- Great post, I did a similar switch mid last year.
Hetzner was something I already used, so I just doubled down. I have a single OVH instance where I ma playing with Openclaw, but that was because I was having issues with Hetzner that day on their new instance page (was fixed the next day)
I use Bunny for my CDN, I just wish they have the capabilityt to route IPv4 and IPv6 traffic to IPv6 only origins. If your origin doesn't have IPv4, it wont route IPv4 to an IPv6 origin. Something Cloudflare could do. Still a shame its not a high priority.
For Domains, I am still on porkbun, but i have like 20 domains, and moving them to EU registrars would be pricey. I will do it, just not looking forward to it. Also there are few registrars tht handle all the TLDs i have, nothing like Porkbun. I use dot.bs to optimize my registrars and keep track of them.
I self-host a lot, but I haven't done github. I have a Forgejo instance with working CI/CD, but there are some painpoints mirroring 100s of repos and updating PATs. Also I minimize how much critical infra I host. I do it as my day job. Don't want to do it so much at home, and I still do some between NAS and self-hosted services I do run.
I do plan to try out Hanko and Nebius, those sound good. and Hit up scaleway to see if there is stuff I want to use there. I know Scaleway can be pricey.
- How has your experience with Bunny been? I'm quite split on it.
I used to work for a business in a pretty competitive area, where tactics like fake DMCA requests and abuse cases are routinely used to attempt to take down information, be it from Google, or from the CDN/hosting provider. While at first Bunny support seemed understanding of it, later they unceremoniously blocked the account on the basis of too many complaints having been filed, despite all of them being responded to in due time and being proven false.
OTOH, their support staff would respond lightning-fast, which was a breath of fresh air compared to other CDNs we used before.
I could see myself using Bunny for personal projects, or some non-vital business, but probably not for anything with lots of competition.
- To be honest, it's been flawless but since I mostly use it for personal or self hosting, I haven't had or deal with your situation. I have had to contact support and they are very fast.
I also use it to hide and protect my hetzner server.
It works well. My only gripe is the ipv6 thing
- it's a super cheap "CDN" that runs on Hetzner and random hosts or their colo, it's not as proper as the other ones.
for anything DMCA heavy maybe just buying dedicated servers or something instead could work?
- We used to expose the dedicated servers directly (i.e. no CDN at all), and while that was fine latency-wise, the lack of DDoS protection was really the limiting factor. E.g. Hetzner will just blackhole your subnet if you get DDoSed.
It feels rather unviable nowadays to run a business without some CDN/DDoS protection service in front of your website.
- yeah, but dealing with DDoS is easier in terms of DMCA unlike with CDNs because it's you hosting it, not the service provider (this is how Cloudflare avoids DMCA when you cache with them iirc)
so if you can just find a good dedicated server provider that won't cut you off, maybe that's a potential solution?
just my 2 cents though
- they use datapacket/cdn77, no?
- Like the author, we self-host our git repos at work with Gitea, and it's working very well and brings a rather large set of features you'd expect from a GH alternative.
A great thing is that it's almost fully compatible with Github actions, so migrating an existing CI/CD should not be too painful. If you plan to move, make sure to read this first: https://docs.gitea.com/usage/actions/comparison#missing-feat...
For sure, it requires a bit of maintenance, mainly for updates, but that's all.
- I'm using gitolite + cgit for local repositories. I tried Gitea for a while but didn't like the forced user/repo flat structure inherited from being a GitHub clone, and didn't need the additional features that Gitea/Forgejo provide.
- Same can be said for Forgejo but then it’s not VC backed
- For CDN, you can try CDN77, they have servers all around the world. No affil, just they are based in Europe (Prague) :)
- Right now, I would only switch from Bunny if they allow IPv6-only origin servers and route IPv4 traffic to it.
Also no pricing and a "Talk to sales" only link. Which usually means super expensive, or B2B only. I pay like 10 cents a month on Bunny something
- > For Domains, I am still on porkbun, but i have like 20 domains, and moving them to EU registrars would be pricey. I will do it, just not looking forward to it. Also there are few registrars tht handle all the TLDs i have, nothing like Porkbun.
For .com domains, if the rationale is data sovereignty, GDPR simplicity, avoiding dependence on a handful of American hyperscalers, then from an operational standpoint I don’t see much value in using European-based registrars. Ultimately, these domains remain under U.S. control regardless. If the focus is 'stubbornness' [one of the points in the article], then of course you have other priorities.
Personally I am all for data sovereignty etc, but very seldom for country boycotts.
- For domains i find Openprovider.eu is pretty cheap imo, especially if you have a lot and buy in a package it is nearly costprice. Their DNS isn't great though, good enough for personal projects but not for business, would set that somewhere else.
- Agree! If you have a number of domains and can justify a membership, they Openprovider (NL) is a good option.
Some foreign extensions are quite expensive though. I happened to be looking into that yesterday, and Netim (FR) seems to be a good option for that. For the two extensions I need, they were among the cheapest with renewals.
- Hmm, seems the good prices is only if you subscribe to their subscription. 5 euro a month or 50 euro a year, then the prices get slashed. Othewise their prices are expensive.
- Yes, comparing to Porkbun for .com and .net, it looks like you'd need at least around 10 domains before it became cost effective (the .org price there says it is time limited and I think does not reflect recent .org price increases).
There's also the matter that, ethically, openprovider seems to be heavily focusing on domain name speculators as clients; that may be a business many people would not want to support, and their services for people actually using their domains may be poor.
- > There's also the matter that, ethically, openprovider seems to be heavily focusing on domain name speculators as clients
Do you have more info about that? I'm a customer of them and didn't know this.
I actually noticed that quite a lot of (smaller) hosting providers are also customers of Openprovider. (When transferring some domains from other providers to my account as Openprovider, they turned out to be internal transfers.) So I'm a bit surprised about it.
- Why do you need to move from Porkbun though? I don't get it.
- Porkbun is based in Portland, Oregon, USA. I'm trying to move my infra to EU only stuff.
It was fine when I lived near Bellevue, Washington. And I did live 30 years in the US but I want to divest myself from that shitshow.
- Right, I guess it only makes a difference if you use their DNS? Otherwise, registrar being in US vs EU makes zero difference in terms of speed/latency etc. Is this just an ethical or political thing that you want to be out of USA?
- Mostly political, the other stuff makes more sense, domains are mostly a nice to have.
And for .com, .org, and .net those are owned by ICANN which is US controlled anyway.
- gp, like OP, are moving away from USA based infrastructure.
you ca see this on the footer of porkbun.com:
> Made in the USA
- How does dot.bs make money? The about page and FAQ don’t explain what they’re monetizing.
- Why would it need to make money, it's just a registry of information and a small about page with a list of entries. It probably runs on sqlite on a single $5 VM. Or a single db.
Other than that, maybe ads
- [flagged]
- No. This is not true. Hetzner is fully owned by a German company.
https://www.northdata.de/Hetzner+Online+GmbH,+Gunzenhausen/A...
And it wasn't true in 2022.
- Do you have a source for this? First time I am hearing about that one. The German hosting CEO circle is pretty intimate and I gathered that Martin Hetzner is still around.
- You might be confused with their new-ish US datacenter? Hetzner is still European-owned.
- Pretty sure this is wrong. On their website [1], the "about us" page mentions a GmbH and an Oy
- Hetzner Online GmbH, Germany
- Hetzner Finland Oy, Finland
- I don't find anything about that - I think it's not true.
- This is simply incorrect.
- Uhh, can I get a source on this? I can not find a single mention of this anywhere and it seems the company is still independent and German.
- [citation needed]
- Thank you for this. I'm in Europe with an established SaaS that's been running in production for years and I've converged on a similar stack (OVHCloud instead of Hetzner). However, I've realized you can stay sovereign and independent in any jurisdiction (not just Europe) just by simplifying your stack and running a few baremetal servers in-house.
Just buy a few Mac Studios and run them in-house with power supply backup and networking redundancy and you're good to go to serve more than 10k - 100k requests/second which is good enough to serve a million customers. You don't need VMs: a single Mac Studio gets you 2–4x the power of m7i.2xlarge on AWS, and pays for itself within a few months of AWS bills. You can do local AI inference and get Claude Opus-level performance (Kimi K2.5) over a cluster of Mac Studios with Exo.Labs (an unofficial Apple partner). You get free S3-compatible object storage with zero ongoing storage costs with MinIO (yes it's redundant even if you lose a server, and your hosting provider can't hold your data hostage by charging for egress). Postgres runs like a beast and is incredibly easy to setup - you get zero latency DB because it runs on the same machine, has access to lots of RAM and you're not paying per-GB or per-core. Managed databases are a scam. You don't need an Auth provider, just do passkeys yourself. And the great thing about Apple Silicon hardware is that it is amazingly quiet, reliable, and efficient - you can do thing like run headless browsers 3x faster and cheaper than on standard server hardware because of the unified memory and GPU acceleration, so you're not paying for CI/CD compute by-the-minute or headless browsers either.
This entire stack could give you computing power equivalent to a 25k euro/month AWS bill for the cost of electricity (same electricity cost as running a few fridges 24/7) plus about 50k euros one-time to set it up (about 4 Mac Studios). And yes, it's redundant, scalable, and even faster (in terms of per-request latency) than standard AWS/GCP cloud bloat. Not only is it cheaper and you own everything, but your app will work faster because all services are local (DB, Redis cache, SSD, etc.) without any VM overhead, shared cores, or noisy neighbours.
- You say no VMs and are using Apple hardware. Are you running this all directly on macOS?
- Yes, except for one HAProxy server. The setup I described isn't fully in production yet, but my testing confirms it works. We've been running for years on one single baremetal server on Hetzner/OVH though. And macOS makes sense for one of our main workloads (headless browser agents). Much better than browser-in-linux-docker for many reasons.
- Thanks for the post. How do you currently deal with HD failures/redundancy? That’s my main concern leaving a managed database provider.
