Make Assistant chats E2E encrypted

ak42

This equaly applies to any country where Kagi is selling their products. Kagi will be obliged to comply with local regulations.

Making it impossible for Kagi to provide data IS the way to go.
I'm not asking to remove that feature. just make it safe by storing data encrypted by a user only known passphrase.

"If Kagi is not at present using end-to-end encryption"

If you can reset your password and still be able to access your data, they are not.

Also, w.r.t point 1. I'd rather know the system is "stupid human" mistake-proof

RoxyRoxyRoxy

ak42 So much of the Web and computers has been dumbed- and locked-down to cater to the dumbest among us, I’d rather Kagi not go down the road of removing features because a stupid user might mess up their life in spite of all common sense.

ak42

@RoxyRoxyRoxy I get your point.

But I truly believe that if Kagi wants to be a privacy-respectful company, they should comply with the basic rule:
we can't access our user data.

let's remove stupidity from the equation, something might not be a crime today, but may be in the future.

let's not remove any feature, let's just make user data encrypted.
I think that is not too much to ask when dealing with user privacy.

Temanor

I do agree that Kagi should use end to end encryption, or at least have it as an option, but removing the feature to store threads is absolutely not the way to go.
I believe there were discussion about privacy pass for Assistant, but I'm not sure if this actually got anywhere.

RoxyRoxyRoxy

Temanor Pretty sure the team is actively looking at Privacy Pass in Assistant

ak42

I'm not sure privacy pass is about e2e encryption, but rather about authentication.
But given how privacy pass currently works, you will probably never have access to saved threads available with privacy pass in Assistant. just like you don't have CSS customization or result personalization. Because they just can't tell who you are and what is your account.

Temanor

ak42 With Privacy Pass, Kagi won't be able to know who the thread belongs to. Unlike e2e the content is still stored in plaintext, but they won't know it's yours. I'm not sure how and if it would be possible to save threads.
As for CSS customization and other personalization, I think they were talking about storing it locally on the device, so the experience doesn't change too much when using Privacy Pass.

ak42

Temanor

if the thread is stored locally in your browser's local storage or in the extension yes, you will have access.
if the thread is on Kagi's server, that will probably not be possible unless there would be some cryptographic wizardry I'm not aware of that could do the trick..
But AFAIU, people like to sync their threads between their devices. So probably that you will have to choose between convenience and "bullet proof" privacy.

RoxyRoxyRoxy

Would one PP token equal one Assistant thread

Are you talking about saved, server side threads ? or just "current" thread ?
Current temporary thread should not be a problem (as long as you don't provide too many details about your identity)
For the metered version of the Assistant, if that ever happens. The only thing I can think of is bitcoin: One private key per token.

RoxyRoxyRoxy

There's probably a way that Assistant usage could be authenticated through Privacy Pass, i.e. making a brand new thread with default settings. Accessing your own threads through Privacy Pass seems impossible as far as I can think, and kind of self defeating anyway. The real issue I can see with implementing Assistant in PP is that of metering it; searches are a very clear 1:1 use of PP tokens, AI isn't. Would one PP token equal one Assistant thread? Would one PP token equal a certain amount of AI tokens?

RoxyRoxyRoxy

ak42 I meant making a new thread via PP wrt the metering issue.

as long as you don't provide too many details about your identity

Hopefully users would know better than to dox themselves to the AI when using Privacy Pass 😅

privateuser

I have this theory that the US government is already requiring AI providers to pipe all chats to them. It explains why Kagi isn't particularly interested in Privacy Pass for AI. It also explains why some AI services (you.com) won't let you change your email.

Venice.ai can be used with crypto, but I heard the UK is working to ban that.

Realistically, if I were a government, obtaining everyone's AI search history would be my goal #1.

And Kagi would never be able to tell us. They have previously mentioned that privacy is not the #1 focus. They probably know the government won't allow that.

fxgn

privateuser even if what you said were true (which I don't really think it is), Kagi would not be involved in that in any way since it's not an "AI provider", it's just a web wrapper around other providers' API