Being logged in while making search queries in search engines poses significant privacy risks. The searches can paint a comprehensive profile of the user, and these data often remain stored for extended periods. There's a chance this information might be shared with third parties. Coupled with other user data, these logged-in searches can pave the way for targeted advertising, sophisticated predictive analysis, and potential exploitation by governments or malicious entities. In the event of data breaches, the user's logged-in search histories can be exposed. Furthermore, users typically don't have clear insight into how their data is utilized when logged in.
I hope Kagi introduces an anonymous access feature. For instance, it could incorporate zero-knowledge proofs (ZKPs). These are cryptographic techniques where one party (the prover) can confirm to another (the verifier) that a claim is accurate without disclosing any additional information. This is especially beneficial for authentication scenarios where it's essential to avoid sharing extra details.
To implement zero-knowledge authentication for quota API access:
1. Token Creation:
- Each month, users receive a token tied to their identity and quota.
- The token can be split for use on multiple devices using cryptographic methods.
2. API Access:
- Clients present a zero-knowledge proof (ZKP) to confirm they have a valid token and haven't used up their quota. The server verifies this without seeing the exact details.
3. Client Synchronization:
- Each client tracks its quota usage.
- Synchronization can be peer-to-peer or through a centralized, encrypted server to prevent double spending of the quota.
4. Quota Renewal:
- Monthly, old tokens expire, and new tokens are issued.
Challenges:
- ZKPs can be resource-intensive.
- Token security is crucial; there should be a way to handle lost or compromised tokens.
- The system should prevent quota "double-spending" across devices.
- If a centralized server is used for synchronization, it should operate with encrypted data.
This way Kagi would only know who their customers are but not what kind of searches they make.
Kagi already provides a way to search anonymously via a random email address (we do not really verify it or need it for anything) and Bitcoin/Lightning payment [1].
Since you are interested in cryptography, there is a discussion on Kagi feedback site along the same lines as your idea, about possible ways to achieve this without the need for cryptocurrency. [2]
Thanks for the links. Using a disposable email with crypto payments and occasionally generating a new account to unlink from previous searches could be a viable intermediate solution.
Also, I found this link [1] in the thread you mentioned. They seem to have implemented something like that.
Just to make it clear, Kagi does not link searches to an account already, to begin with. Refer to our privacy policy [1]. We simply do not need that data for anything and it would be just a liability for us. Our philosophy is that users should personalize the search feed themselves and this is why we built features like the aiblity to block or promote domains, create search lenses and many more.
However there is no technical way of proving it. So cryptocurrency and cryptography are ways to achieve anonimity from a perspective of a user, regardless of what we are doing.
Any system that can check balance, can link searches to a user. There's no way around it. In your case, Kagi would need to trust the client with the balance, which would be insecure.
There's only one solution, and that is that you need to put a bit of trust in Kagi. Compared to the major one, Google, you can chose between one that promises to not store data, and one that promises it does (and does a lot).
It's always a bit sad that here on HN, when companies try to do better than bigger players, there's always people who think it isn't enough. It has to be absolutely impossibly perfect.
> Any system that can check balance, can link searches to a user.
I don't think it's true. I can immediately see at least two ways how it can be done without identifying the user.
1. Each user gets X tokens at the beginning of the month. When searching, user supplies a token, which is immediately burned. The token does not contain the user identity, just signature validating it's a valid token.
2. Variation of the above: each user gets a token good for X searches at the beginning of the month. When searching, the system will return a token good for N-1 search each time token good for N searches is presented. Again, no need to contain user identity anywhere in the system.
Of course, both solutions have their downsides (sync between multiple devices, stealing tokens, losing tokens, etc.) but it id definitely possible. And I am sure if somebody spent a little time thinking on it, these ideas can be seriously improved to eliminate the downsides without introducing the need to identify the user.
In both these cases the search engine provider could easily store your identity together with your token while issuing it and recover the identity once the token is used without any way to prove this from the outside. They could even issue tokens in the form AES_ENC("SOME KEY ONLY THEY HAVE", USER_ID | counter) and you would not notice.
You would have to trust them that they won't do this, which is no improvement to the current thing Kagi does (saying they won't collect any data, while admitting they can't prove it, you just have to trust them).
I think there's a fundamental difference between "X can not be implemented" and "can we trust this provider to implement X correctly"? In this case, it can be implemented without violating privacy. But of course you need to trust them to actually implement what they say and not instead put 9000 trackers in each page and track your every movement like certain other big companies do. But these are different things - the comment upstream claimed that the subscription system can not be implemented with privacy. This is not true - it can be. Whether or not a particular provider would implement it, and whether we can trust them that they did - that's a different question, which is also important but does not change the answer to the original one.
