The downside of this is that if you are not on a larger network, the IP address will probably deanonymise you. Kagi knows you are logged in, and if you open a private browsing window to do a spicy search, they could link the searches. Fast switching between modes is undesirable.
Tor has its flaws and criticisms, but it's really not on Kagi to fix them. With the combination of tor and their privacy pass, Kagi has gone further in allowing their paid users access to their services than anyone else.
Disclaimer: Not associated with Kagi in anyway other than being a very happy user.
Tor has nothing to do with what GP said, which is, the flexibility offered by Kagi (to turn privacy pass on / off) is actually self defeating. If (even technical) users walk away thinking "why don't other platforms offer this", then that tells you all about the foot-gun that this flexibility brings.
(Privacy Pass in fact doesn't make sense outside of an anonymizing transport, which makes the current announcement an exercise in marketing, at best)
> Privacy Pass in fact doesn't make sense outside of an anonymizing transport
This kind of thinking is pervasive in the discussion of privacy enhancing technologies. It might not make sense against the most sophisticated attacker, but it lays the groundwork of a complex system that will be able to do so.
Allowing more users will provide herd privacy at the token generation phase. Searches being decoupled from user account primary key offers privacy in all kinds of scenario's, comparable with a browser private tab.
> > Privacy Pass in fact doesn't make sense outside of an anonymizing transport
> This kind of thinking is pervasive in the discussion of privacy enhancing technologies
It is in RFC.
Origin-Client, Issuer-Client, and Attester-Origin unlinkability requires that issuance and redemption events be separated over time, such as through the use of tokens that correspond to token challenges with an empty redemption context (see Section 3.4), or that they be separated over space, such as through the use of an anonymizing service when connecting to the Origin.
