Migrating My Digital Life Away From American Tech. Part 2 – The Rules
What Counts as “American” in a Global Internet?
After deciding to move away from US-based services, a problem becomes apparent: the internet doesn’t divide neatly along national lines.
Ownership, hosting, infrastructure, and governance rarely live in the same place. A service can look European, be American in ownership, and global in infrastructure, while still being subject to US law.
So before replacing anything, I needed a simple way to decide what actually matters to me.
What counts isn’t branding or geography. It’s control.
Who owns the company? Which laws apply? Where the data is hosted. How hard it is to leave?
That’s where risk comes from.
One distinction I think is too often ignored is the difference between hosted services and local software.
Hosted services store data on their own servers and operate under their own legal jurisdiction. Email providers, cloud platforms, SaaS tools, and social networks create direct jurisdictional exposure because your data lives inside someone else’s legal system.
Local software runs on your own devices and stores data locally, or only on services you explicitly choose. In those cases, the software provider doesn’t control the data; you do. Jurisdiction is defined by where you host, not who wrote the code.
That difference keeps the focus on where risk actually lives.
Risk Assessment Map
| Factor | Low Risk | Medium Risk | High Risk |
|---|---|---|---|
| Ownership | EU-owned | Mixed ownership | US-owned |
| Jurisdiction | EU law | Mixed / multiple | US law |
| Infrastructure | EU-hosted | Hybrid hosting | US-hosted |
| Dependency | Open standards, portable, federated | Partial lock-in | Closed ecosystem, strong lock-in |
I’m not trying to achieve some sort of privacy nirvana. The goal here is risk reduction.
The point of laying down some rules around this is to be deliberate about how I identify what should be migrated. Convenience creeps back in, and decisions drift back to habit instead of intent.
A simple framework creates consistency. It turns unease into structure.
The goal isn’t isolation or ideological separation. It’s diversification, resilience, and control — avoiding single points of legal, political, and infrastructural failure.
In the next post, I’ll start the audit and try to map out my current digital services and identify which of these risks apply to them and see what I can do about it.
One detail is that nowadays this affects local software in a partial way.
There’s no very large risk of data leakage, not always, but, specially with programs that work over proprietary data formats or local databases there’s a risk of access loss.
When the USA imposed sanctions on my country, at the start many companies closed access immediately.
This included companies like Adobe, and the people here who subscribed to Adobe programs instead of pirating them lost access to using the software they paid to use.
Once many companies realized the embargo was against political actors, many reopened, and I’m so happy to be able to give Adobe my money again…
Yet others never reopened. If for some reason I decided I wanted to keep using VirtualBox, I’d need to use a VPN to download it.
That’s a good point, Lars! I’ll try to update the post shortly to accomodate this, and will take it into consideration when doing the concrete evaluations.