With a VPN you're hoping there's no logs at all, and it's pretty easy for a VPN vendor - entirely by accident - to keep some logs around. And then a search warrant lands, they look around, find the logs, and the promise is broken. And it's entirely possible for that to happen by accident. So if I pay for a commercial VPN that claims they don't keep logs, I'm gambling on their honesty and competency.
With a search engine you're hoping they don't bias search results to favour advertisers, sell your search results to advertisers, etc. And that's not something you can really do by accident. If Kagi is being honest, then they're not accepting money to modify search results, nor are they logging my searches, or building up a profile of my searches, or modifying seearch results based on that profile, etc. Even if it turned out Kagi goofed and really were logging all my searches and tying them to my payment account (maybe, eg, for perfectly innnocent reasons, like solving a bug), that doesn't actually change their value proposition to me all. They're either super evil and lying about everything they're doing, or they're fine, even if it turns out they're cutting a couple of corners.
Kagi is putting themselves in a position which is inherently easier to trust than a VPN vendor (or early Google), due to the nature of the business model.
> Wouldn’t Kagi have to comply with a search warrant?
You can't find what isn't there. And there is not logging requirement in America. So put simply, no. If you searched for something sinister, and the U.S. government inquired, Kargi would--if they aren't lying--pose no risk to you.
If your concern goes beyond that, you're beyond bilateral trust. The concept of a search engine is beyond you.
With both you’re hoping there are no logs. It’s odd you used a different scenario where search intentionally makes the call to save searches linked to you and sell to ad companies, instead of sticking with the same scenario used for the vpn. You don’t want the search engine to log your searches linked to your ip or a user id that ties back to your billing info.
Then there’s a non-zero chance that either the VPN or the search or both are actually honeypots which not only log everything, but have a whole monitoring and alerting machine setup.
You’re more trusting than I. I assume the VPNs are no where near anonymous. I assume paid search is no more private than any other search. I assume the government doesn’t get or need warrants to know what we do online (do you think Prism just went away or hasn’t been replaced with a superior iteration?)
If anything paid search is more privacy invading than free ones. With free ones when logged out they know your IP which could serve any number of people so it wouldn’t be shocking that the searches being look into came from someone else on your connection and not you (tor relies on this), whereas with paid search you must be signed in to use, with an email address tied to you and a cc tied to you, all plausible deniability goes out the window.
Unless they MITM you and whatever app you’re using doesn’t do cert pinning, or they don’t have a legit root cert that they can sign completely valid certs with
To MITM me they'd need the intermediate or root certs of whatever I am connecting to? I don't see how even pinning the cert would help if the chain is invalid to begin with.
Yes sorry there was a typo in my earlier comment, but that’s what I was saying. If they have a stolen root cert, or are given one, they could produce 100% valid certs and youd never be able to tell they were doing it. I find it hard to believe the root certs of the internet have been kept safe all these years from the intelligence branches of these governments that are at cyber war all the time. I wouldn’t be surprised to one day learn root certificates were willingly given to intelligence branches for “national security” or whatever
How would I know? There’s always a VPN new kid on the block everyone shills for. Used to be that ProtonVPN was our savior now it’s nobody even knows it exists.
Point is unless you control every hop in the chain you can’t know it’s safe
This is one of my biggest loves of Kagi. I have all pintrest domain's blocked and it's great. And it's really easy to add a block too so when I get a result for a website that is useless or I don't like on to the blocklist it goes!
If they could group ecommerce sites in the same way they group listicles, that would be damn handy. (Just identifying sites with payment forms would go along way). It's not that I don't want ecommerce sites, it's just that sometimes I'm in research mode and sometimes I'm in shopping mode.
There were studies where it took as little as 10 searches to find out your exact identity. If you pay per month, month's worth of searches is more than enough to de-anonymize you. Ideal solution would involve pay-per-search.
That's surprising given how I assume the pareto principle applies to search terms.
>Ideal solution would involve pay-per-search.
I guess if you're really hardcore and are willing to trigger a transaction per search.
But in reality it doesn't work becsuse there's a small transaction fee for every charge. So it's really hard to charge below a dollar without major penalties. You can get around that with a token system, but we go right back to square one. I guess that's one problem crypto mitigates.
AFAIK the personalized results are not based on your search history, rather a personalized list of blocked, lowered, raised, or pinned domains. I think some people share their lists, not unlike PiHole.
Heya, I work at Kagi. This is correct, we do not personalize searches other than by respecting the user's customizations (eg. domain preferences, lenses, etc...) which are all entirely user-controlled.
Looks like this could change in the future, quoting from my Kagi settings screen:
> Save My Search History
> Currently this option can not be turned on. Kagi does not save any searches by default. In the future we may add features that will utilize your search history and then we will allow you to enable this.
Kagi accepts Bitcoin [1]. They also “do not log searches or in any way tie them to an account” [2].
[1] https://help.kagi.com/kagi/plans/payment-methods.html
[2] https://help.kagi.com/kagi/privacy/privacy-protection.html