I tried building my startup entirely on European infrastructure. Here's the stack I landed on, what was harder than expected, and what you still can't avoid.
When I decided to build my startup on European infrastructure, I thought it would be a straightforward swap. Ditch AWS, pick some EU providers, done. How hard could it be?
Turns out: harder than expected. Not impossible, I did it, but nobody talks about the weird friction points you hit along the way. This is that post.
Why bother?
Data sovereignty, GDPR simplicity, not having your entire business dependent on three American hyperscalers, and honestly, a bit of stubbornness. I wanted to prove it could be done. The EU has real infrastructure companies building serious products. They deserve the traffic.
The stack
Here's what I landed on after a lot of trial, error, and migration headaches.
Hetzner handles the core compute. Load balancers, VMs, and S3-compatible object storage. The pricing is almost absurdly good compared to AWS, and the performance is solid. If you've never spun up a Hetzner box, you're overpaying for cloud compute.
Scaleway fills the gaps Hetzner doesn't cover. I use their Transactional Email (TEM) service, Container Registry, a second S3 bucket for specific workloads, their observability stack, and even their domain registrar. One provider, multiple services, it simplifies billing if nothing else.
Bunny.net is the unsung hero of this stack. CDN with distributed storage, DNS, image optimization, WAF, and DDoS protection, all from a company headquartered in Slovenia. Their edge network is genuinely impressive and their dashboard is a joy to use. Coming from Cloudflare, I felt at home rather quickly.
Nebius powers our AI inference. If you need GPU compute in Europe without sending requests to us-east-1, they're one of the few real options.
Hanko handles authentication and identity. A German provider that gives you passkeys, social logins, and user management without reaching for Auth0 or Clerk. More on this in the "can't avoid" section — it doesn't eliminate American dependencies entirely, but it keeps the auth layer European.
Self-hosting: Rancher, my beloved
This is where things get fun... and time-consuming. I self-host a surprising amount:
- Gitea for source control
- Plausible for privacy-friendly analytics
- Twenty CRM for customer management
- Infisical for secrets management
- Bugsink for error tracking
All running on Kubernetes, with Rancher as the glue keeping the whole cluster sane.
Is self-hosting more work than SaaS? Obviously. But it means my data stays exactly where I put it, and I'm not at the mercy of a provider's pricing changes or acquisition drama.
For email, Tutanota keeps things encrypted and European. UptimeRobot watches the monitors so I can sleep.
Transactional email with competitive pricing. This one surprised me. Sendgrid, Postmark, Mailgun, they all make it trivially easy and reasonably cheap.
The EU options exist, but finding one that matches on deliverability, pricing, and developer experience took real effort. Scaleway's TEM works, but the ecosystem is thinner. Fewer templates, fewer integrations, less community knowledge to lean on when something goes wrong.
Leaving GitHub. If you live in GitHub's ecosystem Actions, Issues, code review workflows, the social graph... walking away feels like leaving a city you've lived in for a decade. You know where everything is. Gitea is actually excellent, and I'd recommend it without hesitation for the core git experience. But you'll miss the ecosystem. CI/CD pipelines need to be rebuilt. Integrations you took for granted don't exist. The muscle memory of gh pr create takes a while to unwire.
Domain TLD pricing. This one is just baffling. Certain TLDs cost significantly more when purchased through European registrars. I'm talking 2-3x markups on extensions that are cheap everywhere else. I never got a satisfying explanation for why. If anyone knows, I'm genuinely curious.
What you realistically can't avoid
Here's the honest part. Some things are American and you just have to accept it:
Google Ads and Apple's Developer Program. If you want to acquire users and distribute a mobile app, you're paying the toll to Mountain View and Cupertino. There is no European alternative to the App Store or Play Store. This is just the cost of doing business.
Social logins. Your users expect "Sign in with Google" and "Sign in with Apple."
You can add email/password and passkeys, but removing social logins entirely is a conversion killer. Every one of those auth flows hits American servers. The silver lining: Hanko, a German identity provider, handles the auth layer itself, so at least your user management and session handling stay in Europe, even if the OAuth flow touches Google or Apple.
AI. If you want Claude, and I very much want Claude, that's Anthropic, that's the US.
The EU AI ecosystem is growing, but for frontier models, the options are mostly American. You can run open-weight models on European inference providers, but if you want Claude, you're making a transatlantic API call.
Was it worth it?
Yes, with caveats. My infrastructure costs are lower than they'd be on AWS. My data residency story is clean. I understand my stack deeply because I had to ... there's no "just click the AWS button" escape hatch.
But it took longer than I expected. Every service I self-host is a service I maintain.
Every EU provider I chose has a smaller community, thinner docs, and fewer Stack Overflow (or Claude) answers when things break at 2 AM.
If you're thinking about doing this: go in with your eyes open. The EU infrastructure ecosystem is real and maturing fast. But "Made in EU" is still a choice you have to actively make, not one you can passively fall into. The defaults of the tech industry pull you west across the Atlantic, and swimming against that current takes effort.
It's effort worth spending. But it is effort.
If you curious to see the finished product, here it is: hank.parts.
Read the original article
Comments
Great post, I did a similar switch mid last year.
Hetzner was something I already used, so I just doubled down. I have a single OVH instance where I ma playing with Openclaw, but that was because I was having issues with Hetzner that day on their new instance page (was fixed the next day)
I use Bunny for my CDN, I just wish they have the capabilityt to route IPv4 and IPv6 traffic to IPv6 only origins. If your origin doesn't have IPv4, it wont route IPv4 to an IPv6 origin. Something Cloudflare could do. Still a shame its not a high priority.
For Domains, I am still on porkbun, but i have like 20 domains, and moving them to EU registrars would be pricey. I will do it, just not looking forward to it. Also there are few registrars tht handle all the TLDs i have, nothing like Porkbun. I use dot.bs to optimize my registrars and keep track of them.
I self-host a lot, but I haven't done github. I have a Forgejo instance with working CI/CD, but there are some painpoints mirroring 100s of repos and updating PATs. Also I minimize how much critical infra I host. I do it as my day job. Don't want to do it so much at home, and I still do some between NAS and self-hosted services I do run.
I do plan to try out Hanko and Nebius, those sound good. and Hit up scaleway to see if there is stuff I want to use there. I know Scaleway can be pricey.
By throwaway772549 2026-02-2011:442 reply How has your experience with Bunny been? I'm quite split on it.
