euvetted.com

I know there are a dozen of different “EU Alternatives” websites/catalogs already and some of them are actually great for discovering European brands and software. But they never show you what’s inside: you only get a name, a logo, a few lines long pitch and then you’re on your own.

So after doing some due diligence I’ve built a more detailed one. Whether you just want a European Dropbox/Google Analytics/1Password etc or you need to know your customers’ data won’t leave the EU, the idea is the same: give you what you need after the name, not just the name.

Two features I have that surface-level lists do not:

  1. I show the exposure, not just the “European” label. That word hides the part that matters. A company can have a Berlin office, a “hosted in the EU” banner, and still route your data through a US analytics provider or sit on US-owned cloud - at which point US law reaches it regardless of where the rack is. So for every listing I check, and link the source for:
  • Where the data is actually hosted - the data-centre region, not the HQ on the about page.
  • The sub-processor list - the one nobody reads. Pretty EU hosting page up front, US tooling quietly in the DPA annex.
  • CLOUD Act exposure - US parent or US hyperscaler storage means US jurisdiction, full stop.
  • Who owns the company - “EU-founded, US-funded” is a different animal from “EU-owned”. Ownership and hosting are shown as separate signals so you decide which one you care about.
  1. A proper feature matrix. Not “here are five alternatives, good luck” - an actual side-by-side, so you can see which tool genuinely replaces the US one feature-for-feature and which is wishful thinking.

Everything is from public sources only - the vendor’s own DPA, sub-processors page, the company registry, legal notice etc. Each point has a link to original page and last verification date. Vendor’s self-attestation is not taken on faith.

One number that fell out of doing this for more than 200 tools: a little more than 30% are completely clear of US Cloud Act exposure with no US parent and no significat sub-processors.

On money: the site earns nothing right now. There are a couple of affiliate links added already and it’s disclosed everywhere they appear plus listed in full on the transparency page. That’s the whole monetisation plan: affiliate links, nothing hidden. Listing order is editorial - no commission logic anywhere in how stuff is sorted.

What I would be happy to hear from you: what’s missing? Did I get any assessments wrong? If you see something - let me know and I will fix it right away.

Disclaimer: I’m affiliated. I built and run this site. It currently has a couple of affiliate links live; how it’s funded is documented in full at https://euvetted.com/transparency

  • dandi8@fedia.io
    link
    fedilink
    arrow-up
    31
    ·
    5 days ago

    On the one hand, list of EU alternatives.

    On the other hand, obviously AI generated.

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      14
      ·
      5 days ago

      Ha, fair and I won’t pretend otherwise. The write-ups are AI-drafted. I’m one person covering everything and there is no real option to do it otherwise.

      But the line I care about is this. The prose is AI, the facts aren’t. Everything you see like ownership, cloud act exposure, hosting region, sub-processors, feature comparisons is verified manually.

      And you are right that the tone needs to be fixed.

      • MystValkyrie
        link
        fedilink
        English
        arrow-up
        16
        ·
        5 days ago

        Why didn’t you disclose your use of AI in the first place?

        • Aleksandrs A.@feddit.ukOP
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 days ago

          I disclosed monetisation at first place because that can actually bias what I recommend. On the other hand AI just helps me with drafting big texts and content, it does not make any decisions so in my head it looked like just another tool I’ve used during the development and I haven’t really thought it’s worth disclosing it.

          Fair point though, I’ll keep that in mind next time.

          • Niquarl@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 days ago

            Just so you know the next EU AI rules that kick in next year make it mandatory for websites to inform if AI was used.

            • Aleksandrs A.@feddit.ukOP
              link
              fedilink
              English
              arrow-up
              3
              ·
              3 days ago

              Most of those regulations are not applicable to a website like that, but transparency is related here of course. Vids, pictures, chat bots and texts - should be disclosed, yes.

  • Aleksandrs A.@feddit.ukOP
    link
    fedilink
    English
    arrow-up
    27
    ·
    5 days ago

    A few things that didn’t fit in the post: The hardest part wasn’t finding EU tools. It was going through the sub-processor lists. Plenty of vendors publish a nice “hosted in the EU” page, then quietly list a US analytics, support, or infrastructure provider in the DPA annex. That’s why I treat the sub-processor list as more telling than the hosting claim itself.

