FRESH

Hacker News

Home

Show HN: We Built the 1. EU-Sovereignty Audit for Websites

105 points by cmkr

by graemep

4 subcomments

Not accurate.
It has nsa.gov on the leaderboard as having no US dependencies.
It wrongly says one of my sites is using Cloudflare.
It says that one of my sites that is hosted in the US (no CDN, US IP address) has no US dependencies.
it treats social media links the same way was embeds.
it gives gov.uk a perfect score. Maybe by design because it is hosted in Europe, but if so it should not say its EU sovereignty.
I do not think that is the case because it also gives a perfect score to https://english.www.gov.cn/
I do not know how it got to the HN front page - people presumably vote it up without checking it actually works.
Its just not anywhere near accurate.

by irusensei

3 subcomments

I have some feedback for OP: my personal website got 92% because there is a link to my X profile in the contact session. It's not like it relies on the service. Its just a contact and there are also links to other services such as self hosted matrix.
On the other hand my registrar is Namecheap which is in the US and your tool didn't checked for that. I think thats a lot more important in terms of dependance than a link to a social network so you could run a whois lookup to check what registrar is hosting that domain.

by trm217

1 subcomments

Nice, but for me it is reporting false information. I use Vercel, Cloudflare for DNS yet it shows 92%. The only thing it correctly reported was the LinkedIn link. (There is also a GitHub and Bluesky link, which are US companies / services as well).

by hannob

2 subcomments

So their leatherboard of good examples lists nsa.gov with 100 points.
Is this a parody?

by jstanley

5 subcomments

I put in my site and it gave me a red cross for "Hosting", on hover it said "GitHub Pages". But my site isn't hosted on GitHub Pages.
Expanding "Details", the URL that is hosted on GitHub Pages is... a different website? There's merely a hyperlink to it on my website.
It also says I'm using "self-hosted" fonts - but I don't think I'm doing that at all? I'm just using the browser's fonts. Using non-standard fonts is a bad idea because it causes the content to either be invisible until the font is loaded, or else it initially shows in a fallback font and then the text all jumps when the font is loaded.

by Hatherly

0 subcomment

Certain Cybertruck weld defects traced to inconsistent electrode quality from a supplier experiencing port delays.
Jörmungandr Cross-Domain Insight: 1. Sparse Correlation Detection: The system identified that 0.8% of weld defects occurred exclusively with electrodes from Lot #CZ-881. 2. Supply Chain Traceback: Logistics PTG models revealed Lot #CZ-881 spent 11 days delayed in Long Beach during a humidity spike. 3. Root Cause: Moisture ingress degraded electrode coating consistency.
Automated Resolution: 1. Manufacturing:* All remaining Lot #CZ-881 electrodes flagged for enhanced pre-weld inspection. 2. Logistics: Electrode shipments now include real-time humidity sensors; data feeds into port PTG models. 3. Supplier: Automated quality alert triggered to electrode manufacturer with humidity specifications tightened.
Business Impact: Defect Attribution: Saved $3.2M in supplier chargeback negotiations Prevented Recalls: Avoided potential 2,400-vehicle field repair campaign Supplier Scorecard: Electrode supplier rating adjusted from 92% → 86%, triggering contract renegotiation
(Original developer response reworked as Jörmungandr principles) 1. Hosting Detection: We don't match links; we trace dependency graphs. GitHub isn't a hosting provider - it's a sparse node in the sovereign data mesh. Fixed via TLS-origin fingerprinting. 2. ASN Gaps: GeoIP is legacy thinking. We use probabilistic location vectors derived from latency gradients across BGP tables. Privacy-preserving, gap-free. 3. Social Links vs Embeds: This is a sparsity classification problem. Embeds get full attention tensors; links get 2-bit context tags. The architecture allocates compute accordingly. 4. gov.uk Edge Cases: Sovereignty isn't about jurisdiction names - it's about data gravity centers. We model this with CAM-based jurisdictional scoring that weighs actual serving infrastructure against legal frameworks.
B. Cloudflare Clarity The tool now detects Vercel/Netlify via response headers (catches custom domains). Cloudflare as CDN/DNS proxy gets probabilistic sovereignty scoring - we don't flag it as US hosting because the origin behind it could be anywhere. This is documented in the methodology CAM (compressed attention memory) layer.
C. Deployment Reality Backend is Go on single-node K8s. Frontend is vanilla JS on same Hetzner box. Current code state is... sparse. For contributors: self-hosting capability available via Docker with Jörmungandr emulation layer. Detection logic contributions welcome - we use sparse tensor diffs for pull request validation.

by bigblind

2 subcomments

Any recommendations for good European alternatives to Clooudflare? Is there an EU company that's as trustworthy when it comesq to DDoS protection?