I used to work for a business in a pretty competitive area, where tactics like fake DMCA requests and abuse cases are routinely used to attempt to take down information, be it from Google, or from the CDN/hosting provider. While at first Bunny support seemed understanding of it, later they unceremoniously blocked the account on the basis of too many complaints having been filed, despite all of them being responded to in due time and being proven false.
OTOH, their support staff would respond lightning-fast, which was a breath of fresh air compared to other CDNs we used before.
I could see myself using Bunny for personal projects, or some non-vital business, but probably not for anything with lots of competition.
By Daegalus 2026-02-2015:35 To be honest, it's been flawless but since I mostly use it for personal or self hosting, I haven't had or deal with your situation. I have had to contact support and they are very fast.
I also use it to hide and protect my hetzner server.
It works well. My only gripe is the ipv6 thing
it's a super cheap "CDN" that runs on Hetzner and random hosts or their colo, it's not as proper as the other ones.
for anything DMCA heavy maybe just buying dedicated servers or something instead could work?
By throwaway772549 2026-02-2014:331 reply We used to expose the dedicated servers directly (i.e. no CDN at all), and while that was fine latency-wise, the lack of DDoS protection was really the limiting factor. E.g. Hetzner will just blackhole your subnet if you get DDoSed.
It feels rather unviable nowadays to run a business without some CDN/DDoS protection service in front of your website.
By r_lee 2026-02-2017:53 yeah, but dealing with DDoS is easier in terms of DMCA unlike with CDNs because it's you hosting it, not the service provider (this is how Cloudflare avoids DMCA when you cache with them iirc)
so if you can just find a good dedicated server provider that won't cut you off, maybe that's a potential solution?
just my 2 cents though
By jonathantf2 2026-02-2019:251 reply they use datapacket/cdn77, no?
By r_lee 2026-02-215:42 they run on a blend of everything depending on the region from my experience. Hetzner is one of the providers they use
By chias 2026-02-239:17 From a practical standpoint, would you consider "Google Germany GmbH" to essentially be just a reference to Google, beholden to everything that matters to Alphabet headquartered in the United States?
If so, Nebius is just a fancy name for Yandex, beholden to everything that matters to Yandex LLC headquartered in Russia. They just chose a distinctly different name, presumably to avoid the association. When we were doing a deep-dive into cloud GPU providers, legal counsel veto'd them for this reason.
Like the author, we self-host our git repos at work with Gitea, and it's working very well and brings a rather large set of features you'd expect from a GH alternative.
A great thing is that it's almost fully compatible with Github actions, so migrating an existing CI/CD should not be too painful. If you plan to move, make sure to read this first: https://docs.gitea.com/usage/actions/comparison#missing-feat...
For sure, it requires a bit of maintenance, mainly for updates, but that's all.
By huijzer 2026-02-2014:13 Same can be said for Forgejo but then it’s not VC backed
By rhdunn 2026-02-2017:57 I'm using gitolite + cgit for local repositories. I tried Gitea for a while but didn't like the forced user/repo flat structure inherited from being a GitHub clone, and didn't need the additional features that Gitea/Forgejo provide.
For CDN, you can try CDN77, they have servers all around the world. No affil, just they are based in Europe (Prague) :)
Right now, I would only switch from Bunny if they allow IPv6-only origin servers and route IPv4 traffic to it.
Also no pricing and a "Talk to sales" only link. Which usually means super expensive, or B2B only. I pay like 10 cents a month on Bunny something
By wolfhumble 2026-02-2016:30 > For Domains, I am still on porkbun, but i have like 20 domains, and moving them to EU registrars would be pricey. I will do it, just not looking forward to it. Also there are few registrars tht handle all the TLDs i have, nothing like Porkbun.
For .com domains, if the rationale is data sovereignty, GDPR simplicity, avoiding dependence on a handful of American hyperscalers, then from an operational standpoint I don’t see much value in using European-based registrars. Ultimately, these domains remain under U.S. control regardless. If the focus is 'stubbornness' [one of the points in the article], then of course you have other priorities.
Personally I am all for data sovereignty etc, but very seldom for country boycotts.
For domains i find Openprovider.eu is pretty cheap imo, especially if you have a lot and buy in a package it is nearly costprice. Their DNS isn't great though, good enough for personal projects but not for business, would set that somewhere else.
Hmm, seems the good prices is only if you subscribe to their subscription. 5 euro a month or 50 euro a year, then the prices get slashed. Othewise their prices are expensive.
Yes, comparing to Porkbun for .com and .net, it looks like you'd need at least around 10 domains before it became cost effective (the .org price there says it is time limited and I think does not reflect recent .org price increases).
There's also the matter that, ethically, openprovider seems to be heavily focusing on domain name speculators as clients; that may be a business many people would not want to support, and their services for people actually using their domains may be poor.
By jhogervorst 2026-02-2020:44 > There's also the matter that, ethically, openprovider seems to be heavily focusing on domain name speculators as clients
Do you have more info about that? I'm a customer of them and didn't know this.
I actually noticed that quite a lot of (smaller) hosting providers are also customers of Openprovider. (When transferring some domains from other providers to my account as Openprovider, they turned out to be internal transfers.) So I'm a bit surprised about it.
By locknitpicker 2026-02-219:23 > For domains i find Openprovider.eu is pretty cheap imo
A quick check of their pricing refutes your claim. They do list cheap domains, but it's due to promotional discounts on the first registration that they follow by charging a huge markup in renewal fees.
Case in point, I have a few domains that I have been paying namecheap peanuts to maintain, and the same domains are listed in openprovider.eu to cost between 5 and 10x as much to renew.
By jhogervorst 2026-02-2020:391 reply Agree! If you have a number of domains and can justify a membership, they Openprovider (NL) is a good option.
Some foreign extensions are quite expensive though. I happened to be looking into that yesterday, and Netim (FR) seems to be a good option for that. For the two extensions I need, they were among the cheapest with renewals.
By locknitpicker 2026-02-219:27 > Some foreign extensions are quite expensive though.
It's not just foreign domains that are expensive. A quick check showed openprovider charges double of what other providers charge for .nl domains, and the same applies for other european TLDs, even .eu.
By indigodaddy 2026-02-2014:222 reply Why do you need to move from Porkbun though? I don't get it.
Porkbun is based in Portland, Oregon, USA. I'm trying to move my infra to EU only stuff.
It was fine when I lived near Bellevue, Washington. And I did live 30 years in the US but I want to divest myself from that shitshow.
By indigodaddy 2026-02-2019:371 reply Right, I guess it only makes a difference if you use their DNS? Otherwise, registrar being in US vs EU makes zero difference in terms of speed/latency etc. Is this just an ethical or political thing that you want to be out of USA?
