Kagi Privacy Pass

Vlad

We launched Kagi Privacy Pass! https://blog.kagi.com/kagi-privacy-pass

Please add your feedback/bug reports/feeature suggestions.

DarkArc

Vlad this is really cool and I think it shows Kagi is a company that's serious about its privacy marketing; so both thank you and congratulations!

The biggest drawback for me is definitely the loss of search prioritization. I wonder if search prioritization options could be encrypted with the login password (kind of like a password vault). The client would then decrypt the "settings vault" and pass along the settings to the server.

This would allow searches to be tracked, however, the Kagi servers (under this model) would not be able to match the search settings back to the user ... because Kagi doesn't actually know who owns them anymore.

Barring that, I think what I'd like to see is the extension have an option to detect when its in a private browser window and automatically enable itself only for private windows (so I get some automatic control over when privacy pass is used based on how I normally use my browser).

Also, it seems the Privacy Pass option does not yet work for Firefox for Android (it says it's not compatible with Firefox mobile), so that's a bummer.

Refract9305

Vlad Are there plans to open source the Kagi app for Android? This system is fully reliant on the client being trustworthy in implementation, so it's good to see that the Privacy Pass browser extensions are open source, but it seems important for the Android app to be verifiable as well.

Fria

Vlad There’s a proposal for a Privacy Pass API in web browsers https://github.com/WICG/trust-token-api
Kinda interesting. I wonder if this were implemented in all browsers would it be possible that we could use Kagi via privacy pass without an extension?

Ayaan

The kagi privacy pass extension is nowhere to be found. I am using Google Chrome: https://chromewebstore.google.com/detail/kagi-privacy-pass/mendokngpagmkejfpmeellpppjgbpdaj?hl=en-US. The region is south east asia, but tell me is this being rolled out regionally or am I missing something?

marcel001122

Ayaan it is not out yet. This is a placeholder for when it is out.

Ayaan

Oh yeah, also the blog post linked https://blog.kagi.com/kagi-privacy-pass doesnt seem to exist. Both the links, the one for the extension and the one for the blog I got from the help site: https://help.kagi.com/kagi/privacy/privacy-pass.html

Ayaan

Ahhh well, you can see how that would confuse folks.

Vinushika

It would be nice to have a setting in the Browser Extension versions that would enable privacy pass only when you open a Private Mode window. Doing this automatically is very helpful; if I am enabling Private Mode then I expect all my privacy tools to be turned on, and I would like Kagi to also follow this.

Great feature! Thank you so much for looking out for new privacy safeguards!

ditto4356

Is there a way to configure Orion to use Privacy Pass in private windows but not normal ones? I'd rather have my search personalizations available by default and then trade them for increased privacy when using a private window.

drdaeman

ditto4356 Yes, it would be awesome if the WebExtensions would be able to automatically recognize the browsing context (it should be pretty simple - browser.extension.inIncognitoContext) and using regular sessions in regular browsing mode, but Privacy Pass in the private browsing/incognito mode. Not to entirely replace the manual toggle, but as a way to streamline the UX by reusing the built-in functionality to determine whenever user wants extra privacy or not.

RoxyRoxyRoxy

Just wanted to say after reading over the blog post that I support the idea of being able to purchase Privacy Pass tokens without an account. I feel like it would be a big hit, and is likely to win over users that may still be uncomfortable using a logged-in search engine despite privacy policy assurances. Anecdotally the few people that I've talked to IRL about Kagi brought that up as a concern, and I'd imagine it's a common sentiment.

Fria

RoxyRoxyRoxy Yes I’d love to see that, we would be able to list Kagi on Privacy Guides if that were implemented.

silvenga

drdaeman just replying to get more visibility - I think this (detection of incognito mode) would hugely improve the UX of using the extension.

Right now, the privacy pass mode is synced between incognito and non-incognito modes, which I will always forget (causing needless friction when switching between search sessions).

ssg

Although Microsoft Edge can use Chrome extensions, it would be great if the extension can be installed natively from Edge store.

Browsing6853

I think I was the first one to suggest the idea of using blind tokens for kagi almost 3 years ago (https://kagifeedback.org/d/653-completely-anonymous-searches-unlinked-to-the-account-blind-tokens). Never expected it to actually be delivered!

Didn't check the technical details yet, but nice initiative!

DarkArc I wonder if search prioritization options could be encrypted with the login password (kind of like a password vault). The client would then decrypt the "settings vault" and pass along the settings to the server.

Also, this is a nice idea

marcel001122

DarkArc I like this idea!

Mat00

DarkArc I wonder if search prioritization options could be encrypted with the login password (kind of like a password vault). The client would then decrypt the "settings vault" and pass along the settings to the server.

Certain Kagi settings—such as custom bangs, opening links in a new tab, interface language, theme, font size, and other appearance settings—could theoretically be implemented entirely on the client side. The browser extension can apply those settings when Privacy Pass is turned on without revealing them to the server.

However, the ranking adjustments (raise or lower domains) and other server side settings could be stored in open source projects, maintained as community efforts on platforms like GitHub, GitLab, or SourceHut. Using unpopular ranking settings would always reduce your anonymity compared to using the default rankings. Though publicly publishing customizations would at least give you plausible deniability about whether Tor searches from one day were made by the same person as Tor searches from another day, even in the case of backdoored Kagi servers.

A "settings vault" concept could be useful if you can have multiple such vaults per paid Kagi account, and when you apply good OpSec to use a vault for only one "burner identity". If somebody is this concerned about their anonymity, they might prefer to sync and back up the settings manually instead of letting Kagi store an encrypted blob.

returntrip

Kagi Android App should let you configure which browser to open. If I am using Privacy Pass, then I most likely would want to use a browser private session. In my case Privacy Pass searches are open in standard Firefox for Android tab.

jessemerriman

Repeating @"DarkArc" - an extension for Firefox on Android would be nice.

miicat_47

I followed the TOR browser instructions for Mullvad Browser and added Kagi to search engines when visiting front-page using session token. After clearing cookies/cache/history, and trying to search using private pass, I get empty results most of the time

marcel001122

miicat_47 @dino this is similar to what we saw 'server side' yesterday on Orion. Seth is aware, I think.