We no longer have any active servers in France and are continuing the process of leaving OVH.For GrapheneOS, the issue boils down to a fundamental distrust of France’s commitment to user privacy.
GrapheneOS didn’t mince words, declaring, France isn’t a safe country for open source privacy projects. They expect backdoors in encryption and for device access too. Secure devices and services are not going to be allowed.
This stark assessment highlights a growing tension between national security interests and the principles of privacy-focused software development.
The project’s concerns aren’t limited to physical servers within France. We don’t feel safe using OVH for even a static website with servers in Canada/US via their Canada/US subsidiaries,</> they added, signaling a broader apprehension about OVHcloud’s overall exposure to French legal jurisdiction.
OVHcloud’s CEO, Octave Klaba, responded to the situation, posting: Guys, we like what you develop. It’s great!
However, he seemed to downplay the core issue, adding, But the way you explain your issue is confusing. Reading your tweet, you can imagine something bad happened to your servers in OVHcloud. It’s not the case. Nothing happened.
Klaba’s response arguably misses the point. The concern isn’t about technical malfunctions or data breaches, but about the legal and political climate in France, and the potential for compelled access to user data. It’s about trust, not uptime.
France’s support for the proposed EU “Chat Control” legislation is a key factor in this equation. This controversial legislation, detailed by The Register here, could mandate providers to create backdoors for scanning user content. While Germany has voiced opposition, as reported by The Register here, France remains a proponent, fueling concerns among privacy advocates.
The issue of data sovereignty is further complicated by ongoing legal battles. OVHcloud is currently embroiled in legal action in Canada, as The Register reports, concerning data held on French servers. The outcome of this case could set a precedent for cross-border data access and challenge the very notion of digital sovereignty.
Mark Boost, CEO of UK cloud provider Civo, weighed in, telling The Register, “If the Canadian position is upheld, it will force the industry to rethink how sovereignty is protected in practice.” This sentiment underscores the potential ramifications for the entire cloud industry.
GrapheneOS’s decision isn’t an isolated incident. According to Proton, another privacy-focused organization, “France’s stance against privacy-first companies and open-source projects sends a broader message: operate here and give us access to your data, or leave.” This paints a concerning picture of a nation prioritizing control over innovation and user privacy.
“Sovereignty is not a slogan. It is about giving customers certainty over who governs their data and confidence that it stays within the legal system they trust.” – Mark Boost, CEO of Civo
The departure of GrapheneOS from OVHcloud serves as a stark reminder that the cloud isn’t just about technology; it’s about trust, governance, and the fundamental rights of users. As nations grapple with the complexities of digital sovereignty, the choices made by projects like GrapheneOS will likely become increasingly common, forcing a reckoning within the cloud industry and beyond.