By Daegalus 2026-02-2021:25 Mostly political, the other stuff makes more sense, domains are mostly a nice to have.
And for .com, .org, and .net those are owned by ICANN which is US controlled anyway.
By 0123456789ABCDE 2026-02-2015:18 gp, like OP, are moving away from USA based infrastructure.
you ca see this on the footer of porkbun.com:
> Made in the USA
How does dot.bs make money? The about page and FAQ don’t explain what they’re monetizing.
Why would it need to make money, it's just a registry of information and a small about page with a list of entries. It probably runs on sqlite on a single $5 VM. Or a single db.
Other than that, maybe ads
By matteocontrini 2026-02-218:521 reply Because they also offer free DNS and email. There are no ads.
By Daegalus 2026-02-2118:36 It looks like DNS is just shared CloudDNS, and email is limited. From the FAQ:
How reliable is dot.bs DNS hosting?
dot.bs is backed by ClouDNS. ClouDNS serves over two billion DNS queries per day, so I can confidently say your DNS is in good hands.
Do I really get free email?
Yes! In order to make this possible, there are some limitations. A maximum of 5 email accounts per domain (unlimited domains) A maximum of 5 outgoing emails per hour, per account (to prevent spammers) A maximum of 75 MB storage per account If these limits are a problem for you, please reach out and we can figure something out.
By rrr_oh_man 2026-02-209:51 No. This is not true. Hetzner is fully owned by a German company.
https://www.northdata.de/Hetzner+Online+GmbH,+Gunzenhausen/A...
And it wasn't true in 2022.
By willy__ 2026-02-209:38 Do you have a source for this? First time I am hearing about that one. The German hosting CEO circle is pretty intimate and I gathered that Martin Hetzner is still around.
By palata 2026-02-209:51 Pretty sure this is wrong. On their website [1], the "about us" page mentions a GmbH and an Oy
- Hetzner Online GmbH, Germany
- Hetzner Finland Oy, Finland
By notsylver 2026-02-209:46 You might be confused with their new-ish US datacenter? Hetzner is still European-owned.
By ahartmetz 2026-02-209:41 I don't find anything about that - I think it's not true.
By Daegalus 2026-02-209:42 Uhh, can I get a source on this? I can not find a single mention of this anywhere and it seems the company is still independent and German.
By Aldipower 2026-02-209:56 This is simply incorrect.
By rollulus 2026-02-209:46 [citation needed]
Thank you for this. I'm in Europe with an established SaaS that's been running in production for years and I've converged on a similar stack (OVHCloud instead of Hetzner). However, I've realized you can stay sovereign and independent in any jurisdiction (not just Europe) just by simplifying your stack and running a few baremetal servers in-house.
Just buy a few Mac Studios and run them in-house with power supply backup and networking redundancy and you're good to go to serve more than 10k - 100k requests/second which is good enough to serve a million customers. You don't need VMs: a single Mac Studio gets you 2–4x the power of m7i.2xlarge on AWS, and pays for itself within a few months of AWS bills. You can do local AI inference and get Claude Opus-level performance (Kimi K2.5) over a cluster of Mac Studios with Exo.Labs (an unofficial Apple partner). You get free S3-compatible object storage with zero ongoing storage costs with MinIO (yes it's redundant even if you lose a server, and your hosting provider can't hold your data hostage by charging for egress). Postgres runs like a beast and is incredibly easy to setup - you get zero latency DB because it runs on the same machine, has access to lots of RAM and you're not paying per-GB or per-core. Managed databases are a scam. You don't need an Auth provider, just do passkeys yourself. And the great thing about Apple Silicon hardware is that it is amazingly quiet, reliable, and efficient - you can do thing like run headless browsers 3x faster and cheaper than on standard server hardware because of the unified memory and GPU acceleration, so you're not paying for CI/CD compute by-the-minute or headless browsers either.
This entire stack could give you computing power equivalent to a 25k euro/month AWS bill for the cost of electricity (same electricity cost as running a few fridges 24/7) plus about 50k euros one-time to set it up (about 4 Mac Studios). And yes, it's redundant, scalable, and even faster (in terms of per-request latency) than standard AWS/GCP cloud bloat. Not only is it cheaper and you own everything, but your app will work faster because all services are local (DB, Redis cache, SSD, etc.) without any VM overhead, shared cores, or noisy neighbours.
> Managed databases are a scam.
I, too, once believed this. Then I had the displeasure of watching a $10,000 server fail during Christmas travel (about 20 years ago now). A single RAID drive failed. Then, during the rebuild, a second drive failed. Then the RAID controller itself failed catastrophically, losing all the RAID volume metadata. When we restored from backup, we discovered that the sysadmin who had just quit a few weeks before had lied to us about the backup system, and we had no backups.
This is the sort of black swan event that happens every 5-10 years. It's an unusually bad event, even by black swan standards, but stuff like this happens.
The fundamental problem of self-hosted databases is that you test the happy path every day, but you only test true disaster recovery every 5-10 years. And in practice, this means that disaster recovery will usually fail.
With a managed database service, most of what you're paying goes to making sure that disaster recovery works. And in my experience, it does. I've seen RDS database servers fail catastrophically, and completely rebuild in under 15 minutes with virtually no data loss, with almost no human intervention at all.
If you care about your customers' data, I think that a reputable managed database is the right move until roughly the point that you can pay for a full time database administrator. At that point, sure, roll your own. But do regular disaster recovery tests, lest you discover that a recently departed DBA has been lying to you.
By znnajdla 2026-02-2014:21 Yeah but even with managed database services you don't know if your provider has invested into proper testing of their recovery so you have to test it anyway. Major services like DigitalOcean have been known to shit the bed with your backups. If you don't test your backup recovery, you don't know if you're screwed even if you're paying for "managed" services.
I test my backup recovery several times a month by actually baking into our CI/CD workflow under certain conditions. The entire production database gets restored from backup every week.
By throwaway063_1 2026-02-2015:18 What about a hybrid approach?
You could use a managed db service as a live replica dedicated as a backup only. The queries would go to your local database on beefy hardware, while the replica would just have to be powerful enough to keep up with the WAL stream.
By yobbo 2026-02-218:22 Yes, but a complete hardware mirror is only 2x the original cap. investment.
If bandwidth allows, you could even have local mirror in your office.
Thanks for the post. How do you currently deal with HD failures/redundancy? That’s my main concern leaving a managed database provider.
