I am referring to all of their AI stuff, kagi assistant included. Personally, the best feature is the quick answer. It essentially scans the top several hits and uses an llm, reads them to see if it answers your question, and will display a summary that also includes links to the full source. I find that feature to be wonderful. I will usually look through the quick answer and see if the site actually answers the question I have, and then we'll click through. If everyone implemented it like this, it's possible it could save the current model.
I am wondering if there was any incident that disproved the “we have disclosed 0 bytes of user data to third parties, including governments.” statement.
On a side note, I was just recommending Telegram as alternative to WhatsApp (but I did mention that we need to enable Private chats for E2E). It is definitely not an ideal UX.
As mentioned in a comment to one of your posts, the GNUnet people have probably gone the furthest in the quest to obfuscate metadata. Unfortunately, to this day no usable messenger application has come out of this, partially because GNUnet has largely been a research project.
As for applications in use today that address the metadata problem, have a look at Signal's Sealed Sender feature: https://signal.org/blog/sealed-sender/
As for recommending Telegram for secure messages, I side with the sibling comments ("Don't").
Since you seem to focus on decentralized protocols, I should add: In practice, while we all like federated and p2p apps for the freedoms & this warm fuzzy feeling they provide us with, by default they tend to have a much greater attack surface when it comes to metadata. This is because, compared to a centralized approach, metadata is openly available to far more parties. As a result, 3-letter agencies often won't even need a warrant to get their hands on the metadata: They can simply run traffic analysis and/or participate in the network themselves.
> I was just recommending Telegram as alternative to WhatsApp
If you care about privacy and security, please don't. Defaults matter, and private chats are effectively unusable for anyone using more than one device or needing group chats. And that's not even considering their strange home-baked cryptography.
I am recommending both. The problem is that Signal (which I use along with the other messaging apps) is that it is not feature rich as the other 2 and Signal is not popular so ppl download it just to interact with one person (Me) whereas Telegram has more user base.
Well you hating on a feature you don't have to use doesn't affect my opinion about the well thought out security design around the rest of the application. I have zero sympathy for the distributed Ponzi scheme that is cryptocurrency, but nothing in Signal has gotten worse with the feature.
I don't care for crypto bullshit, and I was not too happy to hear that Signal joined that party, but it turns out you don't run into this as a Signal user if you are not specifically looking into it.
I don't believe they lost any credibility with this, I thing people don't know about it for the most part, or don't care for the majority of the remaining part.
Is Session's also good? They had this cryptobro stuff from the beginning so I never paid attention despite their claims that security is on par with Signal and the like (probably not the SGX and sealed sender bits, but the message contents encryption). Nobody ever talks about it but yesterday they apparently got a million users. Makes me wonder whether to start paying attention
For metadata you first want to remove the obvious identifiers, phone numbers, names. You'd want to use something like anonymous@jabbim.pl for your IM account.
Next, you'd want to eliminate the IP-addresses from server, so you'd want to connect exclusively through Tor. So you'd set the IM client proxy settings to SOCKS5 localhost:9150 and run Tor client to force your client to connect that way. This is error-prone and stupid but let's roll with it for a second.
Now jabbim.pl won't be able to know who you are, but unless you registered your XMPP account without Tor Browser, you're SoL, they already know your IP.
A better strategy is to use a Tor Onion Service based XMPP server, say
4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad.onion (not a real one), and you'd register to it via IM client. Now you can't connect to the domain without Tor, so misconfiguring can't really hurt.
So that covers name and IP. We'll assume the content was already end-to-end encypted so that leaks no data.
Next, we want to hide the social graph, and that requires getting rid of the server. After all, a server requires you to always route your messages through it and the service can see this account talks to this account, then to these ten accounts, and ten minutes later, those ten accounts talk to ten accounts. That sounds like a command structure.
So for that you want to get rid of the server entirely, which means going peer-to-peer. Stuff like Tox isn't Tor-only so you shouldn't use them.
For Tor-only p2p messaging, there's a few options
https://cwtch.im/ by Sarah Jamie Lewis (great, really usable, beautiful)
https://briarproject.org/ (almost as great, lots of interesting features like forums and blogs inside Tor)
>On a side note, I was just recommending Telegram as alternative to WhatsApp
Don't. Telegram and WhatsApp both leak meatadata, but WhatsApp is always end-to-end encrypted. Telegram is practically never end-to-end encrypted. I'd use WhatsApp over Telegram any day. But given that unlike WhatsApp, Signal is open source so you know the encryption works as advertised, it's the best everyday platform. The metadata free ones I listed above are for people in more precarious situations, but I'm sure a whistleblower is mostly safe when contacting journalists over Signal. Dissidents and activists might find Cwtch the best option however.
Re: the last link: this is not why surveillance prevails on the Internet.
It’s an economic problem not a technological problem. Surveillance driven advertising became the business model of the net because people don’t pay for content online. That left advertisers as the only true customers, and companies and ecosystems grow toward and around their customers the way plants bend and stretch toward light.
Making the Internet more secure would not have changed this. Surveillance is built into consumer technology directly because advertisers pay more for access to people than people pay directly.
Advertising is the primary force behind this. Government driven surveillance is secondary and really just piggybacks on systems created and sustained by the ad and PR industries.
One of the things you learn as an older engineer is that a lot of stubborn technology problems are stubborn because they are not technology problems. They are socioeconomic or political problems. Privacy online is one of these.
The only way I see this changing is if people change their buying behavior and start demanding privacy, avoiding insecure products, and being willing to pay for it.
I agree that a big part of the problem is human behavior and how ppl are not willing to change their buying behavior to buy more privacy preserving products or demand the creation of such products or stop using the ones that are “clearly” harming them.
That said, the Internet in terms of privacy and surveillance is broken by design. Here is a relevant quote from the website I shared and you referred to:
“ According to Washington Post's "Net of Insecurity" series the inventors of TCP/IP originally wanted to build basic end-to-end cryptography directly into the protocols, thus guaranteeing at least the authenticity of transmissions if not the content, within the possibilities of the late '70s. By impeding any public use of cryptography, the National Security Agency fundamentally broke the Internet early on. Since then we not only have an Internet which is unencrypted by default, it is also insecure as the provenience of any IP packet can be spoofed at will.”
I tend to think that the idea of surveillance driven advertising as a model is itself an excuse or justification for intrusion and eradication of personal privacy. I'm saying the whole of that industry was all about spying from the beginning, subsidised by the governance structure, and that the idea that there is actually much of an industry there at all, is am excuse to provide plausible deniability. I don't think online advertising works at anything like the scales we are told.
Look into how much money there actually is in surveillance driven advertising. It's more than you'd imagine.
A good place to start is social media companies' revenue per user. A few years ago Facebook's was about $40/month/user globally, which means users would have to pay $40/month to outbid advertisers.
It's definitely financially motivated. Governments surely piggyback on it and encourage it, but the main driver was and is money.
I'm sure it's about money, I don't think it's based on the market though.
I reckon it's based in indirect governance structure subsidies being sent to those companies that have been set up to harvest data.
The reason I think this, is I don't think I invest any of my resources according to what adverts are shown on a screen. Also, I don't think I know anyone that does spend according to advertising.
I realise companies' 'advertising spend' may also includes brand awareness and other non-sale elements... But you'd think that sometimes the spend would result in an actual sale to justify the spend.
https://help.kagi.com/kagi/ai/assistant.html