• @sir_reginald
    link
    0
    edit-2
    1 year ago

    You aren’t wrong about not knowing if SearXNG instances are running a modified version of SearXNG that tries to log you.

    Fortunately, we don’t need to trust those instances. They do not require you to login, so there’s not an unique identifier (like an account) to associate your searches with other than your IP address which you can hide with a VPN, or even better, using a .onion instance (something that Kagi does not have at all AFAIK).

    For using Kagi, no matter if you switch your IP address every time, if you delete cookies after closing your browser or if you buy a new laptop for every search query, you’re uniquely identified because you need to log into your account.

    And for that account, you have to use a payment method. Sure, you can try and pay with a Monero to Bitcoin exchanger and do not give any personal information (and if we’re being realistic, we know most Kagi clients aren’t doing this). Even if you paid anonymously, you can only achieve pseudonymity because you’re associated with your account.

    With SearXNG, I could use a different .onion instance for each query and be completely anonymous (that’s completely overkill, but it illustrates my point well).

      • @sir_reginald
        link
        01 year ago

        No. Kagi’s fault is needing an account, a unique identifier which all searches could be correlated to.

        SearXNG could leak your IP if your VPN provider was keeping logs? Definitely. And so does Kagi. Tor could be attacked by a three letter agency and compromise your .onion connection to SearXNG? Definitely. And it would be easier to de-anonimyze you when connecting to Kagi, which doesn’t have an onion domain. Do you need to give SearXNG your email and/or payment information? Not at all. But Kagi requires it. Can you look like two completely different users when doing two queries to SearXNG? Easy. Not possible with Kagi. Do we have the server’s code? We do for SearXNG instances. We don’t have Kagi’s.

        I think it’s pretty clear the privacy compromise here.