I've designed our app so that there are only two stateful services that matter: Database and Disk. Everything else is cattle, you can shut down or spin up new instances and the load balancer redirects requests with no impact. Making Postgres redundant is a matter of careful configuration with PGBouncer + HAProxy + Patroni. However for a long time we had a much simpler setup: just restore a new database from backup on a new machine if the main one failed (one-time simple script run manually - not automatic, means a little bit of downtime if there's a failure, but it worked). Or you could use CockroachDB. Making disk redundant: just use MinIO for S3-like disk (that's also where DB backups are stored). You can lose up to 2 out 4 of your servers and you lose nothing.
With this setup if 1 or 2 Mac Studios fail (or need to be restarted for updates) everything just keeps running smoothly with no customer impact. It also helps that the app itself is on the Elixir BEAM (Phoenix) so everything "just works" across all machines.
By magicalhippo 2026-02-2010:54 Do note MinIO is deprecated and no longer maintained, discussed here[1]. There are plenty of alternatives though, most mentioned in the referenced submission.
By ffsm8 2026-02-2010:51 MinIO was a previously open source blob store. It's pretty old, it was basically created right around the time S3 took off.
You should probably reconsider going with it in 2026 unless you're fine with their new (non -opensource) offering. It still has a "free" license, so it might still be an option depending on your priorities.
But there are alternatives around, some being arguably much easier to run/maintain for small deployments like this.
By La-Douceur 2026-02-2221:56 When you say "baremetal servers in-house", are you talking about colocation in a european cloud provider like Hetzner, or are you talking about actually self hosting at home in your garage like some hobbyist do ?
If you're talking about self hosting in your garage, I wonder how you handle networking, I mean, even if you have a good optic fiber with 1 or 10gbps, if you start getting real significant traffic, wouldn't you end up getting emails from your provider asking you why you are using 10000x more bandwith than your neighbors, and eventually be cut off ?
By fauigerzigerk 2026-02-2010:491 reply >However, I've realized you can stay sovereign and independent in any jurisdiction (not just Europe) just by simplifying your stack and running a few baremetal servers in-house.
Only if you have physical offices and staff in every jurisdiction you're serving.
Presumably you have a home where you live? That's your physical office. And no you don't need a presence in every jurisdiction you serve. Visa payment network serves the world from the US.
By fauigerzigerk 2026-02-2011:061 reply >Presumably you have a home where you live?
Yes, but not where my customers live. The whole point of "sovereignty" is to serve customers from a location that is bound by the laws of _their_ jurisdiction, not mine.
But for that it does not matter that much where the servers are located, more where the company controlling them is located.
By fauigerzigerk 2026-02-2012:15 There are quite a few factors that matter. The place where data processing and storage takes place is one of them.
It matters who can physically take control of the servers. It matters where the encryption keys are stored. The storage and processing location also matters for compliance with data residency laws.
But it's not the only thing I mentioned. Having physical offices and staff in a jurisdiction usually goes along with setting up some sort of legal and taxable entity that has personally responsible directors.
The whole issue is very complicated.
You say no VMs and are using Apple hardware. Are you running this all directly on macOS?
By znnajdla 2026-02-2015:01 Yes, except for one HAProxy server. The setup I described isn't fully in production yet, but my testing confirms it works. We've been running for years on one single baremetal server on Hetzner/OVH though. And macOS makes sense for one of our main workloads (headless browser agents). Much better than browser-in-linux-docker for many reasons.
> Just buy a few Mac Studios and run them in-house
I fail to see the point of this when the system you've to decided to run "yourself" is entirely owned and dependent on another American company.
I’m not anti American, that’s not the main point of my setup. The main point is I want to own it, not rent it. Apple doesn’t control my production setup after it’s in my hands. Macs from 10 years ago still work.
> Apple doesn’t control my production setup
By mort96 2026-02-2012:00 I imagine these Mac Minis aren't logged in to an Apple ID. Unlike Microsoft, Apple doesn't force you to connect your hardware to their cloud.
You can setup a Mac without an Apple ID. To be honest iCloud is garbage. Almost all Mac App Store apps are available without the App Store.
By adamas 2026-02-2013:12 And I don't see an advantage to have an Apple ID setup if you want a Mac Mini Server. All things you might need are downloable through brew.
By iririririr 2026-02-2013:51 I remember having a garbge Apple id just to use xcode. Back when I was desperate enough to work from a company that only issued macbooks.
It has the standard property of ownership: nothing gets turned off without YOUR permission, or at minimum legal proceedings in the area where you are located.
By petcat 2026-02-2013:29 I'm not aware of any standard of property ownership with regard to Mac OS, Windows or any other proprietary software. The end user is granted a license to use the software. That license can be revoked at any time for any reason.
By carlosjobim 2026-02-2012:241 reply Where is your all-European made computer, then?
On that subject, I'd be curious to see any computer that's not mostly made in Asia.
HP makes them, so does Dell. They cost a bit extra, but essentially the whole Federal government runs on nothing else.
The difference between EU and US is that it's possible to make all components in the US, using US equipment, and so some companies do because it commands a pretty decent premium. It's not even that hard since most components (e.g. reference motherboard designs) are still designed and actually built in the US. China still really mostly does what you might politely call "commercializes US tech". And let's not discuss too deeply if they correctly pay licensing for all the components they make, because nobody enjoys that discussion.
And yep, as you might expect, only Intel chips, no Nvidia cards ... and that's not the end of the limitations. The previous version had no USB-C monitor support, never mind one USB-C cable to multiple monitors, but last year intel really pushed a bit harder. But even this year, I'd hope you're not going to be trying to use these machines for gaming.
The EU can't even make a modern motherboard's USB port chip.
Oh and yes, there are cracks in the US version too. The phones used, for example, are iPhones. Radio designed in South Korea ...
By vanviegen 2026-02-2016:41 I'm rather curious where in the US HP and Dell source, let's say, their displays?
And while many (but certainly not all) of the other components could be made in the US, it's expensive and capacity is limited. So even the likes of HP and Dell have most of it done in Asia. Even Intel chips generally pass through Asia for assembly and testing, and their modern CPU tiles are likely to include TSMC-fabricated components.
All this is to say: the US is not tech independent (unless ancient tech counts). No single country is.
Though if you're just trying to say that the EU is significantly more tech-dependent than the US then I agree of course.
> The difference between EU and US is that it's possible to make all components in the US, using US equipment
False. ASML is in the EU.
The most technologically critical component of ASML's EUV lithography machines (the EUV light source) is designed, developed, and manufactured in California by Cymer.
