This DuckDuckGo audit by @purism is a sobering read:

Remember that DuckDuckGo is venture capital-funded which means that they must exit—either become a publicly-traded multi-billion-dollar company (sell to the public) or sell to one of the incumbents.

(What we need is a publicly-funded but independently run search engine. The EU could create such a thing… if they didn’t have they heads firmly entrenched up Silicon Valley’s bumhole.)

HT @koherecoWatchdog

@aral @koherecoWatchdog uff, i wouldn‘t call this an audit but an opinion piece. Nevertheless , seeing this put together in a single document is food for thought at least. The first part reads more like a personal attack to the ceo though. How do you „audit“ the motives of a Person?

@lvdd_ @aral @koherecoWatchdog And quite a few arguments hinge on a vendetta against CloudFlare, which gives it a little whiff of Mr. Gotcha.

@kartoffelmos @aral @koherecoWatchdog Yeah, that's the part that saddens me as well.
BTW: Maybe there is an audit needed somewhere else? ;-)

@lvdd_ @aral If we were auditing a FOSS security tool, then indeed the background & motivations would be irrelevant clutter & opinion. But the audit is of a cloud /service/, where trust cannot be disregarded. It would be reckless not to take history & motives into account when assessing trustworthiness. Weinberg's motives where established by his own words in an interview.


1) A series of allegations with varying quality of sourcing is *not* an audit. As @lvdd_ said, it's just an opinion.

2) It is not the #EU's job to provide commercial services. Not that you'd want them to, considering how useless they are.

3) Fully agree with your observation about the EU having their heads up Silly Valley's arse. Like, guess who runs their cloud infrastructure?

@purism @koherecoWatchdog

@0 @aral @koherecoWatchdog Fully agree - the EU needs to create an environment for european organisations to run those services in the EU without the need of US or Chinese or Russian infrastructure.

@0 @aral @koherecoWatchdog
Followup -
what is missing though? It's not like we don't have enough computing power in the EU.


> what is missing though?

Competence (#EU politicians are on the whole functionally illiterate) and willingness (EU politicians are on the whole have beens / never wills enjoying a cozy job courtesy of their national parties).

But to the point: we don't need the EU for this.

That has resulted in the #GaiaX Franco-German project.

@aral @koherecoWatchdog

@lvdd_ @aral @koherecoWatchdog

For the current state of play in #France, ask anyone here from the #Etalab instance. Or look at page 18 (PDF: 20) here:

You won't see any #Microsoft, #Google or #Oracle. But you will see #Jitsi and #Matrix.

More info:

@0 @purism @lvdd_ @aral 1) it's both fact & opinion & the factual elements are cited. There's nothing wrong w/opinion, even scientific studies have them. There is a bug tracker for lack of citation issues. 2) I don't think Aral implied that the service need be commercial. The EU was handing out grant money a few years ago for decentralization projects. #YaCy would be eligible for that kind of grant.

@aral @lvdd_ @purism @0 BTW, it should be pointed out that is an open access forge. I see that they are in copy, but they are not the author.

@koherecoWatchdog @aral @lvdd_ @purism @0 Thanks for pointing this out. To my knowledge no one who works at Purism is involved in that repo so you should treat that file as the opinions of the owner and not necessarily of Purism.

@koherecoWatchdog @aral @lvdd_ @purism @0 By the way I agree that having outside repos like that on is confusing and I admit that until now I didn't realize we allowed it. I believe this is simply an oversight in permissions we granted people who requested accounts so they could file bugs and contribute to *our* projects.

It's something we are looking to address now because we don't intend to be an open-access repository ala Github.

One thing to consider is that the only other freedom-privacy-netneutrality respecting public Gitlab forge is framagit, and they may be shutting down or or restricting access in a few months. Purism could serve to fill that gap. It'd be worth considering keeping it open for like-minded projects even if they aren't related to Purism products.


@kyle As someone who has used the possibility of having my own (forks of) repos at I would like to say: please don't remove that completely, it really helps a lot for someone who wants to contribute. Maybe forks of existing repos there could still be allowed, just say it's not allowed to have repos for completely separate projects there? It's a shame if it becomes harder to contribute.

@eliasr I totally agree and that was the kind of thing we were going for originally, not expecting (perhaps naively) that it would be abused.

woah, hold on. You're calling the CEAP repo "abuse"? On what basis? That accusation is a bit harsh considering no restrictions are posted anywhere. Reg. page says: "Sign in to create issues, write comments, review contributions, and more."

what's "and more"?

Legal page points to a Cloudflare site:

You can't really call any registrations or repo creations "abuse" until Purism publishes their expectations. Otherwise it's just another framagit to ppl.

@koherecoWatchdog @eliasr That's fair. I didn't really have a better word at hand to use for it and "abuse" is too extreme, especially since, as you say, we didn't publish any restrictions or policies. Maybe "unexpected use" ?

To be fair I wasn't just thinking of this case when I wrote that (although I didn't make that clear in my reply) but was also referring to a lot of the gitlab spam that our administrators have had to deal with as well.

If Gitlab does not give you granular access controls that enable you to block all unwanted activity while not restricting the desirable activity, the the very least you can do is post intentions.

Otherwise it's like having an open wifi with welcoming SSID, and then getting angry when people use it.


@koherecoWatchdog @eliasr All your points make sense to me. For what it's worth I'm not angry, just a bit surprised, so it's more just a case of trying to fix this for the future at this point.

Our two cents is try keep it open, remove actual abusive content.

Also please remove Cloudflare for your legal page.

@koherecoWatchdog @eliasr

@aral @purism @koherecoWatchdog Ah well guess might as well go back to Google or Bing or something...nah I'll just stick with DDG as a good alternative.
@aral @purism @koherecoWatchdog If there are any ones that produce good results I'd be happy to try them. My previous experimentation wasn't compelling, and I was more than willing to put up with 70/30 satisfaction with DDG early on.

@koherecoWatchdog @hankg @purism All that diagram shows me is what a shitshow of non-choices we live in. *smh*

@aral @purism @hankg,, are good choices for novice users. The single best search engine for advanced users is Ss (clearnet:; tor: searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion)

@koherecoWatchdog @hankg @purism @aral what is the one represented by the little blue rocket with orange stripes?

@aral @purism @koherecoWatchdog

Personally I found the non profit German based Metager much better.
It has a v3 onion address too which duckduck has updated to yet.
Plus I can become a member with voting rights that's.

Metager and @codeberg
Are too of the actually good democratic EU alternatives out there.

@aral can't view this. Requires sign in for some reason :(

@zer0 I believe @purism have limited access to their source code servers as it was apparently by a third-party.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!