Show HN: We Built the 1. EU-Sovereignty Audit for Websites

66•cmkr•1h ago

Comments

cmkr•1h ago

Checks hosting, analytics, fonts, cdn, video, chat, social embeds. Gives you a score from 0-100 and suggests Eu-alternatives.

lpcvoid•1h ago

Nice, good idea. I need to move away from Github pages finally ;)

savolai•1h ago

Seems to treat finnish kapsi.fi hosting as US?

causalscience•1h ago

Happy to see mastodon.xyz score 100%.

Mastodon is pretty cool and proof that we can make federation work.

vldszn•1h ago

nice idea, are you planning to open source this project?

bigblind•1h ago

Any recommendations for good European alternatives to Clooudflare? Is there an EU company that's as trustworthy when it comesq to DDoS protection?

embedding-shape•58m ago

Bunny CDN (https://bunny.net) is great, HQ located in Ljubljana, Slovenia and also have great support which seems most faster and gives better responses than most others out there, but might just been my luck, YMMV.

direwolf20•53m ago

First off, do you actually need it? I know cloudflare sells fear, but was you or anyone you know affected by a DDoS?

petcat•36m ago

> cloudflare sells fear

A lot of people here don't just run trivial hobby sites. They work for companies that actually have a real need for DDOS and WAF protection. Maybe you have no experience with that, but it is extremely common and even required for sites that require compliance certifications like SOC2.

graemep•16m ago

There are other providers of DDOS protection, and other WAFs.

The main advantage Cloudflare has is that it is free and a big brand.

petcat•13m ago

Right. I was responding to the question "do you actually need DDOS protection?". Which is an obvious Yes in the real (non-hobby) world.

pixl97•12m ago

>but was you or anyone you know affected by a DDoS?

Yes, all the damned time.

Some people must have experienced a completely different internet from the one I've had to run servers on over the years. I've had tiny, local sites for customers randomly get gigabytes of traffic per second for days. No rhyme or reason why. Try to run anything with a forum on it where people have strongly held beliefs, yea eventually you'll get a DDOS. Have a site where some global competitor can influence your sales by slowing traffic on important holidays... you can see where this is going. Heck, I've even worked at ISPs where we had to take particular IPs out of the DHCP pool and null route them because for some reason they were getting traffic blasted for weeks at a time.

While they do sale fear, it's not really an irrational one for those that have worked in the industry.

m00dy•1h ago

thanks for this checker, we also need HN alternative for EU only. As Europeans, I'm sure we can do this.

NoboruWataya•1h ago

reddit.com gets a perfect "no US dependencies" score. I guess they have servers around the world and can serve requests from a local-ish server.

Obviously this simple check only concerns the technical aspects of the website and doesn't analyse the business itself but I wonder if all .com domains should be marked down?

jstanley•1h ago

I put in my site and it gave me a red cross for "Hosting", on hover it said "GitHub Pages". But my site isn't hosted on GitHub Pages.

Expanding "Details", the URL that is hosted on GitHub Pages is... a different website? There's merely a hyperlink to it on my website.

It also says I'm using "self-hosted" fonts - but I don't think I'm doing that at all? I'm just using the browser's fonts. Using non-standard fonts is a bad idea because it causes the content to either be invisible until the font is loaded, or else it initially shows in a fallback font and then the text all jumps when the font is loaded.

Jaxan•53m ago

It also says my website is hosted on GitHub pages, although it’s served from a hetzner server.

EDIT: on further inspection: I get both a red cross AND a green check mark for hosting. So it’s somehow indicating both GitHub and hetzner. Maybe it’s because I merely link to GitHub?

schnapsidee•48m ago

Funny, I checked a blog I host on github pages and it says "not detected" for hosting.

dcminter•36m ago

Meanwhile I get a green check for CDN - presumably because I'm not using Cloudflare, but I am using CloudFront which is AWS.

So the tool's a good idea, but currently very inaccurate.

grodriguez100•20m ago

Meanwhile, mine is actually hosted on GH pages and I get a green mark and a perfect 100% score.

irusensei•1h ago

I have some feedback for OP: my personal website got 92% because there is a link to my X profile in the contact session. It's not like it relies on the service. Its just a contact and there are also links to other services such as self hosted matrix.

On the other hand my registrar is Namecheap which is in the US and your tool didn't checked for that. I think thats a lot more important in terms of dependance than a link to a social network so you could run a whois lookup to check what registrar is hosting that domain.

esmIII•54m ago

If you post on X. You are a content creator supporting Elon.

Etheryte•37m ago

While this is true, it has nothing to do with the tech sovereignty of the site itself.

pixl97•28m ago

While I'd say you're mostly correct, I do disagree some.

There is quite a large issue with sites posting things like current events on social sites like Facebook, or other rapid news events on X. Doing this has the potential to diminish your sovereignty. For example if you tell your users to follow X on the site and you're posting some event that Musk doesn't like, maybe you're posts will disappear.

Is something to think about.

carlosjobim•5m ago

It's absolutely not something to think about, unless you are in some kind of cult.

This website is also foreign to Europeans, so what are you then doing here contributing with your comments?

It is probably time for Europeans to start dealing with their problems in different ways than having internal "purity purges". It has never worked, and will never work. It makes people weak and easily defeated in every endeavor.

sjamaan•47m ago

Good point regarding registrar. Thinking a bit further, there's also the top-level domain: if that's under US control (eg .com), it could still be yanked away from you.

jacquesm•5m ago

This is a massive risk that will affect half the internet or so.

riffraff•55m ago

nice idea!

