Checked the first one (kagi.com) and on the first page they make requests to both cloudflare.net and duckduckgo.com. I just don't get it - how difficult is it not to leak your users' data all over the place?

EDIT: you.com does better on the first page, but then they leak data to CloudFlare and Google via 3rd party JS on FAQ page. Come on.

EDIT2: qwant.com looks promising, thank you for the tip!

Hello! Checking in from you.com on this. For the FAQ page, is this the page you were looking at: https://about.you.com/faq/ ? I want to make sure I'm looking at the exact same page.

Looking at that page, it appears we load a font from Google for about.you.com. Thanks for flagging! We'll get rid of that.

We do use CloudFlare for our CDN, DNS name server, JavaScript caching, and DDoS protection. We're not planning to move off of CloudFlare any time soon, but we've worked with them to ensure that they do not store user queries in their logs (completely masked out), they redact the last part of user IP addresses so no individual IP address is stored while keeping the benefits of bot detection and DDoS protection, and their javascript analytics tracker is turned off so there shouldn't be anything CloudFlare client-side.

Thanks again for the time you took looking into all this! It's great to have people out there that care enough to look and report what they find. Much appreciated.

Great to know you really go out of your way to protect your users

> Checked the first one (kagi.com) and on the first page they make requests to both cloudflare.net and duckduckgo.com

Care to explain what exactly you saw as I am curious (Kagi dev here, and no, we don't make such requests - likely to be your browser extensions).

Glad to see you care!

I have advanced blocking in uBlock Origin and all 3rd party scripts are blocked by default. Not sure how DDG came there (maybe because I came to Kagi through it?), but I have checked agsin and for CF it says:

d33q65j1hc8iiu.cloudfront.net

assets.kagi.com

I assume you are using CloudFlare as CDN for your assets (can't check right now)? If so, it is a weird decision for a privacy focused search engine. Of course there are degrees to privacy, but CF is too big to be trusted imho.

EDIT: no, no extensions apart from UBO. :)

CloudFront is an AWS service (we use AWS for our infrastructure) and it has nothing to do with CloudFlare except sharing 6 letters in the name.

Would be nice if you double-chcecked both claims before making allegations publicly (or at least contacted us for clarification) as we do not have the resources of a big company to right all the wrongs said about us.

Everything about Kagi and privacy is available at kagi.com/privacy

Ouch, I apologize.

If it matters, you sure made the mark for me, and I will definitely check out the engine further.

Thanks. And yes it does matter, which is why I invested disproportionately more time and energy than it took to write the original comment, but it is a game I can not win at any scale. Unfortunately some people that seen the original comment and never seen my rebuttal will walk away misinformed and potentially spread misinformation further, further damaging our brand, all completely unnecessary.