| |
| ▲ | luma 8 hours ago | parent | next [-] | | Single word answer: trust. Y’all seem like nice people but trust isn’t automatic these days. | | |
| ▲ | z64 8 hours ago | parent [-] | | Trust with regards to...? Orion doesn't have any telemetry, doesn't force any updates on you, doesn't require any account. You can audit the application's behavior with standard tools to verify that it isn't "phoning home", etc., it doesn't need to be open source to do that, nor would making it open source obviate auditig the final executable anyways. What do you perceive as the risk to "trusting" Orion in this case? edit: Sandboxing the app also further reduces the surface area for "trust", though I'm unfamiliar with MacOS as a platform when it comes to that. | | |
| ▲ | drdaeman 5 hours ago | parent | next [-] | | Personally, I have some software engineering skills. For me it’s about trust in your development team and product direction. To be at least somewhat certain of the future, I want to own critical pieces of software, not rent it from someone no matter how benevolent-looking. While things are well, I want to be able to contribute. There are myriads of minor things that your development teams would never get time to look into. If something is a wart, I might have skills to do it myself and - hopefully - ask you to incorporate my patches. I did that to a few pieces of software I trust and use, and I consider the ability to do this as fairly important, even though I do this very rarely. And if things go sour, it could be impossible to keep up with long-term maintenance of this complex machinery but I still want that option open too. I want to know that if you folks decide to do something unpleasant to the browser, I’ll be able to begrudgingly take over and still fully own the software at least while I’m investigating the replacement options. Not be at someone’s else’s mercy. To be persuaded otherwise, I need to be aware about your reasons for not providing users software freedoms and agree they’re serving our mutual interests. (Needless to say, Orion is a very different product from Kagi Search, which is why I apply different set of requirements. I can switch search engines much more easily than user agent software.) | |
| ▲ | cosmosgenius 2 hours ago | parent | prev | next [-] | | Browser handling is way more personal than any other piece of software. It need not be open source licensed but being able to compile and install it from source the exact binary (minus signing) is a huge plus is today's world. Otherwise is "not" doing much from chrome, brave, firefox etc of today. Open source would be cherry on top. Trust of Kagi search is already there w.r.t both the tool and the company but it is not transferable to Trust to the Orion Browser. | |
| ▲ | makemethrowaway 8 hours ago | parent | prev | next [-] | | It may not phone home now, but it can do it tomorrow, or it can in be enabled and immediately disabled in some minor releases.
Even if people didn't catch those shenanigans immediately it will be evident from the commit history. I'd say opensource forces certain discipline. Also there is point of rugpull, or the product is getting cancelled. Few people will step up to maintain it; atleast until most users migrate to a different product. | | |
| ▲ | hedora 7 hours ago | parent [-] | | As a paying kagi customer that uses orion, I’ll just point out that there’s a reason “enshittification” was the word of the year recently. Much of it had to do with testimony during the Google antitrust trial. It’s hard to understand how Kagi wouldn’t be ultra-sensitive to guaranteeing there will be escape hatches if it enshittifies. (Your funding model is a great first step!) |
| |
| ▲ | yjftsjthsd-h 4 hours ago | parent | prev | next [-] | | > it doesn't need to be open source to do that, nor would making it open source obviate auditig the final executable anyways It doesn't need to be open source to do that, but it really helps. Ideally you'd publish source and have reproducible builds, so that users could look at the code to see that it's not doing anything objectionable and a handful of people could make sure that that code matched the official binaries. > You can audit the application's behavior with standard tools to verify that it isn't "phoning home", etc. Can you? Practically? Lots of programs are easy: You put them in a sandbox with zero network access, or very carefully restricted access, and that eliminates 90% of likely problems. But this is a web browser; it's purpose is to connect over the network, all day every day, to arbitrary, dynamic domains in large numbers, such that I would seriously question whether it is in fact practical to audit in a black-box approach. | |
