You might think the internet is a swirling cloud of decentralised freedom. Bless. In reality, it’s a tangled mess of invisible choke points, centralised bottlenecks, and nosy gatekeepers. The SHARE Foundation decided to trace where data from Serbia actually goes, and surprise! It’s not very far before it ends up in the hands of a small handful of companies, countries, and—let’s be honest—potential eavesdroppers.
One router to rule them all
Start with a simple web visit. Your request doesn’t just zip off to its destination—it checks in at the SBB TelePark in Belgrade, where all local traffic passes through a single router. That’s right. If you wanted to spy on everything Serbians do online (purely theoretically, of course), you’d only need to sit at one choke point. And funnily enough, ISPs are legally obliged to do just that. Because what’s a little metadata hoarding between friends?
Centralisation: A National pastime
There are three main layers of centralisation in Serbia’s internet:
- ISPs: SBB handles most of the traffic through a lone access point.
- Exchange Points: There’s only one in the entire country—SOX in Belgrade—so everything ends up there.
- Hosting: One company, Mainstream d.o.o., hosts over half the local sites. They bunk with Telenor in their Tier 3 data centre. Cosy.
The result? Whether you’re streaming a local news site or buying goat cheese online, your data’s making the same few predictable stops. A hacker’s dream. Or a surveillance agency’s.
Exit strategies: Your data goes abroad
A staggering 63% of data doesn’t even bother to stay in Serbia. Instead, it takes a nice holiday via:
- Budapest and Vienna – Transit lounges.
- Frankfurt – The Heathrow of data, home to DE-CIX, the world’s biggest internet exchange.
- Amsterdam – Host to many of the more… ahem… adult websites. Red lights still on, just digital now.
- Ashburn, Virginia – America’s data Vatican. Google, Amazon, Facebook, all hanging out there, probably laughing.
And the rest? It meanders through the US west coast, heading to San Francisco and Silicon Valley—though let’s be honest, it likely gets parked in a faceless data centre in Virginia anyway.
The myth of the borderless web
Turns out the web has borders galore—legal and digital.
- National Laws: ISPs operate under domestic law, and are required to retain metadata and hand it over when asked. Like polite little spies.
- Geo-blocking: Platforms know exactly where you’re browsing from and can block content accordingly. Ever seen “This video is not available in your country”? That’s geopolitics wrapped in an error message.
So yes, the internet respects borders. Just not yours.
Metadata: The creepiest kind of honesty
No, it’s not the content of your messages they care about—it’s the metadata. Who you contacted, when, for how long, and how often. Former NSA lawyer Stewart Baker said: “Metadata tells you everything about somebody’s life.” Which is a hell of a thing to admit while keeping a straight face.
Snowden put it more bluntly: metadata analysis is more effective than actually reading your messages. Even the Stasi would be impressed. And you thought incognito mode was keeping you safe.
Wrap-up: Not so decentralised after all
The internet, we’re told, is a vast, decentralised thing. But based on this research, it’s more like a string puppet—most of the strings leading to a handful of buildings in 13 countries, with the usual suspects (US, Germany, Netherlands) holding the scissors.
So next time you Google something from Serbia, remember: your data goes on quite the Grand Tour—Belgrade, Frankfurt, Ashburn, and back—watched by a cast of ISPs, governments, and data brokers. All for you to read about the weather.
