Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Who are we (the team), what are we about, who are we to say who respects privacy and who doesn't? #848

Closed
Mikaela opened this issue Apr 10, 2019 · 28 comments · Fixed by #1473
Assignees
Labels
approved approved, waiting for a PR ✨ enhancement todo 🌐 website issue *Technical* issues with the website.

Comments

@Mikaela
Copy link
Contributor

Mikaela commented Apr 10, 2019

I wonder if there should be a "who are we" page explaining why we are in and what we do etc.
I am reading #779 (Signal removal) and it brings me that question, who are we and what are we after, as I don't think I know

~ Me in the team room, I think this also ties in with https://github.com/privacytoolsIO/privacytools.io/issues/780 maybe https://github.com/privacytoolsIO/privacytools.io/issues/847 and a lot more.

Personally I am just interested in privacy and tools which with I have more privacy and I find the discussions on this issue tracker often very interesting. One day I just received an invite to the repository and another day to the organisation.

I am also not entirely sure what I am supposed to do, but I guess continuing as before is fine as it landed me here.

~ Part of what I said in GitHub team team page. I also haven't pull requested much as I want to avoid touching the HTML directly (is it even valid HTML?) and I would prefer to edit markdown files.

I think a page answering the questions in the issue title is now even more important as there are services hosted by Privacytools.io which in my opinion isn't as reliable as knowing who is behind it and what are their motives/why are they doing this.

@Mikaela Mikaela added 💬 discussion feedback wanted 🌐 website issue *Technical* issues with the website. labels Apr 10, 2019
@five-c-d
Copy link

five-c-d commented Apr 10, 2019

what are we about

Well, since you reflinked 779, and added the discussion-balloon, I will risk replying :-)

I am "just a user" of the privacyToolsIO listing, and I use it a very specific way: when I do not have time to help somebody personally, I tell them to "start with this and then check with me if you have any questions". The best outcome is when they return later with a LOT of questions, because the listings trigger their imagination.

So if you want my opinion, then please 1) keep the listings concentrated on tools that are aimed pretty squarely at everyday endusers, 2) keep doing what you are doing when it comes to making decisions about what tool gets listed first and what tools are WorthMentioning, 3) setup some kind of system where github-users ... which I note are NOT the same as the readership of the listings but are a distinct yet overlapping circle in the venn diagram ... can do "e-voting"

using github reactionEmoji for primitive e-voting

Basically, the simplest quickest way to implement such a thing, using the community you already have, would be to allow/encourage/promote/institute (your choice) reactionEmoji on various "tool propositions" ...and discuss WHY each e-voter wants such-n-such proposition to succeed or fail. #779 is a proposition to "delist signalapp from IM" plus also "delist signalapp from VoIP" and in the commentary there are suggestions to "promote wireapp from WorthMentioning to #1 in IM" and also to "promote jami from WorthMentioning to #1 in VoIP" and so on. You could also imagine other propositions, such as "add tool xyz in list abc" and even "create new category bazquux"

You may even want, rather than just a way to say +1/-1 to the proposition like "signalapp should be #1 in the IM category" or even head-to-head comparisons asking +1/-1 like "wireapp is better than signalapp for voip confcalls" ... to get pretty detailed, and have each bullet-point up for this kind of e-voting. Somebody could write up a dozen pro/con statements about signalapp, and a dozen pro/con statements about wireapp, and +1 emojiReaction would say "yeah mention that info" and the -1 would say "nope not important enough to merit mentioning"... this could get complicated, you might need some kind of forum-software aimed at collaborative prioritization, not just github emoji ;-)

But always keep the final decisions to the people with commit access -- be careful who gets commit access -- and do NOT be afraid to overrule whatever the emoji-counts happen to say, if doing so is in the best interests of the READERSHIP of the listings, people that are needing advice on improving their privacy. p.s. Thanks again for the website, very valuable

[Edit: CryptPad also supposedly has polls, but I have never used that tool. Currently listed first here, https://www.privacytools.io/software/productivity/ ...though since it accepts connections via Tor it might not be easy to keep people from e-voting seven million times :-)

E-voting suggestion dovetails with the wizard-level suggestion... see the example tabulation of VoIP offerings in the collapsed-area, each app enumerated on the basis of what wizard-level of privacy it offers in various aspects of the software-features and operation.]

