All systems operational Amsterdam · Paris · Reykjavík +5 Pay with Cryptocurrency
EnglishРусский简体中文EspañolDeutschفارسیTürkçePortuguêsTiếng ViệtBahasa Indonesia
Glossary

The 5, 9 and 14 Eyes, explained

The “Eyes” are tiered signals-intelligence alliances grown from a 1946 UK–USA agreement. They matter for hosting — but less, and differently, than VPN marketing suggests.

Updated 2026-06-12

Deploy a VPS See pricing
Fenrir the wolf studying documents

Privacy marketing leans hard on a map: host inside the Five/Nine/Fourteen Eyes and your data is allegedly one phone call from an intelligence agency; host outside and you are allegedly safe. The reality is more textured and worth getting right. The alliances are real — born from the 1946 UKUSA agreement between American and British signals-intelligence services and widened over decades — and they genuinely shape how interception data moves between governments. But they concern intelligence collection, not routine law enforcement; they do not turn a Dutch hosting company into an NSA branch office; and jurisdiction is only one layer in a privacy stack whose other layers (what the host collects, how you pay, what you encrypt) you control far more directly. Here is the honest version.

Who is in which tier

  • Five Eyes: United States, United Kingdom, Canada, Australia, New Zealand — the deep tier, sharing raw signals intelligence under UKUSA.
  • Nine Eyes: + Denmark, France, the Netherlands, Norway — close cooperation, less automatic sharing.
  • Fourteen Eyes (formally SIGINT Seniors Europe): + Germany, Belgium, Italy, Spain, Sweden — a coordination forum for European SIGINT services.

Among our eight regions: the Netherlands and France sit in the Nine Eyes and Sweden in the Fourteen, while Romania, Bulgaria, Iceland, Switzerland and Malaysia are outside all three — with Switzerland the marquee non-Eyes, non-EU pick.

What the alliances actually do — and don’t

The Eyes share signals intelligence: interception from cables, satellites and exchanges, processed by agencies like the NSA and GCHQ for national-security purposes. Membership means a member may task collection or receive product concerning targets its partners can see. It does not mean: that civil copyright claims travel through spy channels; that a hosting company in a member state hands customer lists to foreign agencies on request (legal process still runs through courts and MLAT treaties); or that non-membership makes a country blind — Switzerland and others run capable services and cooperate case-by-case. For the threats most customers actually face — abuse complaints, copyright pressure, data demands in civil disputes — the relevant machinery is courts and treaties, where the variables are the server country’s own law and its appetite for honouring foreign requests. That is the distinction our offshore hosting entry is built on.

How much weight to give it when picking a region

A proportionate rule: Eyes membership matters at the edges of high-stakes threat models and is mostly symbolic below that. If your adversary plausibly includes state-level signals collection — investigative journalism on intelligence topics, at-risk dissidents — preferring Zurich or Reykjavik over Amsterdam is rational defence in depth. For everyone else, the layers that dominate outcomes are the ones the Eyes never touch: a host that holds no identity to share, payment that doesn’t link to you (Monero), end-to-end encryption of content, and your own connection hygiene. A no-KYC server in a Nine-Eyes country holds less about you than a KYC host in “safe” territory — the file that doesn’t exist beats the jurisdiction that won’t share it.

The honest checklist

  • Treat Eyes maps as one input, after: what the host collects, how takedowns are processed, data-retention law, and your own encryption.
  • If state-level SIGINT is in your threat model, choose non-Eyes and encrypt end-to-end — jurisdiction alone never carried that weight.
  • Remember interception happens in transit too: traffic crossing member-state cables is visible regardless of where the server sits. TLS and VPNs address that; flags do not.
  • Distrust marketing that uses “14 Eyes” as a panic button while quietly requiring a passport scan at signup.
FAQ

Frequently asked questions

Which VPSCrypto locations are outside all Eyes tiers?

Romania, Bulgaria, Iceland, Switzerland and Malaysia. The Netherlands and France sit in the Nine Eyes and Sweden in the Fourteen; we say so plainly and price by network quality, not by flag mythology.

Is a server in a 14-Eyes country unsafe?

Not for most threat models. The alliances move intelligence product between agencies; they do not process abuse reports or civil claims. What dominates real-world outcomes is the host’s data minimisation and the server country’s own legal process — both of which you can read on our facts page.

Does Switzerland share intelligence despite being non-Eyes?

Case-by-case, yes — neutral is not blind. What Switzerland offers is the absence of standing bulk-sharing arrangements plus strong domestic data-protection law (FADP) and court-order-only process. It is the strongest jurisdictional posture we offer, not an invisibility cloak.

Should I pick my region by Eyes membership or by latency?

Decide by threat model first, then latency. High-stakes adversaries: non-Eyes (Zurich, Reykjavik) and encrypt everything. Ordinary privacy preferences: any of the eight, picked for latency and price — the no-KYC account and crypto payment do more for you than the flag does.

Related

Keep exploring.

Switzerland VPSNon-EU, non-Eyes, FADP — the premium jurisdictional posture.Iceland VPSFree-press law outside the alliances.What is offshore hosting?Jurisdiction as a tool, without the mythology.No-KYC hostingThe layer that matters more than flags.Anonymous VPSPrivate, not anonymous — the whole stack in one page.

Deploy an offshore VPS in about a minute

No-KYC, crypto-paid, all-NVMe. Pick a tier, pay in Monero or any major coin, and get root in roughly 60 seconds.

Deploy a VPS Deploy API
Fenrir on guard