Here’s my interview with Bruno, a software engineer based in Portugal, who has created Uruky, a privacy search engine.
I thoroughly enjoyed collaborating with him on this and hope the article will give his small project some much-needed exposure!
Bringing a privacy-first search tool to market is a challenging but rewarding task.
You can find out more about Uruky here.
Interesting interview. One part caught my attention:
Our goal with Uruky has always been to store the minimum amount of data necessary. This means no lasting connection between accounts or payments (that connection only exists in the database for 15 days, so we can verify and process refunds).
I wonder if they would look into implementing Privacy Pass to separate payment from searches, Kagi already did this using a browser extension, but Google supports it in Chrome now via an API and is looking at adding Privacy Pass support in browsers as a web standard. Basically I think a design that doesn’t even use accounts would be the best thing to do, just use Private State Tokens to verify someone is a paying customer and let them do their search.
It’s also possible to protect search queries using homomorphic encryption. I think keeping your search engine from being able to view the content of searches is very important for privacy, considering you can be personally identified just by your searches alone in many cases.
I wonder if they have plans to look into these in the future, I think it would make Uruky the first truly private search engine backed by cryptography and not just promises. Search engines are probably the best proving ground for these technologies but they just haven’t been fully realized yet.
@brn is on PG, so hopefully he can address some of your points!
@fria thanks for the amazing questions! We have looked into Privacy Pass initially, but the need for an extension and lack of a standard cross-browser API made us decide to hold on implementing it. If/when that reaches Firefox we’ll certainly look into implementing it.
Regarding homomorphic encryption, that is something we could consider implementing for our own search index/engine (Uruky Site Search), but we can’t control how the other engines (from providers like Mojeek, and Marginalia) query their data, so it couldn’t be applied there. Or are you saying something else I’m missing, here?
Understandable, it’s cool that you looked into it anyway. I’ll definitely be watching it to see how the browser support progresses.
Yeah that makes sense. Are you planning to eventually switch over to your own search index fully? Even if you don’t I think using it for your own search would be a great privacy feature.
We would love to, but I don’t think that’s realistic for now. Mojeek has millions of users and their index is probably the biggest non-Big Tech one, and that costs a lot of money to maintain. In order to be able to have a comparable index to make that switch, and to support the costs of that, we’d need thousands of active monthly accounts. We still haven’t reached 100. 
Regarding homomorphic encryption, it’s also not realistic for now. It’s a very complicated process that increases costs and takes a lot of time and effort to implement (Apple took years, for example), but we could technically do it (because we own the stack and engine — based on meilisearch, which does not implement homomorphic encryption; if they did, then we could probably somewhat easily leverage it).
That’s not something Kagi achieves with their deployment of Privacy Pass. If they do, feel free to point us to any credible sources apart from their marketing material.
So I can’t list Kagi as a source for their own feature?
These tokens prove you have the right to use Kagi’s services without revealing who you are. This means your searches can’t be linked back to your account or to each other, providing an additional layer of privacy
I’m not sure what counts as “marketing material” to you but this is from their support page. If this is a lie you should take it up with them I suppose.
The Privacy Pass protocol allows the issuer, origin, and attester to all be the same, provided “issuance and redemption events be separated over time, such as through the use of tokens that correspond to token challenges with an empty redemption context (see Section 3.4), or that they be separated over space, such as through the use of an anonymizing service when connecting to the Origin”:
Source: RFC 9576 from the IETF outlining the Privacy Pass architecture
Separation over time is achieved by doling out many tokens at once that are redeemed over time. Kagi also supports Tor and runs their own onion service, so I would count that as an “anonymizing service.”
Thanks also for mentioning this. I added them to @developers earlier today.
Can I pay with Monero? That would be a good feature which stops me from using Kagi.
Thanks for the links.
Yes? That’s not because we distrust “primary sources”, but (hopefully it is obvious why) they are not the most unbiased source about themselves.
There’s expectation team members not rely solely on primary sources.
To me? Some of the editorial in security audits by Cure53 (see), for an example relevant to these forums, are marketing.
My question was, how does Kagi’s deployment of Privacy Pass cryptographically guarantee unlinkability, like we hope it does? Not what the RFCs say Kagi must do, but what Kagi infact actually allows.
The downside of this is that if you are not on a larger network, the IP address will probably deanonymise you. Kagi knows you are logged in, and if you open a private browsing window to do a spicy search, they could link the searches. Fast switching between modes is undesirable.
In fact, we’ve also discussed this on these forums before: Kagi (Search Engine) - #93 by ignoramous
Applied cryptography (like Privacy Pass / Trusted Computing / HE etc) is very hard & very expensive, in practice, like @brn politely points out above (that it is one thing Apple does it, and another for an upstart to pursue it, and yet another for upstarts to mis-market it). We should hold any firm making cryptographic guarantees to a very high standard (for example, see @maqp on private messaging).
/meta
I’m afraid that’s not possible, right now. We have looked into it before and added an entry in our FAQ about i. Basically, in Portugal, we wouldn’t be able to exchange Monero to fiat legally, or use Monero to pay for any of our other costs. We might be allowing cash payments in a couple of months if our growth trend continues.
A couple of updates, here, with a question:
Thanks!
Discussion on hacker news might interest folks here: Show HN: Uruky (EU-based Kagi alternative) now has Image Search and URL Rewrites | Hacker News