- I've designed our app so that there are only two stateful services that matter: Database and Disk. Everything else is cattle, you can shut down or spin up new instances and the load balancer redirects requests with no impact. Making Postgres redundant is a matter of careful configuration with PGBouncer + HAProxy + Patroni. However for a long time we had a much simpler setup: just restore a new database from backup on a new machine if the main one failed (one-time simple script run manually - not automatic, means a little bit of downtime if there's a failure, but it worked). Or you could use CockroachDB. Making disk redundant: just use MinIO for S3-like disk (that's also where DB backups are stored). You can lose up to 2 out 4 of your servers and you lose nothing.
With this setup if 1 or 2 Mac Studios fail (or need to be restarted for updates) everything just keeps running smoothly with no customer impact. It also helps that the app itself is on the Elixir BEAM (Phoenix) so everything "just works" across all machines.
- cheers. Had never heard of MinIO either, very cool.
- Do note MinIO is deprecated and no longer maintained, discussed here[1]. There are plenty of alternatives though, most mentioned in the referenced submission.
- MinIO was a previously open source blob store. It's pretty old, it was basically created right around the time S3 took off.
You should probably reconsider going with it in 2026 unless you're fine with their new (non -opensource) offering. It still has a "free" license, so it might still be an option depending on your priorities.
But there are alternatives around, some being arguably much easier to run/maintain for small deployments like this.
- > Managed databases are a scam.
I, too, once believed this. Then I had the displeasure of watching a $10,000 server fail during Christmas travel (about 20 years ago now). A single RAID drive failed. Then, during the rebuild, a second drive failed. Then the RAID controller itself failed catastrophically, losing all the RAID volume metadata. When we restored from backup, we discovered that the sysadmin who had just quit a few weeks before had lied to us about the backup system, and we had no backups.
This is the sort of black swan event that happens every 5-10 years. It's an unusually bad event, even by black swan standards, but stuff like this happens.
The fundamental problem of self-hosted databases is that you test the happy path every day, but you only test true disaster recovery every 5-10 years. And in practice, this means that disaster recovery will usually fail.
With a managed database service, most of what you're paying goes to making sure that disaster recovery works. And in my experience, it does. I've seen RDS database servers fail catastrophically, and completely rebuild in under 15 minutes with virtually no data loss, with almost no human intervention at all.
If you care about your customers' data, I think that a reputable managed database is the right move until roughly the point that you can pay for a full time database administrator. At that point, sure, roll your own. But do regular disaster recovery tests, lest you discover that a recently departed DBA has been lying to you.
- Yeah but even with managed database services you don't know if your provider has invested into proper testing of their recovery so you have to test it anyway. Major services like DigitalOcean have been known to shit the bed with your backups. If you don't test your backup recovery, you don't know if you're screwed even if you're paying for "managed" services.
I test my backup recovery several times a month by actually baking into our CI/CD workflow under certain conditions. The entire production database gets restored from backup every week.
- What about a hybrid approach?
You could use a managed db service as a live replica dedicated as a backup only. The queries would go to your local database on beefy hardware, while the replica would just have to be powerful enough to keep up with the WAL stream.
- > You can do local AI inference and get Claude Opus-level performance (Kimi K2.5) over a cluster of Mac Studios with Exo.Labs
Does it do distributed inference? What kinda token speeds do you get?
- I have no idea how to setup something like this. How hard is to hire somebody competent enough to set a system like this in-house?
- >However, I've realized you can stay sovereign and independent in any jurisdiction (not just Europe) just by simplifying your stack and running a few baremetal servers in-house.
Only if you have physical offices and staff in every jurisdiction you're serving.
- Presumably you have a home where you live? That's your physical office. And no you don't need a presence in every jurisdiction you serve. Visa payment network serves the world from the US.
- >Presumably you have a home where you live?
Yes, but not where my customers live. The whole point of "sovereignty" is to serve customers from a location that is bound by the laws of _their_ jurisdiction, not mine.
- But for that it does not matter that much where the servers are located, more where the company controlling them is located.
- There are quite a few factors that matter. The place where data processing and storage takes place is one of them.
It matters who can physically take control of the servers. It matters where the encryption keys are stored. The storage and processing location also matters for compliance with data residency laws.
But it's not the only thing I mentioned. Having physical offices and staff in a jurisdiction usually goes along with setting up some sort of legal and taxable entity that has personally responsible directors.
The whole issue is very complicated.
- How do you handle anti-DDOS, zero-trust and WAF duties to a cloudflare-esque equivalency (e.g. a reverse-proxy style setup)?
While I definitely concur with your conclusions re VMs and GCP hosting overhead, did you benchmark a container based setup in GKE or similar?
- For now we still use Cloudflare. Considering bunny.net after reading this OPs post.
- I have been self hosting since couple of years, yes I got very very interested in self hosting my apps, away from the cloud overlords, but the major issue is the network.
You'll need business internet plans with redundancy and based on locations that might be prohibitively expensive. Some startups might even require their own AS numbers.
Also the connectivity to the data centers or cloud infra like WAF , CDNs etc will be definitely worse compared to cloud instances. Then comes firewalls, their configuration and their redundancy.
These things will matter if you're serious about your SaaS.You could definitely co-locate, but that's another cost, then comes the redundancy of everything, from servers, to disks to network (routers and switches etc).
I personally believe that modern hardware is pretty reliable and doesn't need redundancy in every layer, but most people won't agree with and when startups have enough money, this doesn't matter to them.
I think the only reason the common public is unable to start SaaS is handling and managing these problems. Redundancy costs a lot. And many startups don't want to deal with it even if it'll help them in long run. They just gather enough cash and throw at the overlords.
I do hope that the general infra should improve so that can properly host their own.
Nevertheless I'm still trying to start something in SaaS space and self host from my home...
- > Just buy a few Mac Studios and run them in-house
I fail to see the point of this when the system you've to decided to run "yourself" is entirely owned and dependent on another American company.
- I’m not anti American, that’s not the main point of my setup. The main point is I want to own it, not rent it. Apple doesn’t control my production setup after it’s in my hands. Macs from 10 years ago still work.
- > Apple doesn’t control my production setup
- I imagine these Mac Minis aren't logged in to an Apple ID. Unlike Microsoft, Apple doesn't force you to connect your hardware to their cloud.
- You can setup a Mac without an Apple ID. To be honest iCloud is garbage. Almost all Mac App Store apps are available without the App Store.
- And I don't see an advantage to have an Apple ID setup if you want a Mac Mini Server. All things you might need are downloable through brew.
- I remember having a garbge Apple id just to use xcode. Back when I was desperate enough to work from a company that only issued macbooks.
- It has the standard property of ownership: nothing gets turned off without YOUR permission, or at minimum legal proceedings in the area where you are located.
- I'm not aware of any standard of property ownership with regard to Mac OS, Windows or any other proprietary software. The end user is granted a license to use the software. That license can be revoked at any time for any reason.
- Where is your all-European made computer, then?
- On that subject, I'd be curious to see any computer that's not mostly made in Asia.
- HP makes them, so does Dell. They cost a bit extra, but essentially the whole Federal government runs on nothing else.
The difference between EU and US is that it's possible to make all components in the US, using US equipment, and so some companies do because it commands a pretty decent premium. It's not even that hard since most components (e.g. reference motherboard designs) are still designed and actually built in the US. China still really mostly does what you might politely call "commercializes US tech". And let's not discuss too deeply if they correctly pay licensing for all the components they make, because nobody enjoys that discussion.
And yep, as you might expect, only Intel chips, no Nvidia cards ... and that's not the end of the limitations. The previous version had no USB-C monitor support, never mind one USB-C cable to multiple monitors, but last year intel really pushed a bit harder. But even this year, I'd hope you're not going to be trying to use these machines for gaming.
The EU can't even make a modern motherboard's USB port chip.
Oh and yes, there are cracks in the US version too. The phones used, for example, are iPhones. Radio designed in South Korea ...
- I'm rather curious where in the US HP and Dell source, let's say, their displays?
And while many (but certainly not all) of the other components could be made in the US, it's expensive and capacity is limited. So even the likes of HP and Dell have most of it done in Asia. Even Intel chips generally pass through Asia for assembly and testing, and their modern CPU tiles are likely to include TSMC-fabricated components.
All this is to say: the US is not tech independent (unless ancient tech counts). No single country is.
Though if you're just trying to say that the EU is significantly more tech-dependent than the US then I agree of course.
- > The difference between EU and US is that it's possible to make all components in the US, using US equipment
False. ASML is in the EU.
- The most technologically critical component of ASML's EUV lithography machines (the EUV light source) is designed, developed, and manufactured in California by Cymer.
- And the US does not need ASML. Europe could use ASML, but doesn't.
- The US doesn't need ASML.
Right, ASML is so replaceable that the US forces the Dutch government to put export controls on some of their machines.
There's no substitute in the world for the top tier machines ASML makes.
- > forces the Dutch government to put export controls on some of their machines
That's because the critical EUV light source technology is developed in California by a US-based subsidiary of ASML. The US and EU have mutual interest in protecting the technology and machines. If export control agreements were not in place then ASML would have never been permitted to acquire Cymer. And if they are not enforced then the US would almost certainly require ASML to sell Cymer back to US ownership, TikTok-style.
- Can you point to the models that are entirely made in the USA?
I’m having trouble searching for this - but all the top results seem to be SEO or AI slop, so perhaps I’m just not finding them.
- What does your networking redundancy setup look like?
- Got lucky that we have a good personal relationship with our small local ISP and I trust they handle that for us. In the future I want to make it redundant by getting a second gigabit fibre connection.
- Ah yes, MinIO, that open source S3 alternative that got archived last week. To me that's the biggest problem when self-hosting services. On day to day operations, some times it just breaks and the time to get it back varies from a couple of hours to a couple of days. And for the longer term you regularly have to upgrade things yourself which takes time and energy and is stressing for stateful deployment. And then you have it, at some point maintainers are just exhausted and the project is gone.
- You can still selfhost MinIO you just have to pay. You also pay for software when renting a cloud service so this seems similar.
