Very good point in this article that third-party cookies can be deleted but fingerprinting - like fingerprints themselves - cannot be. And quoting Google in 2019 before they decided to be even more evil than they are now.
This might be the best article I’ve seen about the change, and it’s posted on a company blog.
Potentially helpful extra context that makes me extra suspicious when somebody evangelizes it all the time
Monero users can and have been deanonymized by the police. Monero also acts as a de-facto tumbler, meaning by using it, you’re money laundering for criminals as a matter of course.
Let’s agree to disagree, then. I also disagree on the framing: you call it inconvenient, I call it a clear step backwards in terms of transparency. We can even compromise: CEO Vladimir Prelovac can simply update the list when he finds time. (He can even take time off from his occasional searches for online critics!)
For me, from a privacy perspective as a user it’s largely irrelevant what third-parties they use on the backend as long as my searches stay private.
This is largely circular logic. “It’s irrelevant what Kagi is doing, as long as I can trust what Kagi is doing.” You should never trust an opaque company. A company that becomes more opaque upon scrutiny is not a trustworthy company.
The topic is “using Yandex”.
No it was not. Read the post. The topic was obfuscation.
That obfuscation did come from an interlinked issue (Vladimir Prelovac getting caught paying Yandex for search data), but this year that concerned me was Kagi hiding this information from the community.
Do we not agree that being cagey about things and hiding once-public information is a red flag when it comes to privacy?
So what’s the issue? You don’t need Wayback machine to find their old page…
The issue is that the page is old and hidden! Normal people don’t hunt through repositories, let alone archives. It is extremely unreasonable to assume someone should do this.
Kagi Corp should provide this information transparently, not respond with mild hostility when that information is politely requested. In addition, they should keep it up to date! Acting cagey with users and hiding data isn’t how an honest corporation should behave!
I think I do. Kagi generates hype by being a paid service.
This kind of mentality is similar to how many paid services, like Amazon Prime, capture customers. Once you have bought into the monthly subscription, it becomes a mental default. Why shop around when you’ve already sunk some money into Prime?
I have found a Vlad to be frank, but not transparent. Big difference.
I agree with you that transparency is a positive trait, which is why I was frustrated when he made his website less transparent after people complained about the Yandex partnership.
I did find a different post on Lemmy that talks about [Kagi hiding their sources], though. This post is incredibly thorough, and does an excellent job of undoing Kagi’s attempt to memory-hole the information about which sources they use.
This makes it all the more frustrating that Vlad refuses to re-add them, instead asking to know why we would care.
I hope you’d agree that hiding information is the opposite of being transparent about it!
I agree that legally binding documents, or at least official statements made on the blog, probably carry more weight than the CEO shooting the shit on random social media, but the CEO’s words aren’t meaningless. When trust is involved (and before today, trust was extremely important), it means a whole lot.
If you think this is worthy of sharing, please, feel free to share it! Just mention me so I can take a look :)
BTW, to be picky, neither is privacy. Privacy is not lack of information, privacy is information only accessed by authorized parties. A service that collects data and uses it only for the purpose you agree with (not formally in the sense of 300 pages, really) is still private.
I agree with you halfway here, because privacy is very difficult to define. But I think what you just described IMO is security… plus transparency. For example, Gmail is technically very secure! Your email is safe between you, the recipient, and Google. And you technically consented to Google reading your email. Google has a vested interest in keeping your data to themselves, since leaking it would benefit their competitors. But I agree with you that Google, through its obfuscation, is not giving you privacy.
But I would argue that even if Google was totally honest and understandable, it would still never be private!
I don’t have a good definition for privacy yet, but generally speaking, privacy is when data is withheld from a third party, despite the third party’s facilitation of a service. If the third party is malicious, or the third party is compromised, I want my privacy to remain intact. With the Google example, if Google’s security is compromised, my privacy is explicitly out the window. With something like Signal, my privacy is retained.
BTW asking why a feature is important is not paternalistic, and it is done on basically every post there. And why wouldn’t it be? If they need to decide to invest their limited resources they should know why customers want something, people ask all kind of stuff.
I strongly believe that choosing to withhold information after being criticized about it, and putting the burden onto the end user to prove why the information is necessary, is paternalistic.
I believe the reverse is true: if a corporation chooses to start with holding information that was previously transparent, they should give a damn good reason why they suddenly felt the need to clam up!