| ▲ | inesranzo 4 hours ago | parent | prev | next [-] | | I think Kagi / Orion should go down the independent auditor route like TrailOfBits, Cure53 and others. That way the software would be audited and it doesn't have to be open source. | |
| ▲ | zamadatix 5 hours ago | parent | prev | next [-] | | It's relatively hard to audit a binary. You can audit the behavior of single runs, you can't nearly as easily audit the behavior of the program itself though. What if it pings only on Tuesdays, what if it does some sort of dns reach out that's a false positive for something else you didn't realize the browser was doing, what if there are platform specific differences in behavior. The same goes for auditing the final executable. Open source gives two options on that: build it, trust it. The latter may seem 0 gain but, again, it is actually a big difference trying to audit a blackbox for every possible behavior vs seeing what the baseline behavior is supposed to be and looking if any differences occur in the premade binaries. There is a 3rd option: reproducible builds... but I doubt that's a reasonable goal in this case. I'm not saying Kagi/Orion should necessarily care about providing that level of audibility, just that the response a pre-made binary is as trustable as a binary with its source code falls quite flat. | |
| ▲ | jfindper 4 hours ago | parent | prev | next [-] | | >Orion doesn't have any telemetry, doesn't force any updates on you, doesn't require any account. Source: "Trust me". As another person mentioned, telemetry could be sent out Sundays @ 2:00am, so my use of standard tools to verify that it isn't phoning home on a Tuesday afternoon is useless. This is just one isolated example. >it doesn't need to be open source to do that, nor would making it open source obviate auditig the final executable anyways. Trust is not a single bit that is flipped from "Fully trust" to "Fully distrust". Things become more trustworthy when the source can be reviewed, and less trustworthy when an employee says "We don't do this, trust us, but we're keeping the box closed because ~reasons~". In my eyes, Kagi has a lot of trust-building to do, despite being the darling child that can do no wrong in many HNers eyes (for whatever reason). | |
| ▲ | e12e 7 hours ago | parent | prev | next [-] | | Also trust that it won't be abandoned like Opera was. | | |
| ▲ | inesranzo 4 hours ago | parent | next [-] | | Would you pay for Orion not to be abandoned? There is Orion+ that can be paid for that keeps development going. | |
| ▲ | tiltowait 6 hours ago | parent | prev [-] | | If it gets abandoned—so what? Switching browsers is trivial. | | |
| ▲ | klardotsh 6 hours ago | parent [-] | | It really isn’t, and especially not when one of the browser’s unique selling points is its multi-browser extension compatibility that no other browser offers. Also some of us simply don’t want to learn new UIs and/or risk dealing with an “AI” infused alternative if we have a tool that already Just Works. Switching away from Just Works sucks. |
|
| |
| ▲ | inesranzo 4 hours ago | parent | prev | next [-] | | I'm assuming the people who are asking for Orion to be open source are not paying for it. I think a blog post on Orion's transparency is enough. The fact that there is Orion+ is enough to warrant no need to have tracking or 'enshittification'. If you like Kagi and Orion, supporting development by paying for it makes sense. Open sourcing everything of Orion means that Orion+ will be open source which defeats the point of supporting development of Orion directly. I've seen projects start open source, change to closed source and then add in the enshittification later. It doesn't matter if the code is 'open' the source code would eventually be unmaintained and have security holes which there is no time in the world for anyone else to maintain. | | |
| ▲ | 0_gravitas 3 hours ago | parent [-] | | > I'm assuming the people who are asking for Orion to be open source are not paying for it. I think this is an odd/slightly-disingenuous statement. I mean, I'm on linux, so I'm not, I'm happily paying for kagi though, and would pay for Orion+ if it was available to me :) I would also very much like it if Orion was open source, it would make me feel a lot better committing to and recommending a browser if I had actual assurances it's behaving appropriately, beyond a company saying "trust me", no matter how nice/cool they seem at the time. Honestly, I kinda wish Orion+ was the only option, I think having a free option (and the incentives that can create) is kind of antithetical to Kagi's whole raison detre. | | |
