Move Data Handling to EU for European Kagi Users

[deleted]

--deleted--

nichu42

HandleHue I think the CLOUD act affects Kagi no matter where the data is hosted.

Peter

HandleHue

nichu42 indeed, the United States has terrible laws about this.

At this point, I don't think there can be any real solutions other than the certainty that the data is not and cannot be saved on the servers (a bit like what happens with Signal, which "has almost nothing to hand over" in case).

It's a shame, because Kagi is truly excellent, but this American "sword of Damocles" is a bit annoying 🙂

[deleted]

--deleted--

L8CT

I was considering that I may have been overreacting, but as this painfully unfolds, more evidence suggests that not having data within the US is the right thing to do.

https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security

I was considering whether Kagi should have a canary as to let users quietly know they have been compromised. Kagi stores no (or little) user data.I understand the business opportunity in the US right now to offer secure email services, but offering Kagi Mail feels close to a canary as offering email literally means storing user data and that in itself puts a greater target on Kagi's infrastructure for bad actors to attack.

Small companies like to grow and expand, it's great to see a company doing well, but maybe we should consider how many existing customers are customers just because it is a small company with a smaller attack surface.

silvenga

L8CT That one has been disproven by Bleeping Computer (Security News)

"This is garbage. The Guardian's entire story is based on an alleged memo that the Trump Administration never issued and the Guardian refuses to let us see or provide the date of said memo," McLaughlin told BleepingComputer.

Boomkop3

Bonus argument: locally served data would be faster for eu customers.

Boomkop3

Seeing how they go out of their way to build things like privacy pass, I can tell they're willing to invest to prove themselves. This would be another big step in the right direction. (But a much less complicated one)

HandleHue

Boomkop3 I don't know how many of us are in this situation... I've always had some doubts about the services available in the United States, but with this administration, everything seems so crazy and senseless that, at least from a European perspective, it's definitely difficult to think about entrusting potentially sensitive data to a U.S. company.

Havok

This is becoming extremely important. I really hope Kagi kan open EU-servers for EU-customers. I've started moving everything I do away from US based companies that don't have EU-hosting.

Not related to Kagi, but EU users should have a look at this site and find alternatives to their most used services: https://european-alternatives.eu/alternative-to/

Peter

Havok
This only makes sense if Kagi would move its headquarters to the EU.
To quote Frank Karlitschek, CEO of Nextcloud:

"The Cloud Act grants US authorities access to cloud data hosted by US companies. It does not matter if that data is located in the US, Europe, or anywhere else."

Havok

Peter It doesn't give me immediate access, and the requests can be legally challenged based on customer rights and laws in other countries. But yeah, the best would be for Kagi to just move out of the US all together and open up shop in Canada, Switzerland or something (even though that doesn't remove the Cloud Act, just makes it harder).

Mackou

Realistically Kagi headquarters and servers could move to Canada

RoxyRoxyRoxy

Mackou …why? I don’t follow Canadian data privacy law but I don’t think they have anything like the GDPR, which is pretty much what this whole thread is about. Also to be entirely frank I'd prefer not to have my data in Canada.

Peter

The EU decided that Canada has an adequate level of data protection and that it continues to do so:

The Commission concludes that Canada continues to provide an adequate level of protection for personal data transferred from the EU to recipients subject to PIPEDA.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52024DC0007

OTOH, the EU also decided that commercial US organizations participating in the EU-US Data Privacy Framework have an adequate level of data protection--but the European Court of Justice has already held twice (Schrems I and Schrems II) that US law is not "essentially equivalent", so it's probably just a matter of time that the current framework becomes illegal: https://noyb.eu/en/us-cloud-soon-illegal-trump-punches-first-hole-eu-us-data-deal

RoxyRoxyRoxy

Peter Ah interesting, thank you. As a thought for Kagi and EU users to chew on, would third party audits much like Proton does be acceptable and feasible? This could show, along with a canary-type system, that Kagi users’ data is still safe and secure in the US.

Peter

Peter Also keep in mind that this primarily concerns businesses. As a normal user, you're always free to use US providers.

Peter

RoxyRoxyRoxy I'm not sure what the best approach would be. Maybe creating a second, independent business structure in a country like Switzerland or even Canada for things like Kagi Mail which will probably be a data-intensive product? But I'm not a lawyer, I only play one on the internet (I'm just a cat IRL).

kimdre

A separation between the USA and the EU would be great. The data protection laws in the USA are a joke and a nuisance for every European user.

« Previous Page Next Page »