As I'm sure you know, not every user has or wants a VPN, and with the continued death march of increasingly authoritarian governments and regimes there needs of the user for more protections.(see source below)
https://reclaimthenet.org/australia-enforces-age-id-checks-for-search-engine-users
I think the following two features can help make Privacy Pass an option in the settings that could be made the default if the user chooses while preserving all their other settings.
Zero-Knowledge Settings Sync (E2EE Blob)
This would store user configuration (CSS, Blocklists, Bangs) as an encrypted blob on Kagi servers.
The decryption keys remain on the client device.
This allows for multi-device setting sync where Kagi hosts the data but cannot read it.
Also Oblivious HTTP)
If you implement OHTTP (IETF standard) to route search requests through a neutral relay (e.g., Fastly/Cloudflare).
Result: Kagi receives the query and valid token but sees the Relay’s IP, not the user's.
If Kagi cannot or will not address these concerns then frankly my future usage of Kagi would be in jeopardy as this is a major concern for me. As we can see with social media age legislation using a sledge hammer and not a scalpel. Search will be no different.
