Comment by hellcow
2 days ago
It seems weird to run a closed-source browser on an open-source operating system when so many open alternatives exist—I certainly wouldn’t do it, and I’m a Kagi customer.
Does Kagi plan to open-source Orion on Linux?
2 days ago
It seems weird to run a closed-source browser on an open-source operating system when so many open alternatives exist—I certainly wouldn’t do it, and I’m a Kagi customer.
Does Kagi plan to open-source Orion on Linux?
Being closed-source isn't just an ideological issue, it bring about a lot of practical issues. E..g.: distributions aren't going to package it, so users need to download the tarball and install it manually. They'll also need to manually update it (unless they're including some dedicated service?).
Then, integration with the OS will be weird. If you're distributing binaries, you can't dynamically link system dependencies (they are either bundled or statically linked). Any distribution-specific patches and fixes will be missing. AFAIK the default path for the CA bundle varies per distribution; I'm not even sure how you'd handle that kind of thing. I'm sure there's hundreds of subtle little details like that one.
The audience ends up being Linux users, who are fine with proprietary software, have time and patience for manually configuring and maintaining a browser installation, and are also fine with an absence of proper OS integration.
I think Steam is the only popular proprietary software on Linux, and they basically ship an entire userspace runtime, and almost don't integrate with the OS at all.
I hope freediver will shed some light on the open source plans, because that's a deal breaker for me too. I'm a long time paying customer and huge proponent (even evangelist) of Kagi, but a closed source browser is just too many steps backwards for me no matter who makes it.
I get (though wouldn't necessarily agree with) keeping it closed while it's still in the works, but would like to know if the plan is to open source in the future or not.
Wish granted!
Thank you! I'm obviously just one person, but I deeply appreciate your willingness to engage on HN, and your transparency and honesty about things (not just today, but also in the past). Makes me feel even better about being a paid Kagi subscriber.
Kagi founder here. Orion isn't open source yet primarily because we're a 5-person team that spent 6+ years building this and created significant IP doing so, and we're not in a position to defend our work against a well-funded company using it as a base (we care very much about the business model of the browser surviving). Restrictive licenses help in theory but enforcing them against a company with a larger legal budget doesn't.
We also see limited upside from community contributions - the number of people who can meaningfully work on a WebKit browser is small (from our experience hiring), and most of them already work at Apple or Kagi. Meanwhile, managing an open source codebase of this size would add real strain to our small team.
The plan is however to open source when Orion is self-sufficient (business model of Orion is you are the customer and can pay for it - like we used to pay for browsers 20 years ago before advertisers started paying for our browsing), meaning it can sustain its own development independent of Kagi Search. I want to take the opportunity to thank all people who supported the Orion browser vision [1]. We're not there yet but recent 1.0 launch and expanding to Linux are steps in that direction. And on Jan 1st this year we began development of Orion for Windows (HN exclusive yay!).
I understand this is unsatisfying to people who want source access now. It's a tradeoff we've made deliberately, not something we're hiding behind.
[1] https://kagi.com/stats?sub_stats=orion
> The plan is however to open source when Orion is self-sufficient (business model of Orion is you are the customer and can pay for it - like we used to pay for browsers 20 years ago before advertisers started paying for our browsing), meaning it can sustain its own development independent of Kagi Search.
Orion will never reach "self-sufficiency" as long as you don't actually charge for Orion. Orion is completely free to use. I can donate to Orion+, but Orion+ offers no paid features; it's basically a Patreon. https://help.kagi.com/orion/orion-plus/orion-plus.html
(No major browser has ever sustained its own development independent of a search engine's funding, not even Netscape, which charged $40/seat in the 1990s, with a free "shareware" tier so generous that hardly anyone paid. Netscape was funded by advertising, especially from Yahoo search. Funding browser development entirely on donations to a commercial business would be completely unprecedented.)
What if, instead, you made Orion "source available" to paying customers, but not open source? You could merge PRs only from users who sign a CLA. (Users would file PRs out of charity, for the same reason they sign up for Orion+ today.)
