Impossible if you require payment. How can you claim this?
3 Likes
In the same way they slander Brave here then use Brave’s search index in their product – they just be saying things
Completely different situations and also not true. You need an account here to post. For other search engines we do not need accounts so it is technically a lot harder to tie data together for the service. For you simply that would be a lot easier so that is a risk and trust issue. You are comparing apples and pears.
3 Likes
I’m a paid Kagi user, but I think recommending Kagi will be not a good idea. I mostly trust them to adhere their Privacy Policy but they do have a way to link searches to particular users if they’d want to (or if they are forced to). I don’t think PG should recommend services which claim to be private on a “trust me, bro” basis.
On the other hand, their Orion browser will be a perfect candidate for recommendations once it’s more polished and out of beta. They literally collect zero telemetry and support uBlock Origin. Orion’s privacy grade is better than Firefox’s but unfortunately they are macOS only with Linux build not coming any time soon.
1 Like
I’m a user of Kagi too. Just came to say that you can sign up with a masked email and then pay with Lightning. It doesn’t require any personal information that way. Plus, ff using KYC free bitcoin or mixed bitcoin, you could then use Kagi without the bitcoin being tied back to you either.
I’m trying on figuring out how to use LNURL-auth. If implemented on Kagi, then this would simplify logins too without the need for even a username or password. If unfamiliar with LNURL-auth schema, check it out at stacker.news
Agree that they could link searches to a specific user if they wanted to, but if signing up using a burner email and paying with Lightning, then identity would still be hidden.
Masked email is still PII. Whether you like that or not. All information that leads to one person is (by law) personal information. Claiming they collect no PII is thus false. By your logic a user ID would also not be personal data or a credit card number. Think about this again.
I am not even going to get started on crypto.
Where did I say a credit card would not be PII?
According to the U.S. Department of Labor, "Personal Identifiable Information (PII) is defined as:
Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media."
By this logic, I don’t see how a user ID or a randomly created email is PII. The masked or anonymous email or user ID or LNURL-login could not be used to contact a specific individual.
By your definition, would Google (provided that you are not logged in), give less PII because it does not require an account to use?
Out of curiosity, how does Mullvad fit in this PII schema? You get a single randomly generated account number.
Mullvad does not have any other info to translate the ID number to. There is no way they can get to your actual email from this ID. Using a masked email you can still eventually by forcing the provider get to your real email. (Just like a credit card number.) I really do not understand that I need to explain this to you but okay.
A masked email is always indirectly linked to you. But besides even that. This is an action the user has to take, so this does not make it that Kagi does not collect emails, you as a user can partially mitigate the problem, Kagi does not. Besides still even all your search been linkable under the same identity can also tell a lot about who you are.
1 Like
Definitely true that Kagi could have a database of all the searches tied to an email.
Maybe a masked email is not the ideal way, but what about creating a new proton email or something that doesn’t require payment or any PII?
Currently it looks like using an email is the only way to login. Would integrating Nostr login or LNURL-auth mitigate some concern about masked email providers being forced to give up the “real email”?
Maybe in the future I could literally create a new Nostr account or spin up a new Lightning wallet and use those to login, thereby negating the need for any email at all. You could prepay a few months of Kagi on Lightning for that Nostr login. Then repeat the process by logging in under a new fresh Nostr account.
The end result would be identical, IMO, to Mullvad in that you’d have an account with credits for a few months of use. When credits are up you can just walk away or create a new account.
This is all still you making mitigations, all fine, but it doesn’t mean the service has that included. Using a search engine that doesn’t require an account is always going to be better.
1 Like
Sounds good. Protecting privacy is all about mitigations. I take the step of not using Gmail…there’s a mitigation that I actively had to take.
I guess nothing should be recommended that needs any sort of a login then.
The tradeoff for me with using a “free search engine” is understanding why or how it is free. There is a cost that needs to be paid somehow. Mostly by ads for the free search engines. Unless you actively make the effort to mitigate that invasion of privacy by using a VPN and a browser (like Mullvad Browser), with a broad fingerprint, then you are by definition providing information to the search engine or the groups that advertise with it.
Mitigations are needed on both sides. What I’m saying is that by not providing any PII through Nostr/Lightning login and payment, then even if Kagi has a profile built up of that login, it doesn’t matter becasue there is no email or anything else linking it to yourself.
Well if it can be done otherwise I guess you are right.
And you are correct it’s all about tradeoffs. Just Kagi is very new and I don’t think we should recommend something this impactful when such a risk is present. I fully support them in that you should pay for products on the internet but for now for the individual reader of the website I don’t think it should be recommended to use this while private options are already available.
3 Likes