fp.

I've been wondering, why don't we have a chrome fork that only accepts sites hosted in the EU? If a site is hosted in the EU then it can be fully regulated by the EU.

This would make it easier for citizens to know that their data is is safe (according to EU standards) and avoids the regulatory complexities of trying to enforce rules in other countries.

Thoughts?

Comments

speedgoose•5h ago

A very large proportion of EU/EEA websites are hosted outside EU/EEA or using companies from USA.

The user experience would be somewhat poor.

osigurdson•4h ago

These websites would logically have to move to EU based servers in order to be subjected to the kind of regulation that EU citizens want. I think it could work.

al_borland•3h ago

It seems like this would only work if EU citizens were required to use the EU browser and nothing else. At what point does protection turn into control?

leonidasrup•5h ago

US companies have also data centers in EU. These data centers are subject to CLOUD Act.

https://en.wikipedia.org/wiki/CLOUD_Act

osigurdson•4h ago

Does this mean that any site operated by a US company is automatically in violation of EU regulations? If so, the EU browser could logically filter these out as well. Basically the EU browser should only work for sites that are compliant with EU regulations.

leonidasrup•3h ago

EU–US Data Privacy Framework

"The European Parliament raised substantial doubts whether the new agreement reached by Ursula von der Leyen actually conforms with EU laws, as it still does not sufficiently protect EU citizens from US mass surveillance and fails to enforce basic human digital rights in the EU. Under the Trump administrations doubts have arisen as to the future of the Framework."

https://en.wikipedia.org/wiki/EU%E2%80%93US_Data_Privacy_Fra...

"The CLOUD Act allows United States authorities to request data from cloud providers and other covered service providers regardless of where the data is physically stored. The act is not limited to companies based in the United States. It applies to "all electronic communication service or remote computing service providers that operate or have a legal presence in the U.S". Courts can require parent companies to provide data held by their subsidiaries."

https://en.wikipedia.org/wiki/Cloud_Act#Extraterritorial_Sco...

eesmith•5h ago

Who would use it?

Like, if you are in Germany and want to travel to the UK then you need to use a UK site to get an Electronic Travel Authorization. UK is not in the EU, so you'll need another browser.

Norway and Switzerland are also not part of the EU.

And then there's something odd about thinking that if you connect to Facebook's data center in Ireland then that interaction with Facebook is fully regulated by the EU and the data is safe.

Nor is it like EU-based servers are automatically outside the reach of the US CLOUD Act, if the server is operated by a subsidiary of a US company.

osigurdson•4h ago

>> UK is not in the EU, so you'll need another browser.

I'm thinking it would just be a warning. The EU citizen can then decide if they want to take on the associated risks of using a non-EU compliant site.

dominikz•4h ago

Let's step back for a second and analyze your proposal by breaking it down. The first issue I came across is what's the definition of 'site hosted in the EU', ie. how a browser would check that? Let's analyze what options we have (not saying the list covers everything):

1. Do ASN scan of the IP where the DNS entry for that webpage points to

2. Analyze the web resources the page is referring to (much the way urlsca.io does)

If I was implementing that, then with 1. I would probably immediately hit the issue of some/most of the pages being behind a proxy (cloudflare, etc.). With 2. if you had Google Analytics tag on it (and most of the pages do?), then it would show a lot of references to the US.

My point is, that it might be hard to implement not only becasue of whether it makes sense, but also because of: how would you do it?

If you were thinking the way for instance broadcasting companies restrict their content based on where you try to watch a movie from (they only allow certain countries), then I think that's a totally different setup.

Actually I started thinking about the idea you are proposing a lot, but in a more general way. With all the recent development in geopolitics, on whether I can have all the data and technology in EU. The natural move was to verify how much of the solution I already have, ie. host the data itself on Hetzner Cloud. But I think EU is still far behind when it comes to the glue, ie. the software part and the analytical part. Practically every company needs some sort of tracking and most of those solutions that we currently have immediately put you outside of EU.

I am currently experimenting for instance with umami to swap out Google Analytics. They have a solution that you can self-host. But again, this is some effort compared to ready off the shelf GA that 99% of companies probably would use.

osigurdson•4h ago

I think the verification would start at the origin site - wherever the page located. All traffic originating from the client side bundle or on the server would have to stay in the EU.

Cloudflare is going to provide you with a local IP for whatever you are proxying to. This actually makes it relatively simple, Cloudflare would just need an EU checkbox on their proxy. If you enable that you are subject to EU regulations, otherwise the site would not be available in the EU. It would be very easy for Cloudflare to implement such a filter.

In terms of other services (analytics etc), companies would just eventually have to host EU based services (some already do that).

hereticles•3h ago

I thought any website that wanted to operate in the EU had to follow EU regulations. How well this is enforced is another question.

Farman_24_•2h ago

The browser isn't the problem — it's the default. Most people never change defaults regardless of what's available. An EU browser solves a distribution problem, not a technology one.