I'm not a cryptography expert, but from my research, shouldn't it be possible to verify quota on ZKPs server-side? Essentially, the server doesn't need to know the specifics of the user's identity, just that they possess a valid token and haven't exceeded their quota.
You can use search engines like Google without being logged in. When combined with tools like uBlock Origin and Cookie AutoDelete, it becomes more challenging for them to build a singular profile about a user, especially one tied to payment methods such as credit cards.
I genuinely appreciate what Kagi is doing, and I'd absolutely be willing to pay for their service, because if you're not paying for a service, you're the product. I trust companies to uphold their privacy promises, but "Trust is good, but proof is better." ;)
The issue is implementing it client side. ZKP means that you cannot simply embed a token in the URL, but instead need to participate in an active protocol. You could implement this in JavaScript, but then you need to trust the JS being served from the server.
Even once you do that, you have all the other tracking mechanisms that the server could use if it wanted to.
> Any system that can check balance, can link searches to a user.
For what it's worth, you can buy a physical Mullvad gift card and use that to create a very anonymous account for VPN use.
Even if you buy your gift card from a major online retailer, it comes from a stack of gift cards, nothing tracks which one was sent to whom. You can also exchange gifts among friends.
I'm not searching for anything terrifyingly illegal, and for the rest Google and MS already scrape and compile every byte of data I've ever generated. Why would it suddenly be a problem when a more reliable and less vicious company is doing a fraction of that?
You have to understand that most of us aren't fighting some battle for "perfect privacy," I just want a search engine that works for me, rather than advertisers, at the level of the search results themselves.
I get your perspective. A lot of us just want a search engine that serves the user first, not advertisers, especially at the results level. It's about function over strict privacy for many--everyone has their own privacy threshold.
But it's also about digital data autonomy. It's not just about avoiding surveillance over sensitive searches, but having control over our data's destiny. Even mundane data, in aggregate, can sometimes be used in ways we can't predict.
Personally privacy is a strong concern for me; I have many aspects of my digital life set up less conveniently in exchange for privacy.
In this case though we've have on one hand a product that definitely does aggregate data about searches, and doesn't do what I need very well; and the other a product that could, but does not currently aggregate data, and does an excellent job serving my needs.
And importantly there is no option of a product, available now, that is verifiably prevented from aggregation. Even a VPN unless I disconnect and get a new random IP between every individual search does not provide that protection. (And then browser fingerprints even.)
What is counted as "terrifyingly illegal" changes without a moments notice on the whims of your rulers. So even if you're not googling on how to bomb the government, there are hundreds of other subjects and opinions that could in the future make the majority of your neighbours, family and workmates think you deserve to be shunned, fired, in prison, or worse. That is why people want to protect their privacy.
Ok, but again Google and a hundred data brokers already scrape every detail of my life no matter what I do. Even if I become a hermit in the woods the existence of my friends and family who don't take those precautions would make my efforts worthless. Meanwhile we're talking about Google/Bing vs. Kagi... not "Super Secret Perfect Privacy Magic" vs Kagi.
So while I understand your overall concern, that ship has sailed for search engines and the internet. We're living in a world full of networked cameras that people voluntarily and happily install, of people broadcasting their lives 24/7. The idea of perfect privacy is getting downright mystical/religious.
Sure, and for what it's worth I trust Kagi. But I can understand those who are more strict with their privacy.
In the end I think we have to accept in some way that everything we say, write and do is subject to surveillance, and that the government might want to kill you for any reason that you'd have no chance of preventing.
> Being logged in while making search queries in search engines poses significant privacy risks. The searches can paint a comprehensive profile of the user, and these data often remain stored for extended periods. There's a chance this information might be shared with third parties. Coupled with other user data, these logged-in searches can pave the way for targeted advertising, sophisticated predictive analysis, and potential exploitation by governments or malicious entities. In the event of data breaches, the user's logged-in search histories can be exposed. Furthermore, users typically don't have clear insight into how their data is utilized when logged in.
100% agree on Kagi. Happy customer. Thought it would be just another one of my attempts to use Duck Duck Go that dies after two weeks of !g usage. Turned out Kagi just works. The biggest improvement / gains is on mobile, where you suddenly don't need to scroll through 5 screens of ad results to get to the content.
