The new Safari extension 2.0 does not work

Dustin

Having Safari declare that Kagi's extension "can be used to track you" does not align with Kagi's philosophy of not tracking users. Having the code be open-source helps, but we've received feedback that the permissions text in Safari is a major factor in their decision to use Kagi or not, so we cannot take this lightly.

I agree that the tracking declarations Safari makes are very off-putting. While I trust Kagi and trust the extension and am happy to see the code being open sourced, fundamentally it is a large hurdle for potential customers to overcome.

I have filed feedback with Apple about allowing custom search engines or adding Kagi to the list.

I will note that Jen Simmons is very active on Mastodon if that's a helpful outreach at all: https://front-end.social/@jensimmons

metaeaux

nanoscrew

Thanks for following up on this. I think the permissions issue is a valid concern because declarativeNetRequest could be used to add tracking, but overall it's actually much more private and trustworthy because third parties like Kagi can't actually observe web navigation directly. Some info in an FAQ or blog post could help clarify this to users, along with the source code being open. Another benefit is that it doesn't depend on redirecting from a javascript process. There's some interesting info here about how Safari handles DNR rules internally.

My private extension handles search engine bangs by using regex rules. For example, the DNR regexFilter for duckduckgo.com I use is ^https:\/\/duckduckgo\\.com\/\\?q=[^!].*. I have created rulesets for handling search bangs, for example, wikipedia uses: ^https?:\/\/duckduckgo\\.com\/\\?q=!w\\+(.*)&

The long website permissions would be quite confronting to users. But perhaps the instructions to users could focus on enabling the plugin within the Safari tab open to their default search engine, so that they don't have to see the list and scroll to find their search engine.

Funnily enough I did some experimentation to see if DNR could modify autocomplete yesterday. I wasn't successful, but I did find that redirecting duckduckgo to http://kagi.com/api/autosuggest?q= avoids the need to use modifyHeaders to add the cookie, and ends up redirecting to http://kagi.com/search?q=. As far as I understand it, the DNR redirect won't include cookies in the headers. Since Kagi does a redirect when the token is included, the modifyHeaders rule gets executed to add the cookie and allows the search to go through. In any case, I believe fixes for this issue can be handled server side by Kagi. It would be much nicer for the Kagi extension to inject the session token as a cookie than as a URL parameter.

I have sent feedback months ago to Apple about adding Kagi as a search engine. I can try pinging Jen Simmons on Mastodon to see if custom search engines could gain any traction.

Vlad

metaeaux

but overall it's actually much more private and trustworthy because third parties like Kagi can't actually observe web navigation directly.

You know this and we know this, but most people do not. Apple's scary messaging does not help. Documentation does not help as people rarely read it. The fact the extension is open source does not help.

This caused a lot of negative messaging we received around the permissions which is the main reaon we went the long way around trying to achieve both. In ideal circumstances we should not be spending time and resources on this at all, and thanks for sending feedback to Apple.

We plan to have the proof of concept with dNR open sourced by the end of the week, and we invite you to contribute once it is out there.

sigmasirrus

Thanks for working on the issue. I think Apple lets you reset the App Store ratings when you publish a new version. You may want to do that.

Also, when I search for “Kagi”, it only brings up Orion. If I search for “Kagi search” the extension comes up.

brotis

I sent feedback to Apple as well, though I find the comments about this being a purely Apple problem a bit disingenuous. While I think it is disgraceful that Safari doesn't allow custom search engines, it seems like Kagi has an extra hurdle of needing authentication in Private mode, which is specifically designed to disable authentication persistence across sessions. So even if Apple does eventually add custom search engine functionality, I would doubt that it would fully support Kagi without extensions, but rather only search engines that allow anonymous search requests.

So in this hypothetical situation, we'd have to include our session token in the search URL.. which brings me to a question I've been meaning to ask - is there any real risk to me passing the token in a search URL (that may be exposed in browser history or proxy logs), now that searches are unlimited? If not, I could ditch the extension on most platforms.

metaeaux

brotis

Yep, private mode would likely necessitate an extension from Kagi, although permissions could be reduced to allowing access only on Kagi.com, which may instill trust in new users.