    So a question for you: which category do you most wish had a genuinely clean option? And which tool are you still stuck using? That’s exactly the gap I want to fill next.

  • Bonifratz@piefed.zip
    link
    fedilink
    English
    arrow-up
    11
    ·
    5 days ago

    Looks nice, good job. I was planning to look at VPNs soon and will refer back to this.

    In case you ever want to include gaming as a category, make sure to list lichess.org as an alternative to chess.com. It is precisely what people using a site like this are looking for: Fully EU-owned and EU-hosted, open source, free of ads and trackers etc.

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 days ago

      Thank you! Yes, I am currently working on expanding categories. Currently it has more business related stuff but that’s not the only direction I am planing.

  • IratePirate@feddit.org
    link
    fedilink
    English
    arrow-up
    9
    ·
    5 days ago

    Thanks for the work you’ve put into this. It does look nice and provides lots of information one might want to have before deciding on a product.

    That said, I’ve found an inaccuracy with KeePass. The comparison claims that, unlike the other password managers, Keepass is unavailable for mobile. Technically, that’s true for KeepassXC (the most polished Keepass fork). However, with KeepassDX, there’s definitely a very polished Android app (though under a different name), and apparently, iOS apps exist too.

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 days ago

      Good catch, thanks. The listing is KeePassXC specifically and that fork really is desktop-onlyб so the “no mobile” is technically true for that one app. But you’re right that it reads wrong in a comparison: the whole point of KeePassXC is the local .kdbx file, and that opens fine in mobile apps like KeePassDX on Android or Strongbox/KeePassium on iOS. So the KeePass approach does have mobile, even if this app doesn’t ship it.

      I’ll fix the wording so it doesn’t imply you’re stuck on desktop. Thanks for flagging it.

  • thatKamGuy@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 days ago

    Even for an Aussie like me, this is incredibly useful for trying to disconnect from US infrastructure as much as possible.

    If you ever get the time to find and vet an EU alternative to Ko-Fi - I would love to send a few dollarbucks your way.

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 days ago

      Okay I thought only us EU guys are trying to disconnect, nice to know that :)

      I haven’t made a deep research membership donation services yet, the only one that comes to my mind is https://en.liberapay.com/, it’s French but it’s hosted on AWS Ireland tho. No idea how good it is, never used any of these

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 days ago

      Thank you! Yes, “EU-Sovereign” and others are editorial labels. They should be treated more like “this is complete safe for EU” (or not safe) rather than “this is 100% made in EU”. But I will think on the naming more as they are a bit misleading, I agree.

  • muzzle@lemmy.zip
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 days ago

    What would be interesting to me is to select a few services I use and find the platforms that allow me too replace all (or the majority) of them.

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 days ago

      Yeah, that is a great feature, I would use it myself.

      There’s two sides to it really: one is finding a single EU platform that swallows a few of your tools at once (Proton covers mail, calendar, drive, pass and VPN in one account; Infomaniak’s kSuite is close to a Workspace replacement) and the other is just building a clean EU bundle across your whole stack.

      I’ve got curated “stacks” pages that do a rough static version, but the tick-your-tools-and-see-what-covers-them thing isn’t built yet. Probably the version people would actually use though. Will definitely build it soon.

  • Sparrow_1029@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 days ago

    Though it’s code is hosted on Github, this application is developed and maintained by several NRENs across Europe.

    Filesender is maybe an alternative to WeTransfer?

    BSD license and self-hostable

  • Railcar8095@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 days ago

    I was checking Internxt and they cheapest plan is 10e /month (after the first month). Where did you get 4?

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 days ago

      Maybe I got confused by their pricing strategy. Currently I see 3.99 per month if paying annually. I will take a closer look, noted. Thanks.

      • Railcar8095@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 days ago

        That’s the first month only, then 10 :(

        It’s a bit steep vs hetzner storage share (hosted next cloud)

  • Meldrik@lemmy.wtfM
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 days ago

    Really nice work! Good job.

    One thing I miss, is which payment options they support. You are mostly forced to use VISA or Mastercard.

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 days ago

      Thanks, really appreciate it! Right now I don’t track payment methods as a field, so that’s an honest gap.