@Mikaela
Copy link
Contributor Author

Mikaela commented Apr 10, 2019

  1. setup some kind of system where github-users ... which I note are NOT the same as the readership of the listings but are a distinct yet overlapping circle in the venn diagram ... can do "e-voting"
    using github reactionEmoji for primitive e-voting

I wonder if a Loomio instance would make any sense in this or would it be overkill. Disroot also has a nice polls app, but I think that again might be too simple and it would be easier to use GitHub reactions.

@blacklight447
Copy link
Collaborator

We could potentionally make an about page, with a little history of who started the project, why and how it was started, and what our mission is. Below that we could even list some of the team members and (optionally)? List some way to contact them.

@Meteor0id
Copy link

I find this question of "who is behind privacytools.io" a very valid issue to address. Which experts are part of the decision making? How reliable is the advise of privacytools.io? Can we check that there is no influence of any app maker or hosting company to bribe their way onto the list?

Reading @Mikaela 's top comment, I am glad she opened this issue. But from her description it becomes she is not an expert, and it does not become apparent who invited her to label issues and PR's and geve her the power to open and close issues and PR's.

Privacytools.io has become quite a useful tool, and it would by wise in my opinion to guarantee it stays that way, by bringing in experts and forming a non-profit organization with formal procedures and safeguards to guarantee a certain level of quality, reliability and independence.

I think adding an "about us" page is indeed a very good next step for privacytools.io, but I think it is also time to actually look at "who we are" and trying to raise the bar on that by bringing in experts, and forming an organization.

It will be easier to get funding, more research can be done, events could be organized.

@blacklight447
Copy link
Collaborator

@Meteor0id This is easier said then done though. First you have to esthablish if bringing in "experts" can actully guarantee anything at all, as ive seen people be described as "experts" while in reality they are total idiots( like paval durov for example) and i have seen anonymous people make and do amazing things. Also we don't want people who wish to anonymous to become unable to help the team because we don't know who we are.

While I highly agree that an about page would be nice, i think we should stay that there is no way at all to guarantee everything on the site is "good", as this is realistically unachievable.

@Meteor0id
Copy link

Meteor0id commented May 31, 2019

With experts I mean people who have done academic research in the field of privacy, and who would lose their reputation and who would think twice because they have something to lose when some company offers a bribe to get them listed on privacytools.io.
People who's reputation is enhanced by running privacytools.io and who wouldn't even think about spreading lies about software.

@blacklight447
Copy link
Collaborator

And thats the point where we discuss everything in the open where everyone is able to join the research and discussion. I happily encourage experts in the field to join the team, but i don't want people who have opted not to become a public figuire to become unable to join our forces. Privacy is about choice, if we force all people to have a public esthablised identity, we take away choice, and with that, their privacy.

@Meteor0id
Copy link

Meteor0id commented May 31, 2019

That is a misunderstanding of what privacy is.

If you choose to give out public advise to others what tools they might want to use, than you should be publicly accountable for that advise.

Privacy is about shielding other aspects of your life which do not relate to the thing you are publicly doing.

It is not possible to give public advise while staying anonymous yourself. There would be no way for anyone to verify that you are not just an employee of some company trying to get their software promoted, or trying to spread lies about competitors.

If you want to speak to the masses, you must show your face to the masses. You can still have privacy, just not anonymity.

@blacklight447
Copy link
Collaborator

@Meteor0id It is very much possible to give advice without being having estheblished identity, also i think you look at our way of advicing the wrong way.

We don't want people to listen to us because this or that guy from x project or has x degree happens to be on our team. We want people to listen to our advice by logic. We everything we do is public and transparent, and we do this because not only it makes people to see why a piece of software is added, it allows people to actully understand why a choice to add somethinf was made. Blindly following advice because some guy says it is not the right way to approach this topic. Explaining the topic and make people understand it, is the right way.

