this post was submitted on 25 Oct 2023
300 points (98.4% liked)
Technology
58997 readers
4242 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No it's not horrible for privacy it's literally just for billing which payment can be made anonymously too. They don't even verify the email address you use. So much misinformation in this thread. Go Google your info before you present it as fact.
it is a fact. you have to be logged in to do a search or use an API key which directly associates your search query with your account.
Let's say you don't give them a real email, that's good. Maybe you're using Tor or a VPN and they don't get your IP. And somehow you manage to make your payment anonymously. That's great.
Well, Kagi is still getting all your search queries which are directly associated with one account. We don't have their server's code. We don't know how or what are they logging. They can claim whatever in their privacy policy, I don't care. A single entity is receiving all your search queries directly linked to your pseudonymous account. This gives them a vast amount of data about the person using it, even if they do not know who you are, probably very sensitive information too.
Let's make a huge assumption and assume they are not correlating your search queries and they do not use this information for anything. Well, a third party actor with access to their servers could very well make use of this vast amount of personal data, whether it is a government, their hosting provider, a malicious actor, a security breach, etc.
And that's considering the best case in which you were covering your tracks hiding your IP all the time and making anonymous payments, which, being honests, most Kagi users don't do. So yeah, Kagi is a privacy nightmare.
To say it's a privacy nightmare in the context of a Google thread is just not accurate. If they associated search queries with your account then they'd be breaking their own privacy policy and opening themselves up to lawsuits.
I feel like this is a fair, even if incredibly skeptical, take on kagi. I am a kagi user and I had that exact thought when I started using it. How can you even function as a search engine if you dont capture searches at least in aggregate--so you can tune or shape your algorithms?
That said, I didn't start using them strictly for privacy. I started using them because they were giving me the best results I'd gotten from any search engine in a long time. And I didn't have to
And while I wouldn't necessarily say Kagi is the gold-standard for privacy, their business model is, at the very least, aligned with providing good search results. Google is an advertising company masquerading as a search engine. They have some incredibly perverse incentives for how they delivery results.
wtf that was not misinformation. you need to be logged in when making searches, they can log everything you search server-side and tie it to the same person.
every time I search something in SearXNG they have no way of telling I'm the same person if my IP has changed. but this is impossible with Kagi. they need to know your account.
they have basically 0 transparency of their server side, we don't have any code. It's like trusting a VPN provider not to log your every connection because "trust me, bro". this is a necessary risk for using a VPN but not for search engines and I wouldn't recommend anyone to take such a risk when better alternatives exist.
Then they must break their own privacy policy.
a privacy policy, as I said, is a "trust me, bro". they don't give any actual proof.
that by searching through a SearXNG instance in a .onion domain they have no idea of who I am and they can't associate it with any other of my searches, is a verifiable fact.
that Kagi isn't correlating search logs, isn't.
I'll trust verifiable facts over blind trust any day. and you should too.