Kagi Releases Alpha Version of Orion for Linux
Key topics
Kagi's alpha release of Orion for Linux has sparked a lively debate about the browser's underlying WebKit engine, with some commenters expressing skepticism and others defending its power efficiency and rendering capabilities. The discussion reveals a deeper concern that the dominance of Chrome's engine is causing other browsers to be neglected, with some users wishing more alternatives like Orion. Notably, ericyan points out that WebKit is a necessity for iOS and iPadOS compatibility, while jsheard counters that using the system WebKit on these platforms still limits Orion's flexibility. As users weigh in, it becomes clear that the choice of WebKit is both a pragmatic decision and a point of contention.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
1h
Peak period
115
0-6h
Avg / period
22.9
Based on 160 loaded comments
Key moments
- 01Story posted
Jan 9, 2026 at 7:54 AM EST
2d ago
Step 01 - 02First comment
Jan 9, 2026 at 9:14 AM EST
1h after posting
Step 02 - 03Peak activity
115 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Jan 11, 2026 at 2:07 PM EST
4h ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
> WebKit. Extensions. Privacy. Pick all three.
Thanks, you lost me on WebKit.
What’s the issue ?
* I meant Chrome not webkit.
Using WebKit makes this one of very few desktop browsers that aren't based on Blink (Chrome, Edge, Brave, Vivaldi, Opera, etc)
I primarily use Safari — same story here as with you and Firefox.
(Yes, I know about the extension that hijacks your searches to redirect them to Kagi, but how is that an acceptable state of affairs?)
I wanted to use Safari at work, but this proved too big of a barrier. I can’t use the App Store at work, so no extensions. I was more willing to give up Safari than Kagi.
[0] https://www.apple.com/feedback/safari/
I’m requesting that iOS Safari allow users to set any search engine as their default, rather than limiting choices to a pre-approved list. Currently, Safari only offers Google, Bing, Yahoo, DuckDuckGo, and Ecosia, preventing users from choosing legitimate alternatives like Kagi.
While workarounds exist, they’re cumbersome and don’t provide a seamless experience. Please consider allowing users to add custom search engines as default options, similar to macOS Safari. This would enhance user choice without compromising security.
Thank you for considering this feedback.
[0] https://m.youtube.com/watch?v=gDR6V5OdnYg
My dream is some of boot-to-Ubuntu setup, or even running it simultaneously.
The extension is working really well for me. You could always try it out with the free version to see if it works for you as well.
I am pretty that is exactly the point for Apple.
[0] Not on the home screen, but I'll take what I can get.
And sure enough, Safari on macOS seems to not allow it at all (needs extensions).
Does Kagi plan to open-source Orion on Linux?
I get (though wouldn't necessarily agree with) keeping it closed while it's still in the works, but would like to know if the plan is to open source in the future or not.
Jeez, downvoted for asking about context? People, calm down.
For me, it's a big deal (although not a dealbreaker) for that reason. If I have the option of two different pieces of software, one being open source and the other proprietary, I'll choose the open source one every time unless there's something really exceptional about the proprietary one. But that's very rare.
I was just trying to think of any proprietary software I use outside of work (where I don't have a choice) or games. There must be at least one, but I can't think of what it is.
Personally, I think it would be incredible if you open sourced your search engine. But like someone else said more eloquently, software runs on our computers. And to me, open-source software is table stakes when there are viable alternatives.
https://kagifeedback.org/d/252-show-source-of-results/49
There aren’t great open-source search engines, so I’m moving from one proprietary option to the next. But there are great, open-source browsers already, and I refuse to go backwards.
If a good, open-source search engine were available, I would leave Kagi for it.
But since I have your attention, I just want to add that I'm a huge fan of Kagi Search and it's well worth the money I spend for it. I love the work you guys are doing, and that love is the reason why I'm even thinking about using Orion. But they are two entirely different use cases.
