I have built blind signature authentication stuff before (similar to privacy pass) and one thing I’m curious about is how you (will) handle multi device access?
I understand you probably launched with only unlimited search users in order to mitigate the same user losing access to their tokens on a different device. But any ideas for long term plans here? When I built these systems in the past, I always had to couple it with E2EE sync. Not only can that be a pain for end users, but you can also start to correlate storage updates with blind search requests.
Either case, this is amazing and I’m gonna be even more excited to not just trust Kagi, but verify that I don’t need to trust y’all. Congrats.
Yes, multi-device is definitely not easy. We've played with a few ideas, but it is definitely not a question with an obvious answer. For now, our rate-limiting allows you to use Privacy Pass on a few different devices by having each generate tokens independently. We will see how this goes and listen to user feedback before going back to the drawing board.
Can’t you just run ollama and provide it a localhost endpoint? I dont think its within scope to reproduce the whole local LLM stack when anyone wanting to do this today can easily use existing better tools to solve that part of it.
I was a paying pro user for a <1000 person server years ago.
They forced me off of it due to offerings they were no longer servicing. Told me I had to self host and export all my data. I attempted this and it never worked. I abandoned that server and my profile I used across many matrix instances (and somehow my matrix room continued to run without me hosting it, and without an admin running it).
I will never use nor recommend them ever again. They clearly do not know how to operate a business nor an open source project.
> Although PCC is currently unique to Apple, we can hope that other privacy-focused services will soon crib the idea.
IMHO, Apple's PCC is a step in the right direction in terms of general AI privacy nightmares where they are at today. It's not a perfect system, since it's not fully transparent and auditable, and I do not like their new opt-out photo scanning feature running on PCC, but there really is a lot to be inspired by it.
My startup is going down this path ourselves, building on top of AWS Nitro and Nvidia Confidential Compute to provide end to end encryption from the AI user to the model running on the enclave side of an H100. It's not very widely known that you can do this with H100s but I really want to see this more in the next few years.
Yes, you're correct on both, though I think Google Cloud recently started supporting it as well. AWS will likely have GPU enclave support with Trainium 2 soon (AFAIK, that feature is not publicly offered yet but could be wrong).
We work with Edgeless Systems who manages the GPU enclave on Azure that we speak to from our AWS Nitro instance. While not ideal, the power of enclaves and the attestation verification process, we at least know that we're not leaking privacy by going with a third party GPU enclave provider.
And the most important thing about PCC in my opinion is not the technical aspect (though that's nice) but that Apple views user privacy as something good to be maximized, differing from the view championed by OpenAI and Anthropic (and also adopted by Google and virtually every other major LLM provider by this point) that user interactions must be surveilled for "safety" purposes. The lack of privacy isn't due to a technical limitation--it's intended, and they often brag about it.
Something good to be maximized within the constraints of the systems they have to work within. But at some point with enough compromises it becomes maximizing the perception of privacy, not the reality. Promoting these academic techniques may just be perception management on the part of Apple, if the keys are not controlled solely by the user.
If Apple really wanted to maximize privacy, they wouldn't be constantly collecting so much information in the first place (capture the network traffic from an apple device sometime - it's crazy). User interactions on Apple devices definitely seem to be surveilled for "safety" purposes.
From my perspective, Apple's behavior indicates that what they want to maximize is their own control, and their position as the gatekeeper others must pay in order to get access to you.
Yeah exactly this. Especially if you need to programmatically process that data too. You can even let the customers provide their own managed key too (such as AWS externally managed KMS) in combination with something like AWS nitro enclaves.
I’ve enjoyed building on nitro myself and most things should run in it just fine, just need to build the networking vsock proxy into the nitro image for anything that needs networking (such as DB, where you store the encrypted at rest data).
Total coincidence, nothing to see here, peasants. If you think otherwise you’re a conspiracy theorist, a Putin apologist, a gaslighter, or whatever we’re calling you today.
Agreed. While some people are nit picking the comment here as “well don’t do any of those things,” it still doesn’t quantify the danger.
Recently read from “Made to Stick”: “Don’t just say popcorn has 40g of trans fats. Everyone knows trans fats are bad, but how bad is bad? Say popcorn has more trans fats in one serving than a whole day of greasy junk food”
I have built blind signature authentication stuff before (similar to privacy pass) and one thing I’m curious about is how you (will) handle multi device access?
I understand you probably launched with only unlimited search users in order to mitigate the same user losing access to their tokens on a different device. But any ideas for long term plans here? When I built these systems in the past, I always had to couple it with E2EE sync. Not only can that be a pain for end users, but you can also start to correlate storage updates with blind search requests.
Either case, this is amazing and I’m gonna be even more excited to not just trust Kagi, but verify that I don’t need to trust y’all. Congrats.