- But, as far as I can see in their site, the price for MinIO AIStor isn't even public, you have to "Request Pricing". And that's never a good sign.
- Well MinIO has some weird quirks but I wanted to point out that "open source and free" and "self hosting" are not the same.
MinIO took away the source, not the self hosting.
- Are you actually using Exo for local clustered AI inference? I’ve considered it a few times and keep finding horror stories. Never seen someone report it’s actually working well for them.
- No not yet. Planning to. But Qwen3 Coder Next 4bit runs decently well with LM Studio on my M3 Max with 96 GB RAM (50 tok/s at low context).
- Great post, and interesting setup - harkens to days of old, when this was simply how things were done in the first place - but one question that I have, apropos:
>.. serve more than 10k - 100k requests/second which is good enough to serve a million customers.
What is your network connectivity like for this setup? Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?
- Gigabit fiber with static IP for about 40 EUR per month. I plan to make it redundant with a second gigabit fiber connection from a different provider but haven’t done that yet.
- > Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?
That is not really a rarity these days. I have symmetrical gigabit fibre with a fixed IP here in a Spanish farmhouse 45 minutes from the nearest population centre
- Most of those business connections come with actual SLAs though that you don't have.
- No SLA in the world is going to help in a rural area, when a winter storm brings a tree down on the fibre :D
But they offer the exact same specs to business customers in the nearby town. I appreciate Spain is well ahead of most other countries on connectivity, but I can't picture gigabit + static IP being a dealbreaker in most of Western Europe
- In some countries and with some ISPs, you cannot get a fixed IP address at all, unless you register a business and prove to the ISP that you are running a business. I am guessing they will bill you accordingly then, and still have the same shoddy connectivity. I have seen shoddy connectivity with Pyür in Germany for a whole office building. Even as a business you are not immune to bad ISPs.
- I guess Spain benefits from having a former national telecom. Movistar charges me a (outrageous by local standards) €30/month for a static IP on my residential fibre
- > Your users expect "Sign in with Google" and "Sign in with Apple." You can add email/password and passkeys, but removing social logins entirely is a conversion killer.
I know this is true, but I genuinely don't understand it. I want email/password and passkey, I will always go out of my way to avoid "Sign in with ...". I just don't get why people love this.
- You really don't? It's just a ton easier for most users: it's (almost) like already having an account. Just click a couple times and you're in, no typing at all, no email confirmation or anything like that.
I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?) and I know how to use a password manager, but I easily understand how 90-99% of the population doesn't care enough and goes the low-friction route.
- Not to mention that B2B SaaS needs to provide the login methods that their customers need for their operations, and these typically rely on Google, Microsoft, Okta, etc.
I work on auth for a European startup and this is the case.
- > I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?)
Most if the "sign-in with google" accounts I have seen treat it as a shortcut to creating and logging in with an account with the primary email address of the Google account. So you can hit "reset password" and get a conventional password log-in to an account you previously made with the Google auth. If you get locked out of google, it's NBD.
Of course, this is probably not universally the case.
- Does Google even let you create an account without Gmail anymore?
- Yes. There is a "Use your existing email address" button in the create account dialog.
- That users choose to link their account to Google when they can does not surprise me.
What surprises me is that if they cannot do it, they will just leave. The post says it is a "conversion killer".
- It's not so much that they'll leave, as much as some percentage will abandon during the signup flow. I know somewhere out there are statistics on those who have to click a link in an email only to get distracted by other emails, to say nothing of the time to fill out forms, create a password, save to password manager, open your 2FA app for the more advanced users, etc.
- The higher the friction, the lower the probability of conversion. E.g. Amazon famously found every 100ms of latency costs them 1% in sales.
At its most simplified, this can be thought of as a simple function of time — the more time something requires, the higher chance something else happens during that time, invalidating the original task.
The best sign-in flow is none at all — that's what e.g. Discord does. They let you use the app immediately, with an automatically created provisional account. Amazing user experience.
This applies universally — convenience is everything.
- I assume your circle is mostly tech people? Outside that bubble, it's pretty obvious. People just want easy, don't understand security in many cases, it's the simplest path.
Even absent the above. Imagine a signup flow. I can either click <Sign Up With Google> or I can go through a manual flow with input fields. The former is much faster than the latter. It surprises you people choose the path of least resistance?
- It does not surprise me that people choose the path of least resistance. I find it sad that they happily connect everything to Google/Apple.
What surprises me is that it is a "conversion killer". So if you ask people to create an account, it's sooooo very hard for them that they will just leave. And spend the next 30 minutes scrolling TikTok, I guess?
- How many services do you have subscribed to? from simple PHPBB boards to very much official product and online shops? How do you manage all those username/password? The single point of failure of relying on Google/Apple is real, but so is the manual and laborious process to auth via email/password and the managment that goes with it.
- I have 400 entries in my password manager. I manage them with my password manager. There is no single point of failure.
- Isn't your password manager a single point of failure?
- How do you mean that?
Each password is a PGP-encrypted file, encrypted to security keys. The files are backed up in different places, including my laptop and my phone. The password manager app runs offline, so it has no reason to suddenly fail, but even if it did, my passwords are just encrypted with PGP, so I will never be "locked out".
I find it very unlikely that it would get compromised: again it's encrypted to security keys. If my device is compromised, the attacker can extract the passwords that I decrypt while the attacker has control, but not the whole database.
To lose my passwords, I would need to simultaneously lose all the copies (on my devices, and on the cloud). To lose access to my passwords, I would need to simultaneously lose all security keys.
Doesn't feel like a single point of failure. Or do I misunderstand what you mean by that?
- [dead]
- It definitely surprised me just how lazy humans are on average. The amount of effort people are willing to exert on sign ups, etc... The drop off with each additional field blew my mind.
- Probably suggests that the service is less valuable to them than TikTok.
- You'd be surprised. I've worked on a municipal/local-area webapp that launched with auth and a create-account form. Userbase in the low 100ks, a few interactions a year. It was an ordinary create-account form: name, address, email/phone, no payment info or government ID. The only alternative to this service--and I do mean only--was to go into a city office and wait in line/fill out forms. Failure to do either resulted in a fine (I forget how much; in USD it would have been less than $50 I'm pretty sure).
Before we added SSO, huge numbers of users would enter but never complete the signup flow. We assumed they were making the (baffling) choice to take time to go to an office and wait inline over filling out a web form. A year later, we added Google and Facebook login. Failures to finish signup dropped to almost zero (a lot of folks were still bailing out of the manual create-account form without finishing, but they were then falling back to Google/Facebook).
More surprising, that year the net number of signups (across web and brick and mortar) more than tripled.
People weren't choosing in-person over a filling out the create-account form. They were choosing to pay a fine instead of filling out the create-account form.
So ... I don't know about "less valuable than TikTok", but a lot of folks' decisionmaking sure is wild.
- This is a wild story! Thanks for sharing.
- People usually have either one or the other account already, because it came with their smartphone. It is friction less from their point of view.
- Sure, but what the post says is not that they will go for the easier path. It says that if they don't get to link their account go Google/Apple, they will completely give up (it is a "conversion killer").
- Well.. it's the flip side of those social logins being known and proven conversion boosters. If you actively decide against them, you are losing a low effort tool to boost your CR.
- HN is going to skew towards people with password managers & concerns about vendors locking you out. I think most people just want low friction - be that 'Sign in with', or passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)
- > passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)
How is this low friction to manually copy/paste a code from email as opposed to allow a password manager to log me in automatically?! This kind of authentication is the stupid current trend I hate the most TBH.
- > > HN is going to skew towards people with password managers
- Towards people with password managers, or towards people who want to have the freedom to choose how they log in? I also hate those damn login emails.
- But everyone has a password manager now. They come builtin to all major browsers, Apple ecosystem, etc. My non-technical girlfriend uses one.
- Yeah, and I support anything that makes security by default easier. I'd love to see adoption numbers for in-browser password managers, though, because I feel it's not very high yet.
- > I'd love to see adoption numbers for in-browser password managers, though, because I feel it's not very high yet.
Why specifically in-browser?
- Because without that the argument of "everyone has a password manager" fails. Tons of people don't have 1Password or Bitwarden or Lastpass or KeypassXC or whatever.
So sure, they might technically have a password manager installed, in that every major browser has a password manager included. But do they actually use it? That's what really matters.
- Yeah, this is why. "in-browser" was unclear when I also meant the iOS ecosystem password manager and stuff.
- I'm not sure non-technical people have a good understanding of or experience with password less email login either. While doing tech support I've seen people get very confused at the need to open another app to login in or the fact that they're now logged in in the webview of their email app and not logged in in the app or browser they had been using (especially if the first thing that web view does is pop up a giant "try the app" modal)
- I can't stand the 'use the app' nag modals!
Thanks for your insight. Outside of being a consumer, and as a security engineer one who appreciates things like passwordless, my experience comes from my employers passwordless rollout. The sentiment is broadly positive, but we would veer to a technical user base, and sentiment misses the nuance you brought up.
- Something I didn't see in the other comments is users who are using the startup's service for work, as an employee.
Why wouldn't you choose the simplicity of "sign in with Google" if your work email is on Google Workspace, using the entire Google suite of business tools for everything (gmail, chat, meet, docs, drive, auth, etc) any everything you do at work is known to Google anyway?
Making an email/password account with your work Gmail is just extra steps, one more password to store, and perhaps the inconvenience of one more 2FA thing. Google gets the same information either way.
Similarly why wouldn't you choose the "sign in Microsoft" if your work is all in on the Microsoft suite of business tools (teams, office, onedrive, auth, etc.) and everything you do at work is known to Microsoft anyway?
- > I just don't get why people love this.
For a single personal user it's only a small bit of friction but if you're in charge of 30 people SSO is a godsend for boring compliance work and managing groups of people. You want to change a domain in the company not a big deal. Don't have to rotate passwords every quarter, need to restrict an employee from a service etc. You aren't imagining other challenges other than your own here.