I wonder if part of why its better is due to other users providing feedback about results, but also you can pin results from specific domains to the top. Like I can pin any results from StackOverflow, instead of the garbage StackOverflow rip off sites Google keeps giving me, its pretty obvious its ripping off SO because I just read the same thing word for word on StackOverflow three links ago. Thanks Google.
> I wonder if part of why its better is due to other users providing feedback about results, but also you can pin results from specific domains to the top.
I think that matters very little. Kagi had excellent quality results for me from the start, in a huge variety of topics in several languages. Their user base is probably 90% American hacker, and I'm getting good results on queries they would never use.
Yeah, me personally I am more upset with how irrelevant and bad Google search results have become than I am worried about privacy. I know and have accepted that Google invades my privacy, but the trade off used to be I could find whatever I am searching for, but now I can't find anything on Google and it has made my job so much harder.
The Google search algorithm from 5 years ago was amazing, why they decided to change it for the worse is something I will never understand! And no I do not blame SEO entirely since that existed 5 years ago, what I am often looking for but can no longer find is information that has nothing to do with any products. It's not ads that I need to page through, but unrelated and bad results that are limited. I do not want to see the same results from page 1 on page 3.
Weird question that I have that I'd love anyone who makes a Kagi account to trial after reading the parent comment to answer:
When you make your account, you're given the option to customize. When you do, you can pick things like color theme and how URLs are displayed. On the right hand side of the page there is a preview of what your Kagi searches will look like.
In my example, the demo Kagi search is Magic The Gathering. I play a lot of Magic The Gathering. I spend most of my time online searching for things related to MtG or brewing decks, second only to things related to software development.
I imagine it's coincidence. MtG is a pretty nerdy hobby and Kagi seems like a pretty nerdy product. However, it made me uncomfortable enough to ask:
Is that what it shows for everyone? Or is there some tracking going on already that is being demoed? It's almost certainly the former given the positioning of Kagi in the search market, but I'd like to be sure.
I know it means nothing in the grand scheme of things, but y'all just got another customer.
I'd been on the fence but after reading through these threads and seeing a real reply from a founder (its been a while since I've seen an honest, non-PR Speak answer) I am excited to try y'all out.
This area was ripe for disruption with how terrible searches have become, especially on mobile. I'd be happy to see you eat G's lunch here.
I'm kind of blown away by how popular that game has gotten over the past few years in North America. I think the pandemic really accelerated the popularity of that and D&D, people are still doing these things after all of that. Even saw someone playing over the phone the other day. I don't seem to remember it being so popular but now it's more than ever and hardly a surprise tbh
The two biggest reasons for this are that the format Commander has specifically blown up in popularity and Wizards of the Coast making a first-party desktop/mobile client MtG Arena to compete with games like Hearthstone.
Commander is a 4-player casual format that's has as much in common with more typical board games as it does with traditional MtG.
Arena is likely what you saw someone playing on their phone. Funnily enough, it doesn't support Commander!
LLMs can not yet replace good web search. There are whole categories of queries whera a LLM is more or less helpless with. Think navigational queries, shopping /reviews, location aware, 'grep the web' style queries just to name the few.
For example:
nyt crossword
cheap iem reddit
starbucks near me
M7FFALP
Likely, a good search product in the future will be a combnation of both.
have you tried this on phind.com? it'll create multiple queries to find and organize data and it's very good and saying it doesn't know something rather than give a BS answer.
You should know by now that LLMs will and do lie in subtle ways that are not apparent to non-experts. Using them to understand complicated concepts is a great way to "learn" incorrect information. To be fair, the same can be said for humans, but humans are worse at bullshitting.
I really just need to converse about a topic for more inquisitive-ness and to form structured thoughts
It will tell me if I’m conflating concepts, before bullshitting about the ways theyre different. Thats fine, my blind spot would have been that I was conflating a concept for the next decade.
In that regard its the same or better than a human
I don't need it to be the source of truth, I need it to be conversational. It can make urban legends just like a person does, I don’t care, just give me a way to talk about a concept and decide if I want to learn more and it does that extremely well
I tried it a little but honestly thinking about having a limit of searches made me anxious every time I thought about searching like “is this really necessary” and so I went back to google.
Kagi searches are soon to be unlimited (fair use policy?) for the $10 plan. If I understand correctly, this may happen around October 2 when other new features are released.
I use search a lot in my workflow and my usage is showing 2k/month. I expected it would have been 3-4k.
Why not just ignore that the limit exists? If you hit it, you can always fall back to another search engine, after all, so it shouldn't be cause of anxiety.
