Question about Personalized Results and Privacy?

sahil48

Kagi says that your searches are private and anonymous. Are the Rankings and actual domains of personalized results in the settings area private? Can Kagi set it up so that Kagi can't figure out what domains you selected and/or how you ranked them?

z64

Are the Rankings and actual domains of personalized results in the settings area private?

They are private as we do not share them with anyone, but they are not anonymous as you intuit. They are associated with your account.

Can Kagi set it up so that Kagi can't figure out what domains you selected and/or how you ranked them?

Not without compromises in UX. For example, we would not be able to show you a list of the adjustments you made. We would only be able to make the adjustments as you encounter domains you have acted on.

It would also impose limits on future improvements to the way adjustments work.

sahil48

Thanks for the answer. It makes sense. In these cases though, I think a private and non-private option could be good. For example, Chrome has a non-private, and private sync of settings, one with a compromised UX but end-to-end encrypted, and the other with the normal UX. Or at the very least a disclaimer to the user.

Vlad

sahil48 Kagi does guarantee anonymity (we do require an account and payment info after all).

We do claim we do not log your searches or link them to your account in any way, which does get you as close to anonimity as practically possible.

And we do claim 100% respecting your privacy (privacy and anonymity are two different things).

What exactly is your concern and how would we best address it?

z64

I think a private and non-private option could be good. For example, Chrome has a non-private, and private sync of settings, one with a compromised UX but end-to-end encrypted, and the other with the normal UX.

Possibly - the downsides are that it adds complexity, and we would have to be very careful how we communicate it to the user, and understand the differences.

Say we add a toggle like "anonymize my domain adjustments":

We have to carefully choose the default. Do we leave it on by default? The user might get the wrong idea that it is some kind of data collection. Do we leave it off by default? Some users may never discover the usability of the "non-anonymous" mode and think the feature sucks 😄

This does not stop at domain adjustments either. All of your account settings are, naturally, associated with your account ID. Is Kagi still Kagi without all of these? Could we implement an "anonymous account" without a large portion of our features, and not make "non-anonymous", but more useful, accounts feel targeted?

The line we have chosen to walk so far is:

All of the data (settings, email) you store with us is private. This means it does not leave Kagi's servers, it is not shared with anyone besides you to fulfill the service's features.
All of your searches you perform on Kagi are anonymous. They are not associated with your account.

We could have more options geared towards true anonymity in the future - many people have requested it. For now we are focused on building a great, private product by default.

sahil48

I would say leaving the best UX (non-anonymous) by default is fine for default settings, and only the people who prefer the other way can turn it off. I mentioned this one specifically because it may indicate your preferences specific to what you search for, while the rest are with regards to how the interface looks and information is presented.