- That is an interesting take, but it's off topic.
The post says that if you don't have the SSO, it's a conversion killer. I.e. users just won't log in if they cannot do it with an SSO.
Of course companies use SSO because it gives them more control over the employees accounts. I understand why company do it.
- > I just don't get why people love this.
For the same reason why companies implement SSO for employees? It's just easier to have one account with one password to rule them all.
- Companies implement SSO to have control over the accounts of their employees... Pretty sure they would still do it if it was more complicated.
And that is also why companies don't allow employees to use anything other than the SSO.
- Well, it gives you easier control of your accounts too. Just one entry point for everything, no need to track password leaks from dozens of services (you still need to keep an eye on whether Google has leaked your password, but in that event everyone will know and be working hard to fix it).
From the point of view of technical people it would be easier to achieve the same with password managers, but for the rest of us Google provides a smoother user experience.
- “Sign in with Apple” allows me to use a random “Hide My Email” address for services that I can’t bother with so it’s absolutely a godsend for me.
- My email goes to the same company I can login with so might as well tap the button.
- But if there is no Google/Apple button, will you just leave? Like not even create an account? That's what "conversion killer" means.
- I may start to create an account, but after about 30 seconds of effort, I'll start asking myself if it's really a service I care about. Send me an email? If it's not there by the time I click my email tab, odds are pretty good I won't wait around unless it's a truly compelling offering. Want me to fill out a form? If it's anything more than just an email and a password field my password manager can complete for, again, I'll question whether I want you to have that info about me.
So no, I may not leave, but each tiny bit of friction increases the possibility of abandonment. From the perspective of conversion, abandonment is the same as "just leaving".
- I won't but a decent % of people do ye.
In fact a decent % of people stops shopping on your site if there's a few ms lag.
At every step a few percent of revenue is lost your competitor takes in.
- > In fact a decent % of people stops shopping on your site if there's a few ms lag.
While it's still true, I have read that the accepted lag today is higher than 10-15 years ago, because they have lower expectations due to a general decline in page load speed. (React pages with spinners/placeholders, newsletter popups, higher page weights etc.)
- It's a few things (source: I've worked on some large online B2B systems and seen signup flow funnel data for some even larger B2C systems):
1. Ease/laziness as others have mentioned. Even for a service that answers a real need, many users will bail out of the signup flow and just ... leave that need unsatisfied when they see a web form.
2. Underreported: google/apple sign-in buttons make it feel like you already have an account. The fact that the "grant access" new-signup request is a second screen and that "sign up" and "sign in" (with Google/Apple/Github/Facebook/etc.) are the same buttons to enter the funnel is huge. It's not that users are confused/forgetting whether they already have accounts (though some are); rather, it's psychological momentum created by the ambiguous language.
3. Trust and consistency. Nontechnical users just trust the recognizable brand buttons more. They don't necessarily know why/know how auth works, but they know that a lot of data breaches happen and are scared. The fact that the embed button almost always looks the same/familiar is massive. I suspect that it would also be a conversion killer if the "sign in with apple/google" buttons were styled to look totally different and not contain logos.
4. A lot of semi-technical folks don't like remembering passwords (and password managers--even good device-integrated ones--aren't as reliable at autofilling as a lot of casual users would like). Others know that it's a bad idea to reuse passwords. As a result, people use the button that doesn't require them to pick a password they'd have to remember.
5. Impression of privacy. Some (especially older) nontechnical users have a significant aversion to typing in their personal info (name/address/CC number) into online forms, so they pick the option that doesn't require that.
6. Technical people who prefer SSO because it gives (on the SSO provider side) a list of every integrated account; better permissions control (for services that integrate with e.g. Google for more than just login); a marginal chance of a little less data being stored on a service's servers versus the regular make-an-account option; somewhat fewer opportunities for a service to screw up auth by building it themselves wrong. This demographic is small compared to less technical users.
That's all presented without comment. Some of those points are based on exploitative provider behavior, or user ignorance. I'm just explaining the decisionmaking factors, not defending them.
Add all those up, and you definitely get a conversion killer.
- > I just don't get why people love this.
I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.
Just observe anyone in your social circle that does not "care" about technology and you'll see their reaction to a login prompt when trying, not rarely under time pressure, to access a service they haven't used for a while.
They will sigh, maybe roll their eyes. And who can blame them? The same goes for registering to a new service. Normal people don't use password managers, they don't have Bitwarden with auto-fill, nor do they ever "generate" passwords.
"Sign in with..." offers them a way out of a frustrating experience, it's the device telling them "Hey, would you just like to use this thing you're already logged into instead?" -- yes, obviously they would like that.
- > I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.
Well, I wouldn't say I don't understand it. If someone uses their smartphone as a hammer, regularly break it and regularly buy a new smartphone, I understand what they are doing. I just don't understand why they are doing it, I guess?
In this case, the post says that it's a conversion killer. So people are so damn lazy that if they can't click on "share the information with Google", they will just leave.
- Both available choices "share the information with Google" for most people. The majority of email account creations use a Gmail or Google Workspace address, so Google gets the information either way, and in Europe most use Android so can't sign in with Apple.
- Again that's off topic. I'm not talking about the fact that people choose the Google SSO instead of username/password.
I'm talking about the fact that people choose to not use the service if there is no SSO.
- Because they don't want to have those experiences where they sigh, roll their eyes, then try and remember a password they made months ago just so they can continue using this thing they signed up for. So they just skip the service altogether.
- In my experience its been the users who principally only have a mobile phone - i.e. no desktop - and therefore want the benefit of the phone-managed account system tied to .. biometrics, etc...
- Heard of haveibeenpwned? You'll end up there, eventually.
- If you end up, for some reason, being one of those unlucky individuals whose Google account gets banned and all your other accounts are behind Google login, then you truly have been owned.
- You mean when using "sign in with" and then using a shitty password for your social media account?
If you use e-mail and password with a good password manager, that runs locally on your device and generate good random passwords, it is unlikely you will end up on haveibeenpwned, and even if one website does shit, the blast radius is only one account on one website.
- You'll still have your e-mail address exposed, which you may not want if it is to some random porn site. Moreover, password managers do not work if you use multiple devices for log in, which most people actually do.
- I use my password manager across multiple devices daily.
Apparently it has not been working without me noticing it?
- I assume they're thinking about the 'offline' style where one would shuffle a database file and probably resolve conflicts. There's an app/extensions nowadays, man!
I don't even bother with a VPN, just occasionally push a 'sync' button on the roaming devices [when they return to LAN]. DB transactions [new credentials] averages ~0 per month... but there's plenty of capacity. Works extremely well.
- The truth is that even with KeePassXC, I just really do not notice stale passwords across devices. It's just really not a huge deal for me personally. Maybe it is for normal people. I sync my databases maybe once a year if I'm lucky.
- Right, that's what I was trying to emphasize. Rare syncs are totally fine here, too. I try to keep a routine but tend to slip. If not 'with my usual device' there's a tiny number of accounts I even need. They rarely change so the 'cache' is usually suitable. If not, the restriction is always short-lived.
- Same here. I use pass, and I just don't create/update passwords that often. And synchronising is very easy (it's a git repo).
- ... And how do you access the passwords that password manager manages?
- With the "password manager" program? I have one on my desktop and one on my smartphone.
How do you expect to access the passwords that the password manager manages?
- ... Can everyone in the world ready our passwords or are they "protected" somehow?
- I am confused. You say:
> Moreover, password managers do not work if you use multiple devices for log in
I use a password manager with multiple devices, and it works. And yes, my passwords are "protected", that's the job of the password manager.
- If you sign in with Google, the site knows your gmail address.
- Email aliasing is a thing
- Risk Bob's Salad Shack leaking an inconsequential, unique, credential or bind everything to the whims and identity of a single organization; hmm.
- Ending up on HaveIBeenPwned is only a problem if you reuse passwords.
- Nope. It is a problem if you reuse email addresses.
- Are you saying that you reuse the same password everywhere, but a different email address every time, and you feel confident that having your password leaked won't have repercussions?
I am genuinely confused. Sounds like holding a gun from the wrong end and feeling protected by it.
- Password manager.
Before inevitable "what if your password manager is hacked...," what if your google account is hacked / banned?
- Agreed. Just wanted to add:
> Before inevitable "what if your password manager is hacked
My passwords are encrypted with a security key. I think it is more likely for my computer to get compromised than for my password manager to leak the passwords.
Admittedly, if I lose all the security keys at the same time, I lose all of my passwords.
- You don't even need a password manager, browsers autogenerate secure passwords for you, and they sync between computers/mobile devices.
(I'm saying this from the perspective of "regular people don't want to be inconvenienced like that, obviously you should use an external password manager for security)
- Sign-on with the external identity provider doesn't help if data related to your account like the billing information, your government ID info etc. are released in the breach, that's the sore point.
- - Complains about age verification because it is "not private"
- Uses Google SSO to sign in everywhere
- People will know that my password was y!2TvM8h3dpvw4 for one particular website at some point. What do I lose here? Google/Apple incurs much greater risk that is entirely out of your control.
- Good, honest write up! As users we need to make more efforts to move out of the American ecosystems. Cloudflare is just so convenient to take only one example.
OT, about the finished product (hank.parts): the French translation and tone is a little rude. For one, it uses "tu" instead of "vous", which does have become customary on Social networks but is still a little bit agressive on a regular website. And "bagnole" or "balance une photo" is more than casual.
Maybe the target are young people but I wouldn't bet on it. Average car ownership in Europe is 53, and 55 in France. Share of new vehicle registrations by adults aged 18-34 is below 10% in Europe.
My two cents.
- Interesting. I actually had a human translator do the french translation because I didn't trust deepl/LLMs on certain languages. He was Belgian though. Thanks for the feedback, I will certainly consider it - I don't speak french myself.
- I agree with them, the French translation is way too casual/aggressive compared to the English text.
I wouldn't trust this website.
It comes across as influencer speech targeted to edgy young people with a touch of "how do you do, fellow kids?".