      What do you thing would actually be useful to see: just “accepts SEPA / direct debit / invoice” as a yes/no, or specifically European options like Bancontact, SOFORT and so on? I’d rather capture the thing people actually look for than guess.

      • Meldrik@lemmy.wtfM
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 days ago

        Maybe something like “VISA/Mastercard alternatives available”? Like Proton allows you to pay in cash and Bitcoin. No need to go into too much detail.

  • mote@lemmy.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 days ago

    Nice work! A question and a request:

    ref: https://euvetted.com/compare?p=hetzner%2Covhcloud

    (q) Looking at the Cloud & Hosting category, I don’t see a distinction for regional datacenters; for instance OVHcloud has a US counterpart and US datacenters (and Canada) along with all their EU stuff. Just sort of asking how that worked out in your investigations… even if it’s just Canada, it’s not in the EU yet. :) But more realistically say… Helsinki vs. UK or something.

    (r) One of the things I spent time on but I don’t see reflected - Domain Registrars and DNS Hosting. I used the ICANN official list myself and just clicked a lot, and for DNS I found basically CouldNS, Bunny.net and Gcore.com as the “EU” (not sure if EU or general Europe). [1]

    Bunny and Gcore are Cloudflare competitors so it’s no small work to build a full set of data like you have done for others, they all offer a lot of products under one umbrella. But CloudNS isn’t so it’s a crossover area between different types of companies based on singular… features offered?

    [1] side comment, it might be interesting to see a mapping of domain TLDs - it’s well known about who owns/controls net. com, org but I think few realize that a lot of these new TLDs are all owned by single megacorps when you dig into Wikipedia etc. Your precious .dev is owned by Google.

    • Aleksandrs A.@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 days ago

      Thanks for digging in properly, this is exactly the kind of feedback I was hoping for!

      On the data centre thing - yes, fair point. Right now each listing has one hosting country, the EU region I checked, not the full “every region this vendor runs.” So for OVH I’ve got the EU side, but I’m not flagging that you could spin up in their US or Canada region by accident. Should fix that. Two things that help though: I keep ownership and hosting separate on purpose: OVH’s French, so even their US datacentres sit under a French parent, which is a different animal from a US company that just offers an EU region. And EU/EEA is the actual bar for me, not “Europe” loosely - UK and Canada don’t count even though everyone lumps them in.

      DNS and registrars - yeah, not there, blind spot. Part of it is what you said: Bunny and Gcore are umbrella shops where DNS is one product of twenty, so they don’t slot in cleanly. CloudNS is the easy one. If you’ve still got the registrar list you clicked through, I’d take it and I’d want to check who actually owns what before listing, Gcore especially.

      TLD ownership is a great shout though. “Your precious .dev is Google’s” most people have no clue. I already do write-ups like that (did one on CLOUD Act exposure), so mapping the new gTLDs fits perfectly. Might build it.

      • mote@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 days ago

        So for OVH I’ve got the EU side, but I’m not flagging that you could spin up in their US or Canada region by accident.

        In effort not to create a large amount of work or overhead, I think the key concern is more what is considered sovereign - these large shops have core presence and edge presence. It is not uncommon that an edge use the features of the core which crosses countries; when I worked in a multinational, our Sydney DC was an edge to the Hong Kong DC core (think like a monitoring or backup system) so your data actually flowed through HKG pipes because Sydney is insanely expensive to have a DC in (size/space).

        Spirit in my comment was more to that - spinning up in US by accident is a “given” to me, kinda obvious. An edge DC routing through a core DC in another country, well that’s a different matter. Can be invisible to the end user.

        If you’ve still got the registrar list you clicked through

        ICANN has a nice page, lets you filter it by country or whatever. There are a million of them, and some of them “feel sketchy” but many seem like generic, boring registrars.

        https://www.icann.org/en/contracted-parties/accredited-registrars/list-of-accredited-registrars

        I then used the DNSPerf data to dig into that layer, tl;dr 90% (guessing) are US controlled. I actually found more out there than what’s on this list but it’s really comprehensive of the big players in the DNS space.

        https://www.dnsperf.com/

        My “investigation” was all manual, dig through publicly available information and follow my nose. The DNS perf listing is actually how I even learned Bunny and Gcore existed.