# Best EDIS location for privacy laws?



## MannDude (Sep 20, 2013)

Looking at EDIS KVM line, so many locations to choose from! I'm looking at setting up a non-US mailserver for personal use, to replace my reliance on Gmail in a country that is known for being good for these things.

Any recommendations?

Generally speaking emails just consist of invoice notices, notifications someone responded on a forum, masonic secrets, and stupid Amazon spam. I don't really 'need' it outside the USA, but this is my limited ability to say, 'Fuck you Google and NSA' and all that jazz.


----------



## rds100 (Sep 20, 2013)

I'd say Iceland. And if it's about the "F*** .....", then maybe also Russia.


----------



## MannDude (Sep 20, 2013)

EDIS replied to my sales ticket quickly!

They said:



> I would recommend either Iceland, Hongkong or Germany.


----------



## Ishaq (Sep 20, 2013)

I'd go with Iceland.


----------



## Mun (Sep 20, 2013)

None of this does you any good, unless you encrypt all data coming out of the server and all emails are sent/received over SSL. The largest portion of how they data mine is at large data points. The reason being is the second  you view your email or have a friend send you an email from X mail provider in the US, it is already caught.

Mun


----------



## XLvps (Sep 20, 2013)

Server location: Douglas, Isle of Man

This is one of their listed KVM locations.   That's a new one for me.


----------



## Ruchirablog (Sep 20, 2013)

If you dont receive anything much important why would you waste time setting up mail servers and things? just think about spam filtering of both. Gmail is just reliable and works out of the box so if I were you I will be sticking with Gmail for these stuff


----------



## raindog308 (Sep 20, 2013)

Ruchirablog said:


> why would you waste time setting up mail servers and things?


Dude...this is vpsboard.

To to OP, Germany is subject to the EU data retention law (while ironically there is no retention law in the US).  I'm not sure about Iceland but they probably are as well.


----------



## rds100 (Sep 20, 2013)

I think Germany refused to implement this law, while all other (or most other) EU countries implement it. And Iceland is not in EU so it is not bound by stupid EU regulations.


----------



## drmike (Sep 20, 2013)

Some points:

1. Determine country of ownership.   Officials there can/will use long arm to get at remote data.

2. Determine country for hosting and what is protected and who.  Are foreign nationals included?

3. All international traffic is NSA mass dumped/port mirrored.  So it is 24/7 heavy crypto or wasting your time.


----------



## ttt (Sep 20, 2013)

rds100 said:


> I think Germany refused to implement this law, while all other (or most other) EU countries implement it. And Iceland is not in EU so it is not bound by stupid EU regulations.


That is correct. Germany does not have that data retention, even though it is EU law, because the German Federal Constitutional Court has ruled that this EU-directive is against the German constitution. After that, the European Commission issued an ultimatum to Germany to enact a data retention law until March 2012. The German government, however, did not enact anything. So the European Commission has initiated a court proceeding at the ECJ. However, nothing has been decided yet.

All other EU member states - except the Czech Republic and Romania - have enacted those EU-directive to my knowledge. The Constitutional Court in the Czech Republic and the Romanian Constitutional Court had a similar ruling as the German Constitutional Court. Even Austria has followed suit in enacting the EU-directive after they retained from doing so for about a few years. Besides that, also Switzerland (as being a member to the European Free Trade Association) has enacted a data retention law.


----------



## MannDude (Sep 20, 2013)

ttt said:


> That is correct. Germany does not have that data retention, even though it is EU law, because the German Federal Constitutional Court has ruled that this EU-directive is against the German constitution. After that, the European Commission issued an ultimatum to Germany to enact a data retention law until March 2012. The German government, however, did not enact anything. So the European Commission has initiated a court proceeding at the ECJ. However, nothing has been decided yet. .
> 
> All other EU member states - except the Czech Republic and Romania - have enacted those EU-directive to my knowledge. The Constitutional Court in the Czech Republic had a similar ruling as the German Constitutional Court. The Romanian Constitutional Court had a similar ruling. Even Austria has followed suit in enacting the EU-directive after they retained from doing so for about a few years. Besides that, also Switzerland (as being a member to the European Economic Area) has enacted a data retention law.


Welcome to vpsBoard, and nice first (and informative) post!


----------



## vanarp (Sep 20, 2013)

I agree with @Mun and @buffalooed that there is no way your mails are 100% private.