@five-c-d
Copy link

five-c-d commented May 31, 2019

forming a non-profit organization with formal procedures and safeguards

This is actually on the drawing-board, albeit at a very early stage, see #899 ... the first step is to find a group that exists, which is willing to act as a proxy entity to accept earmarked donation-monies. In the long run, though, might become a separate entity, sure

If you choose to give out public advise to others what tools they might want to use, than you should be publicly accountable for that advise.

This is the misunderstanding of the internet :-) And also, I notice somebody named "meter0id" giving out privacy-advice, quite good stuff at times, but yet, do I know their full legal name and their home address? Can I be sure signal foundation isn't bribing them to say all the nice things about signalapp whoever this shadowy "meter0id" person might be? :-) :-) :-) No, I cannot, and NOTHING could give me sufficient evidence for such assertions either, because it is proving-a-negative kind of logical impossibility. "Prove you have never done anything corrupt" is literally impossible. Even if I tell you my name, home address, give you access to my bank account, et cetera... that does not prove I never did anything unethical, it just, gives evidence.

no way at all to guarantee everything on the site is "good", as this is realistically unachievable

Not only it is realistically unachievable, it is dangerous to promise, or even, to fail-to-deny-that-is-being-offered. The policy of privacyToolsIO needs to be the same as any libre-licensed project: NO WARRANTY WHATSOEVER, NOT EVEN THE IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, use at your own risk, your mileage may vary, we are not responsible if you have something bad happen to you, and you cannot sue us no matter what. Anything less that complete denial of liability, is a risk in this lawsuit-happy world we live in.

encourage experts in the field to join the team, but i don't want people who have opted not to become a public figuire to become unable to join our forces

This is the correct policy. Some of the privacyToolsIO folks are using their own names, which is fine as long as they are cool revealing such things. Some are not, and if they WERE all using their full legal names, all putting their home-countries online, all giving out their personal emails, well quite frankly I would trust the advice a lot less :-)

No, this is a privacy-website, and I expect many -- or even most -- of the people that ought to be giving out the advice, should be people whom I do not know ANYTHING about. Because if their advice is any good, it should not be something I can discern! Proof is in the pudding, as it were. Having a keybase is sufficient, and the people that are most connected to the innards of the process have such things.

We want people to listen to our advice by logic

Also this. Advice on the internet is cheap. Good advice on the internet is so rare that sometimes I think it is non-existent. PrivacyToolsIO advice is good advice, and they don't argue from authority of the people giving the advice, they argue "this is good advice and here is why ... if you know a reason we are wrong please drop in on github and help improve the advice we are giving".

@Meteor0id
Copy link

@blacklight447-ptio I completely agree with that approach.

But who decides the conclusion on these open transparant discussions? Who decides if a github issue leads to change or is discarded? Who gets to label and prioritise?

Maybe not experts, but certainly there should be some accountability in place who gets trusted with those powers. It could be some voting system, but that is highly complex.

@five-c-d
Copy link

who decides the conclusion on these open transparant discussions?

The people on the about-page (To Be Done), some of whom are named and have recognizable emails and employment-affiliations and such, some of whom are almost 100% anonymous.

Who decides if a github issue leads to change or is discarded?

Participants here on github. If a change is stalled, leave a comment. If an issue was closed and needs re-opening, then leave a comment saying why.

there should be some accountability in place who gets trusted with those powers

There is: the list itself. If the advice is bad advice, it will mess up the quality of the listings, and this will result in complaints in github, and the listings getting fixed :-)

You are wanting the names and addresses of all the privacyToolsIO team, because you believe that will give them better "accountability" and help to lower the potential for corruption. But you are backwards on this. Look at the politicians, in any region of the planet: their names are known, their addresses are known, government finances are more transparent than private-sector stuff, and many efforts are made to have the politicians be held accountable to an electorate, right? And yet, politics is so corrupt. And so complex to fix, partly because of the voting-system.

By contrast, we don't know who the founder of privacyToolsIO is (good), we don't know the home address and employer of most of the team members (good), we cannot vote them out (good), we cannot get their tax returns (good), and so on. And yet the advice is good and there is not the slightest hint of corruption! :-) So you are barking up the wrong tree, and for the wrong reasons. Lack of anonymity will not prevent corruption, as the political example shows. Lack of anonymity won't make the advice-on-privacy any better, because staying anonymous is a big part of privacy for some folks, and giving it up would be not just unnecessary, it would reduce the trustworthiness of the team -- because if they don't care about their own anonymity, how can I trust them to advise me on how to retain mine?