Do I? I'm not going to post sensitive information into a search engine no matter who runs it.
My search history ain't worth much. What the contents of e.g. my bank website are is.
Not necessarily, Kagi provides a feature[1] that anonymizes all your searches. I set it up and haven't thought about it since.
1. https://help.kagi.com/kagi/privacy/privacy-pass.html
You’re still trusting them. Not to mention they could round them all up by IP or browser fingerprinting.
There is still some level of trust.
I happen to trust them enough for that; but it is still trust.
https://blog.kagi.com/kagi-privacy-pass#token-generation:~:t....
https://www.rfc-editor.org/rfc/rfc9576.html
Where does it show that on the Kagi backend they couldn’t, theoretically, save the session key before performing the token response?
If you're not going to make an effort to understand how it works, don't make assertions about how it works. Ask your favorite LLM about the RFC if you have any further questions.
Yes, it's a big deal. I've lived in the non-free software world before and struggled to get out. I'm not going back.
I really hope Kagi contributes back upstream to improve the situation, it’s needed.
Edit: looks like konqueror uses qt web engine which is chromium. The irony of the KDE browser abandoning WebKit while the GNOME browser still tries to use it is too much.
The plan is to open source when Orion is self-sufficient, meaning it can sustain its own development independent of Kagi Search. We're not there yet but recent 1.0 launch and expanding to Linux are steps in that direction.
I understand this is unsatisfying to people who want source access now. It's a tradeoff we've made deliberately, not something we're hiding behind.
We believe software and hardware creators have a right to choose their business model and let that model compete, as Kagi's is competing right here in this thread.
* Having worked at mega banks etc., they do look at these numbers to decide whether to invest in standards support or slap on a "Requires IE" button.
For a lot of people (even relatively geeky people), their computers end up being "an interface to use a browser". People use their browser to file their taxes, to write their documents, to manage their websites, to create websites, to look at porn, to pirate movies, to chat with their friends, to send/receive money to their bank, and a whole bunch of other things.
It would be hard to imagine a piece of software that is capable of knowing me more intimately than my primary web browser, and as Google has proven, this intimate knowledge is valuable. Companies pay boatloads of money for large quantities of personal information to target ads (and probably a bunch of other more disturbing things).
I genuinely don't think freediver is lying; I believe him when he says there's no telemetry data being sent and that it's not tracking me, but there's the sticking word: "believe". I have to trust him, which wouldn't necessarily be the case if it were FOSS.
Now, granted, I could always run Wireshark or something to ensure that there's no telemetry data being sent regularly, but that only protects you so much; for all I know, they could be taking steps to actively make it look like they're not sending data, or they could be batching up N days of data and sending it in batches so it is not as obvious that telemetry is sent.
Again, I genuinely don't think they're doing that, I believe them, but I do see peoples' points.
Proving this is actually the easy part - all you have to do is install a network proxy and monitor connections. It is something literally anyone can do which is why the zero telemetry statement carries a lot of weight.
Other people have ran their own independent tests eg https://www.reddit.com/r/browsers/comments/1k382gi/browser_t...
> For a lot of people (even relatively geeky people), their computers end up being "an interface to use a browser". People use their browser to file their taxes, to write their documents, to manage their websites, to create websites, to look at porn, to pirate movies, to chat with their friends, to send/receive money to their bank, and a whole bunch of other things.
I agree! Which is why it is so terrifying for me that Orion is the only browser on the market you can pay for. For the most intimate piece of software we have on our computers, you would expect that people would want a clean transaction and being the customer relationship. Yet vast majority of users, run a browser which has been paid for by advertisers and third parties (100% of most popular browsers out there).
I understand your position, but a web browser is so important a software that it must be open.
I also think that you can still sell it even if it is open source.
Also, you might be able to secure funding from governments that want to move away from closed source solutions.
Anyway, still congratulation for v 1.0, and I hope it will go well.
people with no skin in the game trying to sell bridges.
