their own purposes.
I suspect people pushing to host websites in the EU will default to using American DNS and email providers etc.
The real problem is lack of motivation, not lack of options and it is a lot easier for people to keep on using Cloudflare and Gmail and AWS etc.
Nothing gets done without some pragmatism.
On the other hand there are lots of good options for hosting a website or email in the EU (and even more if you are also happy to host elsewhere in Europe).
Pragmatism is one thing, zero effort is another.
Allow me to make an analogy: imagine someone switching to Linux desktop and then installing Slack or Discord because they can't be bothered to convince other people to use Matrix. Is that completely unacceptable or is it a healthy compromise and still a win overall?
It's also highly unlikely that the group of people working on that DNS resolver is the same group of people that made a website for it, as these sorts of sites tend to be outsourced to some tiny web design companies. One of my previous jobs was in one of those tiny companies and a part of my responsiblity was to maintain some of Eurotunnel's servers, so would you blame me for their decision to rebrand themselves to far less descriptive Getlink which happened around the same time?
It is irrelevant to their narrow goal, but it is very much relevant to their broader goal.
> Allow me to make an analogy: imagine someone switching to Linux desktop and then installing Slack or Discord because they can't be bothered to convince other people to use Matrix.
That is a very different situation. There are no real barriers to an organisation choosing to host its websites where ever they choose.
> It's also highly unlikely that the group of people working on that DNS resolver is the same group of people that made a website for it,
That is often true, but in this case it implies management do not understand, or are not committed to the underlying goals. It would be very easy to have insisted that all hosting is in Europe.
> One of my previous jobs was in one of those tiny companies and a part of my responsiblity was to maintain some of Eurotunnel's servers, so would you blame me for their decision to rebrand themselves to far less descriptive Getlink
Not you, but I would blame their management.
Airbus used american products and customers to get big and then built european alternatives, it just makes a ton more sense.
After the last election, they decided that it's not safe in the long term, and started to build their own infra. It'll take some time.
Given that one of the EU's aims is to be a peer to the US and China (the term I recall them using is a "multi-polar world") they should not be reliant on anyone to this extent.
Similar background, a long history of standing together (e.g. the war, marshall plans, NATO etc)
Trump is pretty unprecedented, even though some previous presidents weren't very friendly with the EU (like the "Freedom Fries" issue under George W Bush, when France opposed the invasion of Iraq - which eventually ended up based on complete lies so the French were totally right).
> Given that one of the EU's aims is to be a peer to the US and China (the term I recall them using is a "multi-polar world") they should not be reliant on anyone to this extent.
True. Europe has been too comfortable with the situation. It's also because it's hard to get everyone aligned. Politics is very nation-aligned, not EU-aligned.
There is a reference to their cookie policy but to link to it.
Honestly this "deep dive" borders on self loathing
"oh but their email is not in the EU" ok it's a fair criticism, but for some people nothing is good enough
Then we wonder why nothing goes ahead in the EU because once you do something it gets flooded with tire kickers and bikeshedders criticizing everything
ns1.deSEC.io. -> 45.54.76.1 NetName: NETACTUATE-MDN-01 OrgName: NetActuate, Inc City: Raleigh
ns2.desec.org. -> 157.53.224.1 NetName: NETACTUATE-MDN-04 OrgName: NetActuate, Inc City: Raleigh
With that being said actually depends on what is good enough for you, but it's relatively clear that the DNS resolver IPs that are looking up are based in the czech republic.
As I mentioned in another comment "207 Regent Street" (the address in their whois) is a well known virtual office type address in the UK.
As someone (who himself is admittedly in the UK) who is desperately trying to move more more to European products, this kind of absolutism it's just really exhausting on should really be a shared goal. I will happily use/buy good services from the UK,EU,Swiss,etc etc if they are comparable (even just for my own feature use case) to the US ones.
See https://flashstart.com/opendns-not-available-in-france-and-p... and similar
Also they don't seem to block Russia Today, which might be required in other countries? But that might be on a different layer. Not up to date on that.
The latter seems more likely - it's much easier to regulate businesses providing a defined service rather than all servers supporting an arbitrary protocol.
edit: it seems it's local court orders, ordering those specific companies to poison the DNS; it's not a law. So DNS4EU is fine for now.
207 Regent Street, it's a relatively well known virtual office type address, I would be shocked to learn that there were any datacamp employees at that address)
IP's listed here are in CZ.
and one can see that they essentially have 2 upstream peers, one from HU and the other from GB, which is the main point of discussion here and open to scrutiny for sure.
> ns63.cloudns.net.
> ns64.cloudns.uk.
> ns61.cloudns.net.
And US and UK have control over the TLDs of the nameservers.
If someone operates a network, it is really trivial to setup a recursive server for that network.
> Last time I checked GB was not part of the EU. And it’s also a member of FIVE eyes.
I don't think they need to worry about the FIVE eyes when the "FIVE eyes plus 3", "Nine Eyes", and "Fourteen Eyes" contain several EU countries. The larger groups aren't working together as intensively but it's not like cutting off the UK is going to stop the US from the (industrial) espionage they do in the EU.
The ENTIRE point is to be a publicly funded middleman that doesn’t collect or expose user data.
It’s not about “sovereignty” over DNS - it is primarily to prevent dns providers invading user privacy. Go and read the official documentation on ENISA.
Maybe you should have at least a rudimentary understanding of it’s purpose before making uninformed judgements?
No comments yet
https://en.wikipedia.org/wiki/Root_name_server
To be honest, setting up a DNS4EU replica would just be a simple unbound
the only thing you might have to adjust is the access control
https://www.linuxbabe.com/ubuntu/set-up-unbound-dns-resolver...
Should we also take into account the owner of the fiber that the dns requests travel on? The manufacturer of any hardware used along the way?
And don't forget, since January this year a lot of those far-fetched ridiculous possibilities have proven to be reality and not so far-fetched at all. Though I'm sure this project has been in the works for much longer, it's certainly well-timed.
"If you wish to make an apple pie from scratch you must first invent the universe"
It looks more like more political fay dreaming and wishful thinking than an actual solution.
That being said, I am a little disappointed. There's a lot of small wins here. Like not using CloudFlare or Gsuite.
The point is that we need EU services for this and that is ridiculous. The only ones who will benefit from this will be EU companies that might not offer the same quality of service as the US companies do.
There are for example zero hyperscalers in Europe. Sure, I would like to use something EU made, but for all that's normal, offer me something similar to what AWS/Azure/GCP offer.
That part is done. Knot Resolver [1] is being developed in Czechia and it is the resolver implementation powering DNS4EU [2].
[1]: https://www.knot-resolver.cz/
[2]: https://www.joindns4.eu/learn/role-of-cznic-in-dns4eu
Should Americans stop using Linux then?
This particular initiative, while branded as an EU project, appears to be the product of a consortium of private companies, CERTs, and academic partners. In practice, efforts like these often struggle with cohesion, efficiency, and long-term viability—especially when guided by complex bureaucratic processes. It’s difficult to imagine such a model offering a meaningful alternative to existing resolvers, either in terms of privacy, performance, or sovereignty.
I know someone else that writes like that, he is deeply involved in government bureaucracy and they have this complex jargon that I don't know.
No comments yet
No one is trying to "localize DNS strictly within national boundaries". Just first first step your computer makes in resolving it.
a) the sentence structure and overall phraseology being significantly different from the user's prior posts, and
b) the flagrant (ab)use of the em dash.