If I may, and not trying to be annoying, on my screen the navigation bar (.navigation-wrapper) covers 90% of the top left buttons (aria-label=breadcrumbs).

Happens with both Chrome and Firefox, macOS, 15" macbook pro.

reppap•51m ago

My customer's site got a 100% while running on azure.

netsharc•44m ago

In English, unlike German, "1." doesn't mean "1st"/"first".

telesilla•36m ago

I find it ironic that in Europe the defacto language for intercommunication is from a country that chose to disassociate itself from the EU. In all, I think it's great that every EU country uses the English language with all their idiosyncrasies and hell be damned about "proper" english.

jacquesm•3m ago

English is the lingua franca (hah!) of the business world, on HN any website posted is supposed to be in English, so effectively you are saying that EU digital sovereignty can not be discussed on HN.

blell•32m ago

You can also tell the guy is German because of the strange hyphen between EU and Sovereignty. :P

juahan•29m ago

Could be also Finnish!

woile•41m ago

Very nice tool!

The UI has a few errors on desktop, I cannot see all the issues. The leaderboard... doesn't work ? and the topbar hides some elements

browser: firefox

kome•38m ago

hmm... it really miss a lot of infrastructure.

take my website for example mrtno.com - it's hosted in europe, ok. but under what legislation the domain register is based? and where is the dns server?

those a crucial information. and they are missing.

hannob•35m ago

So their leatherboard of good examples lists nsa.gov with 100 points.

Is this a parody?

throwa356262•15m ago

That actually says more about NSA security hygine and not getting high on your own supply.

trm217•34m ago

Nice, but for me it is reporting false information. I use Vercel, Cloudflare for DNS yet it shows 92%. The only thing it correctly reported was the LinkedIn link. (There is also a GitHub and Bluesky link, which are US companies / services as well).

N-Krause•34m ago

When I check google.com I get a 94% score? Kinda ironic no?

socialismsvks•33m ago

I am proud my website would score a nice round 0% even though I am pure blooded european

gue-ni•29m ago

How is this calculated? A suspicious amount of people (including myself) get 92%...

pixl97•11m ago

Do you have links to any US social media on your site, that's getting a lot of people.

grodriguez100•22m ago

I get a 100% for a site hosted in GH pages and which embeds YouTube videos and Google fonts. So this does not seem to be very reliable.

self_awareness•21m ago

microsoft.com got 92%

my blog which is hosted on namecheap.com, server whois is Los Angeles, got 100%

I guess this is another vibe coding AI slop service which doesn't even render its own top buttons properly (they're covered by some white div).

Have mercy, web devs!

iknowstuff•18m ago

nsa.gov got PERFECT! NO US DEPENDENCIES lmao

graemep•17m ago

Not accurate.

It has nsa.gov on the leaderboard as having no US dependencies.

It wrongly says one of my sites is using Cloudflare.

It says that one of my sites that is hosted in the US (no CDN, US IP address) has no US dependencies.

it treats social media links the same way was embeds.

it gives gov.uk a perfect score. Maybe by design because it is hosted in Europe, but if so it should not say its EU sovereignty.

I do not think that is the case because it also gives a perfect score to https://english.www.gov.cn/

I do not know how it got to the HN front page - people presumably vote it up without checking it actually works.

Its just not anywhere near accurate.

petcat•8m ago

Yeah it's a neat idea. Unfortunately the execution is pretty poor.

_blk•2m ago

This is more of an attempt at a political stunt. The CCP's website get's a perfect score, admin.ch also gets a perfect score while Switzerland is most-definitely not in the EU.. non-US is more accurate than EU but you only see that when stars start flying.

IMHO: Just scrap the politics and show what regional deps a site has - that'd actually increase value quite a bit.

Matticus_Rex•1m ago

Apparently you get dinged for using AWS even if you're using an EU datacenter.

I'm sure you can define "EU sovereignty" in a way that's consistent with that, but that's not very useful.

Judge Orders ICE Chief to Appear in Court over Potential Contempt

Gaming the Answer Matcher: Text Manipulation vs. Automated Judgment

Neurotech Startups Are Confusing

When Fixed-Point Beats Floating-Point (and When It Doesn't)

Samsung's TriFold phone will cost $2,899 in the US

I Built a 2300-File Codebase with AI. How I Prevented Architectural Drift

Show HN: Semantic Primitives- TypeScript types that understand natural language

Show HN: I vibecoded an X64, ARM64 operating system that boots on real hardware

Show HN: Kimi K2.5 (Agent Swarm, beats GPT-5) now on RouterLab (Swiss hosting)

Hope vs. Realism: The Stockdale Paradox

Nils' K1v – Kawai K1 Emulation Plugin VSTi/AU

Ask HN: Best email service for custom domain?

Yahoo Scout, a New AI Answer Engine

Ask HN: Anyone else finding Claude failures almost unusable?

China has purged its highest-ranked military general. Why?

Professional wedding photo retouching service

Cursor lied about it's new Browser [video]

Sync vs. async vs. event-driven AI requests: what works in production

Kimi K2.5 – new open weights SOTA

The Mysterious Electrides

Trump raises US tariffs on South Korea imports to 25%

A drying climate is making East Africa pull apart faster

An ultra-high-resolution map of (dark) matter

Show HN: SpecFlow – I added a "Bad Cop" auditor to Claude Code

Ask HN: How do you budget for token based AI APIs?

Decoding the elite soccer player's psychological profile

Claude-subconscious: Give Claude Code a subconscious

Medusa AI-First Security Scanner – A Simple Look at Its Powerful Features

What Happened to MCP?

DeepMind chief Demis Hassabis warns AI investment looks 'bubble-like'