Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you know if GDPR prevents EU countries from obtaining IP logs for Amazon zones located there? I was hoping I could spin up an EC2 VPN in Europe and feel more secure that my IP logs can't be obtained by the US gov't. I use RunBox for email in Norway, which has the strictest privacy laws, but there is no AWS zone there. Any thoughts? Thanks.


The US CLOUD Act was designed specifically to enable US gov agencies to access that information:

https://en.wikipedia.org/wiki/CLOUD_Act

So, don't use EC2 or stuff hosted by other US companies for things to you want to keep private from the US gov.

Also note the US gov shares intelligence with other countries, as mentioned by a sibling post.


Maybe through the UKUSA agreement or similar. https://en.m.wikipedia.org/wiki/UKUSA_Agreement


> Do you know if GDPR prevents EU countries from obtaining IP logs for Amazon zones located there?

GDPR has specific exemptions for law enforcement and national security. Governments are allowed to get the data by claiming it's for national security. Some EU countries may have better protections than others.

To give better advice I guess people would want to know what your risk model is. Who do you think is after your data? What do you want to protect?


> risk model is

Mostly curiosity: what is the highest degree I can obscure my web use and meta data with off-the-shelf technologies?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: