Interview with the Engineer of Uruky, a Private Search Engine
This post was last edited 0Â minutes ago.
Preamble
Bruno reached out to me mid-April with a suggestion to check out his privacy-first search engine tool Uruky. Uruky works on a subscription model, but one of my kids and I were able to test it out for free for a couple of months.
I normally do not test privacy tools on request, but rather focus on describing tools I've discovered myself and already use in daily life. Yet the email conversation between us evolved into quite a warm exchange about his projects, my blog, networks and privacy tools in general. Bruno, being a software engineer, helped me better understand how local networks work, which led to my article about running a Monero node.
The more I learned from Bruno about his project, the more I felt open to the idea of paying for a search engine and supporting a smaller privacy project like Uruky. This is a difficult point for Bruno and his wife, who develop Uruky as a team; the standard response they might get from privacy-minded individuals is 'If DuckDuckGo is free - why would I pay for Uruky?'
With the interview below, I'd like to give Bruno the opportunity to explain his background, what motivates him as a privacy tools engineer, and the Uruky project in his own words. I hope that readers will become interested in Uruky and consider supporting this grass-roots privacy project!
Interview
Background
How did your interest in privacy begin?
I have dark secrets...
To be honest, I've always cared a lot about security and freedom, but for privacy, that only truly came to pass around 2016, when I read something somewhere like "everyone knows what you do in the bathroom, but you still close the door." That clicked for me because suddenly, I realized that everyone should be allowed to have something private, even if it's not secret; privacy was something different from freedom and security.
Nowadays, if people ask me for a book, I recommend Privacy is Power by Carissa VĂ©liz as a good intro to understanding what it is and why it's important. If I'm asked for a link, I provide "Privacy Matters" by Privacy International.
When people dismiss privacy as not being impactful or relevant, I like to recommend How to Stand Up to a Dictator by Maria Ressa for some examples of terrible things that happened due to the lack of privacy for the people.
What kind of programming background do you have?
I have an older brother who was into computers early (more specifically hardware and networks), so I was exposed to it growing up, but was only really interested in playing online multiplayer games until I reached high school. By then I had to decide what to do and programming felt interesting.
In all honesty, though, I learned most of programming and systems architecture myself (reading books, reading forums and guides online, and downloading open source software and breaking it apart and exploring).
Soon after I started my BSc degree in Network and Computer Science Engineering, I also started my first web hosting business, and eventually switched to a BSc in Multimedia Engineering which I finished a couple of years later (while still running that business, which had become a web agency by then).
In Portugal, actual software engineering wasn't really valued or understood, so I quickly started working remotely with customers in France, Spain, UK, Canada, and US. That's where I acquired most of my skills and knowledge.
Which privacy tools have you worked on or contributed to?
Too many to enumerate, but the most "popular" in the last couple of years are probably Signal, Padloc, Kagi, LibreWolf, and Manjaro. My first contributions to open source software started with the first public versions of Ubuntu, where I contributed with translations and bug reports (mostly debugging and attempting kernel fixes).
For the last few years I've mostly focused on my very own bewCloud, which is a simpler and lightweight Nextcloud alternative.
What motivates you to put your time and energy into developing privacy tools?
Probably just feeling like it's worth having more options to choose from, and some people need them.
With Uruky, I'd also selfishly like to "prove" it's possible to have a sustainable business and make a living by building ethical software with ethical choices and decisions.
Search
Can you tell me a little bit about how search engines work today?
The biggest search engines (like Google and Bing) try to gather as much data as they can from you, so they can sell advertisers ads with "targets" that "convert" very well.1 As a consumer, you don't pay directly with money; you pay cognitively, by having your attention and curiosity sold to the highest bidder.
Some, like DuckDuckGo or Qwant, sell ads to advertisers that are arguably slightly more ethical and "convert" decently enough, based on the query itself, instead of the user's data. As a consumer, you pay again in a similar fashion, although this is potentially less privacy-invasive than the first option.2
Then there are options like Kagi or Uruky, which put a more "conventional spin" on search, by selling great search as the product, instead of selling ads to advertisers. As a consumer, you pay directly and financially, for the "non-enshittified" search experience.
Have you read The Age of Surveillance Capitalism by Shoshana Zuboff? It's a bit of a slog at times, but a fantastic breakdown of how exactly this happens.
Yes. Iâve also noticed the documentary film The Social Dilemma has touched some people Iâd previously thought unwilling to understand the maleficences of social media and mobile smart phones.
Can you explain what a search provider is, and how that is different from a search engine?
A search provider is a company that provides access to search results, programmatically. They might have their own search engines (usually, but not always), and they might also have their own indexes, but not always.
