Translator's note.
As the founder of Simple Analytics, I have always been mindful of the importance of trust and transparency for our clients. We are responsible for them so that they can sleep peacefully. The choice should be optimal from the point of view of the privacy of both visitors and customers. So, one of the most important issues for us was the choice of the location of the servers.
In the last few months we have gradually moved our servers to Iceland. I want to explain how everything happened, and, most importantly, why. It was not an easy process and I would like to share our experience. There are some technical details in the article, which I tried to write in plain language, but I apologize if they are too technical.
Why move servers?
It all started with the fact that our site was added to
I wrote
[…] So if we continue to block good companies that respect user privacy, what's the point? I think it's wrong, you shouldn't put every company on the list just because it sends a request. […]
And received
Everyone agrees with you, but I don't want my requests going to an American company (in your case Digital Ocean […]
At first I did not like the answer, but in a discussion with the community, I was pointed out that he was right. The US government may indeed have access to our users' data. At the time, our servers were actually running Digital Ocean, they could just pull out our drive and read the data.
There is a technical solution to the problem. You can make a stolen (or disconnected for any reason) drive unusable for others. Full encryption will make it difficult to access in the absence of a key (note: the key is only for Simple Analytics). It is still possible to get small chunks of data by physically reading the server's RAM. The server cannot work without RAM, so you have to trust the hosting provider in this regard.
This got me thinking about where to move our servers.
New place
I started looking in this direction and came across a Wikipedia page with
In addition to this list, there is an alliance called
After that, we decided that we would not host in any of the countries from the list of “enemies of the Internet” and would definitely skip the countries from the 14 Eyes alliance. The fact of collective surveillance is enough to refuse to store our clients' data there.
Regarding Iceland, the above Wikipedia page states the following:
The Icelandic constitution forbids censorship, and there is a strong tradition of protecting freedom of expression that extends to the Internet. […]
Iceland
During the search for the best country in terms of privacy protection, Iceland appeared again and again. So I decided to study it carefully. Please keep in mind that I do not speak Icelandic, which may have missed important information.
According to the report
Iceland is not a member of the European Union, although it is part of the European Economic Area and has agreed to follow consumer protection and business law similar to that of other member states. This includes the Electronic Communications Act 81/2003, which introduced data retention requirements.
The law applies to telecommunications service providers and requires records to be kept for six months. It also states that companies can only release telecommunications information in criminal or public safety matters and that such information cannot be released to anyone other than the police or prosecutors.
Although Iceland generally follows the laws of the European Economic Area, it has its own approach to protecting privacy. For example, Icelandic law
Another benefit of moving to Iceland is the climate and location. Servers generate a lot of heat, and Reykjavik (Iceland's capital, where most data centers are located) has an average annual temperature of 4,67°C, so it's a great place to cool your servers. For every watt of server and network equipment running, proportionately very few watts are spent on cooling, lighting, and other overheads. In addition, Iceland is the world's largest producer of clean energy per capita and overall the largest producer of electricity per capita, with approximately 55 kWh per capita per year. For comparison, the EU average is less than 000 kWh. Most hosters in Iceland get 6000% of their electricity from renewable sources.
If you draw a straight line from San Francisco to Amsterdam, you will cross Iceland. Simple Analytics has a majority of its clients in the US and Europe, so it makes sense to choose this geographic location. Additional pluses in favor of Iceland are privacy laws and an environmental approach.
Server transfer
First, it was necessary to find a local hosting provider. There are quite a few of them, and it is really difficult to determine the best one. We didn't have the resources to try everyone, so we wrote some automated scripts (
However, in the course of this process, we encountered several obstacles. This part of the article is quite technical. Feel free to move on to the next one. When you have an encrypted server, it is unlocked with the private key. This key cannot be stored on the server itself, that is, it must be entered remotely when the server boots. Wait, what happens when you turn off the power? It turns out that all web page requests to the server will not be completed after a reboot?
That's why we added a primitive secondary server in front of the main server. It simply receives pageview requests and sends them directly to the main server. If the primary server has crashed, then the secondary server will store requests in its own database and will repeat them until it receives a response. Thus, there is no data loss after a power failure.
Let's get back to loading the server. When the encrypted main server boots up, we need to enter a password. But we don't want to go to Iceland or ask someone there to enter the server room, for obvious reasons. For remote access to the server, the secure SSH protocol is usually used. But this program is available only while the server or computer is running, and we need to connect before the server is fully loaded.
So we found
It took us a couple of weeks to move to a new server in Iceland, but we're glad we finally did it.
Keep only the data you need
At Simple Analytics, we live by the principle of “Keep only the data you need”, collecting the minimum amount of it.
Often used in web applications
We don't have delete_at fields 😉
It is important for customers to know what data is stored and what is deleted. When someone deletes their data,
Question: if you store only a minimum of sensitive data, why do you need all this protection and additional security?
Well, we want to be the best privacy-focused analytics company in the world. We will do our best to provide the best analytics tools without invading the privacy of your visitors. Even while protecting vast amounts of anonymized visitor information, we want to show that we take privacy very seriously.
What's next?
When we improved privacy, the loading speed of scripts embedded in web pages increased slightly. This makes sense because they used to be hosted on the CloudFlare CDN, which is a collection of servers around the world that speed up downloads for everyone. Right now we're thinking of putting up a very simple CDN with encrypted servers that will serve only our JavaScript and temporarily store web page requests before being sent to the main server in Iceland.
Source: habr.com