Vlad Are there plans to open source the Kagi app for Android? This system is fully reliant on the client being trustworthy in implementation, so it's good to see that the Privacy Pass browser extensions are open source, but it seems important for the Android app to be verifiable as well.
Kagi Privacy Pass
- Edited
Consider changing the default allocation and limits.
Instead of 500 x 4 devices something like:
- 300 x 7 devices (changing the default limit to 2100 instead of 2000).
- 350 x 6 devices.
I'm not quite sure how it breaks down for me per device but personally I have 5 devices, not to mention incognito mode.
I think this extension (Kagi Privacy Pass 1.0.2 in Chrome Web Store) may have a bug with URL encoding? If I search for "C# test" it leaves the # un-escaped and then Kagi only searches for "C"
I now multiple times encountered the following error in Firefox:
This Kagi Privacy Pass token has already been used. Try turning Privacy Pass off and on again, or check our Privacy Pass documentation for troubleshooting tips.
The Extension shows “ready”. A have both the normal and the Privacy Pass extension installed, because I also wanted to use the session token for normal use and the privacy token for private windows. Reloading the page doesn’t work.
I've been able to search successfully with Privacy Pass on PC with both Orion browser and with Tor! Congrats on the launch this is great stuff!
I’d think an excellent use case for this is to automatically use Privacy Pass in private search windows in Orion.
There’s a strong commonality between a user using a private window to ensure that a webpage visit is not logged and connected to one individual - and the same for a web search, where a user may want to ensure that all their private searches are not associated with them.
I got Privacy Pass working in Mullvad browser. But in Tor browser it said "Token generation failed. Are you online?".
Then I saw that Tor had the default setting applied "Extension Can Read and Change Data: Only When Clicked". After changing this settings to "Always allow on kagi2pv5bdcxxqla5itjzje2cgdccuwept5ub6patvmvn3qgmgjd6vid.onion", I retried and then it worked.
Hi there! I encountered an issue while trying to use the maps bang (!m) with the Privacy Pass activated. It prompted me to log in before accessing the maps, but after entering my correct credentials, I received a 403 error and was unable to log in. I found that the only solution was to disable Privacy Pass in order to use !m.
- Edited
DarkArc I wonder if search prioritization options could be encrypted with the login password (kind of like a password vault). The client would then decrypt the "settings vault" and pass along the settings to the server.
Certain Kagi settings—such as custom bangs, opening links in a new tab, interface language, theme, font size, and other appearance settings—could theoretically be implemented entirely on the client side. The browser extension can apply those settings when Privacy Pass is turned on without revealing them to the server.
However, the ranking adjustments (raise or lower domains) and other server side settings could be stored in open source projects, maintained as community efforts on platforms like GitHub, GitLab, or SourceHut. Using unpopular ranking settings would always reduce your anonymity compared to using the default rankings. Though publicly publishing customizations would at least give you plausible deniability about whether Tor searches from one day were made by the same person as Tor searches from another day, even in the case of backdoored Kagi servers.
A "settings vault" concept could be useful if you can have multiple such vaults per paid Kagi account, and when you apply good OpSec to use a vault for only one "burner identity". If somebody is this concerned about their anonymity, they might prefer to sync and back up the settings manually instead of letting Kagi store an encrypted blob.
- Edited
As for custom lenses, the browser extension could display the list of lenses client side when Privacy Pass is turned on, but only submit the lens config to the server in case you actually use the lens, perhaps showing a warning to the user that continuing might reduce their anonymity. It would be even better if lens configs could be stored in a DuckDuckGo style Bookmarklet URL so that you can have a unique one for a "burner identity" without the config ever being associated with your Kagi account.
You probably are already aware, but I can't use Kagi Assistant with Privacy Pass at the moment.
Potential regression on Kagi search on the latest version of Orion iOS?
This appears on every search, the “pp” hints at privacy pass? I have the feature disabled.
When I have Kagi Privacy Pass enabled with the Firefox extension (135.0 (64-bit)) on my Windows 11 computer, upon entering Kagi Translate (https://translate.kagi.com/), it does not detect my Kagi account, and if I try to log in, it gives a 403 Forbidden. However, if I disable Kagi Privacy Pass, Kagi Translate works normally again and detects my login. Is this an error?
And are there possibilities to add support for the Firefox extension for Android?
ssg You aren't meant to be able to use Kagi Assistant with Privacy Pass.
- Edited
Hey ssg, MonoMatrix unfortunately those 2 services are not yet supported when using Kagi in Privacy Pass mode.Support is planned for future releases.
Please see https://help.kagi.com/kagi/privacy/privacy-pass.html#important-notes for more details.
Vlad There’s a proposal for a Privacy Pass API in web browsers https://github.com/WICG/trust-token-api
Kinda interesting. I wonder if this were implemented in all browsers would it be possible that we could use Kagi via privacy pass without an extension?
drdaeman just replying to get more visibility - I think this (detection of incognito mode) would hugely improve the UX of using the extension.
Right now, the privacy pass mode is synced between incognito and non-incognito modes, which I will always forget (causing needless friction when switching between search sessions).
Pretty awesome! However, for the sake of consistency and simplicity, I believe it would be ideal to consolidate all features of this extension directly into the Kagi extension itself.
Having just one extension is sufficient, and I believe this approach could lead to an even better final result.
Google does not allow extensions that change search engine to do anything else.
Vlad That's sad... But thx anyway! You're doing a great job w/ Kagi.