yeah that one got me too, e-signature is the worst category to have this given eidas is a whole eu trust framework, and every single one i checked still leaned on us infra somewhere
yeah that's how i see it too, it's not about being 100% pure. a eu tool with one us dependency is already miles ahead of full us big tech, and easier to finish the job later
the audit's just there to make the hidden part visible, not to shame anyone
fair hit, and yeah the irony of a transparency thing being cagey isn't lost on me
honest reason: link posts from new accounts get auto-nuked on reddit and i wasn't sure about the rules here, so i kept it out to avoid the filter, came across worse than intended
so openly: euroseal is mine, i'm building it, the audit is real and the method's public so anyone can redo it, but yeah i've got a horse in this
appreciate you saying it straight instead of just downvoting
fair. half the clean list is self-hostable foss anyway (forgejo, kimai), so no argument here. the audit's just about the ones quietly selling saas on us infra while waving an eu flag
all in the writeup, method + the clean ones: euroseal.pages.dev/audit. left the offender side aggregate, one scan can be wrong about a specific company
big ones: google's in 118 of the 307, cloudflare in front of 111, aws ~70, microsoft ~35. that's the 70%.
clean side is mostly hetzner, some ovh and infomaniak. handful that were spotless top to bottom: forgejo, kimai, keila, solidtime, vantevo, nordname. nordname's even on desec for dns, nice. full breakdown + method here euroseal.pages.dev/audit
didn't name the offenders one by one, a single scan can be wrong about any given company and that's not fair to pin on them
yeah that one got me too, e-signature is the worst category to have this given eidas is a whole eu trust framework, and every single one i checked still leaned on us infra somewhere