Can you please elaborate what do you mean when you say this? This is something I do not understand. How licensing terms affect your codebase management beyond setting things up so the code is available to users?
Publishing something under a FLOSS license doesn’t mean anything except that you grant end-users certain rights (the four essential freedoms). The rest (like accepting patches or supporting external developers) is customary but by no means obligatory. You don’t have a capacity for it - don’t do it, easy. There are thousands of developers who do that - they just dump whatever they have under a nice license and that’s it.
Unless you’re saying your legal department doesn’t have capacity to handle licensing concerns, especially if you’re using or potentially using non-FLOSS third party components. That I can totally understand, it could be pretty gnarly.
Please don’t be mistaken: Free Software is a purely legal matter of what you allow users to do with your work - not some operating principles or way of organizing processes.
My read is their legal department isn’t fleshed out enough to defend the work when e.g. a tech giant steals it.
As I wrote, If the concern is that they cannot figure out a way to distribute it as paid software as others may redistribute it for free, that’d be a valid point of concern (and there are plenty of options). But that’s not what they’re saying.
Someone steals their work. As in violates the agreement. To defend their rights, and the open-source license, Kagi has to sue. Doing a bunch of work so Google steals it and then you throw your hands up is slightly stupid.
Mind you, if we’re talking about hypotheticals, someone can ship a differently branded or malware-ridden (or idk what else, my imagination runs dry pretty fast here) version of their binary distribution without any source code access just fine, violating licensing all the same. Patching unprotected binaries is pretty easy, frequently much less demanding than building from source. And with all due respect to the good work they’re doing, I highly doubt Orion team needs to buy a Denuvo license, haha.
(And, as I said, it’s not even remotely what they wrote.)
If it is open source, it will end for in LLMs and will be used in other browser variants (bigger and smaller). Any USP of the code itself will be gone.
If LLMs hoover up removal of auto-shipped telemetry (currently the main selling point) then I’d say that’d be a reason to publish and submit this to every indexer imaginable ASAP ;-) Shame it’s a bit of absence of code so it’s nor really possible to submit anywhere.
And other features are worthy because they’re implemented ideas, not because of their actual implementations. Like programmable buttons or overflow menus - I’m pretty sure there’s no secret sauce there, and it’s extremely unlikely one can just grab some parts of that and move it to a different product - adapting the code from Orion’s codebase would likely take more effort than just implementing the feature anew.
Most code is just some complicated plumbing, not some valuable algorithmic novelty. And this plumbing is all about context it lives in.
The value is usually not in the code, but in the product itself. Some exceptions apply, of course.
Orion's code.
LLMs facilitate the attribution-free pillaging of open-source code. This creates a prisoner's dilemma for anyone in a competitive context. Anything you build will be used by others at your cost. This was technically true in the past. But humans tried to honor open-source licenses, and open-source projects maintained license credibiilty by occasionally suing to enforce their terms. LLMs make no such attempt. And the AI companies have not been given an incentive to prevent vibe coders from violating licenses.
It's a dilemma I'm glad Kagi is taking seriously, and one the open-source community needs to start litigating around before it gets fully normalised. (It may already be too late. I could see this Congress legislating in favour of the AI companies over open source organisations.)
> Most code is just some complicated plumbing, not some valuable algorithmic novelty. And this plumbing is all about context it lives in
Sure. In this case, it's a WebKit browser running on Linux. Kagi is eating the cost to build that. It makes no sense for them to do that if, as soon as they have a stable build, (a) some rando uses Claude to copy their code and sell it as a competitor or (b) Perplexity straight up steals it and repackages it as their own.
I've been online for about 30 years, I have never heard of paying for a browser.
This doesn't make browsers today free. They are incredibly complex and cost a lot of money to make and maintain. The customer taking this cost is usually advertisers/third parties, not the users using them.
