Kagi (Search Engine)

Impossible if you require payment. How can you claim this?

In the same way they slander Brave here then use Brave’s search index in their product – they just be saying things

Completely different situations and also not true. You need an account here to post. For other search engines we do not need accounts so it is technically a lot harder to tie data together for the service. For you simply that would be a lot easier so that is a risk and trust issue. You are comparing apples and pears.

I’m a paid Kagi user, but I think recommending Kagi will be not a good idea. I mostly trust them to adhere their Privacy Policy but they do have a way to link searches to particular users if they’d want to (or if they are forced to). I don’t think PG should recommend services which claim to be private on a “trust me, bro” basis.

On the other hand, their Orion browser will be a perfect candidate for recommendations once it’s more polished and out of beta. They literally collect zero telemetry and support uBlock Origin. Orion’s privacy grade is better than Firefox’s but unfortunately they are macOS only with Linux build not coming any time soon.

I’m a user of Kagi too. Just came to say that you can sign up with a masked email and then pay with Lightning. It doesn’t require any personal information that way. Plus, ff using KYC free bitcoin or mixed bitcoin, you could then use Kagi without the bitcoin being tied back to you either.

I’m trying on figuring out how to use LNURL-auth. If implemented on Kagi, then this would simplify logins too without the need for even a username or password. If unfamiliar with LNURL-auth schema, check it out at stacker.news

Agree that they could link searches to a specific user if they wanted to, but if signing up using a burner email and paying with Lightning, then identity would still be hidden.

Masked email is still PII. Whether you like that or not. All information that leads to one person is (by law) personal information. Claiming they collect no PII is thus false. By your logic a user ID would also not be personal data or a credit card number. Think about this again.

I am not even going to get started on crypto.

Where did I say a credit card would not be PII?

According to the U.S. Department of Labor, "Personal Identifiable Information (PII) is defined as:

Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media."

By this logic, I don’t see how a user ID or a randomly created email is PII. The masked or anonymous email or user ID or LNURL-login could not be used to contact a specific individual.

By your definition, would Google (provided that you are not logged in), give less PII because it does not require an account to use?

Out of curiosity, how does Mullvad fit in this PII schema? You get a single randomly generated account number.

Mullvad does not have any other info to translate the ID number to. There is no way they can get to your actual email from this ID. Using a masked email you can still eventually by forcing the provider get to your real email. (Just like a credit card number.) I really do not understand that I need to explain this to you but okay.

A masked email is always indirectly linked to you. But besides even that. This is an action the user has to take, so this does not make it that Kagi does not collect emails, you as a user can partially mitigate the problem, Kagi does not. Besides still even all your search been linkable under the same identity can also tell a lot about who you are.

Definitely true that Kagi could have a database of all the searches tied to an email.

Maybe a masked email is not the ideal way, but what about creating a new proton email or something that doesn’t require payment or any PII?

Currently it looks like using an email is the only way to login. Would integrating Nostr login or LNURL-auth mitigate some concern about masked email providers being forced to give up the “real email”?

Maybe in the future I could literally create a new Nostr account or spin up a new Lightning wallet and use those to login, thereby negating the need for any email at all. You could prepay a few months of Kagi on Lightning for that Nostr login. Then repeat the process by logging in under a new fresh Nostr account.

The end result would be identical, IMO, to Mullvad in that you’d have an account with credits for a few months of use. When credits are up you can just walk away or create a new account.

This is all still you making mitigations, all fine, but it doesn’t mean the service has that included. Using a search engine that doesn’t require an account is always going to be better.

Sounds good. Protecting privacy is all about mitigations. I take the step of not using Gmail…there’s a mitigation that I actively had to take.

I guess nothing should be recommended that needs any sort of a login then.

The tradeoff for me with using a “free search engine” is understanding why or how it is free. There is a cost that needs to be paid somehow. Mostly by ads for the free search engines. Unless you actively make the effort to mitigate that invasion of privacy by using a VPN and a browser (like Mullvad Browser), with a broad fingerprint, then you are by definition providing information to the search engine or the groups that advertise with it.

