• sir_reginald@lemmy.world
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    Kagi can claim whatever they want in their privacy policy. Where’s the code of their servers? Because I see none. How do we know they aren’t keeping logs that could be easily correlated (by themselves or a third party who access their servers)?

    Even if we had the code, I would still be skeptical, we can’t be sure what code are they exactly running on the server side and having an account linked to every search is just awful.

    SearXNG is anonymous while offering the very same features, if not better.

      • sir_reginald@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        1 year ago

        You aren’t wrong about not knowing if SearXNG instances are running a modified version of SearXNG that tries to log you.

        Fortunately, we don’t need to trust those instances. They do not require you to login, so there’s not an unique identifier (like an account) to associate your searches with other than your IP address which you can hide with a VPN, or even better, using a .onion instance (something that Kagi does not have at all AFAIK).

        For using Kagi, no matter if you switch your IP address every time, if you delete cookies after closing your browser or if you buy a new laptop for every search query, you’re uniquely identified because you need to log into your account.

        And for that account, you have to use a payment method. Sure, you can try and pay with a Monero to Bitcoin exchanger and do not give any personal information (and if we’re being realistic, we know most Kagi clients aren’t doing this). Even if you paid anonymously, you can only achieve pseudonymity because you’re associated with your account.

        With SearXNG, I could use a different .onion instance for each query and be completely anonymous (that’s completely overkill, but it illustrates my point well).

          • sir_reginald@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            No. Kagi’s fault is needing an account, a unique identifier which all searches could be correlated to.

            SearXNG could leak your IP if your VPN provider was keeping logs? Definitely. And so does Kagi. Tor could be attacked by a three letter agency and compromise your .onion connection to SearXNG? Definitely. And it would be easier to de-anonimyze you when connecting to Kagi, which doesn’t have an onion domain. Do you need to give SearXNG your email and/or payment information? Not at all. But Kagi requires it. Can you look like two completely different users when doing two queries to SearXNG? Easy. Not possible with Kagi. Do we have the server’s code? We do for SearXNG instances. We don’t have Kagi’s.

            I think it’s pretty clear the privacy compromise here.

    • ioslife@lemmy.sdf.orgOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      That’s a good point that I hadn’t considered. I do like the idea of SearXNG, but didn’t have great results when testing it. Maybe I should give it another shot on another instance.