| ▲ | inesranzo 2 hours ago | parent [-] | | > I would also very much like it if Orion was open source, it would make me feel a lot better committing to and recommending a browser if I had actual assurances it's behaving appropriately, beyond a company saying "trust me", no matter how nice/cool they seem at the time. Kagi isn't 100% open source but you still use it and recommend it? How do you know they aren't spying on the backend? |
|
| |
| ▲ | 4 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | inopinatus 4 hours ago | parent | prev [-] | | By pushing back on someone over trust, you’ve eliminated the interest I briefly held in evaluating Orion. It would’ve been far better to acknowledge the concern than nitpick it. | | |
| ▲ | cipehr 4 hours ago | parent [-] | | What? Since when was asking questions to clarify someones position considered "pushing back?" Can you help me understand what about the questions make you uncomfortable? I am completely unaffiliated with Kagi. I find it concerning that we've come to a world were we can't ask questions without it being taken as something hostile to the person/people/idea being questioned. Is that not what science is? | | |
| ▲ | inopinatus 4 hours ago | parent [-] | | If you don’t think “you can just audit the binary with tools” is pushing back, then I don’t know what is, and especially so when you’ve framed the invitation with “I'd rather listen”. I’m reminded of the number of times I’ve had vendors sit across the table from me and argue that our fixed requirements for <whatever> are just a preference or a nice-to-have. This generally doesn’t bode well for their prospects. | | |
| ▲ | cipehr 3 hours ago | parent [-] | | Fair enough. I personally did not read push back in the questions/statements asked/made. > Trust with regards to...? I took this to be a good faith ask for clarification > Orion doesn't have any telemetry... You can audit the application's behavior with standard tools to verify that it isn't "phoning home", etc... I took this as a statement if what I could do, not specifically what I should do instead of getting it open sourced. Maybe I read it with more good faith intention and curiosity than I should have. I see your point on how that could be perceived as push back, but I landed somewhere different from where you might have. |
|
|
|
|
| |
| ▲ | sedatk 5 hours ago | parent | prev | next [-] | | In return, could we ask Kagi to expand on which problems they find in open sourcing it? | | |
| ▲ | nicce 2 hours ago | parent [-] | | Business model from Orion+ would likely take a hit in the long run. |
| |
| ▲ | kachapopopow 4 hours ago | parent | prev | next [-] | | I think the bigger question is: why not open-source it? At bare minimum provide the debug symbols for it (even chrome provides them!). | |
| ▲ | TingPing 4 hours ago | parent | prev | next [-] | | I would contribute to it if it was FOSS. | |
| ▲ | tucnak 8 hours ago | parent | prev | next [-] | | Only my 2c, but being able to modify commodity software (including, but not limited to browsers, text editors, etc.) I am running on my computer is table stakes. | |
| ▲ | barnabee an hour ago | parent | prev | next [-] | | Sure :) tl;dr: I'm a tinkerer, an idealist, and someone who wants to retain control over my digital life and deny influence over it to the likes of Google, Apple, Meta, et al. at pretty much all costs, and there are absolutely good enough open source options that I couldn't bring myself to use a proprietary browser unless I absolutely have to. To elaborate… First off, there are a few reasons I always prefer to use open source software: - I like being able to open things up, see how they work, chops bits off them, attach other things too them, use them in unexpected ways and general use (and abuse) them however I see fit. After all, I can do that with all the physical stuff I own, so why not the digital stuff too…? - Code costs nothing to copy and is trivial to copy perfectly. This means that the potential compounding benefits of everyone sharing not only their complete software products but individual libraries, algorithms, and solutions to common (and not-so-common) problems are huge. When we use and contribute to open source software we help build those benefits for everyone. - Closed source code is always open to being abandoned or moving in a direction we don't care for with nothing we can do about it. When it's open source, the question is "will I submit