{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreifex33glhehjz6oilgt7n6aunjswy4kybxnspyprflsuh4i2yqmpm",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmiz3wade6w2"
},
"path": "/t/interview-with-the-engineer-of-uruky-a-private-search-engine/38072#post_11",
"publishedAt": "2026-05-23T06:30:17.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"How does Privacy Guides make recommendations?",
"see",
"RFC 9576",
"From elsewhere",
"Kagi (Search Engine) - #93 by ignoramous",
"Kagi (Search Engine)",
"@brn",
"@maqp"
],
"textContent": "Thanks for the links.\n\nfria:\n\n> I can’t list Kagi as a source for their own feature\n\nYes? That’s not because we distrust “primary sources”, but (hopefully it is obvious why) they are not the most unbiased source about themselves.\n\nThere’s expectation team members not rely solely on primary sources.\n\nHow does Privacy Guides make recommendations?\n\n> here at Privacy Guides people don’t need to trust the team to be _the_ experts themselves on every topic that we publish recommendations on, but people _are_ trusting the team to weigh all the discussions we see and make recommendations accordingly\n\n* * *\n\nfria:\n\n> not sure what counts as “marketing material” to you\n\nTo me? Some of the editorial in security audits by Cure53 (see), for an example relevant to these forums, are marketing.\n\n* * *\n\nfria:\n\n> Source: RFC 9576 from the IETF outlining the Privacy Pass architecture\n\nMy question was, how does Kagi’s deployment of Privacy Pass cryptographically guarantee unlinkability, like we hope it does? Not what the RFCs say Kagi must do, but what Kagi infact actually allows.\n\nFrom elsewhere:\n\n> The downside of this is that if you are not on a larger network, the IP address will probably deanonymise you. Kagi knows you are logged in, and if you open a private browsing window to do a spicy search, they could link the searches. Fast switching between modes is undesirable.\n\nIn fact, we’ve also discussed this on these forums before: Kagi (Search Engine) - #93 by ignoramous\n\nKagi (Search Engine)\n\n> Since the extension requires you to be signed in to the browser in order to obtain the tokens, it makes using it privately a lot tricker. If these tokens were _portable_ (can purchase with an account on one device/browser and add it to another device/browser where I’ve never signed in with Kagi) that could also be more useful I’d imagine.\n\n* * *\n\nApplied cryptography (like Privacy Pass / Trusted Computing / HE etc) is very hard & very expensive, in practice, like @brn politely points out above (that it is one thing Apple does it, and another for an upstart to pursue it, and yet another for upstarts to mis-market it). We should hold any firm making cryptographic guarantees to a very high standard (for example, see @maqp on private messaging).\n\n/meta",
"title": "Interview with the Engineer of Uruky, a Private Search Engine"
}