The US doesn't need ASML.
Right, ASML is so replaceable that the US forces the Dutch government to put export controls on some of their machines.
There's no substitute in the world for the top tier machines ASML makes.
By petcat 2026-02-2019:18 > forces the Dutch government to put export controls on some of their machines
That's because the critical EUV light source technology is developed in California by a US-based subsidiary of ASML. The US and EU have mutual interest in protecting the technology and machines. If export control agreements were not in place then ASML would have never been permitted to acquire Cymer. And if they are not enforced then the US would almost certainly require ASML to sell Cymer back to US ownership, TikTok-style.
By jrmg 2026-02-2014:56 Can you point to the models that are entirely made in the USA?
I’m having trouble searching for this - but all the top results seem to be SEO or AI slop, so perhaps I’m just not finding them.
Great post, and interesting setup - harkens to days of old, when this was simply how things were done in the first place - but one question that I have, apropos:
>.. serve more than 10k - 100k requests/second which is good enough to serve a million customers.
What is your network connectivity like for this setup? Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?
By znnajdla 2026-02-2011:55 Gigabit fiber with static IP for about 40 EUR per month. I plan to make it redundant with a second gigabit fiber connection from a different provider but haven’t done that yet.
By swiftcoder 2026-02-2011:042 reply > Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?
That is not really a rarity these days. I have symmetrical gigabit fibre with a fixed IP here in a Spanish farmhouse 45 minutes from the nearest population centre
By zelphirkalt 2026-02-2012:231 reply In some countries and with some ISPs, you cannot get a fixed IP address at all, unless you register a business and prove to the ISP that you are running a business. I am guessing they will bill you accordingly then, and still have the same shoddy connectivity. I have seen shoddy connectivity with Pyür in Germany for a whole office building. Even as a business you are not immune to bad ISPs.
By swiftcoder 2026-02-2013:00 I guess Spain benefits from having a former national telecom. Movistar charges me a (outrageous by local standards) €30/month for a static IP on my residential fibre
Most of those business connections come with actual SLAs though that you don't have.
By swiftcoder 2026-02-2022:02 No SLA in the world is going to help in a rural area, when a winter storm brings a tree down on the fibre :D
But they offer the exact same specs to business customers in the nearby town. I appreciate Spain is well ahead of most other countries on connectivity, but I can't picture gigabit + static IP being a dealbreaker in most of Western Europe
By piltdownman 2026-02-2010:421 reply How do you handle anti-DDOS, zero-trust and WAF duties to a cloudflare-esque equivalency (e.g. a reverse-proxy style setup)?
While I definitely concur with your conclusions re VMs and GCP hosting overhead, did you benchmark a container based setup in GKE or similar?
By znnajdla 2026-02-2010:44 For now we still use Cloudflare. Considering bunny.net after reading this OPs post.
By dd_xplore 2026-02-2011:01 I have been self hosting since couple of years, yes I got very very interested in self hosting my apps, away from the cloud overlords, but the major issue is the network.
You'll need business internet plans with redundancy and based on locations that might be prohibitively expensive. Some startups might even require their own AS numbers.
Also the connectivity to the data centers or cloud infra like WAF , CDNs etc will be definitely worse compared to cloud instances. Then comes firewalls, their configuration and their redundancy.
These things will matter if you're serious about your SaaS.You could definitely co-locate, but that's another cost, then comes the redundancy of everything, from servers, to disks to network (routers and switches etc).
I personally believe that modern hardware is pretty reliable and doesn't need redundancy in every layer, but most people won't agree with and when startups have enough money, this doesn't matter to them.
I think the only reason the common public is unable to start SaaS is handling and managing these problems. Redundancy costs a lot. And many startups don't want to deal with it even if it'll help them in long run. They just gather enough cash and throw at the overlords.
I do hope that the general infra should improve so that can properly host their own.
Nevertheless I'm still trying to start something in SaaS space and self host from my home...
Are you actually using Exo for local clustered AI inference? I’ve considered it a few times and keep finding horror stories. Never seen someone report it’s actually working well for them.
By znnajdla 2026-02-2012:04 No not yet. Planning to. But Qwen3 Coder Next 4bit runs decently well with LM Studio on my M3 Max with 96 GB RAM (50 tok/s at low context).
By potamic 2026-02-2016:11 > You can do local AI inference and get Claude Opus-level performance (Kimi K2.5) over a cluster of Mac Studios with Exo.Labs
Does it do distributed inference? What kinda token speeds do you get?
By amunozo 2026-02-2015:24 I have no idea how to setup something like this. How hard is to hire somebody competent enough to set a system like this in-house?
By swiftcoder 2026-02-2011:021 reply What does your networking redundancy setup look like?
By znnajdla 2026-02-2011:52 Got lucky that we have a good personal relationship with our small local ISP and I trust they handle that for us. In the future I want to make it redundant by getting a second gigabit fibre connection.
Ah yes, MinIO, that open source S3 alternative that got archived last week. To me that's the biggest problem when self-hosting services. On day to day operations, some times it just breaks and the time to get it back varies from a couple of hours to a couple of days. And for the longer term you regularly have to upgrade things yourself which takes time and energy and is stressing for stateful deployment. And then you have it, at some point maintainers are just exhausted and the project is gone.
You can still selfhost MinIO you just have to pay. You also pay for software when renting a cloud service so this seems similar.
By tecleandor 2026-02-2011:431 reply But, as far as I can see in their site, the price for MinIO AIStor isn't even public, you have to "Request Pricing". And that's never a good sign.
Well MinIO has some weird quirks but I wanted to point out that "open source and free" and "self hosting" are not the same.
MinIO took away the source, not the self hosting.
By tecleandor 2026-02-211:231 reply But the free self hosting is only for single node, isn't it? Not fit for high availability. And the process for the rest aren't public.
By tecleandor 2026-02-2115:59 With "process" I meant "pricing".
By amluto 2026-02-2023:21 I’ve been contemplating a versitygw deployment. Unlike the other host-your-own-S3 options, it doesn’t own your data - the data is just files.
> Your users expect "Sign in with Google" and "Sign in with Apple." You can add email/password and passkeys, but removing social logins entirely is a conversion killer.
I know this is true, but I genuinely don't understand it. I want email/password and passkey, I will always go out of my way to avoid "Sign in with ...". I just don't get why people love this.
By williamdclt 2026-02-2010:104 reply You really don't? It's just a ton easier for most users: it's (almost) like already having an account. Just click a couple times and you're in, no typing at all, no email confirmation or anything like that.
