undefined | Better HN

0 pointsfrereubu1y ago0 comments

> Kagi does not log and associate searches with an account.

0 comments

Real privacy oriented solutions REMOVE their ABILITY to keep your data. This is the reason I will probably never use Kagi. I am not logging into a search engine. Period. (I know this is futile,but it's the principle of the thing. And I don't want this to be more commonplace than it already is.)

g_p1y ago

You might find Privacy Pass of interest then - https://help.kagi.com/kagi/privacy/privacy-pass.html

It should be out in the next day or so.

promiseofbeans1y ago

Ooh this is interesting. Theoretically these could still be associated with my account right? Since you need to use my session token to generate these privacy tokens. Is there a technical explainer somewhere with instructions for setting this up without a web extension?

Edit: Looking into it, it seems like this uses the same mechanism for tokens as Cloudflare's turnstile system: https://privacypass.github.io/ or for the proper standard https://www.rfc-editor.org/rfc/rfc9578.html

Excerpt that explains how it works:

> When an internet challenge is solved correctly by a user, Privacy Pass will generate a number of random nonces that will be used as tokens. These tokens will be cryptographically blinded and then sent to the challenge provider. If the solution is valid, the provider will sign the blinded tokens and return them to the client. Privacy Pass will unblind the tokens and store them for future use.

So it seems like as long as the cryptography is done right and Kagi's webextension does what it says, they are actually private.

1 more reply

dizhn1y ago

Awesome. I didn't see much detail about how it works in the page. Something like this would be useful for other sites as well. Is this using an existing technology?

(Firefox extension is not found. It's probably not in the store yet. Can't find with search either.)

2 more replies

tomcatfish1y ago

Holy crap this is going to let me move some privacy-focused folks over to join me in Kagitopia. Good job guys, you are always working on something cool.

roenxi1y ago

Google: Don't be Evil. Although I'm having some trouble finding a reference on their website to back that up.

If you're going to start trusting search engine companies then maybe don't have them linked to your bank account. They can put what they like in a policy document but the problem is what happens when they decide to start doing things differently.

j / k navigate · click thread line to collapse

0 comments

dizhn1y ago

g_p1y ago

You might find Privacy Pass of interest then - https://help.kagi.com/kagi/privacy/privacy-pass.html

It should be out in the next day or so.

promiseofbeans1y ago

Excerpt that explains how it works:

So it seems like as long as the cryptography is done right and Kagi's webextension does what it says, they are actually private.

1 more reply

dizhn1y ago

Awesome. I didn't see much detail about how it works in the page. Something like this would be useful for other sites as well. Is this using an existing technology?

(Firefox extension is not found. It's probably not in the store yet. Can't find with search either.)

2 more replies

tomcatfish1y ago

Holy crap this is going to let me move some privacy-focused folks over to join me in Kagitopia. Good job guys, you are always working on something cool.

roenxi1y ago

Google: Don't be Evil. Although I'm having some trouble finding a reference on their website to back that up.

j / k navigate · click thread line to collapse