I don’t know if you are familiar with the blog post that started an absolute firestorm about Kagi, but I did follow the blogger and it turns out that, if you believe their observations without explicit citation, Vlad has a history of shifting the burden of proof onto the consumer for why they would dare question his service, versus simply providing a service that is as transparent and private as possible.
[A] person wanted to know what LLMs Kagi uses so they would know where their data was being sent. Vlad wouldn’t answer, whining about how “no other business is held to that standard”…
Thinking of their products as privacy focused is a complete smokescreen because they refuse to actually PROVE themselves to be private in any way. They want you to take their word for it…
I don’t think this makes Vlad particularly malicious. In fact, his behavior is in itself a bit transparent (although I find it frustrating that he prefers to use communication channels that are either private or under his personal control, which may easily either be coincidence or intentional).
But I don’t want to be exclusively critical. Because this, the content of the linked post, is exactly what I wanted from Kagi. It looks like they implemented a method where they cannot snoop on searches, even if they felt compelled to do so (either due to external pressure or internal malice). That’s the stuff that matters to me. (And Vlad, if you somehow come across this: do more of this, please.)
Frustratingly, doing a search on that Changelog page for sources is mostly full of stuff not relevant to my search.
I did find a different post on Lemmy that talks about it, though. This post is incredibly thorough, and does an excellent job of undoing Kagi’s attempt to memory-hole the information about which sources they use.
This makes it all the more frustrating that Vlad refuses to re-add them, instead asking to know why we would care. Here’s a link to that conversation, which is on a platform controlled by Vlad, which appears to be resistant to archiving services that attempt to fetch those particular comments. Also for posterity:
slamor
Oct 27, 2024
https://help.kagi.com/kagi/search-details/search-sources.htmlThere is really no proper information about search sources. We need to know what resources are used and at what rate.
Please make a more detailed and clear edit.
Vlad
Oct 29, 2024
[@]slamor Is there any particular reason you are asking for this? More context will help us better understand the need.slamor
Nov 2, 2024
[@]Vlad why not?
Searching through kagi.com for “Yandex” yields a lot of dead links. The one living link is the Changelog, which says they added Yandex to their image search, back in December 2024… But that’s hardly a revelation. The changelog doesn’t go back very far either, AFAIK
As for the other links: Google says these links used to contain it the word, but I don’t know why. Maybe this one was for raised sites, maybe it was for lowered sites, which would at least give a little insight into whether users loved or hated the domain…
url: https://europe-west2.kagi.com/stats?sd=asc&st=percentage
text: yandex.com. zlibrary.to. androidcentral.com. answer-all.com. baijiahao.baidu.com. cbc.ca. developer.apple.com. eightify.app. github.getafreenode.com. gitmemory …
Another result seems to suggest Yandex Images served up a photo of Steve Jobs in a demo search, but that is no longer the case. Maybe it’s just a coincidence.
url: https://kagi.com/images?q=steve+jobs
text: 564 x 318 yandex.ru. 20 Steve Jobs Quotes: Wisdom from the Apple Co-Founder 20 Steve Jobs Quotes: Wisdom from the Apple Co-Founder. 696 x 418 cioviews.com. 75 …
What’s wrong with the comment? A couple obvious things stick out
1. Not understanding the definition of privacy
When it comes to privacy, third parties “knowing everything about you” is not privacy. Signal is private, Facebook Messenger is not. DuckDuckGo is private, Google is not. There is, and never has been, anything private about a service that directly ties every single search you make to the account that makes it.
(And despite replying to comment calling it anonymity back then - and Vlad calling it anonymity himself - today’s announcement recontextualizes it as a privacy feature.)
2. Explicit paternalism is creepy
The CEO compares his company to your parents, in a positive, “I would do nothing to harm you” way. Leaving aside the fact that many people have terrible experiences with their families and the violation of their privacy throughout their life (perhaps Vlad was extremely lucky), this is a disturbing way to describe his corporation in relation to you. Kagi has inherent power and knowledge that you, the figurative child, simply do not possess.
It might sound like I’m reaching here a bit, but there is a strange paternalism that runs through much of Kagi’s messaging.
This is uncomfortable stuff. Daddy does not inherently know best, let alone a CEO. If a company wants to keep its reputation for privacy, transparency is paramount. Removing transparency because of, perhaps, an inferred lack of intelligence on the consumer side is… Not good.
Given the way Kagi CEO Vladimir Prelovac doesn’t understand the word privacy, hopefully this solution is implemented in a way where the word’s true definition cannot be distorted.
