this post was submitted on 02 Oct 2023
70 points (76.9% liked)
Privacy
31990 readers
482 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You aren't wrong about not knowing if SearXNG instances are running a modified version of SearXNG that tries to log you.
Fortunately, we don't need to trust those instances. They do not require you to login, so there's not an unique identifier (like an account) to associate your searches with other than your IP address which you can hide with a VPN, or even better, using a .onion instance (something that Kagi does not have at all AFAIK).
For using Kagi, no matter if you switch your IP address every time, if you delete cookies after closing your browser or if you buy a new laptop for every search query, you're uniquely identified because you need to log into your account.
And for that account, you have to use a payment method. Sure, you can try and pay with a Monero to Bitcoin exchanger and do not give any personal information (and if we're being realistic, we know most Kagi clients aren't doing this). Even if you paid anonymously, you can only achieve pseudonymity because you're associated with your account.
With SearXNG, I could use a different .onion instance for each query and be completely anonymous (that's completely overkill, but it illustrates my point well).
No. Kagi's fault is needing an account, a unique identifier which all searches could be correlated to.
SearXNG could leak your IP if your VPN provider was keeping logs? Definitely. And so does Kagi. Tor could be attacked by a three letter agency and compromise your .onion connection to SearXNG? Definitely. And it would be easier to de-anonimyze you when connecting to Kagi, which doesn't have an onion domain. Do you need to give SearXNG your email and/or payment information? Not at all. But Kagi requires it. Can you look like two completely different users when doing two queries to SearXNG? Easy. Not possible with Kagi. Do we have the server's code? We do for SearXNG instances. We don't have Kagi's.
I think it's pretty clear the privacy compromise here.