Pretty sure a modern LLM would yield a better one.
- > As users we need to make more efforts to move out of the American ecosystems.
While I support the spirit, it's important to acknowledge the reality of the current situation with the US (and the rest of the world). It has little to do with SaaS services and everything to do with energy and defense.
Europe imports more than half it's energy. The United States and Russia are both net exporters (Russia significantly so), China would be close to self-sufficient if not for their limited access to oil.
And while Trump may be ridiculous, he's not entirely wrong about Europe relying on the US for defense. Current estimates are that Europe needs to spent around one trillion dollars on defense to replace American support [0], and even then faces large challenges in getting their defense up to standards fast enough. Meanwhile the Ukraine war has allowed Russia to completely rework their economy into a military one.
While the popular narrative is that Trump is the sole cause of this souring relationship the reality is that geopolitics have been shifting a lot in recent decades and Europe is simply not the global position they were 50 years ago.
Europe can rely entirely on European SaaS companies and will still face massive energy and defense dependency problems.
0. https://www.wsj.com/world/europe/europes-1-trillion-race-to-...
- I’ve found Scaleway really good, I’m surprised it doesn’t come up more often here.
If it matters, I didn’t go to them because they were specifically an EU org either - when Packet became Equinix Metal and then that got shut down, SCW were the most equivalent in terms of cost / hardware specifications and I often used them in parallel when Packet was still around so as to not have all my eggs in one basket.
- I really like Scaleway too ! I went with them because Linode got bought and I thought, since I was moving my things anyway, let's go to a French provider. And I got a bad experience with OVH, so Scaleway it was.
But really, I wonder why it's not used more ? Price are maybe a bit high for some things ?
- They used to have competitive prices for a while, with their dedibox line.
I think they are not as well known. It’s a bit of a side project of the parent company, Iliad. They could benefit from heavy investments and some more aggressive marketing, but perhaps it’s not worth the risk and a slow but steady growth is what they prefer.
- Price would be a bit more bearable if their reserved instance discounts were more generous
- I asked myself the same thing, trustpilot is pretty rough on them and a lot of people tell you online to stay away from them. I also had very good support experience so far. Their shared TEM IP had some deliverability issues at times, but they seem to have cracked down on this recently. I am on dedicated IP now, so I can't really judge if there have been improvements.
- +1 for bad experience with OVH, their control panel is a mess (only the Italian provider Aruba is probably worse) and their backend is riddled with bugs. If something is broken in the control panel, the support team candidly invites you to do it via their APIs instead.
- Another bad experience with OVH here. In fact not bad but catastrophic. They enabled 2FA without my consent and then demanded a signed letter on paper by post to let me back into my account. Their online customer service was beyond useless and the nightmare took weeks to resolve. This after I had been a loyal customer for years. Just when I was preparing to punish them by moving, my VPS went up in smoke at that fire in their Strasbourg datacenter. "Oops, our bad", went the email. Beyond parody. It's almost a surprise to me that this company is still in business.
With Hetzner now for several years without incident.
- +1 for Scaleway, I've been migrating some of my customers on it and I love it's simplicity and reliability. Costs are also fine.
- We also switched to Europe it's now 5x cheaper and the servers are 4x more powerful.
I recommend switching to European cloud if only to not have to think twice about getting 3x redundant servers with 32gb ram. Trivial for anything you'd buy yourself but it costs 20 cars on AWS.
- Super timely - thank you! Im in the process of moving the entire stack of my SaaS* fully in EU as well. Hetzner bare-metal, Talos k8s, OVH Object Storage for backups, self-hosted (for now) image repo. For now im still on Cloudflare for CDN, but bunny looks interesting. Using GitOps (FluxCD) as deployment strategy enables no dependencies on e.g. GitHub Actions.
For one thing running on bare-metal @ Hetzner is insane value for money versus GCP GKE. Im a third of the running costs and get ~50x resources.
The only aspect im struggling with is full-disk encryption. Although customer data is still encrypred with envelope encryption in the database, i want to migrate to fully encrypted disks (LUKS + TPM) sooner rather than later. If anyone has any resources and/or experience with this, please let know :)
* Gatana AI MCP gateway: https://www.gatana.ai/
- I'm actually just looking into LUKS on Hetzner.
I've found this - how to do it without ever entrusting any encryption key to Hetzner
https://www.tqdev.com/2023-luks-encrypted-debian-12-server-h...
But it seems like way too much work
There is this easy tutorial (that for some reason disappeared)
https://web.archive.org/web/20260128114859/https://community...
and this on how to get an email when you need to unlock it via SSH
https://dominik.wombacher.cc/posts/email_notification_to_unl...
- Unless I'm mistaken you can install hetzner from ISO allowing you to use LUKS. You could use teng/clevis to allow it to automatically unlock (or refuse to, given certain conditions)
- * Scaleway is totally painful/scary on data encryption at rest and in transit, does not feel like your infra/data is isolated from other customers
* OVHCloud is good if you deploy your production in HA fashion with higher tiers or do multi-region yourself using a vRack, real issue that they made the news with burning DCs, the fact that the customer base has been originally a gazillion cheap web servers does not help big companies going in, they are going somewhere on the SaaS
On most European cloud providers I feel like IAM is crap: workload identity is almost non-existent, API keys management is usually hellish. Same goes for encryption/isolation. I want to hear more technical feedback on most of them, devil is in the details !
- Scaleway is so close to being a great product but they need to hire a really visionary Product leader
- I found scaleway's IAM system pretty solid so far. Right balance between "gives you nightmares" (GCP) and "one key to rule them all" (Hetzner.. Bunny.. and so many others)
- Can you expand on the Scaleway comment? Would be interested in the details.
Also aren't their data centres all in the Paris area? Do they have any geo-redundancy?
- Codeberg would make a better choice if we speak about EU source code forges. And Forgejo instead of Gitea, which is nowadays controversial project.
- What makes Gitea controversial nowadays, I'm out of the loop.
- "Forgejo was initially created in December 2022 as a fork of Gitea. The fork occurred after a for-profit limited corporation ran by the lead maintainer of the project, Lunny Xiao, silently transferred Gitea's trademarks and operations to the company and began to establish an open-core model."[0]
[0] https://en.wikipedia.org/wiki/Forgejo
Also see: https://gitea-open-letter.coding.social/
EDIT: HN discussion on the latter: https://news.ycombinator.com/item?id=33372471
- From a quick web-search: Apparently it was an open-source community project, but the governing organization created a for-profit entity and transferred most of the assets to that entity (brand, website, etc.). Gitea apparently still uses MIT licenses, but the community felt it was a betrayal of the open-source ethos. forgejo is a community fork of Gitea when the issues mentioned were not suitably resolved.
- I was roughly familiar with Github Action/Gitea Action compatibility and had a self hosted Gitea already... I found codeberg interesting though!
- Forgejo is more or less a drop in replacement for gitea
- Isn't Codeberg only for Open Source ?
- Github or other commercial alternatives aren’t for closed source either anymore.
Putting closed source code on github is basically asking them to launder it through LLMs
- This is kind of backwards .
GitHub's privacy statement [1] says > GitHub personnel does not access private repository information without your consent except as provided...
Do you have any evidence that private repos on GitHub are being used for training?
In the opposite case, if you have a public repo on GitHub then you should expect it to be laundered through LLMs :\
[1] https://docs.github.com/en/site-policy/privacy-policies/gith...
- But selfhosted Gitea, which OP chose, IS good for closed source. And codeberg is not.
- Alternative of that is self hosted forgejo
- Codeberg is immense buuut it's only intended for open source projects really, so might not be a good fit for all.
- I’m trying to do my part with Domain Chief. Becoming a registrar is pretty gnarly especially without very deep pockets (ICANN very expensive) but some great reseller companies (also Dutch) make it possible to enter the market.
I’m not perfect yet and tiny parts use Fly/Cloudflare (Anycast / Turnstile) and Stripe for payments but the core runs on own hardware in a Dutch datacenter provided by Dutch companies.
- What do American colleagues think when they read about this trend among Europeans to abandon their platforms?
- It seems smart to me. Our leaders are intent on burning it all down, and I don't think anyone should be shocked as the smoke starts to billow.
- I go out of my way to use American services. It would be hypocritical of me to deny others the right to use their country’s services. Plus competition is always better for consumers so have at it.
- A lot of this discussion actually more about "use baremetal" or "put servers in your closet". HN tells Americans to do the same thing (and hire them to do it).
- Competition is great.
- I wouldn't call it competition, given that here we are fleeing towards less advanced services for purely geopolitical reasons.
- Ah, now you’ve captured the F/OSS zeitgeist!
- I am deeply troubled by what the Trump regime is doing but I think this trend for European countries to use European tech is actually quite good. Competition is better, plus your privacy laws are much better. I host some of my own data in Europe for this reason.
- "Fucking great, Amazon and Google need competition."
I just hope this is economically damaging enough that they will quit doing campaign finance for a party consisting entirely of despotic grifters.
- Currently migrating from Digital Ocean to Scaleway as well, found this article informative.
To assist others:
- > Google Ads and Apple's Developer Program. If you want to acquire users and distribute a mobile app, you're paying the toll to Mountain View and Cupertino.
If you said Play Store, then sure, though at least distribution on there is free. But you said Google Ads, which you really do not need to acquire users. Returns on Google Ads were already low, and have only continued getting worse and worse. I'm sure someone here claims to be a magician at it and believes they can get a fantastic RoI out of it, and I'm sure some can. But the huge majority doesn't. It's very much like day trading stocks.
There's a huge number of other, better avenues for paid marketing if you want to do it.
- Different industries have different customers with different needs and funnels.
None of my businesses use a "sign in with..." option and I highly doubt it would increase conversions, however the article and many commenters here are adament (based on their experience) that it is integral.
I'm not sure it's day trading per se, I think it's just a lot more relevant to some industries/products than others.