a PR", or "will I maintain a fork" (even if just for me). When it's closed, the question is "will I build a replacement". These are not the same category of thing! I can start running a fork any time[0]. Building a replacement may take months or years, if it's even feasible. But there are individuals who run their own fork of my favourite text editor (Helix). - I'm a big believer in the value of communities and efforts made primarily for the benefit of one's community rather than financial gain. Open source can act as a kind of insurance against the latter. Secondly, I think this is all uniquely important for browsers because the web is so dominant and it's therefore so important to me (and I think to Kagi's mission) to protect that platform for everyone, for all time. Even though Chromium and Webkit are open source, Google and Apple exert huge influence and control through their ownership of Chrome and Safari. Firefox is better but even that project is not free of Google's influence, which is steadily making the web worse for everyone. Kagi probably won't be the next Google, in that respect. As a long time payed user of Kagi[1], I really do believe they want to build a good browser that does not abuse an exploit it's users. But Google's motto used to be "Don't be evil", and many of us believed that for a while too. My point is not that Kagi will or is likely to become evil, it's that when Firefox/Zen, ungoogled Chromium, and maybe one day Ladybird and others exist, *I can't invest time, effort, and attention into something that could in theory go down such a path without the community even retaining the option to fork it[2]. This is especially true when using a closed source browser would also simultaneously weaken those more open efforts, however slightly, by subtracting from their community. So there you have it. I hope that's helpful. [0] Case in point: I've used Firefox for years. Sometime last year I start using Zen (a fork/derivative of Firefox) alongside it with no drama or fanfare. Now I rarely open Firefox. [1] Honestly, I couldn't imagine going back. It's a genuinely excellent product and I believe the company is generally doing, and certainly trying to do the right thing. [2] Just look at the cautionary tale/disaster that is Arc/Dia. For a while I was worried I was missing out on something special. Then Zen came a long and I worried less. Then the whole Dia thing… boy am I glad I didn't invest my time in that. | |
| ▲ | warkdarrior 8 hours ago | parent | prev [-] | | Can't speak for OP, but open source allows the community to check for spyware inserted to exfil data to the company and its partners. | | |
| ▲ | redserk 8 hours ago | parent | next [-] | | As much as I'd appreciate more open source for the sake of transparency, binaries provided on websites aren't guaranteed to match the source code provided and I'd assume most users are pulling binaries versus building themselves. | | |
| ▲ | array_key_first 40 minutes ago | parent | next [-] | | This is true, and this is where trusted repositories come in. I don't necessarily have to trust each individual app on fdroid or in the Debian repos. I have trust the maintainers are building them properly, and those people are not the same people developing the core app. | |
| ▲ | goku12 5 hours ago | parent | prev | next [-] | | Practically every platform has multiple software stores these days and many FOSS stores make their build logs available. Some take it a step further and provide reproducible builds, which is more or less there as far as source to binary traceability and binary trustworthiness is concerned. These are good enough reasons to open up the source, ignoring the other advantages just this once. | |
| ▲ | stonogo 5 hours ago | parent | prev [-] | | The ability to do so provides some protection. If someone pulls and builds and cannot reproduce the binaries, they can at least try to get the word out. Closed-source prevents even the opportunity. Even source-available is better than closed. |
| |
| ▲ | inesranzo 4 hours ago | parent | prev [-] | | Why would and what incentive does Kagi have to put 'spyware' in a browser? | | |
| ▲ | 0_gravitas 3 hours ago | parent [-] | | ??? why does any company do it? Money? | | |
| ▲ | inesranzo 2 hours ago | parent [-] | | Any company? Don't you think if Kagi introduced spyware it would ruin their reputation quickly, why would Kagi want to quickly ruin that brand reputation? The answer is that there is no incentive for 'spyware' on Orion as you can pay for Orion+ to support development. https://kagi.com/onboarding?p=orion_plan |
|
|
|
|
