> Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.
So as far as warrantless surveillance is concerned, Fastmail is no better than if it were a US company or subsidiary thereof. They may themselves not be in a position where they would have to comply with US requests that would be illegal in Australia but whoever is operating their US-based DC absolutely is and they admit as much, even if they handwave this scenario as being no different from an ordinary hacking attempt[2].
[1]: https://www.fastmail.com/blog/fastmails-servers-are-in-the-u...
[2]: Of course the flaw in this comparison is that an ordinary hacker can't make on-site staff comply with their demands and prohibit them from disclosing the hack. To do so without the authority of the law, you'd need a Hollywood action movie level of criminal enterprise that would usually involve taking a retired police officer's granddaughter hostage for some reason.
Australia has some fairly draconian digital laws that authorities can issue notices requiring developers to assist with an investigation. This can include technical assistance which could require companies to build capability for law enforcement to break the encryption used in their services.
https://www.theguardian.com/australia-news/2024/nov/05/sessi...
https://www.404media.co/encrypted-chat-app-session-leaves-au...
If you don't want surveillance, you'd better not use email.
Today the concern is war, both economic and literal.
From that perspective, I'll gladly use Australian, or Canadian online services, while avoiding using US ones for as much as possible. Note, I don't think it will be long before services like Fastmail will start moving their servers. Again, yesterday the US was an ally, whereas today the writing is on the wall.
