Kagi is more of a private search company than an AI search company, but you need AI in your marketing to get funding these days.

They have done a pretty decent job of actually making useful applications of AI though; their summarizer tool is actually quite useful. It normally at least gets the jist of the page or YouTube video you’re looking at.

They also have taken steps to protect user privacy with their privacy pass extension … and they’ve announced a Linux port of Orion is on the way.

I’d feel much better if Orion was open source; but Kagi does seem to be taking their privacy commitments seriously.

I mean his phrasing could have been better but he is right that privacy and anonymity are different.

I’m not sure if you do given the account being disassociated from the search… Your bank could know you pay for Kagi, but that doesn’t mean anyone knows what you search.

The extension itself is open source and per them (I haven’t verified on my own) actually takes steps to combat the browser fingerprint problem; so I think it’s really just the VPN side of things that most people need to worry about (at least from the perspective of disassociating their search history and the sites they visit).

I have it; it works (even in private browsing windows so long as you visit the site logged in, in a non-private browsing window first).

I think that’s a characterization of what happened but not necessarily a good representation of what actually happened.

Yes, some researchers in Zurich found vulnerabilities. Yes they down played them … because you still couldn’t read anything. They were also already working on a new protocol before those researches wrote their paper and yes I’m sure they made some tweaks based on their findings.

This is their response; I’d hardly call it “insulting” https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement

You could say the same thing about Signal’s response to their “desktop security scandal” earlier this year (of which Threema wasn’t vulnerable and Signal repeatedly refused to acknowledge as a problem).

yet it still doesn’t support critical features like full forward secrecy

They do support PFS (perfect forward secrecy) though their new multi-device solution doesn’t yet support it.

https://threema.ch/en/blog/posts/ibex

This is the same protocol they were already working on when the “researches they insulted” released their research finding issues with the old protocol.

Threema is also far more active with third-party audits than any other group: https://threema.ch/en/faq/code_audit

They severely mishandled vulnerabilities by insulting the security researchers, then introduced a new protocol they built with the advice given to them for free from the SAME researchers before that, and yet it still doesn’t support critical features like full forward secrecy.

IMO this entire sentence is just wrong.

I’d also recommend taking a look at Threema.

I think their product direction is a bit better. Particularly as Signal still shows a message that they don’t back sync messages before you paired devices “for your security” … Threema also doesn’t back sync messages in their beta multi device setup, but that seems to be more less of a product stance and more of a “we just don’t do it yet.”

Threema is definitely missing some features like emoji reactions, stories, and a builtin cryptocurrency (which depending on your stances might be pros or cons).

Both apps have definitely gotten better over the years; I think Threema’s multi device support has really drained resources on their side so there hasn’t been as much outward feature work. I’m hoping it won’t be terribly long until that changes.

Then not to be aggressive about it, but go get qualified or stop spreading FUD honestly…