Comment by thisislife2
2 days ago
Nice. But I stopped using Orion on macOS when they stopped offering complete offline installers. They taut they are a zero-telemetry browser, as proof that they are privacy conscious about user data, and that was a good feature and overture. But then when they create technical avenues to (possibly) bypass that (like using online installers that can do all kind of data collection) it becomes harder to trust them as it follows the tried-and-tested path of other companies that have claimed to care about user privacy, to increase their user-base, and then betrayed their customer base by harvesting their personal data.
I really like Kagi because of all the features and just generally letting me be a user instead of a product, but they have some weird kludges sometimes.
The weirdest choice at the moment is by default Kagi sends a referrer when you visit a search result. There's currently ~65.000 Kagi subscribers worldwide, so just that lone data point completely destroys any anti-fingerprinting you're doing. And probably these subscribers are divided among time regions, so not all are active at the same time.
Even if you are on a VPN and visit site #1, then site #2, you are already cross-site trackable because it is very unlikely you are on the same VPN vendor (and endpoint) as the other subscribers. If you add in more data points like browser, OS, screen size and the like it becomes even more grim.
They have the referrer enabled because it helps make admins aware I guess.
You can turn it off (Settings > Privacy > Hide Kagi referrer), but defaults matter.
Thanks - I also turned it off. I guess it's a marketing thing for them, but it feels like it goes against the ethos of the company. Particularly given the fact they are clearly aware of this as they put it in the 'Privacy' section.
Woah didn't realize this was the default, turning this off, thanks!
> online installers that can do all kind of data collection
"Can" is doing a lot of work here. A browser's whole purpose is to be online, after all. If they were trying to collect information about you, they really don't need the installer to be the thing that does it. It would be an impressive reversal of their whole premise as a business if their browser's installer was the piece that was violating your privacy and not, you know, their whole service (that you have to be signed in to).
> If they were trying to collect information about you, they really don't need the installer to be the thing that does it.
They do, if they are being duplicitous about their intent to not harvest user data.
If their browser was a data harvester from the get go, no one who is aware, and worried, about surveillance capitalism would have bothered to use it. And note that they had no problem in offering offline installers in the beginning. Now, once their base has grown, if they have a malicious intent (now or in the future), they can use the online installers to gather our personal data surreptitiously - for example, by profiling our hardware and (if you already had Orion installed) our settings, our bookmarks, our browser history etc. and use that commercially. It also allows them to install unwanted software on our computer in the future (I don't know if you are old enough to know - look up the browser toolbars era).
If their intent to respect a user's privacy is honest, offering an offline installer shouldn't be a big deal. (As far as I am aware, apart from Apple Safari, they are now the only browser that don't offer an offline installer).
> A browser's whole purpose is to be online, after all.
Not its whole purpose. I use browsers offline fairly often.
Offline installers (for any piece of software) are important to me because they allow me to keep a backup of the installer and won't restrict me when I don't have internet access. Keeping a backup is important because it lets me install older versions of the software when needed.
I respect your choice, but browsers are the one piece of software that you never, ever want to run an outdated version of. Websites really just don't stop working for new versions of browsers; browser/standards compatibility essentially only improves with time. The only thing you're getting with an old version is all of the security issues.
1 reply →