@jonaharagon
Copy link
Contributor

tl;dr: forcing the people to run a privacy website to reveal their names and information publicly doesn't make sense.


I find this question of "who is behind privacytools.io" a very valid issue to address. Which experts are part of the decision making? How reliable is the advise of privacytools.io?

https://github.com/orgs/privacytoolsIO/people

Can we check that there is no influence of any app maker or hosting company to bribe their way onto the list?

Yes, discussions take place on this GitHub repository in public, and pull requests are approved by team members, typically more than one of them.

Reading @Mikaela 's top comment, I am glad she opened this issue. But from her description it becomes she is not an expert, and it does not become apparent who invited her to label issues and PR's and geve her the power to open and close issues and PR's.

I invited her with @BurungHantu1605's approval as a result of her activity in this community.

Privacytools.io has become quite a useful tool, and it would by wise in my opinion to guarantee it stays that way, by bringing in experts and forming a non-profit organization with formal procedures and safeguards to guarantee a certain level of quality, reliability and independence.

I don't see how not doing any of these things affects the work that's been put into this project (publicly and transparently) by our contributors over the past 4 or so years. I think keeping discussions open, transparent, and accepting of user feedback is the best way to operate this site. We often add and remove programs and other recommendations based on the discussions in this repository.

With experts I mean people who have done academic research in the field of privacy, and who would lose their reputation and who would think twice because they have something to lose when some company offers a bribe to get them listed on privacytools.io.

Who is willing to put themselves in this position for a project for free?

If you choose to give out public advise to others what tools they might want to use, than you should be publicly accountable for that advise.

I think it would be dangerous to force people to be publicly accountable for the content they publish online, and would actively discourage people from participating. The important thing about privacytools.io is that it's a community-led venture and not a body of supposed experts making the recommendations.

The policy of privacyToolsIO needs to be the same as any libre-licensed project: NO WARRANTY WHATSOEVER, NOT EVEN THE IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, use at your own risk, your mileage may vary, we are not responsible if you have something bad happen to you, and you cannot sue us no matter what.

This is probably a good idea...

But who decides the conclusion on these open transparant discussions? Who decides if a github issue leads to change or is discarded? Who gets to label and prioritise?

At the end of the day, privacytools.io is a privately owned project, and some anonymous person (@BurungHantu1605) is handling all the finances and controls all the assets (servers and domains). We leave all information publicly available to encourage our users to conduct further research on their own. If someone thinks we're being unfair about the tools we're recommend, or we're not recommending a tool we should, or one of the things we recommend is detrimental to privacy, they can voice that opinion.

Adding more restrictions to an already well functioning project seems useless to me, don't fix what isn't broken.

@atomGit
Copy link

atomGit commented May 31, 2019

If you choose to give out public advise to others what tools they might want to use, than you should be publicly accountable for that advise.

accountable how?

Privacy is about shielding other aspects of your life which do not relate to the thing you are publicly doing.

where privacy enters and exits i think is up to the individual

It is not possible to give public advise while staying anonymous yourself. There would be no way for anyone to verify that you are not just an employee of some company trying to get their software promoted, or trying to spread lies about competitors.

there is if they're promoting sketchy software or lying - and i'm not seeing how identifying ones self or having a title prevents that

it seems that you're wanting to give PTIO more credibility, and i get that, but i mostly disagree with your reasoning

it is obviously and ultimately always up to the reader to decide whether the information they're consuming is creditable, is it not?

an 'who are we' page, sure, but i don't think i agree with a 'who am i' page - it hasn't given the government any credibility, nor Google, nor any mainstream "news" company, nor any other mega-corporation i can think of - Anonymous has more far more credibility in my eyes and i don't know who they are

@five-c-d
Copy link

people who have done academic research in the field of privacy

Who is willing to put themselves in this position for a project for free?

