It's amazing how far a single packet can travel on the web. If you're the paranoid sort (and I am), it can be alarming too. The New York Times building is just two blocks west of where I'm sitting, but if I want to go to their website, I have to jump across three networks: starting with Time Warner, then jumping to a cable provider called CSC Holdings, then to Optimum, then to a fiber company called Abovenet, and finally the the Times servers themselves.

I'd only ever heard of two of those companies before, and I have no particular reason to trust them, but here we are. Even worse, it's all delivered over plain, unencrypted HTTP, so if a mischievous network engineer at CSC wanted to drop a fake news story onto the front page, there would be nothing in the code to stop him. More ominously, an FBI agent could compel the company to drop in some tracking malware, infecting my computer as soon as I load the page. The only protection here is trust: in the ISPs, the public routing tables, the good-faith interconnections. And after Snowden, that trust is in short supply.

That sudden failure of trust is why, less than a year and a half after the first leaks, Brazil is spending $185 million to separate itself from the American web. The country's new undersea data cable will allow a direct data channel to Portugal, out of reach of the US or the UK spy agencies, and establishing the country as one of the fiercest opponents of global surveillance. It's a huge undertaking, both politically and financially, but the implications for the internet could be even greater. By this logic, the internet isn't international anymore: it's American. It's American companies running data through US-made routers, and it's vulnerable to secret orders from US courts. And if Brazil wants to change that, they have to build a new internet from the ground up.

Of course, there's no point building a new pipeline if your data's still headed to Gmail and Facebook, so first you have to build new services. Brazil's government has already switched its email from Microsoft to a state-owned platform called Expresso. It's a small start, but it's something. Even before Snowden, the country was encouraging a local tech industry with steep electronics tariffs. (In São Paulo, an off-contract iPhone 5s will cost you just under $1200.) But US services are hard to dislodge. Which other Facebook would you join, exactly? How else would you search for things? After you've crossed all the PRISM companies off the list, who's left?

And then there's the hardware itself. Brazil is making heroic efforts to keep US-made components out of the new undersea cable, since the NSA has a history of tampering with electronics in transit, but it's hard to make the same promise with other parts of web infrastructure Suppose a Quebecois coder develops a brilliant new Gmail replacement, and he'd like to host it within Brazilian borders. Who should he call? (Remember, he can't use Amazon Web Services.) Someone else wants to set up a server farm outside Rio, but where will he buy the servers? His cousin could start up an electronics factory, but where will he get the parts? It's still a global economy, and American power is never more than a few hops away.

But that’s not to say it’s impossible to build a local internet. In fact, China has already tackled every one of the challenges facing Brazil. It starts with the Great Firewall, the largest and most sophisticated censorship tool in human history, but behind that wall, China has built a remarkably self-sufficient local web. The country also has the largest and most sophisticated manufacturing sector in human history, so everything is locally made, from the phones to the servers. The government's surveillance demands have also driven Google and Twitter out of the country entirely, so now's there's Baidu and Sina Weibo, each feeding data directly to the country's censors.

For a long time, experts would tell you this was wrong-headed, unsustainable — but now they're not so sure. In September, Alibaba (previously known as the Chinese Amazon) raised $25 billion with the biggest IPO in history. When Sony shipped phones that used Baidu in place of Google, it was barely a scandal. Getting data across the Great Firewall is still unreliable, so companies are increasingly willing to host services inside the country, playing off a growing web services industry. The local Chinese web is a permanent fixture now, and seen through the right eyes, it looks an awful lot like the future.

Of course, none of this will do anti-surveillance advocates much good. You can escape NSA surveillance by moving over to the Chinese web, but you’d be jumping into an even more powerful and invasive surveillance state. Still, if you want to see what the internet looks like without trust, this is it. From cables to servers, every link leads back to the same central authority. Every service is accountable to the same power. Keeping the NSA off Brazil's local net will take force, and that may be incompatible with the loose networks and casual anonymity we associate with today's web.

It's the same old two-step between freedom and security, played out at the level of a network protocol. Of course, there are lots of things we could do to improve both — starting with HTTPS everywhere, which would lock down the data in transit. But soon, the carefree stroll from network to network may start to look awfully naive.