Good to see more projects plugging into Kagi Small Web.
It has been a passion project of mine since inception and just recently reached over 2000 commits, adding about 10 new websites every day (around 29,000 total at the moment).
It is also the first thing open in my browser every morning.
You can view these blogs visually at https://kagi.com/smallweb and content from all of them is surfaced high in Kagi search results (when relevant).
Because Kagi Search is a service I subscribe to. A browser is a program I install. That difference means everything.
But since I have your attention, I just want to add that I'm a huge fan of Kagi Search and it's well worth the money I spend for it. I love the work you guys are doing, and that love is the reason why I'm even thinking about using Orion. But they are two entirely different use cases.
I am pretty sure the expectation would be different if Kagi search could be self hosted. Linux people have come to expect open source for code they run on their own machines. Historically closed source Linux software has run into a lot of problems with dependency version mismatches as libraries get updated through the distributions package manager.
About half a year ago, I ran into an instance of a user who requested more openness[0] regarding the sources Kagi used - initially there was a list that was available, and then it was removed. I know it's not exactly the same, and it's been a long time since that request was made, but if you happen to read this, I second their request.
Personally, I think it would be incredible if you open sourced your search engine. But like someone else said more eloquently, software runs on our computers. And to me, open-source software is table stakes when there are viable alternatives.
I'm not the one running Kagi on my computer, and the expectations of software ran over a network are and should be different from software I run on my computer
There aren’t great open-source search engines, so I’m moving from one proprietary option to the next. But there are great, open-source browsers already, and I refuse to go backwards.
If a good, open-source search engine were available, I would leave Kagi for it.
Thank you! I'm obviously just one person, but I deeply appreciate your willingness to engage on HN, and your transparency and honesty about things (not just today, but also in the past). Makes me feel even better about being a paid Kagi subscriber.
Kagi founder here. Orion isn't open source yet primarily because we're a 5-person team that spent 6+ years building this and created significant IP doing so, and we're not in a position to defend our work against a well-funded company using it as a base (we care very much about the business model of the browser surviving). Restrictive licenses help in theory but enforcing them against a company with a larger legal budget doesn't.
We also see limited upside from community contributions - the number of people who can meaningfully work on a WebKit browser is small (from our experience hiring), and most of them already work at Apple or Kagi. Meanwhile, managing an open source codebase of this size would add real strain to our small team.
The plan is however to open source when Orion is self-sufficient (business model of Orion is you are the customer and can pay for it - like we used to pay for browsers 20 years ago before advertisers started paying for our browsing), meaning it can sustain its own development independent of Kagi Search. I want to take the opportunity to thank all people who supported the Orion browser vision [1]. We're not there yet but recent 1.0 launch and expanding to Linux are steps in that direction. And on Jan 1st this year we began development of Orion for Windows (HN exclusive yay!).
I understand this is unsatisfying to people who want source access now. It's a tradeoff we've made deliberately, not something we're hiding behind.
> The plan is however to open source when Orion is self-sufficient (business model of Orion is you are the customer and can pay for it - like we used to pay for browsers 20 years ago before advertisers started paying for our browsing), meaning it can sustain its own development independent of Kagi Search.
Orion will never reach "self-sufficiency" as long as you don't actually charge for Orion. Orion is completely free to use. I can donate to Orion+, but Orion+ offers no paid features; it's basically a Patreon. https://help.kagi.com/orion/orion-plus/orion-plus.html
(No major browser has ever sustained its own development independent of a search engine's funding, not even Netscape, which charged $40/seat in the 1990s, with a free "shareware" tier so generous that hardly anyone paid. Netscape was funded by advertising, especially from Yahoo search. Funding browser development entirely on donations to a commercial business would be completely unprecedented.)
What if, instead, you made Orion "source available" to paying customers, but not open source? You could merge PRs only from users who sign a CLA. (Users would file PRs out of charity, for the same reason they sign up for Orion+ today.)
I would ignore the haters, keeping Orion proprietary makes the most sense for being able to successfully charge for it as a commercial product. You can't sell an OSS product, only supporting services, as many many startups have realized and been forced to relicense to much anger within their respective communities.
And when the market is going to be primarily technical people I don't think you can trust them/us with source-available either as hackers with a strong aversion to paying for software thinking themselves clever will make and distribute bootleg builds with the license checks removed. Then you'll have to spend your time finding and DMCAing them which will only make people mad. Best to avoid it entirely.
I appreciate you/Kagi actually thinking about building a sustainable business in contrast to companies that open source their core competency and then fail to make money later.
> managing an open source codebase of this size would add real strain to our small team
Can you please elaborate what do you mean when you say this? This is something I do not understand. How licensing terms affect your codebase management beyond setting things up so the code is available to users?
Publishing something under a FLOSS license doesn’t mean anything except that you grant end-users certain rights (the four essential freedoms). The rest (like accepting patches or supporting external developers) is customary but by no means obligatory. You don’t have a capacity for it - don’t do it, easy. There are thousands of developers who do that - they just dump whatever they have under a nice license and that’s it.