Paying for the most intimate piece of software you have on your computer makes a lot of sense.
Orion will never reach "self-sufficiency" as long as you don't actually charge for Orion. Orion is completely free to use. I can donate to Orion+, but Orion+ offers no paid features; it's basically a Patreon. https://help.kagi.com/orion/orion-plus/orion-plus.html
(No major browser has ever sustained its own development independent of a search engine's funding, not even Netscape, which charged $40/seat in the 1990s, with a free "shareware" tier so generous that hardly anyone paid. Netscape was funded by advertising, especially from Yahoo search. Funding browser development entirely on donations to a commercial business would be completely unprecedented.)
What if, instead, you made Orion "source available" to paying customers, but not open source? You could merge PRs only from users who sign a CLA. (Users would file PRs out of charity, for the same reason they sign up for Orion+ today.)
I really hope you refactored WebKit's Bridge, because it allowed a lot of exploits in the past, and was neglected upstream by Apple.
When I started my RetroKit fork I was aiming to reduce that attack surface while offering farbled apis based on other browser behaviors and their profiles. [1]
My fork has been neglected a bit due to lack of time, as I'm currently still busy with other APT related things before I can get back to it.
Would love to chat whether your plan is to open source your WebKit fork, maybe there's some overlap and we can work together on it?
(I currently hope that ladybird will be getting into a more forkable and modular state, because servo passed by that goal a long time ago).
[1] https://github.com/cookiengineer/retrokit
The state of webkitgtk is a bit rough, as I’m sure you and your engineers have noticed. The other part of what open source means to people is that you contribute back to the open source code you used to build your business, lifting all boats in the process.
What people certainly do not want to see is Kagi pull an Apple: utilize FOSS to the extent it helps you but return nothing but “thanks everyone but we got ours”.
But the number of people who can contribute to the app UI is bigger, and that's also an area seriously lacking
And when the market is going to be primarily technical people I don't think you can trust them/us with source-available either as hackers with a strong aversion to paying for software thinking themselves clever will make and distribute bootleg builds with the license checks removed. Then you'll have to spend your time finding and DMCAing them which will only make people mad. Best to avoid it entirely.
I appreciate you/Kagi actually thinking about building a sustainable business in contrast to companies that open source their core competency and then fail to make money later.
Source: happy paying customer and user of Orion.
> Kagi founder here. Orion isn't open source yet primarily because we're a 5-person team that spent 6+ years building this and created significant IP doing so,
But it's possible I haven't considered some detail where I might agree it's reasonable. Can you describe or offer any insight into the "significant IP" that you need to protect and defend? What threats from a larger company are you primarily concerned about?
Then, integration with the OS will be weird. If you're distributing binaries, you can't dynamically link system dependencies (they are either bundled or statically linked). Any distribution-specific patches and fixes will be missing. AFAIK the default path for the CA bundle varies per distribution; I'm not even sure how you'd handle that kind of thing. I'm sure there's hundreds of subtle little details like that one.
The audience ends up being Linux users, who are fine with proprietary software, have time and patience for manually configuring and maintaining a browser installation, and are also fine with an absence of proper OS integration.
I think Steam is the only popular proprietary software on Linux, and they basically ship an entire userspace runtime, and almost don't integrate with the OS at all.
https://cdn.kagi.com/flatpaks/oriongtk.alpha.external.flatpa...
Orion is less rough, but the color scheme doesn't work, and it doesn't have an omnibar (as in: type in the address bar, enter, and it shows search results).
https://orionfeedback.org/d/2321-orion-for-windows-android-l...
It is interesting that they don't mention future Android support anywhere on the website, but it does seem like they are (or at least were) open to the idea someday.
We talk a lot about browser diversity, but on Linux and Windows, it is a lie. You have firefox (gecko) and fifty flavors of chromium. Webkit on Linux has essentially been relegated to embedded devices or the GNOME epiphany browser, which I'll admit while is a noble effort, lags a bit in the stability and power-user features department. Big reason for that is that it lacks the commercial backing to keep up with the modern web standards rat race.