I have a feeling that the more anyone tries to over smart NSA will only attract them better.


----------



## drmike (Sep 20, 2013)

The nature of email is just plain problematic --- all the plaintext sending of messages.

I've hoped for years that we'd do away with email unless entirely encrypted.

Better yet, email over something like XMPP.  Unsure why development processes keep getting wasted on another email client, web mail, server, etc. when the underlying technology is severely in decline.

Don't let me discourage you though.  Everyone ought to be thinking like this.   I lock my door for a reason, to keep the casual criminal outside   This is one of those similar responses to the day and time we live in.


----------



## Mun (Sep 20, 2013)

FUCKING VPSBOARD FORMATTING!!!!!!!!!!!!!!!!!!!!!!

Ahhhh!

Mun


----------



## MannDude (Sep 20, 2013)

I mean, what if you had a email server in Germany and a remote desktop in Hong Kong? I don't _need_ that level of security, but instead of accessing the emails locally you could just view them on your remote desktop?


----------



## Mun (Sep 20, 2013)

MannDude said:


> I mean, what if you had a email server in Germany and a remote desktop in Hong Kong? I don't _need_ that level of security, but instead of accessing the emails locally you could just view them on your remote desktop?



Where did the email come from is a better question. If the email came from a person sitting in San Francisco, CA and goes through any email provider based in the US, even with a HTTPS session would still be caught and archived by the NSA. On the other hand you would be per say more secure for sending emails as they would hop to the nearest server if that server was out of the reach of the NSA.

Now all that being said most of the EU/US countries co-exist and will share data so pretty much if your data leaves Germany you are screwed.

It would be better to change how you use email instead, and move to something else. 

I am personally going to change all my websites to https, due to what has happened. Theoretically as long as your server isn't compromised all PMs on my forums would be secure. So it might be advantageous for you to move vpsboard or another site to https and send your content via those methods.

Mun


----------



## maounique (Sep 21, 2013)

For this to work you need end2end encryption. No matter the country, the server can be seized. In germany, for example, US can say you operate a child porn ring and they need the data for evidence. If it is not encrypted it is useless.

So, you need a system with public/secret keys. Even so, NSA can compromise one end or even social engineer you/trojan/break into your computer for the key(s). Security can work if you do not make any mistake and there is end2end ancryption, only then you can be sure (except your other end being actually compromised).


----------



## RusFoster (Sep 23, 2013)

If you are transmitting information / data that is that important the NSA wants to look at it, they will find a way. Generally you should assume that anything sent in email is around the same level of privacy as a text message.


----------



## Mun (Sep 23, 2013)

RusFoster said:


> If you are transmitting information / data that is that important the NSA wants to look at it, they will find a way. Generally you should assume that anything sent in email is around the same level of privacy as a text message.



Actually that is the real question, what data is the NSA actually grabbing, and whom is it being directed at?

Mun


----------



## drmike (Sep 23, 2013)

We don't think the NSA is discerning do we?   

Much faster/easier/feasible to port mirror entire major fiber hauls and dump it to storage.  Then offline run sorting and filing algorithms to make use of the data.

The intelligence community isn't building all these giant data centers to store info just on the chosen known perpetrators.


----------



## Lee (Sep 23, 2013)

Don't know why EDIS advertise the Isle of Man as 'offshore' it is no different than hosting in the UK from a law/regulatory point of view.


----------



## Mun (Sep 23, 2013)

buffalooed said:


> We don't think the NSA is discerning do we?
> 
> Much faster/easier/feasible to port mirror entire major fiber hauls and dump it to storage.  Then offline run sorting and filing algorithms to make use of the data.
> 
> The intelligence community isn't building all these giant data centers to store info just on the chosen known perpetrators.



This is illogical. Cloudflare has since its start 3ish years ago saves 216PBs of data. That is just the saving portion, how much other data has come through other then just that?

Not to mention the duplicate data that is bound to be hit as well. 

There is SO much data that they would have to buy a 2tb hard drive every second just to handle the bandwidth of California alone. 

Not to mention most of this data is useless. For example game server traffic, music cast, podcasts, pandora, updates, etc. etc. etc.

There has to be something that they are filtering out, or they simply would explode with useless data.

Mun


----------



## rds100 (Sep 23, 2013)

Wait, maybe that's where all this USA debt goes?


----------