I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?) and I know how to use a password manager, but I easily understand how 90-99% of the population doesn't care enough and goes the low-friction route.
By yuppiepuppie 2026-02-2011:23 Not to mention that B2B SaaS needs to provide the login methods that their customers need for their operations, and these typically rely on Google, Microsoft, Okta, etc.
I work on auth for a European startup and this is the case.
By advisedwang 2026-02-2017:441 reply > I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?)
Most if the "sign-in with google" accounts I have seen treat it as a shortcut to creating and logging in with an account with the primary email address of the Google account. So you can hit "reset password" and get a conventional password log-in to an account you previously made with the Google auth. If you get locked out of google, it's NBD.
Of course, this is probably not universally the case.
Does Google even let you create an account without Gmail anymore?
By advisedwang 2026-02-2021:30 Yes. There is a "Use your existing email address" button in the create account dialog.
That users choose to link their account to Google when they can does not surprise me.
What surprises me is that if they cannot do it, they will just leave. The post says it is a "conversion killer".
By bdcravens 2026-02-2013:02 It's not so much that they'll leave, as much as some percentage will abandon during the signup flow. I know somewhere out there are statistics on those who have to click a link in an email only to get distracted by other emails, to say nothing of the time to fill out forms, create a password, save to password manager, open your 2FA app for the more advanced users, etc.
By Mawr 2026-02-2018:13 The higher the friction, the lower the probability of conversion. E.g. Amazon famously found every 100ms of latency costs them 1% in sales.
At its most simplified, this can be thought of as a simple function of time — the more time something requires, the higher chance something else happens during that time, invalidating the original task.
The best sign-in flow is none at all — that's what e.g. Discord does. They let you use the app immediately, with an automatically created provisional account. Amazing user experience.
This applies universally — convenience is everything.
Passkey signup could be almost as easy. Type email address, click register, invoke WebAuthn flow (which is no more complex than social registration), done. Maybe you need email address validation for some reason, in which case it’s a wee bit more complex. Ideally there would never even be an option to make a password unless passkeys are unavailable.
> Ideally there would never even be an option to make a password unless passkeys are unavailable.
I like passkeys, but ideally it should always be an option to make a password, too.
By amluto 2026-02-2116:17 Sure, and there’s a UI for rejecting passkey enrollment. I’m just saying that there’s no need for anywhere near as many clicks to enroll a passkey as are often needed.
I assume your circle is mostly tech people? Outside that bubble, it's pretty obvious. People just want easy, don't understand security in many cases, it's the simplest path.
Even absent the above. Imagine a signup flow. I can either click <Sign Up With Google> or I can go through a manual flow with input fields. The former is much faster than the latter. It surprises you people choose the path of least resistance?
It does not surprise me that people choose the path of least resistance. I find it sad that they happily connect everything to Google/Apple.
What surprises me is that it is a "conversion killer". So if you ask people to create an account, it's sooooo very hard for them that they will just leave. And spend the next 30 minutes scrolling TikTok, I guess?
By touristtam 2026-02-2013:291 reply How many services do you have subscribed to? from simple PHPBB boards to very much official product and online shops? How do you manage all those username/password? The single point of failure of relying on Google/Apple is real, but so is the manual and laborious process to auth via email/password and the managment that goes with it.
I have 400 entries in my password manager. I manage them with my password manager. There is no single point of failure.
By palata 2026-02-2021:14 How do you mean that?
Each password is a PGP-encrypted file, encrypted to security keys. The files are backed up in different places, including my laptop and my phone. The password manager app runs offline, so it has no reason to suddenly fail, but even if it did, my passwords are just encrypted with PGP, so I will never be "locked out".
I find it very unlikely that it would get compromised: again it's encrypted to security keys. If my device is compromised, the attacker can extract the passwords that I decrypt while the attacker has control, but not the whole database.
To lose my passwords, I would need to simultaneously lose all the copies (on my devices, and on the cloud). To lose access to my passwords, I would need to simultaneously lose all security keys.
Doesn't feel like a single point of failure. Or do I misunderstand what you mean by that?
By inquirerGeneral 2026-02-2016:21 [dead]
By snayan 2026-02-2013:20 It definitely surprised me just how lazy humans are on average. The amount of effort people are willing to exert on sign ups, etc... The drop off with each additional field blew my mind.
Probably suggests that the service is less valuable to them than TikTok.
You'd be surprised. I've worked on a municipal/local-area webapp that launched with auth and a create-account form. Userbase in the low 100ks, a few interactions a year. It was an ordinary create-account form: name, address, email/phone, no payment info or government ID. The only alternative to this service--and I do mean only--was to go into a city office and wait in line/fill out forms. Failure to do either resulted in a fine (I forget how much; in USD it would have been less than $50 I'm pretty sure).
Before we added SSO, huge numbers of users would enter but never complete the signup flow. We assumed they were making the (baffling) choice to take time to go to an office and wait inline over filling out a web form. A year later, we added Google and Facebook login. Failures to finish signup dropped to almost zero (a lot of folks were still bailing out of the manual create-account form without finishing, but they were then falling back to Google/Facebook).
More surprising, that year the net number of signups (across web and brick and mortar) more than tripled.
People weren't choosing in-person over a filling out the create-account form. They were choosing to pay a fine instead of filling out the create-account form.
So ... I don't know about "less valuable than TikTok", but a lot of folks' decisionmaking sure is wild.
By palata 2026-02-2021:16 This is a wild story! Thanks for sharing.
People usually have either one or the other account already, because it came with their smartphone. It is friction less from their point of view.
Sure, but what the post says is not that they will go for the easier path. It says that if they don't get to link their account go Google/Apple, they will completely give up (it is a "conversion killer").
By willy__ 2026-02-2012:06 Well.. it's the flip side of those social logins being known and proven conversion boosters. If you actively decide against them, you are losing a low effort tool to boost your CR.
HN is going to skew towards people with password managers & concerns about vendors locking you out. I think most people just want low friction - be that 'Sign in with', or passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)
By lII1lIlI11ll 2026-02-2013:081 reply > passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)
How is this low friction to manually copy/paste a code from email as opposed to allow a password manager to log me in automatically?! This kind of authentication is the stupid current trend I hate the most TBH.
By palata 2026-02-2014:38 Towards people with password managers, or towards people who want to have the freedom to choose how they log in? I also hate those damn login emails.
By lII1lIlI11ll 2026-02-2014:241 reply But everyone has a password manager now. They come builtin to all major browsers, Apple ecosystem, etc. My non-technical girlfriend uses one.
