Dear USA, my data has left your building

Nitpickers aside (yes, what they had they may still have or at least in digest form) this is a single instance of a tidal wave of people doing this. EU datacenters are doing quite well because of the NSA revelations.<p>The economic impact of this could very well counteract any net plus the US had while they were able to spy at will. Likely it&#x27;s not going to be the same parties that will end up footing the bill.<p>The practical effect from a security point of view of this exodus is likely not very significant, I take it as read that EU pipes &amp; major hubs are also bugged in much the same way, possibly even by the NSA and their friends with tacit approval or blind-eye-turning of local authorities, presumably under some data sharing agreement.<p>Just this morning it was revealed that Belgacom (the Belgian major telco) has concluded that their communications are being spied on and I&#x27;m sure that even though the Belgian government is reacting very much upset about this that when the final verdict is in we&#x27;ll find that that very same government at some level of the bureaucracy knew about this since day one.<p>Plausible deniability will protect those in charge.<p>So, you can move your data around as much as you want, it won&#x27;t make much more than symbolic difference unless you go to really exotic or lawless places.<p>Maybe Switzerland or Iceland could re-invent themselves as data bastions but that would merely shift the attention to lines running into and out of those places.

Obviously we[1] sympathize with this, since we&#x27;ve been running a swiss location since 2006 - one that has become increasingly busy in the last 3-4 months.<p>However, I personally don&#x27;t store my data there - even though I am deeply disturbed by the recent revelations and invoke all manner of security precautions in my own digital life.<p>First of all, it appears that intra-US Internet traffic is subject to less scrutiny and open to a much more narrow interpretation of the laws that (supposedly) allow this snooping to happen. Once your traffic leaves the US, the 4A (and other) protections seem to relax significantly. Let&#x27;s set aside for the moment the bad behavior of other global and national &quot;observers&quot; on the network, which we have to assume are at least as bad as the US NSA ... and let&#x27;s just concern ourselves with the US side of things. From that perspective, moving your traffic <i>out</i> of the US appears to have a lot of unintended consequences.<p>Second, it really shouldn&#x27;t matter. SSH is SSH and duplicity is duplicity and storing a fragmented TC container is ... well you get the idea. If I have the right toolset[2], I should be able to store my data on a USB stick that I leave in the NSA lobby every night. You should ask yourself how large and unwieldy your digital life has become if you can&#x27;t just trust the math.<p>Oh, and also ...[3]<p>[1] rsync.net<p>[2] SSL&#x2F;PKI is <i>not</i> the right toolset. gmail is not the right toolset. Weirdo walled garden dropbox gdrive non-standard private API garbage is <i>not</i> the right toolset.<p>[3] We support synology devices perfectly, right out of the box, and right through their GUI config. Just saying.

Over the last month I have cancelled all our servers in US, setting up a new one this morning in Amsterdam<p>One thing I am worried about is potential liability of having someone sueing us under data protection laws here in Ireland, claiming their data was inspected by US and we couldnt protect their privacy<p>Here in Europe we get to have data protection commisioners and strong laws on the subject unlike across the pond.

&quot;My webhoster (WebFaction) receives mail for all my domains. My Synology retrieves mail every 5 minutes via POP (you can set this up via Roundcube on the Synology) and deletes it from WebFaction.&quot;<p>but even if you can delete your mail from your mailhost after downloading it to your private machine, isn&#x27;t the point that the NSA probably collected the email before it even hit your mailhost?

I suspected there was going to be a mass exodus. NSA basically killed cloud-computing. I don&#x27;t think it will come back soon. And while on the subject, consider selling your Microsoft stock. How many enterprise customers will choose Microsoft products again after 2013?

It&#x27;s the bottom line that&#x27;s important. As long as the current surveillance regime is in place, there&#x27;s nowhere you can be online that isn&#x27;t watchable by them.<p>The NSA is the largest practitioner and consumer of surveillance among its allies and other targets, and likely drives and influences most surveillance activity among its allies and other targets. The NSA gets its funding from US tax collections, and those taxes are controlled by US politicians.<p>So at the least, non-US citizens and corporations should move their data and activity out of US-controlled or affiliated corporations. There is only one way that this surveillance can be changed at all, and that&#x27;s by US corporations and their rich executives and shareholders feeling a rumbling in their bottom lines. This will rouse them to direct the recipients of their political and lobbying dollars to cut this shit out.<p>I&#x27;m sorry, but we citizens of the US have long lost control of our government. It&#x27;s money.<p>Vote with your feet. Don&#x27;t fund the US surveillance state.

