• jard@sopuli.xyz
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    we can’t be sure what code are they exactly running on the server side

    The same can be said about the hundred random SearXNG instances floating around on the Internet. How do you know that some of those aren’t running custom binaries that are then linking your IP to your search queries and sending them off?

    The only true solution is to self host, but the majority of people are looking for a quick and easy Google/DDG replacement, not to completely overhaul their digital life.

    • sir_reginald@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      edit-2
      1 year ago

      You aren’t wrong about not knowing if SearXNG instances are running a modified version of SearXNG that tries to log you.

      Fortunately, we don’t need to trust those instances. They do not require you to login, so there’s not an unique identifier (like an account) to associate your searches with other than your IP address which you can hide with a VPN, or even better, using a .onion instance (something that Kagi does not have at all AFAIK).

      For using Kagi, no matter if you switch your IP address every time, if you delete cookies after closing your browser or if you buy a new laptop for every search query, you’re uniquely identified because you need to log into your account.

      And for that account, you have to use a payment method. Sure, you can try and pay with a Monero to Bitcoin exchanger and do not give any personal information (and if we’re being realistic, we know most Kagi clients aren’t doing this). Even if you paid anonymously, you can only achieve pseudonymity because you’re associated with your account.

      With SearXNG, I could use a different .onion instance for each query and be completely anonymous (that’s completely overkill, but it illustrates my point well).

      • jard@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        edit-2
        1 year ago

        Anonymity is not the same as privacy, because the latter fundamentally entails a measure of trust between two parties over the control of personally identifying information. Note that this is contingent on whether that personal information is exchanged.

        In the situation you described, privacy is irrelevant in either case, whether you access a SearXNG instance with a VPN/Tor or use a pseudonym and Monero payments to access Kagi, because no personal information was exchanged in the first place.

        The “privacy” in both situations then becomes how difficult it is for a bad actor to deanonymize you, which comes down to whether you can trust that the VPN service you’re using isn’t logging your traffic and the email service your pseudonym is on won’t just give up your data… or whether Tor isn’t being actively deanonymized via malicious exit nodes controlled by certain three-letter government agencies. This isn’t a fault on either search engine, IMO.

        • sir_reginald@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          No. Kagi’s fault is needing an account, a unique identifier which all searches could be correlated to.

          SearXNG could leak your IP if your VPN provider was keeping logs? Definitely. And so does Kagi. Tor could be attacked by a three letter agency and compromise your .onion connection to SearXNG? Definitely. And it would be easier to de-anonimyze you when connecting to Kagi, which doesn’t have an onion domain. Do you need to give SearXNG your email and/or payment information? Not at all. But Kagi requires it. Can you look like two completely different users when doing two queries to SearXNG? Easy. Not possible with Kagi. Do we have the server’s code? We do for SearXNG instances. We don’t have Kagi’s.

          I think it’s pretty clear the privacy compromise here.