I’ve been using this search engine and I have to say I’m absolutely in love with it.
Search results are great, Google level even. Can’t tell you how happy I am after trying multiple privacy oriented engines and always feeling underwhelmed with them.
Have you tried it? What are your thoughts on it?
OK guarantee was too strong of a word, I meant more like “assurance” or “elements to believe”.
Either way, my point stand: you did not audit the code you are running, even if open source (let’s be honest). I am a selfhoster myself and I don’t do either.
You are simply trusting the software author and contributors not to screw you up, and in general, you are right. And that’s because people are assholes for a gain, usually, and because there is a chance that someone else might found out the bad code in the project (far from a guarantee). That’s why I quoted both the policy and the business model for kagi not to screw me over. Not only it would be illegal, but would also be completely devastating for their business if they were to be caught.
But yeah, generally hosting yourself, looking at the code, building controls around the code (like namespaces, network policies, DNS filtering) is a stronger guarantee that no funny business is going on compared to a legal compliance and I agree. That said, despite being a selfhoster myself, I do have a problem with the open source ecosystem and the inherent dependency on free labour, so I understand the idea of proprietary code. Ultimately this is what allowed kagi to build features that make kagi much more powerful than searXNG for example.
I think the thing with open source (re: your free labour point) is that it’s entirely voluntary free labour - I know that wasn’t the thrust of your point but there are pros and cons to it. The lead dev could one day say ‘fuck it’ and walk away, but for a project of any size/popularity there’s a lot of people ready and willing to fork it or ask for ownership to be transferred. It’s not very often a very popular bit of code is totally abandoned.
Open source, to me, offers a sort of peer review system. Most people developing open source stuff already care about code quality and privacy, contributors also do and the myriad of people using it have a core set of people who also do. That’s a lot of eyes. There’s also tools to diff code so its pretty easy to spot changes. And I do do that.
But I take your wider point - it all eventually comes down to trust. But that’s true of legal requirements too. And also organisation behaviour. Brave for example have been caught at least 3 times doing very dodgy stuff and yet as far as I can tell they continue to grow. I don’t necessarily accept that one instance of law breaking or otherwise poor behaviour is instant death for a company. If it was, G and Meta would be long gone.
All I can do is reiterate that all of us have different things that we choose to place some trust in and we all have different ways of assessing what leads us to trust. But at the end of the day, there are no cast iron guarantees.