As much as I love Synology NAS, I wouldn&#x27;t trust it for keeping what&#x27;s essentially my entire life (email, photos, music, files, everything). The author has a backup system which involves two laptops, a workstation and a separate file drive. However, at the bottom he&#x2F;she adds &quot;I will probably add an extra external drive to the mix and try to keep that off site.&quot; My advice: do it. Now. Murphy&#x27;s law states that a flood&#x2F;power surge will hit your house as soon as pull the plug on your external storages.<p>I don&#x27;t want the NSA to snoop through my email and family photos, but the fear of data loss easily trumps my fear of not having privacy. To me, that&#x27;s the tradeoff for using public services like dropbox&#x2F;Gmail: I get more redundancy at the cost of privacy.

It&#x27;s a bit naive to believe that after Google <i>may</i> have deleted your emails (no good reason to trust them, I&#x27;m afraid), the NSA also no longer has access to them. They picked them up as they arrived at or left your Gmail account and will keep them forever.

You forgot the backdoors in your hardware.<p>Yours faithfully,<p>The United States of America

The problem is that all of your email conversations are with people who still use gmail. Game over.

Yeah, because nothing protects you from the NSA like <i>being outside the USA</i>.<p>Edit: Oh I see I&#x27;ve been voted down. I guess that makes my statement untrue.. My point was that outside the USA the NSA has free reign. Only inside the USA does the NSA have restrictions. Obviously they crossed some lines and we are still fighting for privacy around the globe. But moving data outside will not stop them.

It&#x27;s interesting to see people doing this as it&#x27;s something I&#x27;ve been planning to try. I&#x27;ve backed the Lima project on Kickstarter which will hopefully become my Dropbox replacement:<p><a href="http://www.kickstarter.com/projects/cloud-guys/plug-the-brain-of-your-devices?ref=live" rel="nofollow">http:&#x2F;&#x2F;www.kickstarter.com&#x2F;projects&#x2F;cloud-guys&#x2F;plug-the-brai...</a><p>and the Mailpile project on Indiegogo which will hopefully work as my email frontend on a local server:<p><a href="http://www.indiegogo.com/projects/mailpile-taking-e-mail-back" rel="nofollow">http:&#x2F;&#x2F;www.indiegogo.com&#x2F;projects&#x2F;mailpile-taking-e-mail-bac...</a><p>I&#x27;m planning on buying a small server for running all my services on a VPN (mail server, GitLab, Mailpile etc.) and a decent NAS with RAID&#x27;ed backups of server + lima drives + time machine and if possible send that to a safe off-site backup.

Actually, your data is still in their building.<p>You&#x27;ve only removed the particular copy that you had access to.

&quot;The loss of GMail conversation view was initially really REALLY painful.&quot;<p>I recently experienced the same pain with Thunderbird after moving away from the new Gmail compose interface however I&#x27;ve since moved on to Airmail [1] which deals with conversations (and other Gmail behaviours (shortcuts etc) in a very similar way to Gmail and am extremely happy with the move.<p>[1] <a href="http://airmailapp.com" rel="nofollow">http:&#x2F;&#x2F;airmailapp.com</a>

Where are you going to move your data where it&#x27;s less likely reachable by the NSA and the GCHQ? Another UKUSA member country? <i>Any</i> country in Europe? A third world nation?<p>You&#x27;re only shifting eyes from western intelligence to a third world dictatorship, or Russia&#x27;s FAPSI and GRU units. And in some cases, moving your data out of the US may subject it to <i>even more</i> scrutiny or dragnets.

I recently deleted my Google+ profile. I have to say that Google is among the nice ones out there. They have a no-nonsense process with tools in place to export the data and delete accounts. Facebook&#x2F;Quora make it really difficult to delete your data.<p>It&#x27;s ironic that it&#x27;s easier to leave the good corporations than the bad ones.

Dear cpbotha,<p>No it hasn&#x27;t.<p>-- USA.

Can anyone recommend a linux VPS host outside the US as an alternative to Linode or Digitalocean?

I strongly suggest watching Jakob Appelbaum&#x27;s speech at the NSA hearing in the European Parliament:<p><a href="https://www.youtube.com/watch?v=Cu6accTBjfs&amp;feature=youtu.be&amp;t=2h23m1s" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=Cu6accTBjfs&amp;feature=youtu.be...</a><p>Here&#x27;s a question he asks to people who think that because they&#x27;re Americans they&#x27;re &quot;more protected&quot; against NSA spying than foreigners:<p>Who would be me more afraid to call someone like Appelbaum or Julian Assange? Someone from US, or a foreigner?<p>I think everyone knows the answer to that question, and you also have your answer for how protected Americans really are against this total surveillance.