There might be some, actually. You might try emailing folks that are famous for one thing or another, and see if they would like a page where they recommend their favorite tools, and/or critique the privacyToolsIO recommendations.

feature request: Guest Blogger Of The Month?

This could be folks in academia, that want to get more visibility for their name ... www.privacytools.io is becoming more famous, and a guest-blogger post by Somewhat Famous Researcher that is highlighted on the privacyToolsIO homepage, might be worth the effort to write, because of the added name-recognition it would bring?

Similarly, I think that anybody who is the main author of one of the tools on privacyToolsIO, ought to be able to write a guest-blog about their own tool-recommendations. Daniel Micay @thestinger for example, would have some very strong things to say about why LineageOS ought to be de-listed... which he is wrong about btw :-) But I'm willing to bet that he would also have a lot of advice about what the best software is for many other categories, outside the ones where he is listed. Same thing for Moxie Marlinspike, same thing for the Purism people once they get officially listed, same thing for Wireapp, same thing for protonmail, and so on. These are not (usually) people that have done academia-things in the field of privacy, but they ARE people that have helped advance privacy! Respected folks, with strong reputations.

I'm not suggesting that the tool-producers should be the ones making listing-decisions, or the cryptographic researchers in academia or whatever, either. But it would be cool if they wanted to give tool-advice, via privacyToolsIO website, in a special "guest post by Famous Person X" type of format. And as far as that goes, I would actually be really interested to see what a guest-post by Mikaela, Jonah, etc would look like... would her tool-recommendations agree with yours? Do you both agree with the privacyToolsIO listings?

This kind of introspection is not as "useful" in some sense as the main /classic page with all the consensus-of-the-team listings, but it would (if done with care) tend to stoke interesting discussions, prompt needed changes, and so on.

don't fix what isn't broken

Yeah. @Meteor0id has a valid worry, which is that, for instance, the VPN section is potentially open to abuses. (There are a lot of websites that recommend 'top ten vpn services' which are thinly disguised advertisements paid for by one or more of the listed vpn firms!) But the solution is not, okay take privacy away from the people running the site, the solution is, get more eyeballs on the VPN listings and make sure they are all legit. Ones that don't belong, remove them, ones that belong which are not listed, add them, all in an open transparent fashion. And this is just a potential worry, not something actually broken right now, the listings are fine from what I can tell.

Not just me saying that either: anybody with a github username could also file a complaint, or whatever, if there was something specific amiss with tool X in listing Y committed by team-member Z. The feedback loop is strong, and the potential for abuse remains an unrealized potential, primarily because abuse cannot easily materialize! There are too many eyeballs watching... just like in any libre-licensed project, the system is pretty resilient against most kinds of Bad Stuff getting uploaded and committed, because people that care are watching closely to make sure only good stuff gets in. Crucially: even if bad stuff does somehow manage to slip in, it can be kicked right out again! :-)

anonymous [team] has more far more credibility in my eyes

Yeah, also my thinking. https://github.com/orgs/privacytoolsIO/people has enough anonymity-oriented folks that I'm comfy ;-) But it has some realname folks too, not necessarily famous names -- yet at least, who knows what the future may hold :-)

@Mikaela
Copy link
Contributor Author

Mikaela commented May 31, 2019

I am having a bit busy time and I haven't read even my Github emails entirely (sorry if someone is awaiting especially me), but I would like to add to the previous comment:

  • https://mikaela.info/#im and https://mikaela.info/browser-extensions (heavy eternal WIP, see mikaela.github.io issue tracker) and maybe some other pages may answer your curiosity on which tools I would recommend at least partially.
  • You don't need a GitHub account to get an issue opened or comment added, I am sure that there are many people inside and outside the team who would be happy to relay your comment if pinged on Matrix or emailed to or otherwise contacted.