Yeah, and I support anything that makes security by default easier. I'd love to see adoption numbers for in-browser password managers, though, because I feel it's not very high yet.
> I'd love to see adoption numbers for in-browser password managers, though, because I feel it's not very high yet.
Why specifically in-browser?
Because without that the argument of "everyone has a password manager" fails. Tons of people don't have 1Password or Bitwarden or Lastpass or KeypassXC or whatever.
So sure, they might technically have a password manager installed, in that every major browser has a password manager included. But do they actually use it? That's what really matters.
By rithdmc 2026-02-2017:16 Yeah, this is why. "in-browser" was unclear when I also meant the iOS ecosystem password manager and stuff.
I'm not sure non-technical people have a good understanding of or experience with password less email login either. While doing tech support I've seen people get very confused at the need to open another app to login in or the fact that they're now logged in in the webview of their email app and not logged in in the app or browser they had been using (especially if the first thing that web view does is pop up a giant "try the app" modal)
By rithdmc 2026-02-2011:35 I can't stand the 'use the app' nag modals!
Thanks for your insight. Outside of being a consumer, and as a security engineer one who appreciates things like passwordless, my experience comes from my employers passwordless rollout. The sentiment is broadly positive, but we would veer to a technical user base, and sentiment misses the nuance you brought up.
By jlokier 2026-02-2013:18 Something I didn't see in the other comments is users who are using the startup's service for work, as an employee.
Why wouldn't you choose the simplicity of "sign in with Google" if your work email is on Google Workspace, using the entire Google suite of business tools for everything (gmail, chat, meet, docs, drive, auth, etc) any everything you do at work is known to Google anyway?
Making an email/password account with your work Gmail is just extra steps, one more password to store, and perhaps the inconvenience of one more 2FA thing. Google gets the same information either way.
Similarly why wouldn't you choose the "sign in Microsoft" if your work is all in on the Microsoft suite of business tools (teams, office, onedrive, auth, etc.) and everything you do at work is known to Microsoft anyway?
> I just don't get why people love this.
For a single personal user it's only a small bit of friction but if you're in charge of 30 people SSO is a godsend for boring compliance work and managing groups of people. You want to change a domain in the company not a big deal. Don't have to rotate passwords every quarter, need to restrict an employee from a service etc. You aren't imagining other challenges other than your own here.
By palata 2026-02-2014:40 That is an interesting take, but it's off topic.
The post says that if you don't have the SSO, it's a conversion killer. I.e. users just won't log in if they cannot do it with an SSO.
Of course companies use SSO because it gives them more control over the employees accounts. I understand why company do it.
My email goes to the same company I can login with so might as well tap the button.
But if there is no Google/Apple button, will you just leave? Like not even create an account? That's what "conversion killer" means.
By bdcravens 2026-02-2013:09 I may start to create an account, but after about 30 seconds of effort, I'll start asking myself if it's really a service I care about. Send me an email? If it's not there by the time I click my email tab, odds are pretty good I won't wait around unless it's a truly compelling offering. Want me to fill out a form? If it's anything more than just an email and a password field my password manager can complete for, again, I'll question whether I want you to have that info about me.
So no, I may not leave, but each tiny bit of friction increases the possibility of abandonment. From the perspective of conversion, abandonment is the same as "just leaving".
I won't but a decent % of people do ye.
In fact a decent % of people stops shopping on your site if there's a few ms lag.
At every step a few percent of revenue is lost your competitor takes in.
By throwaway063_1 2026-02-2015:10 > In fact a decent % of people stops shopping on your site if there's a few ms lag.
While it's still true, I have read that the accepted lag today is higher than 10-15 years ago, because they have lower expectations due to a general decline in page load speed. (React pages with spinners/placeholders, newsletter popups, higher page weights etc.)
By zbentley 2026-02-2015:51 It's a few things (source: I've worked on some large online B2B systems and seen signup flow funnel data for some even larger B2C systems):
1. Ease/laziness as others have mentioned. Even for a service that answers a real need, many users will bail out of the signup flow and just ... leave that need unsatisfied when they see a web form.
2. Underreported: google/apple sign-in buttons make it feel like you already have an account. The fact that the "grant access" new-signup request is a second screen and that "sign up" and "sign in" (with Google/Apple/Github/Facebook/etc.) are the same buttons to enter the funnel is huge. It's not that users are confused/forgetting whether they already have accounts (though some are); rather, it's psychological momentum created by the ambiguous language.
3. Trust and consistency. Nontechnical users just trust the recognizable brand buttons more. They don't necessarily know why/know how auth works, but they know that a lot of data breaches happen and are scared. The fact that the embed button almost always looks the same/familiar is massive. I suspect that it would also be a conversion killer if the "sign in with apple/google" buttons were styled to look totally different and not contain logos.
4. A lot of semi-technical folks don't like remembering passwords (and password managers--even good device-integrated ones--aren't as reliable at autofilling as a lot of casual users would like). Others know that it's a bad idea to reuse passwords. As a result, people use the button that doesn't require them to pick a password they'd have to remember.
5. Impression of privacy. Some (especially older) nontechnical users have a significant aversion to typing in their personal info (name/address/CC number) into online forms, so they pick the option that doesn't require that.
6. Technical people who prefer SSO because it gives (on the SSO provider side) a list of every integrated account; better permissions control (for services that integrate with e.g. Google for more than just login); a marginal chance of a little less data being stored on a service's servers versus the regular make-an-account option; somewhat fewer opportunities for a service to screw up auth by building it themselves wrong. This demographic is small compared to less technical users.
That's all presented without comment. Some of those points are based on exploitative provider behavior, or user ignorance. I'm just explaining the decisionmaking factors, not defending them.
Add all those up, and you definitely get a conversion killer.
By aa-jv 2026-02-2010:51 In my experience its been the users who principally only have a mobile phone - i.e. no desktop - and therefore want the benefit of the phone-managed account system tied to .. biometrics, etc...
> I just don't get why people love this.
For the same reason why companies implement SSO for employees? It's just easier to have one account with one password to rule them all.
Companies implement SSO to have control over the accounts of their employees... Pretty sure they would still do it if it was more complicated.
And that is also why companies don't allow employees to use anything other than the SSO.
By oytis 2026-02-2015:43 Well, it gives you easier control of your accounts too. Just one entry point for everything, no need to track password leaks from dozens of services (you still need to keep an eye on whether Google has leaked your password, but in that event everyone will know and be working hard to fix it).