&gt; On my Android telephone (whoops…) I am using the Kaiten IMAP client.<p>Check out: <a href="http://www.ubuntu.com/phone" rel="nofollow">http:&#x2F;&#x2F;www.ubuntu.com&#x2F;phone</a><p>Devices supported: <a href="https://wiki.ubuntu.com/Touch/Devices" rel="nofollow">https:&#x2F;&#x2F;wiki.ubuntu.com&#x2F;Touch&#x2F;Devices</a><p>Currently, the Galaxy Nexus seems to be the best option; see its hardware support progress here: <a href="https://docs.google.com/spreadsheet/ccc?key=0ArLs7UPtu-hJdDZDNWliMmV1YUJ3Zk1pQlpDdGp4VFE#gid=0" rel="nofollow">https:&#x2F;&#x2F;docs.google.com&#x2F;spreadsheet&#x2F;ccc?key=0ArLs7UPtu-hJdDZ...</a> (column &quot;Maguro&quot;)

I don&#x27;t believe that there is enough information yet to take action, for example moving data out of US Datacenters. Too little is know about what the NSA is actually doing with the stuff, what they do and don&#x27;t have access to, and what kind of risks businesses are incurring as a result.<p>The most important question is whether or not the NSA or other agencies in the US are actively committing industrial espionage, meaning not only that they are spying on foreign companies but also passing on data to US competitors.

This used to be called setting up a mailserver and fileserver back in the day. Some people never gave up the goods and kept their personal files and email accounts on their own hardware.

&gt; The loss of GMail conversation view was initially really REALLY painful<p>Considering all the shit going down lately... we&#x27;ve seen a recent surge in use of things like DuckDuckGo and OwnCloud, but no good replacement for the Gmail UI. I&#x27;m surprised no one&#x27;s seen that opportunity and created something similar, but installable on your own personal server so that you can have access to a <i>good</i> web UI from anywhere.<p>If I can make the time, I&#x27;d love to do something like this.

All well and good — I suspect that OpenPGP is one of the few reliable tools out there for file and email security — but BitTorrent Sync is closed-source. We have no way of knowing that it doesn&#x27;t automatically provide copies of all data to interested third parties. Better put those cat pictures in TrueCrypt (another tool which probably works) volumes before syncing them out. (Assuming your hardware doesn&#x27;t compromise the encryption.)

GCHQ is not exactly any rosier than the NSA. I don&#x27;t know why OP imagines that WebFaction (UK company) is immune to spying in a way that Google isn&#x27;t.<p>I&#x27;m afraid this will be characteristic of the anticipated mass exodus. People will move away from US services because it makes them feel good, but their destinations are going to be either Five Eyes territory or countries that don&#x27;t even feel a need to hide their surveillance apparatus.

Just as a thought exercise, this might not be a good trend for US businesses, but perverse reversion of this is that the less foreigners store their data at US companies, the less rational the NSA has to snoop there, meaning we may only have to worry about FBI, DEA, etc and they aren&#x27;t as sophisticated as the NSA at this. I actually don&#x27;t have a problem with any of these agencies personally, just a thought.

dirvish is dead. Use obnam <a href="http://liw.fi/obnam/" rel="nofollow">http:&#x2F;&#x2F;liw.fi&#x2F;obnam&#x2F;</a>

7bn people on earth, but the NSA has a direct interest in cpbotha hence his actions make total sense.<p>because if the US intelligence services took interest in him, moving his data to other servers would <i>totally</i> stop them. i can see the agents shaking their fists at the sky, helplessly staring at the server just beyond their reach.<p>so fulfilling to finally act out those ultimate nerd fantasies. just as awesome as the PGP mail users in college back in the days. sending plain text mails with pgp signatures, because somenone else could forge your identity - riiiiight.<p>i wonder if there is a direct correlation between this mindset and stuff mounted on the belts of said users. giant keyrings, led flashlights, multitools, etc - always prepared for the movie in your head.

If your data, encrypted or not, travels through the US or any of it&#x27;s allies, don&#x27;t you think they already have access if they want it. Privacy is an illusion.

It&#x27;s not clear to me if you dropped your gmail address? Running email outside of gmail is easy enough, but changing email address to another domain is a total pain.

The problem is the &quot;normals&quot; don&#x27;t know the spying is going on, don&#x27;t know what it means, and don&#x27;t know how to roll their own solution.

For me everything was clear before these NSA leaks. That&#x27;s why I have hosted my own services and servers already for 15 years.

The author is an ignorant puppy. [\ad hominem] What&#x27;s the use of all those spendings if his email is not encrypted and hosted on his own hardened server behind a firewall he knows how to configure himself? And even then, if his counterparts are not doing the same, we&#x27;re back to the original problem.

Great post. Appreciate all of the details of how to leave Google vs just a rant.

all major nations do exactly the same as the nsa. yes france. yes germany. becauqe theyve not been exposes as publicly does not mean nobody is watching.<p>source: used to work in eu intelligence agencies

Technical decision, or just nationalism? Some people never get over old historical issues.

Dear cpbotha,<p>You can run, but you can&#x27;t hide.<p>- USA