Uruky
What exactly is Uruky, and what type of need does it meet in the field of search tools?
Uruky is an ad-free, private, and personal search engine. Technically, it can also be called an enhanced metasearch engine, though we now have our own index and crawler. Metasearch engines (like Searx or SearXNG) query popular search engines, aggregate the results, and return them. There are some arguable privacy gains from this technique, but it's brittle and doesn't provide any direct financial incentive to stop the practice of gathering private data and the sale of such profile information for accurate advertising targeting.
The only real option for paid search before Uruky was Kagi (of which my wife and I were happy customers for a few years; I even contributed to their browser extension and met with their CEO in person), but ultimately I disagreed with their direction and vision for the future. Shortly after going back to Ecosia my wife and I talked about creating a simpler Kagi alternative, more akin to what it had been initially (just focused on search â no AI, news, mail, drive, etc.).
What is your wife's role in the Uruky project?
PatrĂcia majored in Philosophy, so she is the beauty and the brains of the operation!
In all seriousness, she does not enjoy tech very much, and can always ground me on what "regular customers" (i.e. non-software engineers) will want and expect from an interface and user experience.
For example, the "Try in:" section above the search results was something she came up with; the mobile UI is also very much tailored to her liking, and all our customers have really liked it so far.
top section of Uruky UI on desktop
She's too self-conscious about her English (which is much better than our current and past Prime Ministers') to handle regular customer support, but handles most communication in Portuguese that is conducted with customers or potential partners; she also deals with the administrative part of the business around legal and accounting.
Where does the name Uruky come from?
This isn't glamorous, but I came up with that after trying different combinations of words and letters with keywords like "Europe", "keyword", "search", "privacy", and "personal"; eventually I found the domain name for sale and purchased it. PatrĂcia didn't like the name (I think by now she's grown accustomed to it, though). I read it in English like "Euro-key", but there's no real "special" meaning.
How is Uruky different from Kagi?
It's cheaper and based in the EU. It also collects no personal information (Kagi collects your email, for example).
Functionality-wise, Uruky allows for much more personalization, like choosing your favorite search provider and excluding certain TLDs (Kagi allows excluding domains, but not TLDs).3 Kagi does offer quite a few more things like AI summaries, mail, drive, news, etc.
Another big difference is we give customers the source code after 12 months (we're actually considering making it publicly available under AGPLv3 â or some other license â if we reach 300 monthly paid accounts before having our first account's anniversary).4 This is to ensure they can feel more confident we do what we promise (no logging, etc.), and also that they can run it with their own infrastructure, if they prefer it that way.
Why does Uruky cost money? Could you give a general breakdown of the categories of costs for running a project like this (not specific amounts, just categories)?
Our server (currently just one) costs money to maintain and operate.5
Additionally, every search provider costs us money every time we ask them for data (and they need to spend money and resources to crawl, index, and store the website data, then query that data when we ask them for it); depending on the provider, this varies from $1-$6 for a thousand queries.
Finally, and most importantly, we need food and shelter.
Why should people who currently use a search engine like DuckDuckGo consider paying for Uruky?
There are a few reasons, but the most important would be to stop being the product; to stop supporting a Big Tech index and privacy-invading (even if much less than Google) ad-based revenue; to instead support an independent and ad-free search business model while having more control over the search experience (you can't boost/lower/exclude domains or TLDs in DuckDuckGo).
If you're in Europe and care about that, to also "buy local".
The nitty-gritty
Uruky allows users to prioritise the search providers they use. Can you briefly say something about the differences between them?
Sure thing! We intentionally only chose Europe-based search providers, which means none of them are a âBig Techâ company:
Mojeek: Our first provider. A small company with the best API (most support for customization, and most information returned per result); they have their own index and crawler.
Marginalia: Our second provider. A tiny company, offering an open source search engine, also with their own (smaller than Mojeekâs) index and crawler, more focused on the âindie, weird webâ.
Linkup: While their marketing is targeted at AI/agents, their index and API is very good and the results very different from Marginalia and Mojeek.
Serper: Based in the UK (Europe but not EU) and using anonymized Google results, we skipped adding them for a while, but the reality is that a decent percentage of customers wanted a result experience similar to âoldâ Google (before all the AI stuff) and DuckDuckGo.
EUSP: EUâs initiative on a larger, independent index, championed by Qwant and Ecosia. Still a small index, but for English/German/French Europe-centric searches, it performs incredibly well.
Uruky's Search Providers menu in Settings
What is Uruky Site Search and what happens if you include it in the Settings menu?