- OP is talking about apps distributed through App/Play Store though. After a certain size in B2B services, sure, you can do Google Ads. But even for B2B it makes no sense to start out with it unless you're a hot startup raising big rounds. The RoI isn't there in 2026, the juice has been squeezed.
- Google Ads does "kind of" work in the niche I am in, usually with low competition key words.... but I did stop throwing money at it. I am never going to return the investment per conversion... but if you want a search engine to throw your money at.. it is still pretty much without alternative to me.
- If you want to throw your money into a pit, there's a lot of alternative pits available out there. Happy to share my bank account, then at least one of us gets use out of it.
> You can add email/password and passkeys, but removing social logins entirely is a conversion killer. Every one of those auth flows hits American servers. The silver lining: Hanko, a German identity provider, handles the auth layer itself, so at least your user management and session handling stay in Europe, even if the OAuth flow touches Google or Apple.
You can at least put "Sign in with Spotify" first before Apple/Google - they have social login. I've even seen apps that have nothing to do with music offer it as an option.
- In what way is Spotify better than a Google / FB login? Isn't it the same kind of shitty?
- Interesting! I will think about the Spotify thing. I will pass on your bank account for now, thank you.
- There must be some alternative European social logins, I know Seznam (of mapy.cz/mapy.com fame) has one: https://vyvojari.seznam.cz/oauth/doc?lang=en
- Problem is that there's no point in adding it unless a sizeable number of people using it, and Spotify is the only European one I can think of where that's the case. Seznam clearly isn't unless potentially a cz-only service - no idea how popular it is there.
Delivery Hero is really big and EU but too fragmented. Maybe Wise should add social login, I think Paypal has it.
- Which platforms/avenues do you recommend?
- As I said, anything that's not search ads. Youtubers, influencers of any size, UCG, podcasts, newsletters, you name it. LinkedIn content. There's thousands of options. Or if you do want to throw money at US/Chinese big tech, then TikTok, or Apple, or Reddit ads. Industry fairs. It entirely depends on where your niche is.
Of course if you're the next YC B2B SaaS raising big series then sure go burn your VC cash on Google Ads, but that's clearly not what OP is doing, or really most of us.
- Domain TLD is the one administratively completely entangled into USA system while playing a major role on the internet working as it does. ICANN should definitely be an international entity, like UNESCO.
All other points are "mere" technical gaps.
- I am still baffled.. compare a domain like .party or .parts between porkbun or your major US based providers and a EU based registrar of your choosing.... It's not pretty, at least it wasn't to me.
- Porkbun has .party for $21.09 (bar the first year promotion, not sure about VAT) and INWX (DE, VAT included) has it 32.80€ . It is definitely more but not as scary as you made it sound.
- It’s not all bad. I hope you don’t mind tooting my own horn. But there are providers who try to keep prices reasonable: https://domain.chief.app/pricing (disclaimer: this is mine)
I must say though that this (at this stage) is mostly only possible because a few (also Dutch) reseller titans that allow me to be affordable.
The cost of entry as registrar into ICANN TLDs is pretty high
- Wow, gotta check out INWX. I am paying in the 50s now..so double the cost..No VAT at porkbun!
- I'm on INWX but trying to get out, as pricing is quite expensive for regular TLDs. A .com domain goes for about €18 with taxes and all that stuff.
And the situation for autorenewal is terrible. At least when using their Spanish site (inwx.es) they cannot do autorenewal billed directly to your credit card or Paypal account, you have to previously add credit to your account "balance" and leave it hanging there until your next renewal.
Somebody mentioned openprovider.com and I'm taking a look because it looks interesting.
- Its a really good sign that this worked out at all. And the takeaways are enlightening
- EU domain registrars might have some bullshit under the hood making the same TLDs more expensive. Might need to investigate - eu needs its own mobile app ecosystem, easy auth, and genAI offerings - - but interested to see why mistral wasnt feasible - other things need to be scaled up to have the community and maturity to function well. This come with time and adoption
Id love if this took off. If more and more people did this
- Mistral seems great and offers great functionality and maybe fair pricing. However, I have used their LLM API (Le Chat?) in a project and unfortunately the API times out sooooo often. I had to add retry logic and have timeouts of 5 minutes and such, and sometimes there is just never a response from the API. If they could make that more stable ...
(I am using their official Python client library.)
- Have you tried Mistral? Admittedly I've only used it twice but I was disappointed. It feels like comparing openoffice to word 20 years ago - does the job but at an obvious compromise
- Can confirm on Hetzner. I'm building a SaaS on it right now and had to request a VPS limit increase. I was so worried and carefully crafted my request message. I was bracing for a multi-day back-and-forth but they just... did it in like 10 minutes lol
> The pricing is almost absurdly good compared to AWS, and the performance is solid. If you've never spun up a Hetzner box, you're overpaying for cloud compute.
Yep!
- My support experience with Hetzner has been first class, every single time. They're honest, responsive, proactive and helpful. My support experience with Digital Ocean has been abysmal, every single time. Our latest experience was a misconfigured or malfunctioning Valkey cluster, we provided a ton of supporting information, their tech team magically fixed it and closed the ticket, and their support people tried to blame us for it breaking. This is so standard with them that I posted in our Slack "emailed DO support asking for a technical breakdown of what happened, they'll reply in a week blaming us". It only took them a couple of days though.
- Here in Norway (and probably Sweden, too) BankID is a widely used authentication system, and most domestic services will use that as a auth / login. Only "drawback" is that it requires 2FA, which is quite trivial today. But there are still tons of users that want their "login with FB / Google / etc.".
And a last but: If using such auth systems, one would have to account for all the different systems unique to countries.
Maybe some larger EU-specific ID / auth system would make sense?
- Sounds like the EU Digital Identity Wallet project: https://ec.europa.eu/digital-building-blocks/sites/spaces/EU...
- Development happens on Github, (perhaps) ironically.
- BankID is very convenient but the lock in is ridiculous. Owned by a private company and pretty much every service that you use depends on it. You're forced to own a new Google-approved Android or iPhone to use it and to function in society.
We definitely need a vendor independent ID system.
- Many European countries have decent authentication, banking and payment system alternatives or even innovative solutions. I think, like usually, it's just a problem to break out of national or regional circles into something pan-European.
A lot of people seem to agree that relying on a handful of too powerful American companies, especially in the ad and social media space, is a terrible idea and running foul of privacy requirements. Remains to be seen if some larger alternatives manage to pop up though. The European landscape is pretty fragmented.
- There are companies such as Signicat, Scrive and others that provide an API that integrates with different national authentication providers.
- Would love to hear about the same but in Canada - As far as I know we don't have any Hetzner-like providers here.
- I tried buying a domain on OVH and the experience was shitty was forwarded between different versions of the page GB etc and could not finish the checkout
- I tried to use their public cloud offerings and I got caught in a fraud filter for months. I signed up with my real email and real credit card without any VPN. All the staff could tell me was I should try to improve my reputation by paying for additional services for a while.
The issue eventually worked itself out without paying for services I didn’t need and now I have a functioning account, but it was frustrating for sure.
- Cool post, thanks. Though I would want to know how much cheaper Hetzner actually is compared to AWS?
We looked at StackIT at my company and they were twice as expensive... Which was a bit surprising to me.
I currently rent a full, dedicated AMD Ryzen 5 64GB ram server for €35 a month. Its amazing how much you can actually run on a dedicated machine
- Happy to see Bugsink mentioned here as a solution for Error Tracking _and_ to not see it show up as one of the "harder parts" :-)
Just as a FYI: if self-hosting ever turns out to be too much work, it's also available Hosted.
- Enjoyable article, thanks. I'd like to see a section on "layer 8" (or 9? whatever we are calling it). The regulatory layer. There seem to be so many uncertainties in Europe (and to a slightly lesser extent, the UK) now. I think if starting another company I'd have to give it some serious consideration.
- I am trying to be on top of the legal stuff. I did start EU first with GDPR compliance and expanding to the UK was kind of low effort. Comparatively little changes are required. I might expand on that in a future article.. all that legal stuff was quite a bit of effort but I got lucky with my lawyer choice and felt very supported from them at reasonable cost.
- There is also Data Act, AI Act. Not difficult to comply with but lawyer probably needs to look the papers over
- We use bunny.net dns for Geo DNS with their dns based load balancing for my websocket infra. They have awesome community and support is top-notch. Getting a response from Cloudflare community is like taking a lottery if you are free plan.
- My European stack: - OVH for object storage, domain names and simple Wordpress websites - Scalingo/3DS Outscale for PaaS (looking for alternatives here!) - Mailjet used to be EU but they've been acquired by Mailgun - don't know if that's an issue. Brevo is okay as an email service provider but they could be way better.
- Mailersend is EU and fantastic
- I got interested because i am looking to switch to european email service because of law requirements and i know MailerLite (their other product).
But after looking at their site: "MailerSend is a United States-registered company."
I understand they are based in EU but the main issue is that if they are registered in US then thanks to CLOUD Act afaik it doesn't really matter.
- If you dig one step beyond hetzner you should start to see that the whole thing is unavoidably global. There is no truly dominant monopoly holder anywhere. Who makes the photolithography machines? What about those weird Japanese companies that make chemicals and substrates that no one else can?
- Once the chips are there in a EU datacenter, no geopolitical change can bring them away. And that already makes some difference.
- It's also difficult to find providers for competetive large-scale non-transactional emails, i.e. marketing and newsletter mails.
None comes close to AWS, closest comes are messageflow (PL), elasticemail (PL), brevo (FR). Other players like Scaleway TEM (FR) and Lettermint (NL) don't offer non-transactional.
- Lettermint offers "broadcast" emails which is essentially marketing
- I am at Lettermint for a month now, coming from Postmark.app (US) and I only can tell positives things about it, works very well and is reasonably priced.
AWS SES does not work for me at all, the sending success rate is really bad.
- Yes, exactly! Marketing emails are a whole other story. I was planning on mailjet - thoughts?
- Using it for both transactional and marketing emails (but "only" for thousands of recipients) for some years. Could need some polish IMO, but the core offering is solid. Support is helpful, too.