Unless you’re saying your legal department doesn’t have capacity to handle licensing concerns, especially if you’re using or potentially using non-FLOSS third party components. That I can totally understand, it could be pretty gnarly.
Please don’t be mistaken: Free Software is a purely legal matter of what you allow users to do with your work - not some operating principles or way of organizing processes.
Note: All this said, I can understand that you may not want to grant some freedoms to the end users, particularly the freedom to redistribute copies, because this could affect your plans of selling the licenses. But that’d be a whole different story than codebase management concerns.
As I wrote, If the concern is that they cannot figure out a way to distribute it as paid software as others may redistribute it for free, that’d be a valid point of concern (and there are plenty of options). But that’s not what they’re saying.
Someone steals their work. Violates the license. To defend their rights Kagi has to sue or lay down. Not giving away the keys to the kingdom until that ability to defend is established just underlines that they're doing valuable work.
Pardon my skepticism but I don’t believe that’s a realistic threat model. Yea, purely hypothetically that could happen. But realistically, why would someone do that - what’s the point? Especially so it’s severe enough to warrant a serious legal battle that takes more than a few sternly worded DMCA-like emails to hosting providers?
Mind you, if we’re talking about hypotheticals, someone can ship a differently branded or malware-ridden (or idk what else, my imagination runs dry pretty fast here) version of their binary distribution without any source code access just fine, violating licensing all the same. Patching unprotected binaries is pretty easy, frequently much less demanding than building from source. And with all due respect to the good work they’re doing, I highly doubt Orion team needs to buy a Denuvo license, haha.
(And, as I said, it’s not even remotely what they wrote.)
If it is open source, it will end for in LLMs and will be used in other browser variants (bigger and smaller). Any USP of the code itself will be gone.
If LLMs hoover up removal of auto-shipped telemetry (currently the main selling point) then I’d say that’d be a reason to publish and submit this to every indexer imaginable ASAP ;-) Shame it’s a bit of absence of code so it’s nor really possible to submit anywhere.
And other features are worthy because they’re implemented ideas, not because of their actual implementations. Like programmable buttons or overflow menus - I’m pretty sure there’s no secret sauce there, and it’s extremely unlikely one can just grab some parts of that and move it to a different product - adapting the code from Orion’s codebase would likely take more effort than just implementing the feature anew.
Most code is just some complicated plumbing, not some valuable algorithmic novelty. And this plumbing is all about context it lives in.
The value is usually not in the code, but in the product itself. Some exceptions apply, of course.
> What’s this “it” are you talking about, exactly?
Orion's code.
LLMs facilitate the attribution-free pillaging of open-source code. This creates a prisoner's dilemma for anyone in a competitive context. Anything you build will be used by others at your cost. This was technically true in the past. But humans tried to honor open-source licenses, and open-source projects maintained license credibiilty by occasionally suing to enforce their terms. LLMs make no such attempt. And the AI companies have not been given an incentive to prevent vibe coders from violating licenses.
It's a dilemma I'm glad Kagi is taking seriously, and one the open-source community needs to start litigating around before it gets fully normalised. (It may already be too late. I could see this Congress legislating in favour of the AI companies over open source organisations.)
> Most code is just some complicated plumbing, not some valuable algorithmic novelty. And this plumbing is all about context it lives in
Sure. In this case, it's a WebKit browser running on Linux. Kagi is eating the cost to build that. It makes no sense for them to do that if, as soon as they have a stable build, (a) some rando uses Claude to copy their code and sell it as a competitor or (b) Perplexity straight up steals it and repackages it as their own.
You don’t need a LLM to just copy their code as a whole thing. Copying and rebranding (plus some vendor adaptations) is a valid concern that I have already agreed about, but for the third time: it’s not what they wrote. Has nothing to do with codebase management.
And taking some individual pieces may sound problematic as an abstract concern but have you ever tried to adopt code from one FLOSS codebase into another different one? Especially UI code, if it’s not some isolated purportedly reusable component? Maybe Orion developers are wizards who wrote exceptionally portable and reusable code, but usually in my experience it’s a very painful process, where you’re constantly fighting all the conceptual mismatches from different design choices. And I’ve yet to see a LLM that can do architectural refactoring without messing things up badly. So I’m generally skeptical of such statements. And that’s why I’m suggesting we pick a concrete example we can try to analyze, for doing this on highly abstract “the whole code” level is not going to succeed.
I've found a few that work but many can be buggy or non-functional, just depends on the extension. The only one I use currently is called "Control Panel for Twitter", which seems to work pretty well.
earlier in the thread I read nhe plan was to release the source "when it has merit" But that instantly left me with the feeling that the authors of the browser, and I have very different opinions on what the word merit means. Such that they would be incompatible, and I'd never want to use it. This is a decision that has lowered my opinion about exactly how much I can trust Kagi.
> Kagi founder here. Orion isn't open source yet primarily because we're a 5-person team that spent 6+ years building this and created significant IP doing so,
But it's possible I haven't considered some detail where I might agree it's reasonable. Can you describe or offer any insight into the "significant IP" that you need to protect and defend? What threats from a larger company are you primarily concerned about?