Here he is a few years ago, comparing his company to your parents:
We did not say we maintain anonmity, but privacy, which are two different things. For example. your parents may know everything about you, yet still respect your privacy.
This comment lives rent free in my head, and has been a privacy deficit that Kagi had created and failed to address… until today.
Kagi has been criticized for removing their list of partners - originally, they admitted to partnering with Yandex, but they recently hid that partnership after receiving backlash. I’m not sure if the changelog will reflect that information, but I am curious to check now.
Complying with government data requests is NOT the same as collecting information for profit. A company cannot just decide to not comply with the local laws where they sell their products…
This is technically true, but… The privacy oriented person will drift towards products that cannot violate their privacy. Or, if that is not possible, towards products that push back against orders that are unlawful or unethical.
When Andy Yen and Proton Official published their multiple social media comments, this looked dangerously close to signaling fealty to a foreign government, which is not something I am interested in seeing.
Are you genuinely not aware that Andy Yen produced more than just one tweet?
And if that’s true, did you read the entire article that’s linked here?
(ETA: This isn’t a roast. I really want to know how somebody would react if this article was all they saw.)
I read this entire medium article from start to end, and that point stuck out to me so much that it caused me to pause, make sure I’d seen it correctly, and then restart with a more critical lens.
Between lines like that, and the assumptions like
There are multiple issues with this blog post.
The post falsely assumes Andy Yen’s politics exclusively matter - they don’t. Andy Yen stupidly posted a opinion online, then stupidly got the official corporate Proton account to stupidly repeat it on multiple platforms.
This is the issue: they demonstrated massive corporate mismanagement.
Then the company tried sweeping it under the rug, and many users are unaware about the corporate statements.
The article never addresses that issue. The author probably wishes Andy Yen’s mistake was just political, because that would be easy to write off. But it’s not.
If the CEO is able to bungle something this badly in full public sight, I lose a tremendous amount of trust in the actual product. And because Proton gets a good chance to read over every single email that comes in from an external source - password reset emails, confidential documents, etc - now I’m worried that they could bungle something that I can’t see… Until it’s too late.
If you read this Medium article alone, you might come away with the impression Gail Slater is a champion of small business. After all, it says
Legal experts have described Slater to be “not known as a friend of Big Tech”, and “not good for Google” despite her Republican ties. It is likely that knowing this, Andy was caught by surprise at Trump’s pick…
I was caught by surprise too: this article misses key details about Gail Slater. Several people pointed this out to Andy Yen.
Her Wikipedia page suggests she worked for the FTC before working for a lobbying firm and joining the first Trump administration. Then she worked for Fox and Roku and is now rejoining the Trump administration.
That lobbying group that employed her for four years was the Internet Association.
The Internet Association (IA) was an American lobbying group based in Washington, D.C., which represented companies involved in the Internet. It was founded in 2012 by Michael Beckerman and several companies, including Google, Amazon, eBay, and Facebook…
In 2017, the Internet Association opposed California AB 375, a data privacy bill that would require Internet service providers to obtain customers’ permission to collect and sell their browsing history, citing desensitization and security as the basis for their opposition.
Maybe Andy Yen stupidly didn’t know better when he made his post (as “Proton Team”) when he claimed she had “a solid track record of being on the right side of the antitrust issue”.
But this article should have known.
This article also makes a poor technical assumption: if you read it without knowing better, you’d think Proton isn’t capable of scanning and recording the text of mail as it arrives.
Lines like these
Proton is end-to-end encrypted, meaning it cannot decrypt user data.
tell the reader, either ignorantly or intentionally, the opposite of most email works. Banks, service providers, and password reset emails are all likely to be readable on receipt. E2EE emails in Proton are literally exceptionally rare.
From a tech perspective, it looks promising. In theory, your privacy will be, at very worst, only as bad as the most private actor in a two-hop chain.
In practice, though, Mullvad seems relatively okay with offering a white label version of its services to anybody who asks. And there’s a plus side there, because it means anybody who subscribes to that other service will be part of a larger crowd of Mullvad users in general. And blending in with the crowd is a good way of staying obscured.
If you read something to the effect of “Signal and Telegram can communicate,” it was probably in relation to the Beeper disaster app. I wouldn’t recommend that, because their entire gimmick was collecting all your messages on their servers for your convenience, defeating the whole point of Signal’s encryption.
Touche. I didn’t realize how many of the links in Tuta’s blog post were to their own blog.