ChatControl and VPS in the EU
I just heard that unfortunately ChatControl is moving forward in the EU. I've also heard about some recent shenanigans by the French government trying to compel GrapheneOS to create a backdoor.
I bought some VPS in the current Black Friday/Cyber Monday sales which are in one of the member states that supported ChatControl.
Will we have to worry about backdoors or loss of privacy in EU VPS in the future?
Comments
Time to deploy https://chatmail.at/ to escape ChatControl
For well over a decade (at least) the writing's been on the wall.
In most major cities (and soon after even in the countryside) everything we do will be 100% recorded.
Expect to go to prison before you commit any crime based on algorithm's 99.9999% prediction (with the "if one child can be saved" and similar rhetoric that no one can really oppose without sounding as paranoid as I'm sounding now LOL).
🔧 BikeGremlin guides & resources
Without getting in to politics, the answer is: Yes, to both.
I would avoid Email entirely, if privacy is a huge concern.
Lots of metadata, even if body of the message is encrypted.
Possibly the first real brexit benefit lol
No that the uk is doing any better on crap laws
Chatmail is the server for Deltachat[1] = end-to-end encryption (E2EE) by default for all messages ( metadata too )
[1] https://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/
All legislation in this context targets platform operators, not hosting providers. There's no immediate need to migrate your EU infrastructure.
That said, given the current political climate, both in the EU and globally, it may be worth considering alternative locations as part of a long-term strategy (3-5 years out). The challenge is that few countries maintain both a strong pro-privacy stance and a stable political outlook for the foreseeable future.
Iceland would come to my mind, but as an EEA member, it's unclear how insulated it would be from EU regulatory changes.
Not to mention that it probably would get under a lot of political pressure if it becomes the location to evade international regulations.
The best way to go is probably to ensure that your services implement proper E2EE. So you don't need to worry too much regardless of how regional legislation evolves.
100%.
Personal VPS's and small orgs are small fish that nobody cares about. And the regulations will not hit the hosting providers, they will hit the orgs themselves that are then required to comply (install backdoors) with their own labor. Why? Well:
Personal ISP connections, for example, are trivial to monitor en-masse by installing a MITM box in the upstream. So the legislation hit the ISP's to force that change.
The web hosting environment is too complex to implement mass-surveillance on the infrastructure-level like that. So the legislation will go after each org individually instead, and demand a case-specific backdoor into each service of interest.
In short: The usual precautions apply. Encrypt your disks, E2E all network connections, don't collaborate with the cops.
No
That's from a hollywood movie.
The resistance will never die. Historically, people have always resisted even in much worse circumstances. If you surrender your optimism and hope for a better future, you are forgetting history and doing their propaganda for them.
Iẗ́'s bad, and getting worse. But let's keep our eye on the real oppressions and not allow each other to get lost in cynicism
All my personal devices are encrypted but I am skeptical of the benefit of having an encrypted volume or drive on a VPS. I did it once on a dedicated server using a guide and it was a pain to set up. My understanding is that if the VPS is continually powered on then the encryption key is in memory and thus could be accessed by someone with access to the physical hardware if they really wanted to anyway. The only protection I would have is if the VPS was powered down. But maybe I'm misunderstanding this.
Thanks for the Chatmail recommendation, I hadn't heard of this. It looks like a great alternative to Signal if that becomes targeted. The WebDXC apps were very cool and I tested playing chess with a friend!
I am still looking for a Discord alternative as I don't trust Matrix (https://hackea.org/notas/matrix.html). If someone could add a channel like style to Chatmail that would be ideal.
It looks like there isn't much benefit to hosting your own Chatmail server though due to the nature of the protocol other than perhaps having control of the domain and not losing access to the email address. However since it's not like the data is really stored on the server for long periods, as long you'd notify people of the change of address it would be fine.
If you dont want to host Chatmail by yourself... You can test ArcaneChat[1]
[1] https://arcanechat.me/