Good night (UTC+3) 💜

@Meteor0id
Copy link

Meteor0id commented May 31, 2019

an 'who are we' page, sure, but i don't think i agree with a 'who am i' page - it hasn't given the government any credibility, nor Google, nor any mainstream "news" company, nor any other mega-corporation i can think of

That's because normally, if you want to know who is behind something, you request the company register, where the names and some contact information of the current director or the board are listed. That is how you unusually check out an organization and find out who are affiliated with it. If there is no registered organization behind a website, there is no way to do that. The only registration the the domain name with some registrar, but that doesn't provide much info about who is actually running the site.
News agencies and all big companies don't need a "who are we" page, because they already list a headquarters, and their board is already publicly listed in the company registry.

accountable how?
If you sign someone up as a director or board member of the organization, you can also kick him out. That is accountability. If they don't intervene when the project goes south in some way, you kick them out by majority vote and replace them by people who do keep the project stable.

The main reason to go though all that, is to secure that privacytools.io stays goal oriented and stays independent. By appointing a director, there is someone who says "I will watch over this project and assure that it doesn't get hijacked by companies who want to use it to advertise their own services". "I will make sure that we don't assign random people to manage the github issues and PRs, to prevent personal influence on the list".

It doesn't have to have a major impact on how the site is run, it just adds some stability.

forcing the people to run a privacy website to reveal their names and information publicly doesn't make sense.

Assigning 1 to 3 people to safeguarding the project makes sense to me. That includes revealing who they are, just their names really, not they personal phone number or pictures. The privacy this website centers about is to prevent digital forensics and tracking on-line. Reveling your first and last name, and explain to the rest of the community what privacytools.io will be focusing on, is not a contradiction to that goal. And no of course it is not forcing, it just means that only the person who handles the money and the director of the organization are known if they agree to take on that responsibility. Contributor don't have to reveal anything, of course not, they are volunteers without responsibilities.

I think a page answering the questions in the issue title is now even more important as there are services hosted by Privacytools.io which in my opinion isn't as reliable as knowing who is behind it and what are their motives/why are they doing this.

Exactly!
But knowing who someone is is more than know whether you like cats or dog. Knowing what your motives are ties in with the question whether you also happen to be an employee of some hosting company. There should be someone who knows the team members, and at least the head of the team should be fairly known to the public.

Anyway, I don;t think the question whether there should be some organization set up is going to be decided today. I just hope I got some people thinking about the future and I'll leave it at that.

@atomGit
Copy link

atomGit commented May 31, 2019

The main reason to go though all that, is to secure that privacytools.io stays goal oriented and stays independent. By appointing a director, ...

that sentence can be finished another way; by appointing a director you create a singular overseer instead of community oversight

The main reason to go though all that, is to secure that privacytools.io stays goal oriented and stays independent.

that reasoning has failed so miserably and so completely in virtually every mainstream institution that i can think of - once you create a positions of power, you create single points of control which those self-serving people who want to control the org will find very attractive and the process of corruption is extremely difficult to interrupt, at best ... Reddit is a great example - so is science in general, government, etc., etc....

how many organizations/bodies/corporations can you think of that have remained true to their (ethical) origin over a long period of time? virtually all of the problems we as humans face today involve pyramidal architectures, the foundation of which is greed

if people in the PTIO sphere want to provide credentials, great, but i don't think they should be allowed to carry any more weight than those who contribute to the project ... just my .02 and i hope i'm not offending

boards, directors, votes .... i just think that's a lot of overhead to add to what seems to me to be a largely community driven project that appears to be working very nicely without it

that said, yeah, i agree there should be an 'about us' page that briefly outlines the purpose of the project

@jonaharagon
Copy link
Contributor

feature request: Guest Blogger Of The Month?

This would be awesome actually IMO, although I'm not sure who'd be interested. You mentioned a few, and maybe I could reach out to them... Think it should be limited to people related to the tools we recommend? I think guest-blogging might be a hard sell to most, they're very busy people :/

@five-c-d
Copy link

five-c-d commented Jun 1, 2019

the purpose of the project

There is a page for that already :-)    www.privacyTools.io ...which says right at the top...

  • You are being watched.
  • Private and state-sponsored organizations
  • are monitoring and recording your online activities.
  • privacytools.io provides services, tools and knowledge
  • to protect your privacy against global mass surveillance

The mission it to beat global mass surveillance. The specific scope is to recommend privacy-respecting tools, provide privacy-respecting services, and convey knowledge about how the readership can protect themselves. The badguys are corporate and political entities that engage in global mass surveillance, specifically, internet and telecom surveillance.

