[freediver]

Those are good questions, thank you.

I think that a class of people, who ask kind of questions that need absolute guarantee of anonymity (I am thinking terrorists, drug dealers, traffickers etc) are:

- Looking for a different thing (because anonymity is not the same as privacy)

- Are probably looking at tools that cost much more than Kagi does

We are not even interested in serving that market.

Having said that:

- Kagi does not store search queries nor by definition it is then possible to associate something that does not exist with an account

- In general, Kagi does not store or mine user data in any way. Our privacy policy is pretty detailed, I recommend checking it out https://kagi.com/privacy

The strongest guarantee I can realistically give you that the above is true, is that our business model is simply not dependent on mining or selling user data. And the premise of our entire business would fall apart if the opposite turned out to be true. In other words the alignment of incentives here is as good as it gets.

We are not interested in your identity or searches, we are interested in providing the best search product for you, so we can keep you as a paying customer as long as we can. The moment either of the above is not true, you will walk away. It is wonderful to be in this position from a product/business perspective.

[franciscop]

I would expect 99% of us not wanting our search history revealed or just even logged. Specially with English as a second language, I've searched for things (to learn what they are) that are just horrible, think blue pancake/muffin/whatever it was.

Or just plainly searching about legal or medical issues to learn/get informed can yield some very questionable queries taken out of context as well.

Do you currently log user search queries?

[wootest]

I understand the pedagogical example as a stark contrast, but this choice is immediately turning me off the product. Startups and the companies they grow into have spent decades helping themselves to data to track and identify and write clauses into their policies and terms of use to be able to stockpile behavioral data for a potential future "pivot" if nothing else.

We are living in a world where it is more based in fact to assume that companies will help themselves to this kind of information under a variety of pretenses than that they won't. The only reason people will assume differently is if they trust the company, the product and the people behind it. The policy seems to be doing its part, but trust needs to be built by every conversation with a potential future customer. If the question that pops up is "how can I be anonymous if I pay you each month", the resulting argumentation should not be able to be construed as "we're sorry, but we're not going to help be your burner phone", which the comment I'm replying to is toeing dangerously close to.

People search for many things and it could detail their interests, their current location, their financial troubles. The commitment needs to be "we will never, never, never, ever, do anything like this", and not just "it doesn't make sense for us to do this". Because if someone wanted to build in that sort of tracking, it could "make sense" from a business standpoint to do this in that the data, if collected, has a lot of value on the market.

Even if the incentives are indeed aligned to keep the paying customer pleased, we also need to know that if we do walk away, that at that point there will not possibly be anything left as an artifact that a future buyer could do anything with. This assurance will be most effective if it's rooted in trust and values rather than in practical concerns; the practical concerns are valid, but only if they are restraints that have been applied in search of an objective by yourself, instead of "it is not currently in our business plan". (As an extreme example, consider a bank saying "we'd never pick items out of our customers' safe deposit boxes and sell them; it would simply be too much work".)

Basically, the facts seem reasonable enough. But you need to work on not coming off like the parent saying "well I'm sorry you want to hide things from me", which is what unprompted bringing up the covering up of criminal activity in response to questions of anonymity and privacy does. I understand that those concerns do come up in thinking responsibly about a product like this from all angles, but making it a part of a discussion with a potential customer disrespects and denigrates their fundamental needs enormously, the same needs that would make them attracted to the product in the first place.

[freediver]

I understand I could have better communicated my message and thanks for bringing it up.

My point is that none of "us" require anonymity in normal circumstances of using a search engine. But we all absolutely require our privacy respected (and many people still conflate privacy with anonymity).

Kagi is 100% privacy respecting by default, and examples I gave illustrate not only that, but that certain (almost total) level of anonymity can be obtained by Kagi too (because searches are not logged, so they can not be logged with an identity). In a paid service environment where you need to authenticate the user, help them restore their account etc, it is very difficult, I dare say impossible, to achieve total anonymity guarantee from a technical standpoint and I want to be transparent about it.

I think a better sort of guarantee is exactly the one that I gave - our business model does not incentivize and sort of privacy invasive behavior.

> The commitment needs to be "we will never, never, never, ever, do anything like this"

Perhaps you have not read our privacy policy, but this is exactly what is says there, and I took it for granted. This is probably my mistake and I should have assumed that people submitting inquiry will not have read it.

In my mind "there is no need for us to do it" is a much more powerful driving force than simply stating we won't. Stating something is easy but not substantial as witnessed by many big tech companies. The reality is that their business model forces them to twist reality away from privacy statements like those. Our business model does exactly the opposite, and has a positive feedback loop reinforcement in relation with the customer (we cheat you -> you take your wallet elsewhere).

Rereading this very answer I have a feeling it will not be the most satisfying again, so I hope that with your help, we can come to an answer that will satisfy your inquiry.