I would love to see some of these privacy-focused providers like Kagi and Tutanota/Protonmail align themselves into a "bundle"-type offering (think video game humble bundles) where for like $35/month you got access to a bunch of useful tools like this. It would really expose a lot of people to services they aren't super familiar with already, so even if it was at a slight discount to the provider, they would acquire a lot of new users I bet.
It works fine in French for me. I really like that I can have international search by default, and specify a country when needed using a bang like !fr.
Fuck google, I have work to do. Thanks for the tip! Nice realizing that they've basically been wasting my time for a while now and that there's a decent alternative available.
Can’t second this emotion hard enough, love it, have never looked back, almost never bail out to !g - still use g maps for most location stuff, but all my web search is very comfortably living on kagi
Another happy customer here as well. I use at work and home and plan to start using on mobile browsers also.
The ability to essentially "weight" particular domains (pin, block, or anywhere in between) has saved me so much time. There are certain searches I do (music-related in particular) where I always want particular sites (metal-archives, bandcamp, etc) to be the first results, and having that as an option is great. It means that searches that I perform often have a result within the first 1-5 results that is exactly what I want.
No ads, way less SEO spam, and the ability to completely remove domains from results if I think I need to tweak it further. For most of my searches I previously used Google for- Kagi makes Google's results look laughably bad.
I've also been using it at work for tech searches (linux, redhat, etc) and it has saved me time there too.
I use a "family" account- and have one work account and one home account that way I can have different settings for different environments (would be neat if this could be built into non-family accounts though... like "personas" or "profiles" or something...) because I'm overpaying a bit to have the two account setup and don't reach the search cap. I think I'm okay with that though, because having the cap so high means I've removed the "running out of searches" anxiety from my usage of the service.
Kagi copied the same lame-ass google search experience.
Search engines should be able to support even those who are not SEO experts and not the first ones to arrive and sit on specific keywords. What I mean under that, if you have multiple good, exhaustive answers for a query, why not offer varying/random good results, so every link would have a chance? Let people break out of their bubbles.
I believe DuckDuckGo does (or at least they did) this with Bing. Starting a new scraper at a scale that users would need to be useful for what they're used to is such a huge jump. I'm sure if Kagi continue to grow they'd prioritize their own scraping too, but that's just not feasible at first.
Back in the day I'd suggest doing it via Alexa top sites, but now that Alexa is gone, I'm not sure what strategy I would use, but I would want to hit sites that are like the "top 10000 most popular" first, and scrape every inch I could.
I'm just trying Kagi out now, having done about 2 searches of my initial free 100. So far one was better than google and the other no worse. The "no worse" one was for something where I already suspect there aren't any good results to find.
Fingers crossed, but I have a good feeling about it. If it goes well the pricing seems fair.
Happy customer here! Been paying for a year with no complaints. Amazing search engine -- kind of like how Google used to be years ago before they started injecting more ads into search.
I was quite afraid of this, but apparently I'm around 700-800 searches a month and I search quite a lot during my work.
Kagi is also working on removing the 1000 limit on the 10$ subscription and offering unlimited searches.
Switching from the 5 $ plan to 10 $ was super smooth by the way, so if you want to try for less $, the 5 $ for a month is enough so you can get used to the product and know if you like it or not (and that's besides the 100 free you get while signing up for a trial).
That would be great. The $5 price point is the most I'd pay for search, but 300 searches per month is just not worth it in any sense. If all of the tiers moved down one step, or if Kagi offered a discount for annual membership, I could see it working for me.
I challenge you to find a group of rich folks who will fund such a thing - and will not simply demand the same profits as current structures do.
I just tried this with ~30 wealthy individuals/family funds that I have great relationships with and literally everyone said some form of the following:
“I am not going to liquidate my current investments that are on IPO trajectory for something that by definition will not IPO, and my investments are to ensure my kids go to private school/colllege fund/etc…”
You need to convince people, who currently think that the goal of making/having money is to insulate them and their families from reality, to instead choose to make/have slightly less money so that somebody else can have an easier/better experience in a way that is still concomitant with commercial transactions.
This is really the ideal use case for nonprofit funding, but unfortunately, real-world wealthy donors tend to give to university football programs and getting their names on hospital buildings. Sadly, SMU near me just made a deal with the ACC to forego ten years of television revenue in exchange for being allowed into the conference in order to get an automatic playoff berth if they can win the conference. Boosters will fully fund the athletic department to make up for the shortfall of not receiving and television revenue. All that money could have gone to good, but rich people care more about their alma mater having a 1% chance rather than a 0% chance at a national championship.