- Have been using it for transactional mails, that was okay. Have not tried it for non-transactional, esp. not in 20+ mio/months.
- Did you use a European LLM to write this article? Or was it an American one in the end? :)
EDIT: Looks like it's an American one in the end, oh well. https://news.ycombinator.com/item?id=47085756
- Nice reading but what you built is impossible to use without registration. I'm not going to register if can't find what I'm looking for.
- Authentik would fit very nicely there and eliminate that one large bit that the author says he can't avoid putting on US infra. I am only saying this because he's already self hosting a bunch of things.
- My EU stack, works well and is cheap!
Hosting and storage: Hetzner and Netcup
Domain: ClouDNS with Failover
Transactional email: Lettermint
CDN: Bunny
- My advice and experience is don't use Netcup. They are abysmal at customer service. I once registered a domain with them, and hadn't even paid, but then couldn't get my account deleted at all. Even multiple e-mails did not help and they insisted on keeping my data until half a year later or so. They absolutely behaved like complete holes, and I will never trust them again with anything. I don't know what they do with user data. Maybe they systems are just so terrible, that it is a huge effort for them to go and comply with GDPR deletion request and then they just don't do it.
Also their web interface doesn't allow you to delete your domain, even if you have not paid yet. So anyone could come and make some account and register a domain, but then not pay and they wouldn't remove it from their systems. The feel of their website is very antiquated and due to not being able to delete your domains, feels buggy.
- I am using Netcup over the course of 20 years now and tbh never had any problems. Their customer service is very friendly and they responded quickly to me every time. Sorry to hear your story, but I think this is an exception? I had domains there too, but moved away because of functionality. But my main hoster is Hetzner for a decade now. But because of vendor lock out, I am glad to have Netcup too, especially if you consider the price!
- Seems this page is not eu compliant anyway since there is no info who owns it
- The finished product has an imprint (with commercial name, according to Spanish law). The blog post isn't commercial.
- Thanks for the writeup.
Does anybody know whether there are any European alternatives for Github that allow you to host private/commercial repositories without using self-hosting?
- AWS does have a European sovereign cloud now: https://aws.amazon.com/blogs/aws/opening-the-aws-european-so...
Now how bulletproof it is in practice will be tested in years to come, I'm sure. But it seems to be using the same model as AWS in China where a local company licenses and operates the software from AWS.
- Nice try by them but the Amazon is still a river and "AWS European Sovereign Cloud" is an oxymoron.
- The Chinese version of AWS isn't the full offering, offering less than 1/3 of the services. ESC appears to be more complete, but it's not a third party local company, but rather, a walled-off subsidy of AWS in Germany.
- >Now how bulletproof it is in practice will be tested in years to come
Zero chance the data stays in the EU. Just think about it for a moment. US CLOUD Act directly conflicts with EUs GDPR. Amazon doesn't want to risk losing EU markets but it can't lose the US market by not complying with US law.
If these two conflict Amazon will side with the US. The savvy business move is to pretend to serve the EU market exclusively while privately adhering to the US demands.
- There are EU ad tech exists, wondering if one can leverage them?
Mobile apps, can you try those alt stores?
- Inspiring! I'll likely pursue the same thing.
- For domains I am very happy with ClouDNS. Anycast DNS provider with failover functionality. It's from Bulgaria.
- I wonder what author uses for payments.
- Using self-hosted Mox for transactional emails.
- Surprisingly sober take. I enjoyed the honesty. Thanks!
- There is an ongoing lobbying push for "Made in EU" [0] which is unrelated to OPs article. The winds sure are blowing towards European sovereignty. Thanks, Trump!
[0]: https://www.euronews.com/business/2026/02/19/made-in-europe-...
- All of those considerations are driven by politics, not technical matters. What if in Germany next election will be won by AfD, in France by Lepenists (Jordan Bardella is going for the win in 2027 election). And next US election will be won by Democrats. What's then? Moving back to the USA?
- Data sovereignty, avoiding monopolistic dark patterns by big American corporations and choosing local business partners that you can keep accountable is not political, it’s logical choice.
- For anyone looking for non-US transactional email, I found https://mailpace.com via HN a while back and can recommend. Can't remember who the HN user behind it is, but they've done a great job.
- Truth be told if you're a European business, U.S. cloud providers weren't a good deal for a long time. Not since the advent of NVMe's and cheap 100G NIC's, well, that's for sure. Let's have a look at AWS R8 class, which is their most recent native instance type with real, modern I/O. Now, these are ostensibly powered by AWS Nitro 6th-gen networking, which is a 600G NIC. However, if you fancy NVMe drives (R8gd) which you do normally, you won't be getting more than 50G full-duplex. If you want to hit 100G+, you will need R8gn instances which don't offer ANY storage. So if your idea of data engineering is not calling from the 90s, well, you're stuck between a rock and a hard place mate!
Good news is you can get PCIe 5.0 servers, I/O gear, and host it yourself for a mere fraction of semi-capable AWS bill.
Bad news it doesn't matter if you don't get enough uplink bandwidth, no control over the routing table in the core routing infrastructure leading up to your WAN, or actual routers capable of hardware-filtering 100 gigabits worth of line rate per link. And you will need all these things if you want to at least try and match what Cloudflare/Cloudfront is doing from routing standpoint. (It will be much harder though to match them from the CDN standpoint...) DDoS protection is overrated, but it's not for reasons people commonly think.
- I've built gethly.com entirely on my own VPSs, so i was concerned only with VPS providers. People actually might not know that Europe has orders of magnitude more developed IT infrastructure than USA, or China(Asia is actually quite a joke). For every one VPS provider in North America, Europe has 10. Not only that but there are all necessary services one might need - cdn, domains, dns, storage, payments... nothing is missing. I don't see why people think they "need" american companies, except the big three of cloud providers with their gazillion useless services. But 99% of projects don't really need cloud services at all.
- I was kind of interested in the content, but I am so overloaded with AI slop by now, that reading this generated text gives me nausea.
I was looking to see why they landed on this stack, but there are no alternatives or evaluation criteria listed - given the generated article, I wonder how much of the infra was selected by an LLM.
- Claude helped write the article. It is 2026. I proof read it though and yes, giving an LLM a list of specific criteria of what you are looking for in a product is actually a pretty good experience.
- If it works for you, it works. I just see the same phrases used repeatedly so frequently nowdays - including my own LLM conversations.
Regarding the use of LLM for picking infra. The issue I usually have with such task is that they frequently omit things - either from the list of options or the features compared. And depending on my familiarity with the topic, I might never notice, which might steer my decision making into a different direction. Basically a certain bias. Sometimes prompting it to repeat reveals more, but ultimately I end up hitting the search and doing my own research, then I might use the LLM again with now more knolwedge and data. Did you run into this too? What was your process?
- I do understand what you mean with bias.. some models where quite stubbornly ignoring things like "I want made in EU - not GDRP compliant - not one office or data center in the EU". I remember this being especially painful for TEM and market email providers. Usually they suck at finding the right pricing data at first try.. so I ended up throwing screenshots of pricing pages. Now that I am writing this up, in some instances manually comparing them would have been faster :D ... The bias might come from the huge amount of US dominance in training data and might not even be intentional. In some niches you don't have many options, that's what I tried leaning on in the article.
- > Claude helped write the article. It is 2026.
If that's the case, why do we have to suffer through an AI-generated article? Just give us the prompt.
This topic interests me but I stopped reading as soon as I noticed the slop. I'd much rather read a couple of human-written paragraphs with your personal experience.
- Why is there no European alternative to Apple app store? It's rather strange to me.
- > Your users expect "Sign in with Google" and "Sign in with Apple."
And then they cry when they lose access to everything because their Google/Apple account got blocked for some obscure violation of ToS.
- I just signed up up Hetzner
Their menu has:
- Console
- konsoleH
- Robot
- DNS
When I click into Console I get an additional option called "Website"
I have no idea what Robot and konsoleH are.
Is it a prerequisite if you make a cloud platform to make your offering as confusing as possible?
- Hetzner is juggling quite a bit of legacy systems (konesoleH, Robot) around at the same time.. bare metal (root) is still on Robot, a system from the early 2000s I believe.. konsoleH is for classic website hosting and console is what oyu need for cloud. They are progressively moving over stuff to console now, DNS and Storage Boxes have recently moved.
- I like how when you login to Robot it says "checking if you are not a robot"
- It's funny that you say that because any time I sign in to one of the big cloud providers I wonder how anyone gets any work done there _at all_...
But to answer your question it's the top one from the menu and then you get a page that couldn't be more clear (IMHO as a customer)
- Just try AWS! :-P
- Ehm sorry but no. Sovereignty means you own the stack not that you just choose other suppliers. Build on EU infra means owning a machine room with some servers, having fiber optic good enough for your traffic and that's is.
What the author describe is just a supplier switch still owning next to nothing.
- Perhaps the term is overloaded, and a better one would suffice, but the bigger point is to ensure that none of their infrastructure is under the purview of any US entity, public or private.
- Are our institutions more "legal" or "reliable"? Honestly, it doesn't seem that way to me. Oh, let's be clear, the less I have to do with the GAFAM, the happier I am; Hetzner has shown itself to be a good company so far, as have several others, but if we don't start to understand what "ownership" means in the digital world, we'll never get out of the current sorry state of things.
The average Joe understands the concept of owning versus renting a physical good, whether it's a car or a fork, but in the digital realm, they think "if I see it on my screen, it's mine", they just can't grasp it. If we don't start teaching this, we won't be able to have a society built for digital sovereignty and technical rationality.
We'll keep having "communication services" that only talk to themselves, like WA, Slack, Discord, etc instead of those where everyone can talk to everyone else, from email to XMPP. Most people won't realise how absurd it is that WA only talks to WA, whereas even a basic telephone can call from any phone company to any other. Making people understand this is the foundation, which is currently missing even for many techies who get it because they have the knowledge, but only with a somewhat vague understanding, without really caring how to do things differently.