I'm not the founder nor Kagi employee, just a customer, but
> Can you describe or offer any insight into the "significant IP" that you need to protect and defend?
The novel IP is having implemented and still implementing the browser APIs necessary for both Firefox and Chromium extensions to work in a Safari (Webkit)-based browser. See [1] for the significant progress.
> What threats from a larger company are you primarily concerned about?
Integrating said functionality themselves to offer another viable iOS browser, which Kagi is currently the only [2] offerer of (or another viable macOS/future Linux/Windows browser, although more than one exist there already).
[2] Unless the EU steps up, all iOS browsers will continue to have to be Webkit-based with minimal, lackluster extension support. Not viable for anything beyond the most basic of use cases.
Having access to the source is just one part of open source.
The state of webkitgtk is a bit rough, as I’m sure you and your engineers have noticed. The other part of what open source means to people is that you contribute back to the open source code you used to build your business, lifting all boats in the process.
What people certainly do not want to see is Kagi pull an Apple: utilize FOSS to the extent it helps you but return nothing but “thanks everyone but we got ours”.
Are you looking for people who worked on WebKit in the past?
I really hope you refactored WebKit's Bridge, because it allowed a lot of exploits in the past, and was neglected upstream by Apple.
When I started my RetroKit fork I was aiming to reduce that attack surface while offering farbled apis based on other browser behaviors and their profiles. [1]
My fork has been neglected a bit due to lack of time, as I'm currently still busy with other APT related things before I can get back to it.
Would love to chat whether your plan is to open source your WebKit fork, maybe there's some overlap and we can work together on it?
(I currently hope that ladybird will be getting into a more forkable and modular state, because servo passed by that goal a long time ago).
The GPL has pretty good legal precedent, and so does the MPL in the browser space (though, Firefox has mozilla behind it so it gets the enforcement benefit). If the SFC wins its vizio case, would you look into freeing orion?
We support Kagi across products. We believe alternate browser engines keep the web standard. We give more weight to that than to whether a particular browser's value add (on top of a double digit* but non-hegemonic engine) is open.
We believe software and hardware creators have a right to choose their business model and let that model compete, as Kagi's is competing right here in this thread.
* Having worked at mega banks etc., they do look at these numbers to decide whether to invest in standards support or slap on a "Requires IE" button.
I am generally ok with things being proprietary if they want, and I'm mostly ok with Orion being proprietary, but I do understand peoples' issues here.
For a lot of people (even relatively geeky people), their computers end up being "an interface to use a browser". People use their browser to file their taxes, to write their documents, to manage their websites, to create websites, to look at porn, to pirate movies, to chat with their friends, to send/receive money to their bank, and a whole bunch of other things.
It would be hard to imagine a piece of software that is capable of knowing me more intimately than my primary web browser, and as Google has proven, this intimate knowledge is valuable. Companies pay boatloads of money for large quantities of personal information to target ads (and probably a bunch of other more disturbing things).
I genuinely don't think freediver is lying; I believe him when he says there's no telemetry data being sent and that it's not tracking me, but there's the sticking word: "believe". I have to trust him, which wouldn't necessarily be the case if it were FOSS.
Now, granted, I could always run Wireshark or something to ensure that there's no telemetry data being sent regularly, but that only protects you so much; for all I know, they could be taking steps to actively make it look like they're not sending data, or they could be batching up N days of data and sending it in batches so it is not as obvious that telemetry is sent.
Again, I genuinely don't think they're doing that, I believe them, but I do see peoples' points.
> I genuinely don't think freediver is lying; I believe him when he says there's no telemetry data being sent and that it's not tracking me, but there's the sticking word: "believe". I have to trust him, which wouldn't necessarily be the case if it were FOSS.
Proving this is actually the easy part - all you have to do is install a network proxy and monitor connections. It is something literally anyone can do which is why the zero telemetry statement carries a lot of weight.
> For a lot of people (even relatively geeky people), their computers end up being "an interface to use a browser". People use their browser to file their taxes, to write their documents, to manage their websites, to create websites, to look at porn, to pirate movies, to chat with their friends, to send/receive money to their bank, and a whole bunch of other things.
I agree! Which is why it is so terrifying for me that Orion is the only browser on the market you can pay for. For the most intimate piece of software we have on our computers, you would expect that more people would want a clean transaction and 'being the customer' relationship. Yet for vast majority of users, their browsing has been paid for by advertisers and third parties (true for 100% of most popular browsers out there).
uBO is not technically working on Orion for iOS. We do not have permissions to run certain web extension APIs on iOS needed for uBO feature set. The adblocking you witness is thanks to built in native adblocker in Orion.
The paid browser market essentially collapsed after Microsoft bundled IE with Windows for free. For example Netscape was $49. Microsoft famously attacked this with "Why waste $50 for Netscape?! IE is free!"
This doesn't make browsers today really 'free' (same like search engines aren't really 'free'). Browsers are incredibly complex to make and maintain. And the customers paying all these cost are the advertisers/third parties, not the users using them (entire reason for Kagi's existance is to create an option where user is also the customer).
Being able to pay for the most intimate piece of software you have on your computer makes a lot of sense.
reply