I use Tor Browser as one of my main browsers, and the fact that often kagi gives a 403 error is very annoying and makes me reconsider if kagi is the right option for me. Would be nice if either kagi finds a way so we can use the service over Tor.
If the onion address is set up contacting the kagi servers directly, without passing over the GCP http servers, it will give Tor users an option to bypass the blockade and be able to use the service.
This feature is also important to me for the same reasons that everybody has already stated. It's kinda unusable that Kagi is 403ing all the time when used from Tor
Any updates on this? My yearly subscription is ending soon and i love Kagi, but this is crucial for me to be able to continue using it.
Hi, new Kagi user here and I was super disappointed to find that Kagi (or the technology providers they choose to use) takes extra effort to block Tor users. Having a search engine that reportedly cares about privacy force people to hand over their home IP address is creepy. If our IP addresses aren't being correlated with any other data to track us, why force people to hand it over?
A login is required to use Kagi, so there shouldn't be any concerns with abuse or attacks. If that happens, just handle them in the same manner as if they came from anywhere else: presumably by suspending the offending account and problem solved. There's really just no good reason to treat connections different based on what IP address they are coming from.
GCP does not block Tor exit nodes unless you ask them to do so. Here's the documentation showing this: https://cloud.google.com/firewall/docs/firewall-policies-rule-details#threat-intelligence-fw-policy
I hope someone at Kagi sees this and will remove the blocking of Tor exit nodes from your GCP firewall policy. It would only take a few minutes. It'd be minimal effort and a big public relations (PR) win. It'd really take some wind out of the sails of the Kagi critics. It would also be a big privacy win for your customers.
Independent of blocking exit nodes, I also agree that an onion service would be desirable. That isn't difficult to set up, but it does require research, making some design and implementation decisions, some infrastructure changes, testing, and so forth. It's completely understandable why that would take a couple weeks to put together if it were a priority, and a couple months if it were lower priotity.
I'd also like to address the question of how an onion service could help if it's still hosted on GCP and the GCP firewall is configured to block incoming connections from Tor exit nodes.
The shortest answer is because the service running on GCP will be reaching out to a Tor entry node. This means the inbound firewall rules do not apply and even if they did, the service is not connecting to an exit node.
To provide some more context, onion services use Tor to connect to a rendezvous point (RP). The client also uses Tor to connect to the RP. The RP matches the connections up and gets the requests and responses where they need to be (without being able to see the content of those requests & responses). It's called "hidden" because the users' ISPs don't see any DNS requests or network connections to kagi or even GCP. Meanwhile Google doesn't know who is connecting to the Kagi service either. All they see on the network is Kagi's service connecting to Tor entry nodes. So it's significantly more private. It also has the added bonus of undermining Google to the maximum extent possible (short of switching to a cloud provider that is not run by a competing search engine).
All of this is very deep in the details of how Tor hidden services work internally. To implement it, you just configure the Tor service to make a TCP port available as a hidden service and it takes care of all of these details.
Side note: If I were Google, I would absolutely be watching all the IP addresses that use Kagi and sending them targeted ads for privacy services and products to maximize profits. It's trivial for Google to map a home IP address to a physical address, the names of people who live there, and what they like/didlike. Just something for the business people at Kagi to keep in mind before investing further in GCP.
Hi,
I'm a new Kagi user, also rather disappointed with Tor often being blocked. At a glance it appears only roughly half of the exit nodes I've used have been blocked, but while this means it can still be used, searches constantly failing and having to request a new circuit leads to pretty poor UX.
Otherwise quite happy with the service, but it would be nice with a clearer policy here. Thanks!
@Vlad any updates or thoughts?
I think there are many people willing to help with an .onion-adress (the effort is very low ... well depending on your server setup).
And this should unblock tor-users because instead of using the (blocked) exit-nodes the non-exit nodes (normaly unblocked) are used to connect to the service.
Yes! This has been done and is currently in testing. Should be released soon.
kagi2pv5bdcxxqla5itjzje2cgdccuwept5ub6patvmvn3qgmgjd6vid.onion
Also read https://blog.kagi.com/kagi-privacy-pass
Thanks very much for this! One concern I do have is the need to install an extension in the Tor Browser. That defeats the fingerprinting resistance inherent in the browser with everyone having the same extensions installed. Adding the Privacy Pass extension makes one unique as a very small segment of people browsing tor will have it installed.
