HN Debrief

Show HN: Uruky (EU-based Kagi alternative) now has Image Search and URL Rewrites

  • Search
  • Privacy
  • Europe
  • Developer Tools
  • Open Source

Uruky is a subscription search engine that says it offers private, personalized search without ads or generative AI, keeps servers and storage in the EU, uses mostly European search providers, and now supports image search and URL rewrites. The product is closer to Kagi than to a traditional crawler-first engine. It aggregates third-party indexes, exposes an API, and has a small in-house index called Uruky Site Search that is currently opt-in and too small to stand alone. The founder also used the post to explain an unusual trust model: accounts are random numbers rather than email-based identities, a proof-of-work captcha unlocks a two-hour trial, and the company is moving away from NDA-based source sharing toward a source-available license, potentially PolyForm Shield and maybe a delayed open-source release later.

If you build a paid search or privacy product, the bar is not just values alignment. You need obvious result quality, low-friction trial flow, and precise claims about infrastructure and providers or buyers will default to the incumbents they already trust.

Discussion mood

Cautiously positive. People want an EU-based, privacy-focused search option and many liked the no-AI stance, transparent provider list, and low-data account model. The skepticism came from basic product questions: result quality versus Kagi or Google, confusing onboarding, rough UX, and a few claims that were broader than the implementation actually supports.

Key insights

  1. 01

    Uruky has an index, but it barely counts yet

    The in-house crawler is real, not marketing fluff, but right now it is an opt-in 'indieweb' index that is too small to search on its own or to affect ranking in a meaningful way. That changes the competitive picture. Today Uruky is still mostly a metasearch layer with strong privacy defaults, not a serious independent index in the way many readers hoped.

    Treat Uruky as a privacy and aggregation product for now. If index independence matters to your roadmap or procurement criteria, ask how much of the result set comes from its own corpus and watch whether it ever reaches the founder’s stated 100 million URL threshold.

      Attribution:
    • Infiniti20 #1
    • BrunoBernardino #1 #2 #3
    • tazard #1
    • KomoD #1
  2. 02

    The EU-only positioning needed immediate correction

    A reader caught that 'all search providers are based in the EU' was too broad because Mojeek is in the UK and Serper is not EU. The founder agreed and said the copy needed a remark. That matters because the whole pitch leans on jurisdiction and local infrastructure. If those claims are fuzzy, trust takes a hit fast.

    When you sell on geography, be exact down to providers and subprocessors. Buyers who care about sovereignty will inspect the edge cases, and vague wording will cost more credibility than a narrower but accurate promise.

      Attribution:
    • BrunoBernardino #1
  3. 03

    Merged search was cut back for cost reasons

    Uruky does not reliably blend all providers into one composite result set anymore. The founder said they tried querying everything and merging, but the duplicate rate and API costs made it inefficient, so users may need to switch providers when one source is weak. That explains why some searches feel less robust than Kagi. The limitation is economic, not just technical.

    If you are evaluating paid search for teams or agents, test provider consistency on your real queries rather than assuming one box means true multi-index fusion. A metasearch product can still be bottlenecked by the default provider path.

      Attribution:
    • lolc #1
    • BrunoBernardino #1 #2
  4. 04

    Trial friction was the biggest self-inflicted wound

    People did not object to anti-abuse measures in principle. They objected to a search engine making them work too hard before they could see one result page. The founder changed the flow mid-discussion so a search now leads straight to the captcha and then results, which shows the complaint was valid. Several suggestions converged on the same fix. Let people preview quality with cached examples, a few ungated searches, or at least a dead-simple first-run path.

    For a paid utility, demoing the core experience has to be nearly zero effort. If the first interaction feels like account plumbing, users will assume the product is not confident enough to show the goods.

      Attribution:
    • BrunoBernardino #1 #2 #3 #4
    • AndroTux #1
    • theamk #1
  5. 05

    API access exists, but the ergonomics were brittle

    One commenter trying to use the API via curl got site-wide forbidden responses after trial and error because the docs were too thin and the anti-abuse system was touchy. The founder later pointed them to an incognito token flow that avoids cookie handling. That is fixable, but it reveals an important split in the audience. Uruky appeals to technical users and agents, yet its API onboarding still behaves like a trap for exactly those users.

    If developers are a target segment, publish working examples for the exact auth and request path you expect. Otherwise your rate limits and abuse controls become indistinguishable from breakage.