From the point of view of technical people it would be easier to achieve the same with password managers, but for the rest of us Google provides a smoother user experience.
By rebyn 2026-02-2015:02 “Sign in with Apple” allows me to use a random “Hide My Email” address for services that I can’t bother with so it’s absolutely a godsend for me.
> I just don't get why people love this.
I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.
Just observe anyone in your social circle that does not "care" about technology and you'll see their reaction to a login prompt when trying, not rarely under time pressure, to access a service they haven't used for a while.
They will sigh, maybe roll their eyes. And who can blame them? The same goes for registering to a new service. Normal people don't use password managers, they don't have Bitwarden with auto-fill, nor do they ever "generate" passwords.
"Sign in with..." offers them a way out of a frustrating experience, it's the device telling them "Hey, would you just like to use this thing you're already logged into instead?" -- yes, obviously they would like that.
> I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.
Well, I wouldn't say I don't understand it. If someone uses their smartphone as a hammer, regularly break it and regularly buy a new smartphone, I understand what they are doing. I just don't understand why they are doing it, I guess?
In this case, the post says that it's a conversion killer. So people are so damn lazy that if they can't click on "share the information with Google", they will just leave.
Both available choices "share the information with Google" for most people. The majority of email account creations use a Gmail or Google Workspace address, so Google gets the information either way, and in Europe most use Android so can't sign in with Apple.
Again that's off topic. I'm not talking about the fact that people choose the Google SSO instead of username/password.
I'm talking about the fact that people choose to not use the service if there is no SSO.
By vel0city 2026-02-2016:06 Because they don't want to have those experiences where they sigh, roll their eyes, then try and remember a password they made months ago just so they can continue using this thing they signed up for. So they just skip the service altogether.
By vikaveri 2026-02-2010:01 If you end up, for some reason, being one of those unlucky individuals whose Google account gets banned and all your other accounts are behind Google login, then you truly have been owned.
By zelphirkalt 2026-02-2010:211 reply You mean when using "sign in with" and then using a shitty password for your social media account?
If you use e-mail and password with a good password manager, that runs locally on your device and generate good random passwords, it is unlikely you will end up on haveibeenpwned, and even if one website does shit, the blast radius is only one account on one website.
You'll still have your e-mail address exposed, which you may not want if it is to some random porn site. Moreover, password managers do not work if you use multiple devices for log in, which most people actually do.
I use my password manager across multiple devices daily.
Apparently it has not been working without me noticing it?
By bravetraveler 2026-02-2013:191 reply I assume they're thinking about the 'offline' style where one would shuffle a database file and probably resolve conflicts. There's an app/extensions nowadays, man!
I don't even bother with a VPN, just occasionally push a 'sync' button on the roaming devices [when they return to LAN]. DB transactions [new credentials] averages ~0 per month... but there's plenty of capacity. Works extremely well.
The truth is that even with KeePassXC, I just really do not notice stale passwords across devices. It's just really not a huge deal for me personally. Maybe it is for normal people. I sync my databases maybe once a year if I'm lucky.
By bravetraveler 2026-02-2017:59 Right, that's what I was trying to emphasize. Rare syncs are totally fine here, too. I try to keep a routine but tend to slip. If not 'with my usual device' there's a tiny number of accounts I even need. They rarely change so the 'cache' is usually suitable. If not, the restriction is always short-lived.
By palata 2026-02-2015:24 Same here. I use pass, and I just don't create/update passwords that often. And synchronising is very easy (it's a git repo).
... And how do you access the passwords that password manager manages?
With the "password manager" program? I have one on my desktop and one on my smartphone.
How do you expect to access the passwords that the password manager manages?
... Can everyone in the world ready our passwords or are they "protected" somehow?
By zelphirkalt 2026-02-2022:40 I am not sure, whether you are trying to get at something specific, but will interpret the question in good faith:
A classical password manager reads an encrypted database. In theory, you could upload your password database (usually just one file) anywhere, and wouldn't need to worry, assuming, that you chose a sufficiently long password for decryption, and assuming, that the encryption does not have weaknesses, which would allow an attacker to decrypt it without the password. In practice, of course you still wouldn't upload your password file to a public place, to reduce risks in the future. But anyway, the idea is, that only you know the master password for the encrypted database and so no one else can read your passwords.
By palata 2026-02-2021:23 I am confused. You say:
> Moreover, password managers do not work if you use multiple devices for log in
I use a password manager with multiple devices, and it works. And yes, my passwords are "protected", that's the job of the password manager.
By k4rli 2026-02-2118:17 If you decide to visit such awful sites then the least you could do is not use primary email for this.
I don't think it makes sense to even have a "primary email". I've completely separated work, shopping, banking, gaming etc mailboxes.
Also how do password managers not work? Bitwarden syncs instantly across devices just fine.
By throwaway063_1 2026-02-2015:25 If you sign in with Google, the site knows your gmail address.
By flexagoon 2026-02-2011:34 Email aliasing is a thing
By bravetraveler 2026-02-2010:11 Risk Bob's Salad Shack leaking an inconsequential, unique, credential or bind everything to the whims and identity of a single organization; hmm.
Ending up on HaveIBeenPwned is only a problem if you reuse passwords.
By palata 2026-02-2015:28 Are you saying that you reuse the same password everywhere, but a different email address every time, and you feel confident that having your password leaked won't have repercussions?
I am genuinely confused. Sounds like holding a gun from the wrong end and feeling protected by it.
Password manager.
Before inevitable "what if your password manager is hacked...," what if your google account is hacked / banned?
By 63stack 2026-02-2010:46 You don't even need a password manager, browsers autogenerate secure passwords for you, and they sync between computers/mobile devices.
(I'm saying this from the perspective of "regular people don't want to be inconvenienced like that, obviously you should use an external password manager for security)
By palata 2026-02-2015:26 Agreed. Just wanted to add:
> Before inevitable "what if your password manager is hacked
My passwords are encrypted with a security key. I think it is more likely for my computer to get compromised than for my password manager to leak the passwords.
Admittedly, if I lose all the security keys at the same time, I lose all of my passwords.
By danelski 2026-02-2010:14 Sign-on with the external identity provider doesn't help if data related to your account like the billing information, your government ID info etc. are released in the breach, that's the sore point.
By palata 2026-02-2014:44 - Complains about age verification because it is "not private"
- Uses Google SSO to sign in everywhere
By wraptile 2026-02-2010:17 People will know that my password was y!2TvM8h3dpvw4 for one particular website at some point. What do I lose here? Google/Apple incurs much greater risk that is entirely out of your control.
