What did you use to reverse engineer the BLE protocol?

Some people already did that, there were bits of Python and Processing code lying on GitHub I found by searching the Bluetooth device name. I just had to convert that to use web Bluetooth API and build the app around that.

It's a pretty common technique to maintain healthy boundaries, similar to how most employees don't use their private computer for work nor vice versa.

Please add "Show HN:" to the title.

Care to share your constructive rebuttal with us?

Increased demand will result in more money for new hardware investments and will in the end decrease prices and provide better technology for everyone. Like it always has.

I'm sure you tell homeless people on the street that their demand for housing will in the end increase availability for everyone, like it always does, so everything is fine.

> I'm sure you tell homeless people on the street that their demand for housing will in the end increase availability for everyone

Whatever you say mate.

I'll buy it if you ever follow through!

Any good, benign extension can be taken over and weaponized with malware.

Until you realize that Kagi only works well because it uses a (paid) third-party API which behind the scenes does a classic Google search, scrapes its results in real time, throws out the ads, and then returns the cleaned-up results.

If Google Search changes, then Kagi's search will be impacted directly.

This isn't entirely true, because they use more than one search index.

The other search indexes are largely negligible in comparison: [0]

> This is not a competitive market. It is a monopoly with a distant second place.

> The search index is irreplaceable infrastructure. Building a comparable one from scratch is like building a parallel national railroad. Microsoft spent roughly $100 billion over 20 years on Bing and still holds single-digit share. If Microsoft cannot close the gap, no startup can do it alone.

[0]: https://blog.kagi.com/waiting-dawn-search

Thanks for searching the source. It sounds to me like they are _not_ using Google nor Bing directly:

> With Google and Bing, we failed - not for lack of trying.

> Bing: Their terms didn't work for us from the start. Microsoft's terms prohibited reordering results or merging them with other sources - restrictions incompatible with Kagi's approach. In February 2023, they announced price increases of up to 10x on some API tiers. Then in May 2025, they retired the Bing Search APIs entirely, effective August 2025, directing customers toward AI-focused alternatives like Azure AI Agents.

> Google: Google does not offer a public search API. The only available path is an ad-syndication bundle with no changes to result presentation - the model Startpage uses. Ad syndication is a non-starter for Kagi's ad-free subscription model.1

And BTW, I think this is possible (perhaps, as someone suggested below, with smaller and niche-focused indexes). At Uruky we integrate with several independent search providers and indexes, and only one of them (Serper) uses Google's results indirectly — not the most popular (though it was added by pressuring demand). From our FAQ [1]:

> For web search, Uruky currently integrates Mojeek, Marginalia, EUSP (Ecosia/Qwant) (only works with French, German, or English), Linkup, Serper, and Uruky Site Search.

[1] : https://uruky.com/faq

EDIT: Sorry, I re-read carefully the whole thread and it seems we're saying similar things. Your claim, from the start, is about the SERP, not direct search, which is supported by their blog post as well:

> Because direct licensing isn't available to us on compatible terms, we - like many others - use third-party API providers for SERP-style results (SERP meaning search engine results page). These providers serve major enterprises (according to their websites) including Nvidia, Adobe, Samsung, Stanford, DeepMind, Uber, and the United Nations.

This is a problem of their own invention.

Nobody said you have to index the entire web.

The web would probably be a lot healthier if we had several small search engines that focused on niches rather than 5 failed search engines that tried to index everything that was ever written and then ended up paying Bing.

Except that exhaustively scanning for badness is provably impossible.

It's inevitable that a false negative will slip through one day, and when that happens, it will compromise everyone who installs it, no matter if on day one or day eight.

The idea isn't to comprehensively make malicious code impossible - the idea is to make it difficult to sneak in. If the NSA wants to spend 500 billion$ to compromise an NPM package, there's very little we can do. But if waiting 3 days for security scans catch even 10% of malicious packages, that 's 10% fewer incidents everyone else has to deal with. And now people pwning maintainers must be much more sophisticated so their attacks are entirely undetected for that period.

Makes sense.

I just hope that the companies who currently perform security scans for free/for exposure have a sustainable business model. Once such a company gains reputation, there's diminishing returns in headlines currency.

But who will detect them on day one once everyone ignores them for seven days?

These things are usually caught by tools specifically scanning npm or by the maintainers noticing their account is compromised, not by people auditing their own installed packages.

There are some companies that specialize in detecting those, they do it for free (and get lots of marketing for it…)

AI agents