      Attribution:
    • Havoc #1 #2 #3
    • BrunoBernardino #1
  6. 06

    Private payments are harder than the marketing suggests

    The account-number model keeps identity off the product side, but payment still threatens the privacy story. Commenters pushed for Monero, GNU Taler, Privacy Pass, and Mullvad-style separation between payment and account use. The founder explained that Portuguese rules make direct Monero conversion hard and defended using a broker that takes anonymous Monero and pays Uruky in euros for an account number. The gap is clear. Product privacy can be strong while payment privacy remains partial and jurisdiction-bound.

    If you pitch anonymity, map the full chain from signup to billing to retention. Users will judge the weakest link, and regulations around payment rails may shape the product more than the search stack does.

      Attribution:
    • sijow #1
    • RandomGerm4n #1
    • embedding-shape #1
    • BrunoBernardino #1
    • dtj1123 #1

Against the grain

  1. 01

    Privacy and EU branding do not replace search quality

    Several skeptical comments cut through the values pitch and said the buying decision is simpler than that. Kagi wins because it finds things better, works well for AI agents, and proves its value on real searches. In that framing, 'EU-based' and extra privacy features are nice only after the core job is clearly better than free alternatives. Without that proof, the product looks like a niche statement purchase.

    If you are launching against an entrenched tool, lead with measurable task performance on the searches your target users care about. Values can help close the sale, but they rarely create demand on their own.

      Attribution:
    • alex7o #1 #2
    • scrollaway #1
    • mrngld #1
  2. 02

    A VPN may already solve enough of this

    One line of pushback said the privacy model is overbuilt for many users because a VPN already strips away much of the tracking risk. From that angle, creating accounts, handling top-ups, and adding alternative payment complexity looks like extra ceremony around a problem some people feel they have already addressed. That does not kill the product, but it narrows the audience to people who care about search provider trust itself, not just network anonymity.

    Be clear about the threat model you actually solve. Users who already run a VPN or self-host SearxNG will ask what additional privacy they get from your service before they accept any added friction.

      Attribution:
    • dizhn #1
    • BrunoBernardino #1
    • RandomGerm4n #1
  3. 03

    Self-hosted local search may be the more interesting direction

    A few comments treated the hosted paid engine as less compelling than tools that help users run their own search stack or personal index. Hister came up as an example of where this could go. For technical users, local or self-hosted search avoids the trust tradeoff entirely and may fit the same privacy instinct better than paying another intermediary.

    If your customer base is deeply technical, consider whether you should also offer a self-hosted or local-first path. Otherwise the most privacy-sensitive users may admire the project and still never become customers.

      Attribution:
    • asciimoo #1
    • BrunoBernardino #1 #2
    • yegle #1

In plain english

API
Application programming interface, a way for software to call another service programmatically.
bangs
Short command prefixes like !w or !g that send a search directly to another site or search engine.
crawler
Software that automatically visits web pages and collects their content for indexing.
curl
A widely used command-line tool and library for making network requests, often used in scripts and server software.
GNU Taler
A digital payment system designed to keep the buyer anonymous while making the merchant identifiable for compliance and taxation.
incognito token
A temporary access token used instead of a logged-in browser cookie to make private or unauthenticated requests.
index
The database of crawled web pages and metadata that a search engine uses to answer queries.
Mojeek
An independent search engine with its own web index, based in the United Kingdom.
Monero
A cryptocurrency designed to make transactions difficult to trace, unlike more transparent blockchains such as Bitcoin.
Mullvad
A privacy-focused virtual private network provider known for account numbers instead of email logins and for accepting cash payments.
NDA
Non-disclosure agreement, a contract that restricts someone from sharing confidential information.
PolyForm Shield
A source-available software license that allows internal use but restricts using the code to compete commercially.
Privacy Pass
A cryptographic token system that lets a service verify access rights without linking each action back to a user account.
proof-of-work captcha
A bot check that makes the browser do a small amount of computation instead of asking the user to identify images or text.
Serper
A third-party service that provides access to Google search results through an API.
source-available
Software whose code can be viewed and sometimes used, but which does not meet the standard freedoms of open source licenses.
URL rewrites
Rules that change or clean up destination links before opening them, often to remove tracking parameters or redirect wrappers.
VPN
Virtual Private Network, a tool that routes internet traffic through another server to hide or change a user's apparent location and network path.

Reference links

Project docs and product details

  • Uruky FAQ
    Primary reference for providers, API details, payments, and product behavior that commenters kept citing and correcting
  • Independent interview with Uruky founder
    Background interview mentioned in the launch post for broader context on the project
  • PolyForm Shield 1.0.0
    License the founder is considering for source sharing without allowing direct competition

Related search tools and infrastructure

Privacy-preserving payments

Licensing models

Geopolitics and provider ownership

Search syntax and filtering examples