Completely anonymous searches unlinked to the account (blind tokens)

bribri

The competition is doing it too! Don't want to be left behind 😉

This sentence (automatically translated) from your link pretty much sums up why I think it's a good idea: "Even if we don't do that, of course, trust would still be necessary to be sure of his anonymous search. So that we not only have to promise anonymous searches, but can also prove them, we introduced anonymous tokens."

Vlad

bribri Not matter of wanting or not, but of resources and prioritization. Would you pay more to have this as a feature?

bribri

Vlad Being a software developer myself working with a couple of small companies with limited resources, I certainly understand the importance of prioritizing features. Lord knows there's lots of stuff I've had to put on the backburner in the course of my own work due to just not having the time and resources to work on it.

Personally the idea of having to pay more for trustless anonymous payments doesn't sit well with me. It feels like it would be saying "you have to pay more just to know for sure your searches are anonymous, but if you just take our word for it then you can pay what everyone else pays". That doesn't inspire confidence. That said, it's not unusual for some payment methods to include a small flat fee in order to offset the cost of something like payment processor, and while I would certainly prefer to pay less rather than more, something like that wouldn't dissuade me.

ruihildt

Vlad Not only would I pay more, but also all privacy conscious people uncomfortable having their search potentially linked to their identity through their payment would consider it.

Trust is something hard to get and easy to lose, making move to enhance privacy will make you gain some and more.

The signal you send is important.

Iiff you say "blind signature", payment unlinked to account, then you send good signal and win trust.

Vouchers are a great way to unlink searches and payment, and probably easier to implement.

Vlad

As you may have seen already we implemented Bitcoin/Lightning payments as an alternative way to achieve anonimity.

https://blog.kagi.com/accepting-paypal-bitcoin

Leaving this stil open as it would be a cool to have a technology solution that achieves the same without the need for cryptocurrency.

ruihildt

Would you still consider selling physical voucher as well?

Vlad

ruihildt We are not lacking the ideas or the will, just the resources to execute all these new ideas. Think about how difficut of an operation is to organize something like physical vouchers for billing that will work world wide and then consider everything else on our plate. Besides we already support anonymous payments with Bitcoin/Lightning so this is not a priority.

Lets keep this thread on topic though as it is about using cryptography.

happy-dude

Using "blind tokens" to further anonymize users and their authenticated activity.

Some prior art and references:
[1] https://blog.cloudflare.com/privacy-pass-the-math/
[2] https://privacypass.github.io/protocol/
[3]
[4] https://en.wikipedia.org/wiki/Blind_signature
[5] https://www.rfc-editor.org/rfc/rfc9474.html

From the Cloudflare blog post:

In summary, this browser extension allows a user to generate cryptographically ‘blinded’ tokens that can then be signed by supporting servers following some receipt of authenticity (e.g. a CAPTCHA solution). The browser extension can then use these tokens to ‘prove’ honesty in future communications with the server, without having to solve more authenticity challenges.

The ‘blind’ aspect of the protocol means that it is infeasible for a server to link tokens token that it signs to tokens that are redeemed in the future. This means that a client using the browser extension should not compromise their own privacy with respect to the server they are communicating with.

From Cathie Yun's blog post:

Blind signing is exactly what it sounds like: a protocol where someone signs something without knowing (being blind to) what they are signing. This concept was first described by Chaum in 1982 in his paper, Blind Signatures for Untraceable Payments. Basically, blind signing allows you to decouple the signing step (since the signer is blind) from the redemption step, giving nice privacy guarantees. The concept might seem a bit contrived, but is actually useful in a few situations, including digital cash schemes and voting protocols. For a really good explanation of how this works using the voting analogy, see the Cloudflare blog post on Privacy Pass; if you like talks more, I explained the concept in my talk at 0x0G.

This feature improves the security on the backend and should be (nearly) transparent to the user.

The only thing the user would change slightly is passing an authenticated session token for addon extensions in private-browsing searching.

Vlad

Stumbled upon this today https://github.com/cloudflare/pp-browser-extension

marcel001122

Vlad that’s fab! Is the extension you mentioned earlier something we can implement with relative ease?

Refract9305

It's great to see this seems to now be a planned addition, this would be a significant improvement to privacy and anonymity that would make Kagi an easy recommendation to many privacy-conscious users.

marcel001122

Refract9305 Rumours are it is planned for release this month 🥹