I'm a kagi user, and as many have said, I will not use Orion until it is open sourced.
I understand your position, but a web browser is so important a software that it must be open.
I also think that you can still sell it even if it is open source.
Also, you might be able to secure funding from governments that want to move away from closed source solutions.
Anyway, still congratulation for v 1.0, and I hope it will go well.
> Also, you might be able to secure funding from governments that want to move away from closed source solutions.
people with no skin in the game trying to sell bridges.
> managing an open source codebase of this size would add real strain to our small team
Can you please elaborate what do you mean when you say this? This is something I do not understand. How licensing terms affect your codebase management beyond setting things up so the code is available to users?
Publishing something under a FLOSS license doesn’t mean anything except that you grant end-users certain rights (the four essential freedoms). The rest (like accepting patches or supporting external developers) is customary but by no means obligatory. You don’t have a capacity for it - don’t do it, easy. There are thousands of developers who do that - they just dump whatever they have under a nice license and that’s it.
Unless you’re saying your legal department doesn’t have capacity to handle licensing concerns, especially if you’re using or potentially using non-FLOSS third party components. That I can totally understand, it could be pretty gnarly.
Please don’t be mistaken: Free Software is a purely legal matter of what you allow users to do with your work - not some operating principles or way of organizing processes.
Note: All this said, I can understand that you may not want to grant some freedoms to the end users, particularly the freedom to redistribute copies, because this could affect your plans of selling the licenses. But that’d be a whole different story than codebase management concerns.
> you’re saying your legal department doesn’t have capacity to handle licensing concerns
My read is their legal department isn’t fleshed out enough to defend the work when e.g. a tech giant steals it.
8 replies →
It's the strain of dealing with FLOSS freaks, who are by far the most annoying and persistent people to have ever walked the earth.
Thanks for responding. Orion on iOS with extensions has been outstanding.. looking forward to linux version.
Which extensions do you use? I was never able to get them to work. d reddit redirect, for example, never once redirected a reddit link to old reddit.
4 replies →
I would ignore the haters, keeping Orion proprietary makes the most sense for being able to successfully charge for it as a commercial product. You can't sell an OSS product, only supporting services, as many many startups have realized and been forced to relicense to much anger within their respective communities.
And when the market is going to be primarily technical people I don't think you can trust them/us with source-available either as hackers with a strong aversion to paying for software thinking themselves clever will make and distribute bootleg builds with the license checks removed. Then you'll have to spend your time finding and DMCAing them which will only make people mad. Best to avoid it entirely.
I appreciate you/Kagi actually thinking about building a sustainable business in contrast to companies that open source their core competency and then fail to make money later.
Source: happy paying customer and user of Orion.
earlier in the thread I read nhe plan was to release the source "when it has merit" But that instantly left me with the feeling that the authors of the browser, and I have very different opinions on what the word merit means. Such that they would be incompatible, and I'd never want to use it. This is a decision that has lowered my opinion about exactly how much I can trust Kagi.
> Kagi founder here. Orion isn't open source yet primarily because we're a 5-person team that spent 6+ years building this and created significant IP doing so,
But it's possible I haven't considered some detail where I might agree it's reasonable. Can you describe or offer any insight into the "significant IP" that you need to protect and defend? What threats from a larger company are you primarily concerned about?
Having access to the source is just one part of open source.
The state of webkitgtk is a bit rough, as I’m sure you and your engineers have noticed. The other part of what open source means to people is that you contribute back to the open source code you used to build your business, lifting all boats in the process.
What people certainly do not want to see is Kagi pull an Apple: utilize FOSS to the extent it helps you but return nothing but “thanks everyone but we got ours”.
Thanks for being so transparent about this. As a Kagi search user since the beta, I appreciate what you are doing. Good luck!
Are you looking for people who worked on WebKit in the past?
I really hope you refactored WebKit's Bridge, because it allowed a lot of exploits in the past, and was neglected upstream by Apple.
When I started my RetroKit fork I was aiming to reduce that attack surface while offering farbled apis based on other browser behaviors and their profiles. [1]
My fork has been neglected a bit due to lack of time, as I'm currently still busy with other APT related things before I can get back to it.
