this post was submitted on 19 Feb 2024
107 points (82.4% liked)
Privacy
31823 readers
172 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Deciding to trust a provider - any provider - isn't just any one thing. So, the most basic step to me is all the relevant code being open source. The next step is getting their infrastructure audited. The step after that is seeing what happens if they get court ordered to provide data.
They do none of that and I'm just too cynical to accept 'trust me bro' as a convincing sales tactic.
They had a security audit, they have a canary on their website, they have a privacy policy which is legally binding, and they have a business incentive.
If you so much suspect that they do collect searches and associate them with accounts (something which they claim they don't do), you can make a report to the relevant data protection authority, which then can audit them.
As someone else also commented, you can use an alias email and pay in crypto if you really wish to not associate your account with your searches. Just be advised that between IP addresses and browser fingerprinting it might always be possible to associate your searches together (even if not to you as an individual with name and surname), and this is something that big CDNs like cloudflare or imperva also provide for you. So you still rely in most cases on what the company says and what their business model is to determine whether you trust them or not.
So far kagi has both a good policy (great policy actually) and a business model that doesn't suggest any interest for them to illegally collect data to sell them.
I don't suspect or accuse them of anything. Quite the reverse - what I'm saying is that without things like open source code, privacy audits etc, we're being asked to take their word for it all. They might well be the most privacy respecting company ever and they equally might not be. If you're happy to take their word for it, that's entirely your call. I'm not trying to change anyone's mind, I'm just answering OP's question with my own opinion.
And I am saying that there are tools to increase this trust.
I also want to stress that you have no tools really to verify. Open source code is useless, audits are also partially useless. I have done audits myself (as the tech contact for the audited party) and the reality is that they are extremely easy to game and anyway are just point in time snapshots. There is nothing that impedes the company tomorrow to deploy a change that invalidates what was audited. The biggest tools we have are legal protection (I mean, most companies that collect all kind of data disclose that they do nowadays) and economic incentive. Kagi seems to provide good reason to trust them from both these angles.
Obviously, if that's not enough for you, fair enough, but if you are considering a company to be intentionally malicious or deceptive, then even the guarantees you suggest do not guarantee anything, so at this point I really wonder if or how you trust anybody, starting from your ISP, your DNS provider, your browser etc.
Again, I'm not considering them to be intentionally malicious or deceptive, I'm saying without the basics in place, we're being asked to just trust them.
I'm aware of the limitations you describe and you're right that there's no way to 100% guarantee anything, there has to be some element of trust. So the services/software I choose to use have done all the things I mention, or I run them locally. Does that mean they're 100% perfect? No, of course not but the fact they've gone to great lengths to establish at least a basis for trust means a lot to me. Some of them have gone on to be tested in some sort of legal encounter where again, they performed well.
Trust is a personal thing, we all have different perceptions of what makes an org trustable - if Kagi match yours, good for you.
I am not understanding something then.
The basics in this case are a legally binding document saying they don't do x and y. Them doing x or y means that they would be doing something illegal, and they are being intentionally deceptive (because they say they don't do it).
So, the way I see it, the risk you are trying to mitigate it is a company which actively tries to deceive you. I completely agree that this can happen, but I think this is quite rare and unfortunately a problem with everything, that does not have a solution generally (or to be more specific, that what you consider basics - open source code and an audit - do not mitigate).
Other than that, I consider a legally binding privacy policy a much stronger "basic" compared to open source code which is much harder to review and to keep track of changes.
Again, I get your point and whatever your threshold of trust is, that's up to you, but I disagree with the weight of what you consider "the basics" when it comes to privacy guarantees to build trust. And I believe that in your risk mapping your mitigations do not match properly with the threat actors.
That's absolutely your call mate. I'm not here to tell you you're wrong. I just know what it is that I personally consider to be active steps towards establishing trust and that I base my opinion on them. If yours and mine don't align, so be it - to each their own.
Sure, but if you are considering a malicious party in the kagi case, your steps don't help. What you propose can totally work if you are considering good faith parties.
In other words: assume you use searXNG. If you now want to consider a malicious party running an instance, what guarantees do you have? The source code is useless, as the instance owner could have modified it. I don't see a privacy policy for example on https://searxng.site/searxng/ and I don't see any infrastructure audit that confirms they are running an unmodified version of the code, which - let's assume - has been verified to respect your privacy.
How do you trust them?
I am curious, what do you use as your search engine?
I self host just about every service I can, including search.
You're asking for a guarantee, which I've repeatedly admitted I can't offer because absolutely no one can provide that. No provider, no service, no software. All we can do is decide what we each consider to be actions/behaviours indicative of trust and use their offering in a way that maximises privacy for us as individuals. I put more trust in software/services that has code that anyone can read, that has been independently audited, that is trusted by the community and possibly tested in a legal environment. You might put more trust in things like privacy policies and other legally binding documents. Neither of us can guarantee anything however. I've lost count of the number of companies who've violated privacy laws and users only find out years or even decades after the fact.
But I'll say it again - whats right for me might not be right for you and that's fine.
OK guarantee was too strong of a word, I meant more like "assurance" or "elements to believe".
Either way, my point stand: you did not audit the code you are running, even if open source (let's be honest). I am a selfhoster myself and I don't do either.
You are simply trusting the software author and contributors not to screw you up, and in general, you are right. And that's because people are assholes for a gain, usually, and because there is a chance that someone else might found out the bad code in the project (far from a guarantee). That's why I quoted both the policy and the business model for kagi not to screw me over. Not only it would be illegal, but would also be completely devastating for their business if they were to be caught.
But yeah, generally hosting yourself, looking at the code, building controls around the code (like namespaces, network policies, DNS filtering) is a stronger guarantee that no funny business is going on compared to a legal compliance and I agree. That said, despite being a selfhoster myself, I do have a problem with the open source ecosystem and the inherent dependency on free labour, so I understand the idea of proprietary code. Ultimately this is what allowed kagi to build features that make kagi much more powerful than searXNG for example.
I think the thing with open source (re: your free labour point) is that it's entirely voluntary free labour - I know that wasn't the thrust of your point but there are pros and cons to it. The lead dev could one day say 'fuck it' and walk away, but for a project of any size/popularity there's a lot of people ready and willing to fork it or ask for ownership to be transferred. It's not very often a very popular bit of code is totally abandoned.
Open source, to me, offers a sort of peer review system. Most people developing open source stuff already care about code quality and privacy, contributors also do and the myriad of people using it have a core set of people who also do. That's a lot of eyes. There's also tools to diff code so its pretty easy to spot changes. And I do do that.
But I take your wider point - it all eventually comes down to trust. But that's true of legal requirements too. And also organisation behaviour. Brave for example have been caught at least 3 times doing very dodgy stuff and yet as far as I can tell they continue to grow. I don't necessarily accept that one instance of law breaking or otherwise poor behaviour is instant death for a company. If it was, G and Meta would be long gone.
All I can do is reiterate that all of us have different things that we choose to place some trust in and we all have different ways of assessing what leads us to trust. But at the end of the day, there are no cast iron guarantees.
https://blog.kagi.com/security-audit
That's a security audit, looking at its vulnerability to attack.