Kagi bringing orion to Linux changes the calculus. It introduces a third commercially incentivized, consumer-grade engine to the platform. Even if you never use orion, you want this to succeed because it forces WebKitGTK upstream to get better, which benefits the entire open source ecosystem.
The sticking point like always will be media playback (read: DRM/widevine). That is the graveyard where Linux browsers go to die. If Kagi can legally and technically solve the widevine integration on a non-standard Linux webkit build, they win. If not, it will be a secondary browser for documentation reading only.
Probably true in general. But for me, that's not a sticking point at all. I don't care if a browser supports media playback or not.
What I do care about is the ability to enable/disable embedded code execution (JS, at the very least) at a fairly granular level. Does Orion allow for that?
If users are unwilling to opt out of that abuse then I think its OK that their migration to Linux remains mildly inconvenient.
The time to thrash against DRM will be when you can't get hardware that boots kernels which were not approved by your government. What we're doing now is trying to prevent that time from coming at all.
Having to watch protected media on a different device is a small price to pay.
Speak for yourself. I avoid any DRMed content. If I pay for it, I'm getting unrestricted access to the files. Or I don't pay for it.
My take is: you're welcome to the party, but don't be surprised if someone shows you the door when you pull out the drugs. It ain't our type of fun.
I understand various reasons why people are pushing for the adoption of open source software, but it will be counterproductive if it brings the problems of the commercial software world with them.
I'm hopeful that some day Linux will have enough users where the media companies can't ignore them. Hopefully, that day is sooner than later.
It's pretty frustrating that peacock (and all xfinity streaming) doesn't work and you can't get 1080p or 4k on most other streaming platforms.
Correct me if I'm wrong but to stream 4K, studios require a hardware root of trust and a verified media path. They need a guarantee that the video frames are decrypted inside a trusted execution environment and sent directly to the display without the OS kernel or user space being able to read the raw buffer.
AFAIK Windows and macOS provide this pipeline at the OS level. OTOH, ChromeOS gets 1080p/4K not because it has massive market share but cause the hardware and boot chain are locked down by the almighty Google.
On desktop Linux, where you have root access and can modify the kernel or compositor to inspect memory, there is technically no way to guarantee that secure path to the studios' satisfaction. Am I right in this assumption?
Unless the DRM providers change their threat model, which sounds unlikely to me. Or distros start shipping signed and locked-down kernel modules that prevent the user from being root, which is again unacceptable to most (me included), we will likely be capped at 720p for some time now.
Yes. I tried using Chrome on Linux just to watch movies that I purchased on Youtube at HD/4K and watched as the stream was limited to 240P. IMHO regardless of what Google says in their ToS they have already broken the trust agreement by not providing what I paid for. Regardless of what the studios want, all this does is push me back towards piracy because once again the industry fails to understand that piracy is a accessibility problem, not a financial problem. If I pay for 4K then regardless of where I want to watch that movie it better be in 4K, that's what I paid for. Google hides behind their ToS to get around the fact that they sold me a product then failed to deliver.
> ChromeOS gets 1080p/4K not because it has massive market share but cause the hardware and boot chain are locked down by the almighty Google.
ChromeOS is based on Gentoo Linux underneath just very stripped down and Googlefied. It's the same BS that Bungee pulled with Destiny 2 and Linux. If you so much as dared to run Destiny 2 on Linux you would be banned. Stadia used Linux but because Google controlled the platform they allowed it to be played there.
These are the games they play to make other platforms that aren't MacOS/Windows appear like they are incapable but in reality it's just corporate greed and grift.
Oscilloscopes and signal analysers exist.
s/need/want/ but yes.
Regardless, great to see this come to Linux.
146 more comments available on Hacker News