Would love to chat whether your plan is to open source your WebKit fork, maybe there's some overlap and we can work together on it?
(I currently hope that ladybird will be getting into a more forkable and modular state, because servo passed by that goal a long time ago).
[1] https://github.com/cookiengineer/retrokit
The GPL has pretty good legal precedent, and so does the MPL in the browser space (though, Firefox has mozilla behind it so it gets the enforcement benefit). If the SFC wins its vizio case, would you look into freeing orion?
> We also see limited upside from community contributions - the number of people who can meaningfully work on a WebKit browser is small
But the number of people who can contribute to the app UI is bigger, and that's also an area seriously lacking
I can live with that compromise for now. Thanks for the lengthy response!
Enjoying Orion with uBlock on the iPhone, thanks for making it work!
uBO is not technically working on Orion for iOS. We do not have permissions to run certain web extension APIs on iOS needed for uBO feature set. The adblocking you witness is thanks to built in native adblocker in Orion.
Thank you for building orion. Thanks for the explanation and it all seems perfectly reasonable to me and your choices are solid.
When you do release it, do you know yet if you plan on releasing the full change history? Or would you start with a snapshot at the ~release date?
We support Kagi across products. We believe alternate browser engines keep the web standard. We give more weight to that than to whether a particular browser's value add (on top of a double digit* but non-hegemonic engine) is open.
We believe software and hardware creators have a right to choose their business model and let that model compete, as Kagi's is competing right here in this thread.
* Having worked at mega banks etc., they do look at these numbers to decide whether to invest in standards support or slap on a "Requires IE" button.
I am generally ok with things being proprietary if they want, and I'm mostly ok with Orion being proprietary, but I do understand peoples' issues here.
For a lot of people (even relatively geeky people), their computers end up being "an interface to use a browser". People use their browser to file their taxes, to write their documents, to manage their websites, to create websites, to look at porn, to pirate movies, to chat with their friends, to send/receive money to their bank, and a whole bunch of other things.
It would be hard to imagine a piece of software that is capable of knowing me more intimately than my primary web browser, and as Google has proven, this intimate knowledge is valuable. Companies pay boatloads of money for large quantities of personal information to target ads (and probably a bunch of other more disturbing things).
I genuinely don't think freediver is lying; I believe him when he says there's no telemetry data being sent and that it's not tracking me, but there's the sticking word: "believe". I have to trust him, which wouldn't necessarily be the case if it were FOSS.
Now, granted, I could always run Wireshark or something to ensure that there's no telemetry data being sent regularly, but that only protects you so much; for all I know, they could be taking steps to actively make it look like they're not sending data, or they could be batching up N days of data and sending it in batches so it is not as obvious that telemetry is sent.
Again, I genuinely don't think they're doing that, I believe them, but I do see peoples' points.
1 reply →
What is the UI SDK used for Windows version?
we used to pay for browsers 20 years ago
I've been online for about 30 years, I have never heard of paying for a browser.
The paid browser market essentially collapsed after Microsoft bundled IE with Windows for free. For example Netscape was $49. Microsoft famously attacked this with "Why waste $50 for Netscape?! IE is free!"
This doesn't make browsers today really 'free' (same like search engines aren't really 'free'). Browsers are incredibly complex to make and maintain. And the customers paying all these cost are the advertisers/third parties, not the users using them (entire reason for Kagi's existance is to create an option where user is also the customer).
Being able to pay for the most intimate piece of software you have on your computer makes a lot of sense.
As an example, Opera was payware for the first ten years of its existence. I remember trying out a demo of it included on a CD decades ago!
Especially because WebKit’s lineage goes all the way back to KHTML. It’s nice to see KHTML come home to Linux but it does need to be open source.
Come home? It never left it. Konqueror, the software where it all started, still is a core KDE app. WebKitGTK, arguably the most portable WebKit distribution and what Orion itself uses, has always been Linux-first.
