While I don’t see any way to dictate where Durable Objects are stored, I do wonder if its nature of auto-migration can be leveraged by limiting the worker itself to a specific region. In theory, this would force the durable object to migrate close to where the worker is running. Still no guarantees, though.
I hope they consider it! This would make it much more powerful, and instead of just being storage, there would a level of geographical control that no other solution appears to have, in the face of compliance and data privacy laws popping up everywhere.
I believe “privacy and compliance” was one of the key business drivers for creating workers, etc. so ensuring that storage-at-rest, and later - compute as well (Workers) is guaranteed to be in a certain locale is a very strong reason to adopt this.
Otherwise - I’m back to setting up an AWS stack in every region in the world (very expensive), which removes all the benefits of this worldwide edge storage/compute stack.
What I’d really like is region-locked compute and storage with both workers and KV-store + durable objects. For example - if my SaaS could guarantee that data from a company in Switzerland is going to live in Switzerland, that’s a strong selling point to adopt this.
When it comes to GDPR, there is a common misunderstanding that it relates to where the data is located, that’s false - the question is always - who has access to the data and what protections and compliance are in place to protect it when the data moves, Cloudflare has a DPA (Data Processing Agreement) just like Amazon does they don’t differ much, even the costs associated with an audit are the same (You pay).
In essence, they treat data the same within the EU as they do outside the EU.
Data protection is one of the most important GDPR points and Workers have advantages:
KV Data is encrypted in transit and at rest by default.
Workers run in isolates and works as an extra layer of security on top of the operating system.
Lambdas has a bigger area of vulnerability since it’s apps are several times bigger.
The EU Cloud is built for the primary reason of having a central location for all countries municipals and sensitive data in a single place, right now it’s spread on US Clouds such as Amazon and mainly Microsoft Office 365 which has been adopted very broadly in Europe.
I’m hoping that this step will force US companies to split their companies into EU businesses that are isolated from the US laws which gives access to the US government when they request it.
You’re right that the Privacy Shield was deemed “not enough”, the same will apply to the DPA agreements between Cloudflare, Amazon, Microsoft and Google on a case-by-case basis. Such cases will probably take quite a while, since the incurred cost of such an audit will just force the targeted business to shut down, so the business need to be large enough to make sense.
Until then, the DPAs are the only viable option that exist.
I think if you take a step back here and look at what you might be asking of Cloudflare becomes very difficult (if not impossible) to implement. Their whole system of routing traffic is based on anycast. Anyone could be routed to any data centre in the world, there is no guarantee you’ll be routed to a data centre in-country and it’s not something Cloudflare have total control over. So any implementation has to be global.
(note I’m in Australia and get routed out of country for some Cloudflare traffic even though Cloudflare has several local data centres, it actually depends on your ISP and believe it or not whether I use IPv4 or IPv6).
This crossed my mind as well, but Origin Country, as detected by Cloudflare, doesn’t dictate which data center to use. As simon pointed out, he’s in Australia, but sometimes is routed out of country. This happens more for some people than others.
I still stand by my original response. You can’t control where Durable Objects are stored unless Cloudflare adds this feature.
I’m the PM for Durable Objects - I can say this is definitely an interesting idea. Stay tuned to the blog in the next few weeks! Mind reaching out to [email protected] so I can chat with you a bit more about your use case?