That is what the project is about. If there were an about-us page different from the github-listing, it would probably have the following:

  1. history of the effort
  2. people involved, some by their real names (three are listed so far unless those are pen-names), but many just by their nom de guerre
  3. ideally some kind of financial report which says "hey we use OVH just like wikileaks and several of the core team are sysadmins (link link link) and here are the ways donation money was spent on expenditures last year (table table table) and thank you for contributing your time and knowledge to our discussion areas (discourse github mastodon reddit gitea twitter etc) if you wanna give us a huge amount of money our fiscal sponsor is [insert 501c4 sugar daddy] and if you are in the EU [insert sugar mommy] plus you can make small donations to our efforts via [bitcoin or paypal or etc] and thanks very much stay private folks"
  4. that is about it... privacyToolsIO does not need a corporate director, they are not a corporation, they don't need an elected official because they are not politicians, they don't need a head librarian because they are not a library :-)

It's a libre-licensed project on github to recommend solid privacy-respecting software and provide solid privacy-respecting software-services, and for that you need a team of sharp-eyed sharp-witted folks, no more... but no less! It is a very tough job to do.

If someday privacyToolsIO becomes a legal entity, I hope that it is done very carefully, so as to keep from messing up the freewheeling nature of the effort, and avoid stagnation in the community-portion... plus, as atomGit says, it is hard to build ANY kind of hierarchical structure which does not attract the power-hungry

Assigning 1 to 3 people to safeguarding the project...
revealing who they are, just their names...

Your wish has been granted == https://github.com/orgs/privacytoolsIO/people which lists Jonah + Mikaela + Shifterovich, two of whom have commented here in this thread already.

only the person who handles the money
and the director of the organization are known

This is an additional wish, apparently, and I hope it is not granted. The founder of the project and head of the team is anonymous. They are also the person who handles the money. It would be nice (per above) for there to be some expenditure-reports, which outline where the donation-money goes, but to me the donation-money is the property of the person to whom it was donated. They can use it to buy a cool motorcycle, or a gigantic yacht for all I care, they earned that money. The listings are a HUGE value, the donation-money is primarily coming in because of the value of the listings, intangible knowledge which is easy to read... but was VERY hard to research and write.

Personally I like to imagine the anonymous founder using their one milllliiiiooonn dollars in donation-bucks to buy a secret underwater lair, plotting the overthrow of mass surveillance whilst surrounded by sharks with lasers on their heads, as the old saying goes :-) But if they are sinking some of that donation-money back into privacyToolsIO to pay for webhosting and pay for services-hosting and pay for whatnot, that is fine by me also. Don't ever skimp on the secret hideout though, any real privacy-wizard HAS to have a cool secret lair!

@five-c-d
Copy link

five-c-d commented Jun 1, 2019

I think guest-blogging might be a hard sell to most

Well, if you are hoping that Bruce Schneier and Edward Snowden will drop everything and start guest-blogging for you, then yes, you are probably gonna be disappointed. But I don't think that is outside the realm of the possible, either! My suggestion is that you put together a simple email, and then send it out to one person a day. Start at the top with Snowden, because if he says "yes" then that would be so awesome :-)

Make it so that... just by reading the email about asking them to guest-blog, they will practically write their own listings in their mind. Something like this:

HOWTO: begging profusely yet sincerely ;-)

Dear Mr. Snowden: we at www.privacyTools.io deeply appreciate all you have done for privacy and cryptography, and share your goal of thwarting global mass surveillance. To come straight to the point, we have a list of privacy-respecting software tools that we publish online, which is a collaborative project. We recommend many of the same tools as yourself: Qubes, Signal, Tor... but we would like, with your permission, to publish a guest-blog which lists what other software you recommend to the everyday citizen, concerned about their privacy. Here is our (summarized) list of tool-recommendations:

