People usually don't compile their browsers from source anyway. And of course, technically, a program can check whether monitoring tools are running and adapt its behaviour accordingly, but this is malware territory and it makes no sense for any reputable browser. Also, technically, one can do that on router level anyway and not have this issue. So yes, I would say that analyzing the network is enough.
"People usually don't compile their browsers from source anyway."
But this is a forum that includes people who do compile their browser from source
As such, if promoting a new browser here, it should be expected people may ask about the availability of source code
I use an HTML browser that is a 2M static binary
It compiles quickly and easily on all the computers I own, and these computers are underpowered
This allows me to customise the software
For example, any "features" I do not wish to have, such as telemetry or other "automatic" remote connections, can be removed
NB. I am not expressing an opinion on the "Orion" software, I am commenting exclusively on the statement, "People usually don't compile their browsers from source anyway" appearing in a forum read by people who _do_ compile their browsers from source
The easiest way to verify "whether there is telemetry" is to look at the source code
To avoid telemetry, interested users can remove it from the source code
Whereas, if telemetry must be found by inspecting network traffic,^1 then users' only choice to avoid telemetry is not to use the software. There is no self-help. Users can plead with the author to remove telemetry to no effect
1. This may be complicated by encryption
Moreover, if the software is subject to change, e.g., "automatic software updates", then telemetry could be added at a later time, e.g., as part of an opaque "update". This requires the user to continually monitor network traffic in order to try to discover "whether there is telemetry"
If users have a copy of the source code, and use a binary compiled from that source code, then this burden does not exist
I was answering to a specific comment asking about whether one absolutely needs the source code to know that there is no telemetry. Not about whether it is reasonable or useful to want to have the source code in general.
I usually like to accuse people of the wildest privacy conspiracies, but here in the case of Orion, one day the founder approached me together to work with him, and I tried to see how far is he willing to do in practice (“ok maybe we could do X and Y or Z”).
He stopped me and explained to me that is his business model, and… it was to sell apps / subscriptions. He has no interest into anything else and strongly explained that the user pays and that’s it.
Eventually I didn’t work with him but I have a very positive opinion of him, so at least, based on my experience as a potential employee strongly trusts
People usually don't compile their browsers from source anyway. And of course, technically, a program can check whether monitoring tools are running and adapt its behaviour accordingly, but this is malware territory and it makes no sense for any reputable browser. Also, technically, one can do that on router level anyway and not have this issue. So yes, I would say that analyzing the network is enough.
"People usually don't compile their browsers from source anyway."
But this is a forum that includes people who do compile their browser from source
As such, if promoting a new browser here, it should be expected people may ask about the availability of source code
I use an HTML browser that is a 2M static binary
It compiles quickly and easily on all the computers I own, and these computers are underpowered
This allows me to customise the software
For example, any "features" I do not wish to have, such as telemetry or other "automatic" remote connections, can be removed
NB. I am not expressing an opinion on the "Orion" software, I am commenting exclusively on the statement, "People usually don't compile their browsers from source anyway" appearing in a forum read by people who _do_ compile their browsers from source
The easiest way to verify "whether there is telemetry" is to look at the source code
To avoid telemetry, interested users can remove it from the source code
Whereas, if telemetry must be found by inspecting network traffic,^1 then users' only choice to avoid telemetry is not to use the software. There is no self-help. Users can plead with the author to remove telemetry to no effect
1. This may be complicated by encryption
Moreover, if the software is subject to change, e.g., "automatic software updates", then telemetry could be added at a later time, e.g., as part of an opaque "update". This requires the user to continually monitor network traffic in order to try to discover "whether there is telemetry"
If users have a copy of the source code, and use a binary compiled from that source code, then this burden does not exist
I was answering to a specific comment asking about whether one absolutely needs the source code to know that there is no telemetry. Not about whether it is reasonable or useful to want to have the source code in general.
Because their entire continued existence depends on maintaining a reputation of preserving privacy?
I usually like to accuse people of the wildest privacy conspiracies, but here in the case of Orion, one day the founder approached me together to work with him, and I tried to see how far is he willing to do in practice (“ok maybe we could do X and Y or Z”).
He stopped me and explained to me that is his business model, and… it was to sell apps / subscriptions. He has no interest into anything else and strongly explained that the user pays and that’s it.
Eventually I didn’t work with him but I have a very positive opinion of him, so at least, based on my experience as a potential employee strongly trusts
> Source is closed. Is a network analyzer enough to determine? Or do a search and give arguments why it's not enough ?