I’m only referring to data privacy laws.

Fully agree, which is also why I choose EU/Swiss made services by default

I tried to say that, but you were better at explaining, so thank you. Without a court case, you will essentially never know, if they are truly GDPR compliant

All services you see above are provided to EU citizens, which is why they also have to abide by GDPR. GDPR does not disallow the gathering of information. Google, for example, is GDPR compliant, yet they are number 1 on that list. That’s why I would like to know if European companies still try to have a business case with personal data or not.

And what about goddamn Mistral?

Yeah, I see your point. No use to repeat the same you can read in other comments or in those 274772 guides online. I was trying to imply to just generally harden ssh because then brute-force attempts should be no issue, unless you log everything and the disk space gets maxed out :D

Fml… yes, I meant CrowdSec. Thanks for the hint

• harden sshd
• use fail2ban or even better CrowdStrike CrowdSec
• use a tool like the following to have a next-gen security solution: https://github.com/mrash/fwknop