[csagan5]

I did not mention Bromite at all, what are you talking about?

There is no FUD here, let me write down some facts for you:

* users install Kiwi which does not contain all the security fixes of upstream stable Chromium (v81); this is been going on for several months now

* users do the same for Bromite and the Bromite SystemWebView

I warn everyone equally about this problem, nobody should run an outdated browser because of all the security issues, look at 2019 alone here: https://www.cvedetails.com/vulnerability-list/vendor_id-1224...

More facts:

* the current version of Kiwi, in Play Store and in source form, still is not up to date and covering the security issues fixed by upstream Chromium

* Kiwi was not open source until now and its repository was plain lying about it (https://web.archive.org/web/20190719191635/https://github.co...), making people think it was open source while you published only a few unusable patches

* even now there is no commit history making the source code unusable and unauditable

* you included trackers at some point in Kiwi and visits were going to some search server of yours

Did I miss anything? I am glad you decided to open source it but it does not change the above facts.

[rvnx]

I thought it was you when seeing the Bromite posts (but apparently no).

There is some confusion about the notion of up-to-date, from a Kiwi perspective, we do not see the most recent version of Chromium as improvements.

We created Kiwi (with other users) because we disagreed with Chromium on functionalities like Duet, or APIs changes like with Manifest V2 and adblockers.

This is the reason to completely fork Chromium (or why Samsung diverged from Chromium 77 in 2019)

By definition will always diverge from Chromium v81+.

It's a choice.

About security fixes, yes, between end of 2019 and today, new problems emerged in Chromium (not specific to Kiwi though), and there is some work to backport. Should it have been done earlier ? Certainly.

About the last point, Kiwi makes money if you use Microsoft Bing or Yahoo, that's life, and that's how I pay for the build servers, some contributors, advertising Kiwi, logo designer, sometimes the programmers, etc.

Firefox does the same but with Google, Brave with DuckDuckGo, etc.

I see you have StartPage, DuckDuckGo, AdGuard, already in partners, and if they don't pay you, I encourage you to contact them, as they should.

Regarding the policy of Kiwi:

====

We do not collect the websites that you visit. What you do in the browser is your own freedom and responsibility.

We do not collect or sell location data. We do not collect telemetry data. We do not collect history data. We do not track users. We do not integrate third-party analytics SDKs.

We collect and store: how many installs are active, where the person has installed the browser from.

Our business model:

When you enter a search query, the query is sent to the Search Engine that you have selected (Microsoft Bing or Yahoo by default, Google, DuckDuckGo, or any provider of your choice).

If you choose to use the recommended search engine by Kiwi, Kiwi will process the request and will receive money for every search query it forwards to the partner search engine (example: Microsoft Bing).

====

and you know, with the releasing of Kiwi as a free software (and not just open-source), now there is no limitation. If you disagree with how the project is managed, then you can absolutely make your own product (or just use another search engine heh), or take the pieces you want (and over time, a better picture over commit history will build), and this is a very good thing.

Also, thanks for the kind words at the end, you really pushed onto open-sourcing Kiwi too. Though sometimes you are a bit extreme for me :)

[csagan5]

> About security fixes, yes, between end of 2019 and today, new problems emerged in Chromium (not specific to Kiwi though), and there is some work to backport. Should it have been done earlier ? Certainly.

I am talking about telling users that they should not use a browser which is potentially vulnerable. Clear communication about the current status is not the same as planning an update.

> I see you have StartPage, DuckDuckGo, AdGuard, already in partners, and if they don't pay you, I encourage you to contact them, as they should.

There is no partnership with anyone. DuckDuckGo is a search engine already in upstream Chromium. StartPage search engine was removed months ago and some filters from AdGuard are used used in the combined Bromite filter.

There is no partnership and no payments of any kind because then there would be a conflict of interest to remove a search engine from the default choices while it is also a source of income.

> Also, thanks for the kind words at the end, you really pushed onto open-sourcing Kiwi too. Though sometimes you are a bit extreme for me :)

I am glad you are willing to be more open about these topics, these are I believe at the core of open source. I also wish you to make the project sustainable and fun to maintain.

[rvnx]

You're right.

About security, you provided very useful technical elements, so I'll review each of them (publicly) and we'll find solutions.

Yes, conflicts of interests are always an issue. Finding the right balance between sustainability and freedom.

Some companies outright want to maximize revenue at the expense of the user. This is not the case here (that's the benefit of no investors, or just being independent, with all the caveats it has too).

Some browsers (Vivaldi, Cheetah Mobile) for example do affiliates link, I'm not too much in favor of that.

You get me nervous sometimes with your strong opinions, but I actually appreciate that someone skilled takes so much time and interest.

About DDG, maybe it's worth talking to them or Qwant (Qwant are friends of Kiwi, so you can say Hi to them from me).

It's in their interest to promote a privacy-focused browser, and yours to pair with the best ethical match (donations are fine too, just personally I think they create another type of pressure)