For something as important as a web browser or operating system, I'd want it to be open source. In the FAQ it does say that they're opensourcing components and plan to opensource the browser eventually. This is all good.
Long term though, I'd want it also to run on opensource operating systems. It doesn't exactly make sense to have an opensource browser on a closed source operating system. I use Firefox on macOS (+ Linux) and wouldn't be so inclined if it only ran on Mac and/or Windows.
A piece of software will always be more trustworthy when it is free and open source than when it is closed source. A web browser interacts with so many servers that it would be very difficult to screen for all of the possible ways it could leak information to third parties if it were malicious. A FOSS browser has no such concerns since the code can be checked for malicious behavior. Any telemetry in FOSS can be either disabled in the software settings or stripped through forks (LibreWolf, Mull, Ungoogled Chromium).
With multiple cross-platform FOSS browsers already on the market, being FOSS is a baseline expectation for any new web browser that I hope Orion will eventually meet.
> A piece of software will always be more trustworthy when it is free and open source than when it is closed source
Agreed.
I argued something different though, and that is that a zero-telemetry browser is more trustworthy (from a privacy perspective) than an open-source browser that has telemetry by default.
The simple reason for this is that literally anyone can test and verify zero-telemetry claim by installing a free web proxy and monitoring connections.
Proving trustworthiness for a browser with telemetry, even if client is OSS, is much harder.
> A web browser interacts with so many servers
A zero-telemetry browser, especially one blocking ads and trackers by default like Orion, does not.
Just one such rogue connection found by anyone on the web would be enough to destroy zero-telemetry browser's entire reputation and credibility.
> A FOSS browser has no such concerns since the code can be checked for malicious behavior.
That is somewhat an illusion. For example server side code that is receiving and processing browser telemetry (including personal information such as IP addresses), is not open source and can not be checked for any major OSS browser, as far as I know. Even if it was FOSS, the user would have no way of knowing that is the code that is actually running on the servers.
With a zero-telemetry browser there is no such concern. This is why zero-telemetry is a much more powerful claim if trust and privacy are of concern.
Ultimately, what defines trustworthines overall is the business model of the browser, because that is what defines incentives of the browser vendor. As an average user, would you rather trust a browser with a business model where users pay for the product, or a browser depending on the world's largest ad and tracking network for revenue?
Most browsers depend directly or indirectly on ads/tracking business models for revenue. Orion is again a rare breed in this regard, as it only generates revenue off of the users directly paying for it.
> A zero-telemetry browser, especially one blocking ads and trackers by default like Orion, does not.
With or without telemetry, any web browser interacts with the numerous servers that host the content on the pages users load. A malicious closed source browser could alter its behavior in any number of ways while resisting detection.
It can change the timing or content of requests to and responses from specific domains. It can manipulate content displayed to the user. It can alter the behavior of scripts. Importantly, it can do any of these things in extremely targeted situations, such as when the user's environment meets certain conditions.
FOSS browsers don't have this concern because the source code can be verified to ensure that the browser doesn't manipulate its behavior in any situation.
> As an average user, would you rather trust a browser with a business model where users pay for the product, or a browser depending on the world's largest ad and tracking network for revenue?
The maintainers of the telemetry-free LibreWolf, Mull, and Ungoogled Chromium browsers don't depend on search engine revenue. An average user wouldn't see any problem with these forks, and an informed user would recognize their FOSS nature as an additional benefit that Orion could also gain should it become FOSS in the future.
Correct, and this is why trustworthiness is a matter of the business model, which is what defines incentives.
For many browsers today, users are not the same as customers, and this is problematic from a standpoint of trust and alignment of incentives, regardless of whether they are FOSS or not.
> A piece of software will always be more trustworthy when it is free and open source than when it is closed source.
Totally disagree. Unless you are reviewing the software yourself (like not), you’re just hoping that somebody else reviewed it and they are competent, and that any vulns are reported and fixed.
That’s a lot of trust ok a system that may or may not work as intended.
> Unless you are reviewing the software yourself (like not)
If you're assuming this about me, then you're wrong. I frequently review source code for FOSS I use, especially the parts that I submit issues and pull requests for.
I also know that others are reviewing the source code, since they are submitting issues (that reference portions of the code) and pull requests, too.
> Might as well be closed source at that point.
No, if a piece of software ever behaved suspiciously, the software being FOSS would enable someone to inspect the code and determine the root cause of that behavior. This examination would be made much more difficult if the software were closed source.
First of all, "free and open source" as in libre, does not necessarily mean "free as in beer". You are perfectly free to pay for FOSS and FOSS makers are free to charge for it. Is that clear?
Second, "FOSS = safe" from a privacy perspective is not nearly the reason you want FOSS. You want a FOSS browser for many, many reasons that are above and beyond privacy assurances.
Kagi seems really expensive? They say 240 searches a month costs them $3. But I don’t see how that works. You can run a c5.18xlarge instance for a full hour for that price, and it seems unlikely every search takes 15 seconds of CPU time on all 72 cpus.
Of course they may need multiple instances to search in parallel, but the math per user/search would remain the same.
It’s still nice that someone is making paid search though, and that alone would be enough reason to pay :)
They pay for search APIs. I would say it's very cheap – $10/month for something I use hours a day comes out to a few cents an hour. Even if I was making minimum wage and it only increased my productivity 1% it would be worth it.
Neeva costs $5/month and has an AI implementation. They're also using APIs from other scrapers and engines. How can they do it at half the cost to customers (with free accounts as well)?
I pay for it to get the benefit of Google's better search results without ads. It's better than DDG, Bing, Google and Brave Search based on my experience... I've had Kagi subscription since October 2022.