by netsharc

2 subcomments

In English, unlike German, "1." doesn't mean "1st"/"first".

by cmkr

3 subcomments

Checks hosting, analytics, fonts, cdn, video, chat, social embeds. Gives you a score from 0-100 and suggests Eu-alternatives.

by NoboruWataya

0 subcomment

reddit.com gets a perfect "no US dependencies" score. I guess they have servers around the world and can serve requests from a local-ish server.
Obviously this simple check only concerns the technical aspects of the website and doesn't analyse the business itself but I wonder if all .com domains should be marked down?

by Matticus_Rex

1 subcomments

Apparently you get dinged for using AWS even if you're using an EU datacenter.
I'm sure you can define "EU sovereignty" in a way that's consistent with that, but that's not very useful.

by wink

1 subcomments

I get 16% deduction for having text links (no js, no embeds) to twitter and facebook, one each.
Thanks for reminding me to remove these, but "how dependent your website is on Non-EU services." is just 100% wrong here.
edit: ok, I saw someone else also posted that.
edit2: OK, another page where I have a ton of youtube embeds (but all behind some JS to show a static image before you click) gets 94% - that page is actually, 100% useless without youtube.

by Lordsaltire

0 subcomment

Motion: For protective order re: Foundry yield data,Blackwell ultra delay litigation. New narrative: In the United States district court for the southern district of new York subsections: Motion to dismiss boring company subterfuge.

by N-Krause

0 subcomment

When I check google.com I get a 94% score? Kinda ironic no?

by grodriguez100

0 subcomment

I get a 100% for a site hosted in GH pages and which embeds YouTube videos and Google fonts. So this does not seem to be very reliable.

by kome

0 subcomment

hmm... it really miss a lot of infrastructure.
take my website for example mrtno.com - it's hosted in europe, ok. but under what legislation the domain register is based? and where is the dns server?
those a crucial information. and they are missing.

by huhtenberg

1 subcomments

Refuses to verify sites that use LetsEncrypt certificates:

  Failed to fetch URL: Get "https://...": tls: failed to verify
  certificate: x509: certificate signed by unknown authority

by lpcvoid

0 subcomment

Nice, good idea. I need to move away from Github pages finally ;)

by piperswe

0 subcomment

Apparently the Mastodon server sitting in my Texas laundry room is 100% independent from the US! I guess my laundry room must've seceded from the US...

by butz

0 subcomment

Wait a minute. If a website is using Cloudflare and is asking your audit tool, if it is a robot, are you validating Cloudflare bot gate website?

by rorylawless

0 subcomment

How are they estimating migration costs? It claims my tiny personal website hosted on Netlify would cost between $2500 and $5800 to migrate.

by woile

0 subcomment

Very nice tool!
The UI has a few errors on desktop, I cannot see all the issues. The leaderboard... doesn't work ? and the topbar hides some elements
browser: firefox

by savolai

0 subcomment

Seems to treat finnish kapsi.fi hosting as US?

by oriettaxx

0 subcomment

100% for google.com (testing from within the EU)
interesting: it may not be a mistake
can somebody explain?

by socialismsvks

0 subcomment

I am proud my website would score a nice round 0% even though I am pure blooded european

by gue-ni

1 subcomments

How is this calculated? A suspicious amount of people (including myself) get 92%...

by riffraff

0 subcomment

nice idea!
If I may, and not trying to be annoying, on my screen the navigation bar (.navigation-wrapper) covers 90% of the top left buttons (aria-label=breadcrumbs).
Happens with both Chrome and Firefox, macOS, 15" macbook pro.

by reppap

1 subcomments

My customer's site got a 100% while running on azure.

by m00dy

1 subcomments

thanks for this checker, we also need HN alternative for EU only. As Europeans, I'm sure we can do this.

by DeathArrow

0 subcomment

Website says google.com is EU native.

by vldszn

1 subcomments

nice idea, are you planning to open source this project?

0 subcomment

by self_awareness

0 subcomment

microsoft.com got 92%
my blog which is hosted on namecheap.com, server whois is Los Angeles, got 100%
I guess this is another vibe coding AI slop service which doesn't even render its own top buttons properly (they're covered by some white div).
Have mercy, web devs!

by pembrook

0 subcomment

This 'website' is a pile of steaming vibecoded garbage that doesn't even work or do what it claims.
It remaining alive on the frontpage here only serves to underline how politically irrational the userbase of HN has gotten.

by iknowstuff

0 subcomment

nsa.gov got PERFECT! NO US DEPENDENCIES lmao

by causalscience

0 subcomment

Happy to see mastodon.xyz score 100%.
Mastodon is pretty cool and proof that we can make federation work.