←back to thread

Show HN: Open source alternative to Perplexity Comet

(www.browseros.com)
281 points felarof | 1 comments | 10 Jul 25 17:33 UTC | HN request time: 0.458s | source

Hey HN, we're a YC startup building an open-source, privacy-first alternative to Perplexity Comet.

No invite system unlike bunch of others – you can download it today from our website or GitHub: https://github.com/browseros-ai/BrowserOS

--- Why bother building an alternative? We believe browsers will become the new operating systems, where we offload much bunch of our work to AI agents. But these agents will have access to all your sensitive data – emails, docs, on top of your browser history. Open-source, privacy-first alternatives need to exist.

We're not a search or ad company, so no weird incentives. Your data stays on your machine. You can use local LLMs with Ollama. We also support BYOK (bring your own keys), so no $200/month plans.

Another big difference vs Perplexity Comet: our agent runs locally in your browser (not on their server). You can actually watch it click around and do stuff, which is pretty cool! Short demo here: https://bit.ly/browserOS-demo

--- How we built? We patch Chromium's C++ source code with our changes, so we have the same security as Google Chrome. We also have an auto-updater for security patches and regular updates.

Working with Chromium's 15M lines of C++ has been another fun adventure that I'm writing a blog post on. Cursor/VSCode breaks at this scale, so we're back to using grep to find stuff and make changes. Claude code works surprisingly well too.

Building the binary takes ~3 hours on our M4 Max MacBook.

--- Next? We're just 2 people with a lot of work ahead (Firefox started with 3 hackers, history rhymes!). But we strongly believe that a privacy-first browser with local LLM support is more important than ever – since agents will have access to so much sensitive data.

Looking forward to any and all comments!

Show context
mdaniel ◴[10 Jul 25 23:52 UTC] No.44526983[source]
> --- How we built? We patch Chromium's C++ source code with our changes, so we have the same security as Google Chrome. We also have an auto-updater for security patches and regular updates.

So you rebuild your browser on every Chromium release? Because that's the risk: often changes go into Chromium with very innocent looking commit messages than are released from embargo 90 days later in their CVE reference

replies(1): >>44527026 #
felarof ◴[10 Jul 25 23:58 UTC] No.44527026[source]
Good question, so far we have been building on top of chromium release that Google Chrome is based on.
replies(2): >>44528183 #>>44528457 #
mdaniel ◴[11 Jul 25 03:39 UTC] No.44528183[source]
I feel as though you overlooked the "every" word in my question. I appreciate you built once, that's a solid accomplishment. If I'm going to be riding your custom build, with your custom C++ changes that introduce their own RCE risk, I want to at least know I'm only vulnerable to your RCE and not your RCE plus the 'just disclosed' RCE for Chromium itself that was actually patched 3 weeks ago but that you didn't bother to track because you don't track Chromium release tags

Yes, I'm acutely aware of exactly how much compute pulling off such a stunt requires; what I'm wondering is whether you are aware of exactly how much RCE risk you're running by squatting on someone else's C++ codebase that ships what feels like a vuln-a-week from one of the best funded security research teams in the world

replies(1): >>44539802 #
1. swyx ◴[12 Jul 25 06:25 UTC] No.44539802[source]
i think you raise a good point but also... how else would you propose to "fork Chrome"? this seems like the most reasonable approach?