Adding your session token to the URL does expose sensitive information, as you mentioned it could be seen in proxies. It is pretty much a lifetime login to your Kagi account as far as I understand it. It would be safer in a header as a cookie than as a URL parameter.

metaeaux

nanoscrew

You might be able to workaround the long list of host permissions by using optional permissions instead.

Xavez

I can confirm that disabling all other extensions does not solve the problem.

I’ve also sent feedback to Apple.

bert

Thanks for restoring the old extension. I notice that it has one very nice bit of behavior compared to the new version. I have a javascript bookmarklet that takes the query from the current search results page (of any search engine at all) and googles it in the current tab by simply setting the tab’s URL to https://google.com/search?q=whatever. I use this as a “last resort” when the current search engine isn't finding what I want.

In the old (now current) version, this bookmarklet and the Kagi extension could coexist. My searches in Safari’s address bar would initially go to Kagi, and then the bookmarklet would go from Kagi to google. Kagi would only redirect the initial visit to google, not the ones that followed. But in the new version of the extension (the one that people, including me, are complaining is broken), my bookmarklet doesn't work. The Kagi extension redirects searches to Google when I first search them, but then when I run the bookmarklet, it sees that I'm going to google… and directs me right back to Kagi. Ad infinitum. So using google becomes outright impossible.

When the extension is updated to the new format again, it would be great it it could also be changed to keep this functionality from the old extension, so that I can still visit google occasionally when I need to.

webba

Thankful for the rollback... at least for now. Hopefully Apple let's Kagi in as a custom search engine. With all the questionable search engines already in the Safari drop-down, you'd think Kagi would be a no-brainer. I'm guessing there is $ involved - that's usually behind stuff like this.

In the meantime - it makes me think about possible merits of a dedicated Kagi Search App. Although I suppose we already have Orion for that. Anyway, thanks for all the work on this @Vlad and team

ce86

I have this issue too. The old extension worked on Desktop and iPhone without issues. The new extension worked initially and then stopped working on both platforms. Relaunching Safari on Desktop appears to "fix."

Vlad

ce86 You should update as we rolled back the old version.

For developers here we have an interesting discussion about future path for the extension here https://github.com/kagisearch/browser_extensions/pull/59

guillaume

Can also confirm that I had to kill Safari for it to start working after I switched it from Yahoo to Ecosia.

iPadOS 17.2 - will see if it sticks or if it stops again.

guillaume

Used the iPad for about 2 hours, every thing was. Left it alone for one hour, came back, it goes to Ecosia.

Vlad

guillaume What version of extension?

iwant2go

Can I just chime in to explain how I use Kagi on macOS and iOS.

Before I found out about Kagi, I started using Keyword Search: "Safari Keyword Search is a simple extension for Safari on macOS and iOS that lets you change the default search engine and search using any search engine using keywords in the address bar. For example, you can search Wikipedia for information on monkeys by typing w monkeys in the address bar."

Let me make clear that I am in no way affiliated with the developer, I am only a very satisfied user.

When I became a Kagi user, I also added the k for Kagi search.

In a later version Keyword Search added a Default toggle. Meaning, that if no keyword is given in the search bar, that keyword is being used. This way I had no need for the Kagi extension.

Definitely worth my 99 cents (looking into my archive, I noticed the extension was free, not sure if it still is).

PS: if this kind of feedback is inappropriate, please do delete.
PPS: I did not yet find out how to use Keyword search in combination with the Search token.

stayundiscovered

The "rolled back" Safari on Mac 2.1.0 extension doesn't work at all. No option to select Kagi as default search engine in Safari settings, and does not work after every permutation of enabling, disabling, changing safari permissions, relaunching Safari, restarting the machine, different search engines, uninstalling/reinstalling Kagi etc.

bert

stayundiscovered I don't think the extension ever claimed to add itself to Safari’s settings. It just redirects searches from one of the built-in search engines to Kagi.

deadmail

Can confirm it is intermittent for me on iOS currently in the latest update after the rollback. Works for a while then stops working. Force closing safari seems to restore functionality for a while until it stops working again.

Vlad

Update: We are close to release the updated version in testflight which should solve most problems. Any developers here can contribute to the discussion here https://github.com/kagisearch/browser_extensions/pull/59

« Previous Page Next Page »