I’m only referring to data privacy laws.

Fully agree, which is also why I choose EU/Swiss made services by default

I tried to say that, but you were better at explaining, so thank you. Without a court case, you will essentially never know, if they are truly GDPR compliant

Yeah, all good and nice, but as long as they are not part of all linux distributions, I will not use them. I need a ls because I know it is working on all machines that I use. Additionally, don’t forget that introducing new tools also introduces new attack surfaces, something you want to avoid on very important servers.

All services you see above are provided to EU citizens, which is why they also have to abide by GDPR. GDPR does not disallow the gathering of information. Google, for example, is GDPR compliant, yet they are number 1 on that list. That’s why I would like to know if European companies still try to have a business case with personal data or not.

And what about goddamn Mistral?

Yeah, I see your point. No use to repeat the same you can read in other comments or in those 274772 guides online. I was trying to imply to just generally harden ssh because then brute-force attempts should be no issue, unless you log everything and the disk space gets maxed out :D

Fml… yes, I meant CrowdSec. Thanks for the hint

• harden sshd
• use fail2ban or even better CrowdStrike CrowdSec
• use a tool like the following to have a next-gen security solution: https://github.com/mrash/fwknop