Mitigations are needed on both sides. What I’m saying is that by not providing any PII through Nostr/Lightning login and payment, then even if Kagi has a profile built up of that login, it doesn’t matter becasue there is no email or anything else linking it to yourself.

Well if it can be done otherwise I guess you are right.

And you are correct it’s all about tradeoffs. Just Kagi is very new and I don’t think we should recommend something this impactful when such a risk is present. I fully support them in that you should pay for products on the internet but for now for the individual reader of the website I don’t think it should be recommended to use this while private options are already available.

It is reasonable to assert that $10 per month is a steep price for a search engine subscription. Many individuals might find this cost prohibitive, which is understandable. Kagi justifies their pricing by stating that each search currently costs them approximately 1.5 cents [1]. If this is true, the pricing would be fair.

Concerning the quality of search results, the perceived superiority of one service over another is inherently subjective and varies from user to user. Personally, I have never favored the search results provided by DDG. Since I began using Kagi, I have not considered reverting to my previous search engine. I find the search results highly satisfactory for my needs, and I appreciate the customization options available, which significantly enhance my experience. I have also observed continuous improvements in their service. Nevertheless, I occasionally need to rely on other search engines, particularly for functionalities like maps or image searches. In these areas, also other alternative services like Startpage or Brave Search fall short compared to something like Google.

That being said, I do not view Kagi as a privacy-focused search engine. Although they claim not to log user data, the requirement to register for an account inherently compromises privacy compared to services like Startpage, Brave Search or DDG. There was a suggestion in their official feedback forum to implement an anonymous registration process similar to Mullvad’s, but Kagi has shown little interest in reviewing this approach [2]. Likewise, they do not appear inclined to offer any form of anonymous payment options such as XMR [3].

Kagi does not check if an email is valid, nor is receiving emails needed for any of its features. That means you can generate a long random fake email as account number, which makes it on par with mullvad.

The free search engine recommendations still follow the surveillance capitalist logic: I want services for free that cost money to operate. To create a different internet that is free and not based on surveillance, we have to start paying for services like a search engine. We have to support alternative business models that are user-aligned and not advertiser-aligned.

On ads: Old school contextual ads are almost extinct, and ads nowadays are exclusively based on surveillance. Further, modern advertisement uses emotional persuasion tactics to influence you and conditions you into a futile consumer materialistic ideology.

All 3 non-self-hosted search engines listed on PG suffer from user alignment issues. They all display ads and/or affiliate links, which conflicts with showing the user the best search results.

Claiming high standards and then including Brave, which is VC money-fueled, has yet to prove it can support a sustainable business model (that is privacy-friendly) and has several sketchy incidents in the past. DuckDuckGo has absolutely abysmal search quality compared to other engines and also has a problematic relationship with Microsoft, at least in the past.

Sometimes it seems PG has a status quo bias, applying much higher standards to new entrants than existing recommendations.

Incentives matter, as do business models. Someone serious about privacy needs to take those into account too.

You are probably right, but Brave has very few ads, and you can disable them on DuckDuckGo. Or just use an adblocker. I am not saying Kagi isn’t a great product, just that it isn’t private.

Still thats not a privacy by default. People will most likely give up their email. You now make the user responsible for the defenses. The product does not offer it.

I just don’t get why Brave Search is allegedly private, while Kagi isn’t. Both claim they do not log, collect, sell or store PII. Both claims can’t be directly verified. Most Brave users are free tier and thus don’t pay for the service, forcing Brave to look for other avenues for generating profit. Kagi on the other hand has no incentives to collect and monetize PII, it doesn’t have to, users are paying for the product.

That just leaves the account creation on Kagi, which as stated above can be done as private as creating a Mullvad account. And for a paid service, it makes sense to have some form of account. But that does not mean it isn’t private.

Ever heard of shadow accounts? You can be tracked without having an account.