No, privacy pass (issued against an underlying user-identifying credential) as implemented by Kagi (users can switch back and forth from using privacy pass tokens to their actual credential) doesn’t solve this.[1] Though, per their announcement blogpost, it seems like they want to implement a more careful variant of it some time down the line.
The thing to understand about privacy pass is, it assumes an anonymizing transport layer, like Tor or Private Relay. And so, adding any form of user context (like IP address or settings / preferences or device/usage metadata) after authorization pretty much defeats the guarantees, imo, of the entire privacy pass ceremony.
Either way, Vlad at Kagi is slowly building things out & punching way above their weight, which makes it pretty likely they’ll eventually build out stuff around privacy pass like we’d expect them to.
The onus remains on the end user to not divulge any PII to Kagi at any stage of enrollment / signup, including payments and also when logging-in to access its web services without anonymizing transport, like Tor or Private Relay. ↩︎