- [dead]
- [dead]
- [dead]
- [dead]
- What exactly is your goal in doing this? What has it brought you?
- US admin is threatening the EU on multiple fronts if you haven't reading the news. Invasions of sovereign territory, dismantling the EU etc.. This is unprecedented and without merit and a lot of EU citizens and governments have reached their patience threshold and are choosing to buy elsewhere.
The US has simply casually mentioned they could turn off all access to US digital services and products that we currently pay good money for. The concern is that they might maybe not all at once but I'm not waiting to find out that they're testing the waters with a single provider.
So we're getting security and independence and promoting the EU tech scene! EU has better privacy laws as well. Before this the US was seen as a reliable ally.
- It was a mix of stubbornness and curiosity how far you could push this experiment.
- Can't speak for the author, but freedom from US spying ideally. Additionally, not providing any revenue to a US-company that in turn pays taxes to a government that they don't support the actions of.
- Running microservices on Hetzner is a risky move.
Their direct internet connections rarely go down, but links between servers in their internal network suffer from intermittent failures. if you make your service reliable enough to be able to run on a single node, you could have built a monolith in the first place.
- If you build microservices you should always assume that links go down! So what is the deal here? Think about it as a feature to make your application more error prone. :-)
- I think this is short-sighted - there are many applications where a single node is all one needs, and this is a huge part of Hetzners user base, presumably.
A bit of anecdote from me, as a decades-long Hetzner user: I have personally felt no real impact whatsoever with their internal network suffering from intermittent failures. The downtime incurred by Hetzner admin I've experienced is measured in minutes, in my case over a 10 year period as a customer...
- A lot of people are over romanticizing on Hetzner. The hard truth is that Hetzner is a great provider for bare metal machines and extremely competitive pricing, but it's extremely demanding to run production workloads there without a dedicated infra guy. Claude won't wake up in the middle of the night solving the things helped you provision in an acceptable timeframe. If you are serious about your product SLOs, hyperscales shine, and you can only accept the "cloud tax".
- are you aware of https://github.com/vitobotta/hetzner-k3s ? I am using it and I can wholeheartedly recommend.
- You know, Hetzner is around since 1997, the term cloud didn't even exists then. Or AWS... The only hard truth is something when I see my wife.
- Hetzner is a very particular product. They openly cop to being "overly cautious" with even letting people open accounts because they're playing with razor thin margins: I wouldn't engage with an organization like that for serious production workloads.
At least, where "serious" is defined as making enough money that paying AWS $200 a month for $20 a month worth of compute is worth it in exchange for an actual SLA*, paid support, and knowing that even if you drop of the face of the Earth, the account will probably run unfunded months before your users even notice.
I've been bitten by using "quirky" tier-3 providers for savings on projects that really should have just ate the cost of a bigger provider.
(* Yes an SLA is not a magic uptime guarantee, but it creates an expectation which is a lot better than nothing.)
- In conclusion from the `What you realistically can't avoid` section is that running entirely on non american services will never happen.
Unless some entity pours hundreds of billions (trillions?) of euros into solving this over multiple decades there will be no way to replace google ads and sign in with google/apple. The AI part seems to be the easiest thing to solve in the list, that says something.
- In the history of geopolitics, even with what little I've learned of it, "will never happen" can be as soon as two years.
- Billions of euros over multiple decades? Why?
Seems to me like it's mainly regulation. The thing that makes people in China, or Russia, for example, not use Google - isn't that Yandex / Baidu got tons of investments. It is that people can't easily access Google. If the EU decides to pull the switch (or if the US decides to do so), we have enough competence people here to build a search engine.
- That's where democratic governments at a disadvantage. Europe is also more integrated into US market. For example, killing access to Google ads ecosystem will make 100s of thousands or even millions of people unemployed. Apple and Google have multiple offices in Europe. A divorce with US will again make a huge amount of people lose their very high paying jobs. Unlike China and Russia those people can vote.
Moreover, in democracies companies from other countries usually get more say and have more lobbying power. Open market system gives more decision powers to global players. Whereas in China or Russia, if you are not serving the goals of the dictatorial rule, you get ousted permanently without a fear of elections.
- I think those things are very hard to predict. Yes, many Europeans will stop working for American companies and lose their very high paying jobs. On the other hand, the EU as a whole will stop sending billions of euros to the American economy, and at least some of this money will be invested in creating local alternatives; Those who worked for American companies will probably find their place in these alternatives.
Everything you wrote about the open market system is true, except it seems like that system have died over the past year. Europeans understand now that the US isn't a friend.
- Google was freely available in Russia up until 2022 and Yandex still had a larger market share. It really was a solid competitor to Google, much better than anything the EU ever had.
- While it's true Europe might not be producing the next Apple or Google, there are lots of alternatives, like national academic login systems, logging into third parties with bank credentials or government IDs... Solutions that depend less on one commercial company capturing the market, that are in place on a national level and work well. It's a different landscape. Factors like current day political turmoil make people much less trusting of "American" solutions. It remains to be seen if this goes beyond sentiment into some actual pan-European solutions that (claim to) safeguard privacy and data.
- What about non EU users? Americans don't second guess themselves when they slap google/apple/meta sign in only. They know everyone in the world will never pause when they see their logo on the buttons. To reach this scale of worldwide adoption for a European service requires a massive amount of investment.
What's even the entry point? Google and Apple make the devices that everyone uses. Even if you build a service like you suggested, how do you ensure that everyone is using it?
- > They know everyone in the world will never pause when they see their logo on the buttons.
As in, that they won't run away when they see them or that they will all happily use them? If you mean the latter, then it's just false. Also, why do you assume that such product would need to be used worldwide all of a sudden? Having something for the local market would be sufficient to call it a success in this instance. There's an ICC judge who could tell you a thing or two about having a whole digital life on the hook of services from one country, so reducing this dependency is a clear benefit.
- > Also, why do you assume that such product would need to be used worldwide all of a sudden
Because I'm talking about not running on any American services. Which Americans can do and do all the time. I don't see how we can reach a point where we can one day not include google/apple sign in and not lose a massive number of potential users. Sure it's possible that one day we'll see a "Sign in with EU login" but below it they're always be sign in with google/apple, for a very long time.
- That post mostly concerned infrastructure, you won't likely run the same managed DB with 2 different providers, for example, but you can well offer sign-in with EU/non-EU options, and as long as the first one is viable, I'd say that would already be a win in terms of OP's goals.
- the problem is - these don't work unless everyone uses them worldwide.
- Yeah, they sell you that with the devices. You would need to crack iOS/Android dominance first before you could realistically consider NOT assuming someone has at least one or the other account.
- Agreed mate, it took absolute trillions of Euros for "Sign in with VK" to become a common option in Russia. No clue how they did it while also waging wars.
"Sign in with LINE" in Japan? Quintillions of Yen were spent.
- Sign in with LINE and not a single American logo on the log in page?
Also what about AI? Can't solve that with a sub billion euros of investment.
- It's possible that will get ""solved"" overnight when some critical service gets cut off or banned in one direction or the other for political reasons.
- yeah I think trillions alone wouldn't be enough to replicate Apple's success and market dominance (especially the most valuable demographic)
- This is a weird take. It is completely arbitrary.
I could say that you cannot run entirely on US technology, because electronics comes from China. Does that mean that we should just strive to move everything to China, so that we only depend on them?
Makes no sense to me.
- I've witnessed quite a few attempts in this regard, and they're truly admirable. Although Gitea's trademark and domain are controlled by China.
From a geopolitical perspective, such attempts don't hold much significance. The EU's future doesn't lie here either. It lies more in media control, profiting from balancing between the US, China, and Russia, and even continuing to extract raw materials from former colonies through low prices or unfair contracts. This may not be glorious, but it's what's been happening all along. A vast consumer market, the influence of values, comprehensive soft power, cultural control and integration of large numbers of immigrants, and so on. "Made in EU" will never succeed.
- Per "Choose Boring Technology" [0]:
> Let’s say every company gets about three innovation tokens. You can spend these however you want, but the supply is fixed for a long while... If you choose to write your website in NodeJS, you just spent one of your innovation tokens. If you choose to use MongoDB, you just spent one of your innovation tokens. If you choose to use service discovery tech that’s existed for a year or less, you just spent one of your innovation tokens. If you choose to write your own database, oh god, you’re in trouble.
From my POV, the author spent their innovation tokens on a political commitment. I would not recommend this path to someone starting a company. It's hard enough already.
Also, many American companies that might have been useful to the author were founded by Europeans, e.g. GitLab. There's plenty of European talent for making widely adopted infrastructure. If those companies aren't in Europe, it's worth asking why [1].
[0] https://mcfunley.com/choose-boring-technology
[1] https://worksinprogress.co/issue/why-europe-doesnt-have-a-te...
- But the argument is reversed! The more boring your tech stack, the _easier_ it is to host it anywhere (including Europe). So choosing boring tech is actually an enabler of this (and other) choices down the line.
It's only "a political commitment" as long as it doesn't affect you yet; and from the European perspective I'd say "the affecting has begun".
- I'd say from this author's POV, his commitments cost him in terms of headaches, costs, and time not spent optimizing for meeting customers' needs:
> The parts that were extra hard
> Transactional email with competitive pricing. This one surprised me. Sendgrid, Postmark, Mailgun, they all make it trivially easy and reasonably cheap. The EU options exist, but finding one that matches on deliverability, pricing, and developer experience took real effort. Scaleway's TEM works, but the ecosystem is thinner. Fewer templates, fewer integrations, less community knowledge to lean on when something goes wrong.
The choose boring technology essay notes that as you get further along you might get more innovation tokens to spend. but when you're starting out, "not choosing sendgrid because they're American" is a token gone when they're most scarce.
- Fair enough... though if I were to push my point: one could also say that dumbing down your mechanisms of email sending (i.e. ditching templates, or pulling the templates to your own codebase) would give the same advantage I talked about earlier of vendor-independance
672 points by willy__ 13 hours ago | 350 comments