Comment by freediver
7 months ago
Kagi CEO here.
I'd concede that it was a bad choice of words but also the screenshot was taken out of context. What I meant to say is that anonymity and privacy are two different things and that most people really need just their privacy respected, not be truly anonymous in life.
I also had a narrow view back then of what people considered by anonymity (for example considering VPNs as something giving them anonymity online).
Your grasp of personal information management under GDPR seems to be lacking, particularly regarding the roles and responsibilities of data controllers and what personal information are under GDPR. If you're operating within this jurisdiction, I would strongly recommend consulting with a GDPR expert. Non-compliance can lead to significant fines. Additionally, if this user were located in Europe, and he already sounds salty, were to report this to a privacy watchdog, there's a high likelihood it could result in a penalty. It might be beneficial to revisit GDPR guidelines to ensure compliance and avoid such risks.
You are correct and my confidence at the time came from the fact that we are not in the business of selling user data, do not collect it or ever need it so GDPR was not affecting us (in my mind).
I had no business discussing sophisticated policy matters on a public Discord, and yet I did it in good faith open to learning something new like it happened many times on our Discord. People do this all the time. The difference is when a CEO of a company does it, it has extra weight and this is why CEOs usually do not discuss these things with users. Lesson learned.
GDPR is not just for business that "sells data". Like the above said, you would need a GDPR expert consultant to go through your whole process. It will also correlate to your country's law, not something "you can do what you think it's true".
You can check Mullvad's privacy policy to see how they are handling GDPR. It's not written in "corporate words" and is very clear to me. For example, they don't even need email address to sign up but once payment comes to the table, GDPR comes - depending on which method of payment, regardless of how you insist on "no data collect": https://mullvad.net/en/help/no-logging-data-policy
The correct thing to do is transparenting that process with your legal/GDPR person.
I really don't want to use a VPN and a fake e-mail address with Kagi to get the kind of anonymity that DDG at least claims to offer.
[It would also be selling point to offer at least GDPR levels of privacy to everyone -- embrace it and do it right for the EU and don't fuck over people in the rest of the world just because you aren't required to do it here]