IOS extension leaking search queries

nobody

Steps to reproduce:

Attempt to use the search bar on iOS in mobile Safari, with the extension enabled and configured with a private link.

Observe that instead of Kagi, I see the suspicious queries "Sorry" page from Google with a CAPTCHA. If I solve the Google CAPTCHA, I am redirected to Kagi.

This happens commonly, but not all the time, when I'm using a mobile network (and have an ipv6 address)

This also happens on my home wifi sometimes, but inconsistently.

My guess is that the extension is matching certain known Google URLs, and that whatever my phone is randomly hitting isn't on that list.

Since I'm seeing a Google page about suspicious queries, this implies that my queries are also leaking. That's not good.

Expected behavior:

I expect the Kagi extension to intercept all search bar requests, under all circumstances.

Debug info:

Mobile Safari, iOS 16.5, Canada, US-WEST-2

Image/Video:

Not Applicable

jmabeebiz

I’m seeing this as well; although I’m seeing Google flash on Safari before redirecting to Kagi. This to me says my searches are still going through Google, which is worriesome.

Vlad

This is because Apple does not allow custom search engines in Safari and we have to intercept search engine queries and redirect to Kagi. In other words there is nothing we can do and this is the best method avaialble to developers.

For a better and more native experience we recommend using Orion browser for iOS/macOS which has Kagi built in natively.

https://browser.kagi.com

ps. Kagi for Safari is also open-source https://github.com/kagisearch/Kagi-Search-for-Safari-iOS

andreagrandi

Vlad hi Vlad, why I fully understand that this is due to an iOS SDK limitation, I think you should do something to warn the users about this. People are being told that all their queries remain private, but this is not the case. Please warn the users after installing the Safari extension.

Dumb

I had this issue as well. I just switched my default browser in safari to ddg and haven’t encountered captcha when on vpn or otherwise.

nobody

Forgive me, I’m not keen on using third party browsers.

Ah… so it’s hooking document_start, which means it’s redirecting after google has already seen the query and sent a response… which means it’s actually leaking every search, whether it “breaks” or not.

That’s a shame, I’m not sure I can justify a private search that isn’t.

Thanks for the answer and the link! Hopefully Apple changes their mind. (Ha…)

jmabeebiz

Ah right, I had forgotten about this because coming from Neeva I’ve been using their browser for a while and forgot about Safari doing this. Unfortunately I really don’t like the Orion browser on iOS so I can make Kagi default on Brave 😎

Vlad

jmabeebiz

Unfortunately I really don’t like the Orion browser on iOS

I am curious can you elaborate on this?

warpspin

Everybody discontent with the state of the Kagi extension in Safari should also take this to https://www.apple.com/feedback/ and request Kagi as choosable default and/or support for the webextension onBeforeRequest API: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onBeforeRequest

Let them know there is demand.

andreagrandi

warpspin done!

jjjj

Yeah, it's shocking that this is not communicated clearly and obviously to users before installing the extension. Most users are paying for and expecting private search. In reality all their searches are being relayed to Google (or the default iOS search engine).

Vlad

jjjj

It is disclosed as prominently as possible before installing the extension. Kagi did everything humanely possible given the situation.

Paths forward are sending feedback to Apple
https://www.apple.com/feedback/

or using Kagi's Orion browser
https://kagi.com/orion

ok

I’ve just noticed this is happening and I think it is extremely poor that this isn’t made more clear. The second paragraph in the application description says “some” requests “may” be leaked to your default search engine.

Is the reality not ALL requests WILL be leaked?

What are the circumstances in which a request will not be leaked?

Honestly, when you have a product which is largely based around privacy, this sort of thing should be in all caps at the top of the description.

The Kagi website says this:

Note for Safari Users: Browsing History
When you install the Kagi Search browser extension in Safari, you will see the extension requires access to your browsing history. This access is needed so the extension can intercept queries sent to other search engines and instead send them to Kagi Search.
No data from your browsing history is sent to Kagi Search beyond the search queries you make while running the extension. All queries made to Kagi Search are anonymized, never being tied to your specific Kagi Search account.

So rather than mentioning a serious privacy flaw, they make the point about how all searches sent to Kagi are anonymous and how none of your browsing history is sent to them. Very reassuring, I’m glad that my searches are safe with Kagi. Strange how they forgot to mention that it will all be sent to Google!

And to the user who said that they’ve been “as clear as they can” - when I open the Kagi for Safari extension on my iPhone App Store, I have to scroll down two pages - and click “See more” - to see the small (and misleading) notice.

Kagi must do better.

Whoop

The App Store description says some requests may still be sent to your default search engine. Can you expand on which requests don’t? As this wording seems to implying the majority do not, yet that does not seem to be the case from what I can work out?

Vlad

Depending on which redirect method is used, queries may not reach the website at all.

We have a new version of the extension that is doing such redirect by default (does not touch the website). If it doe snot work, you cna disable it in the settings to go to the previous (slower) method.

Join the test flight here
https://testflight.apple.com/join/nx6Gvf4h