Uruky Site Search is a product for website owners who want to have great search for their visitors, and it functions as Urukyâs own search index! It crawls, indexes, and pulls results from any website whose owners authorized it. Itâs a tiny index (for now, so it doesnât show as a âfull" search provider) with results you usually might not have found otherwise.
Why did you decide to have subscribers sign up with an account number rather than an email address and password?
We are Mullvad customers and I've always admired their privacy policy, so when my wife and I were first talking about building an alternative to Kagi, I wanted to do what they did, and gather no data from people in the database. It comes with other problems and challenges, but we'd likely close Uruky (and release the code) before considering changing that.
Note that Uruky Site Search (site search for website owners) is different because it's tailored for website owners, and a website owner will always have to identify themselves. That being said, the data collection is also minimal there (unlike any other alternative), with just an email and the websites you want to index, and for people searching, nothing is stored permanently (only hashed IPs temporarily, to prevent abuse).
What are the challenges of adding a family plan to Uruky?
Our goal with Uruky has always been to store the minimum amount of data necessary. This means no lasting connection between accounts or payments (that connection only exists in the database for 15 days, so we can verify and process refunds). In order to add a family plan, we'd have to create some sort of connection more permanently.
Right now, this connection exists in our email inboxes (since you'll have to reach out and ask to basically sponsor another account number), which are emptied frequently (once the conversation's done), and so these connections are very ephemeral, there.
Additionally, as you can easily check with our costs above, âŹ5 / month doesn't net us much money. After paying providers and taxes (before any income for us to support our family), it nets less than 40% (on average), so when we offer 2 accounts for the price of one, we're basically offering the service at cost, and that's not sustainable. In order to have a family price, we'd probably have to raise prices for everyone, and we'd rather avoid that, for now.
Looking ahead
What are you most proud of with the Uruky project so far?
The fact that we've crossed 60 monthly paid accounts in less than 3 months (without any ads) feels incredibly rewarding and validates a need for this kind of product, even if it doesn't validate the fact it can be sustainable, yet.
What is your biggest current challenge?
Outreach, without a doubt. In "regular businesses", they just start spending money on ads in Google, Facebook, Instagram, etc., but we don't want to empower Big Tech or do targeted advertising, so it's difficult in today's society for people to even learn about Uruky.
Education is also a big part of it, because a lot of people aren't aware of the importance of privacy or how theirs is violated multiple times per day.
What we've been doing so far is deliberate reaching out to people concerned about privacy and sponsoring open source and privacy-focused projects, hoping that people see the list of sponsors and learn about Uruky.
Where do you see Uruky in five years?
Boy, I never liked these kinds of questions. If we can't reach at least 500 monthly paid accounts in the next 18 months, it'll be more likely we shut the product down and release the source code, because we won't be able to keep covering the costs.
If we do reach that target, I hope we stabilize features and focus on consistency and improving the search and personalization experience as people need.
Are you in touch with other developers in the privacy search tools field?
I'm in touch with a couple of somewhat known engineers, but more with engineers building other kinds of privacy tools.
Are there any independently developed privacy tools like Uruky (not just search) that you use and/or would recommend?
This is hard because I've seen great companies and product recommendations turn sour after a while. Many years ago I used to recommend Proton a lot (and I still have a paid plan with them that I do not use), but don't any more, for example.
In any case, right now, I use, pay for (subscription or donation), and recommend Mullvad VPN, Tuta, Signal, GrapheneOS, and bewCloud!
Documentation
Privacy is Power by Carissa VĂ©liz
Privacy Matters by Privacy International.
How to Stand Up to a Dictator by Maria Ressa
Conversion in Marketing: Definition, Types & Examples
The Social Dilemna by Jeff Orlowski-Yang, 2020
-----Discuss on Mastodon-----
Find me on Mastodon.
Convert is the term advertisers use. Convert money is spent into ROI (return on investment). Sometimes thatâs a purchase, sometimes a sign-up for another service that will sell your data.↩
When youâre presented with an advertisement thatâs tailored to many of your profile indicators, itâll be very difficult to resist what youâre presented with; even with ânon-targeted adsâ, youâre still paying cognitively.↩
TLDs are â.comâ, â.netâ, â.eu", etc. It stands for Top-level Domain.↩
AGPLv3 is an open source license that âforces" anyone using the code to also release the source code, even if they make modifications. More information about it here and here.↩
Nowadays companies (and indie developers, through PaaS â Platforms as a Service) like to use multiple servers âfor scaleâ, but thatâs usually a waste of resources and unnecessary complexity. If your system is well designed, one server will go a long way.↩