I can’t speak to whatever konqueror uses these days but webkitgtk is notoriously behind and difficult to work with. You can read posts from the Tauri devs questioning their entire approach on Linux due to it.
I really hope Kagi contributes back upstream to improve the situation, it’s needed.
Edit: looks like konqueror uses qt web engine which is chromium. The irony of the KDE browser abandoning WebKit while the GNOME browser still tries to use it is too much.
It seems weird to worry more about that than about the Chromium hegemony to where Chromium is becoming the only way to move money online.
What do you mean by "move money?" Do banks not support Firefox or Safari?
Just curious, but is this really a big deal? As a customer, you already trust Kagi enough to feed them your entire search history, so I guess you don't think they're bad actors. Thus, why you find problematic the (momentary?) "unopeness" of the browser? I'd gladly try it (I'm on Arch), even just out of curiosity (unlikely to make it my main, though).
Jeez, downvoted for asking about context? People, calm down.
Requiring it to be open source is not just about trusting the publisher. There are a bunch of other possible reasons, including wanting to support open source as a counterbalance to proprietary software.
For me, it's a big deal (although not a dealbreaker) for that reason. If I have the option of two different pieces of software, one being open source and the other proprietary, I'll choose the open source one every time unless there's something really exceptional about the proprietary one. But that's very rare.
I was just trying to think of any proprietary software I use outside of work (where I don't have a choice) or games. There must be at least one, but I can't think of what it is.
Understood. Obviously, all things being equal, I prefer (F)OSS too. Anyway, I'll probably play a bit with Orion, if possible.
Side thought: nobody's ever asked us to open source Kagi Search. Curious why the expectation differs.
8 replies →
> As a customer, you already trust Kagi enough to feed them your entire search history, so I guess you don't think they're bad actors.
Do I? I'm not going to post sensitive information into a search engine no matter who runs it.
My search history ain't worth much. What the contents of e.g. my bank website are is.
There’s still trusting Kagi that what’s in the binary was built from the open source code right?
2 replies →
Fine. Thank you for the clarification.
> you already trust Kagi enough to feed them your entire search history
Not necessarily, Kagi provides a feature[1] that anonymizes all your searches. I set it up and haven't thought about it since.
1. https://help.kagi.com/kagi/privacy/privacy-pass.html
They give you a key and only if you have a higher tier account. The act of doing that requires that there is a step in the process where they know you’re requesting a key and who you are. They could bind them in the backend if they wanted, before giving it to you.
You’re still trusting them. Not to mention they could round them all up by IP or browser fingerprinting.
There is still some level of trust.
I happen to trust them enough for that; but it is still trust.
5 replies →
> Just curious, but is this really a big deal?
Yes, it's a big deal. I've lived in the non-free software world before and struggled to get out. I'm not going back.
Google started as a company that seemed worthy of trust. The founders had ideals and followed them. Look what happened. Companies can turn evil surprisingly quickly. I'm also a Kagi customer, but I wouldn’t use a closed-source browser either.
Because free (as in the FSF definition) software should be a human right. We deserve to know how our tools work and be able to improve them and use them as we please. Free (as in freedom) software doesn't need to be monetarily free either. Make it so the purchase of orion comes with the binaries and a copy of the source code, or provide it on request. This has proved to be sustainable before, arguably the defacto standard for pixel art is (or was before a license change made it so you can't redistribute the source code) free software, despite costing money
I also would like to try it, but won't touch it until it is open source.
Why does it seem weird? I run a lot of proprietary software on linux. Actually made a career of it. I also run a lot of open source whenever I can, but I'm pragmatic about the whole affair. I think most users are like that.
In my opinion open sourcing something is a privilege, not a duty.
Feels weird in what way?
[dead]
Even if it was open-source, I already have more than enough webkits on my Linux, I don't need another one.
Aren't most browsers Blinks? (Yes, I know that Blink was forked from WebKit and WebKit was forked from KHTML.)
Yeah. The only webkit browser on linux aside from orion is GNOMEs browser (which frankly kinda sucks, which is why I want orion open-sourced so that GNOME can take its work on webextentions when they become supported)