  • VPN: AirVPN AzireVPN (plus 18 more in alpha-order). Browser: Firefox TorBrowser Brave. Addons: PrivacyBadger uBlockOrigin CookieAutoDelete httpsEverywhere etc. Webmail: Protonmail Disroot Tutanota Mailfence etc. Email: Thunderbird ClawsMail. Alternatives: BitMessage RetroShare. Engines: SearX StartPage DuckDuckGo Qwant
  • IM: Signal Riot Ricochet. VoIP: Signal Wire Linphone. Fileshare: OnionShare FirefoxSend MagicWormhole. Storage: Nextcloud LeastAuthorityS4. Self-host: Pydio Tahoe-LAFS. Hosting: Banhof Njalla DataCell OrangeWebsite. Filesync: SparkleShare SyncThing. Calendar: Nextcloud Etesync.
  • Passwords: BitWarden KeePassXC LessPass. Crypto: VeraCrypt GnuPG PeaZip+7zip. Darkweb: TorBrowser I2P Freenet. Social: Mastodon Diaspora Friendica etc. DNS: OpenNIC Njalla DNSCrypt. Notebook: Joplin StandardNotes Turtl. Pastebin: PrivateBin. Productivity: CryptPad EtherPad WriteAs
  • OSes: Qubes Debian Trisquel. LiveCD: Tails Knoppix Puppy. Mobile: LineageOS UbuntuTouch GrapheneOS. Addons: Blokada NetGuard Orbot. Expert: XPrivacyLua. Router: OpenWrt pfSense LibreCMC
  • Above listings are from https://www.privacytools.io/classic/

You might not agree with those! If you have a wish to guest-blog, and write up your own list of recommended tools (in top3 format or any other format you like) we would be happy to publish your work, under any copyright terms you wish, and prominently feature it with your name -- and if you prefer also the Freedom of the Press name as well -- at the top righthand corner of the www.privacyTools.io website, if that is okay. If you wish to write 99 pages, we will publish all those pages, if you only have time for 99 words, we would be very grateful for that as well. If you like, we can proofread and copy-edit, or re-publish EXACTLY what you send us to publish, up to you. Our website runs on donations, and our founder is an anonymous privacy activist, you can read more about us at our site, or on our github page. Thank you for your time, and thanks for all you do. Best, Jonah Aragon, privacyToolsIO core team

Worst that can happen is you get no responses. But can pretty much guarantee that, if you are persistent, you will get some awesome responses eventually. In the meantime, armtwist Mikaela into writing up her own personal recommendations into a guest-blogger form, and finish your grapheneOS research so you can write you own guest-blog list, please

p.s. I don't really consider the "guest blog thing" to be off-topic... because nothing will tell me more about the core team, than a list of which tools they personally recommend ;-) Happy to move this guest-blog-idea over to a new github-issue however, if desired

@jonaharagon
Copy link
Contributor

They are also the person who handles the money.

If we want to get technical I guess, I actually handle most of the money now. I think BurungHantu found it difficult to remain anonymous and operate accounts like Stripe 😛

Worst that can happen is you get no responses. But can pretty much guarantee that, if you are persistent, you will get some awesome responses eventually. In the meantime, armtwist Mikaela into writing up her own personal recommendations into a guest-blogger form

Yeah, this is definitely something I'll look into.

and finish your grapheneOS research so you can write you own guest-blog list, please

Well, I don't remember if I mentioned this on GitHub but the phone I got was a Verizon phone so I can't unlock the bootloader. Also I forgot about it, so I still haven't returned it. It's on my to-do list!

@five-c-d
Copy link

five-c-d commented Jun 1, 2019

Also I forgot about it, so I still haven't
returned it. It's on my to-do list!

No more excuses, I demand results! :-)

And please look into purchasing a secret lair, if BurungHantu is nice you can let them visit every once in awhile ;-)

remain anonymous and operate accounts like Stripe

What are the chances of this becoming a privacyToolsIO service, where anonymous bloggers that want to accept earmarked donations, can apply to privacyToolsIO for their own iframe'd payment-processing subdomain? I'm thinking e.g. political dissidents that want to accept money without doxxing themselves to the payment processor for example...

  • Alice is a political dissident in [draconian country]
  • she blogs at the write.privacytools.io and discusses politics on social.privacytools.io
  • but she needs money to by telephoto lens gear so she can document corruption
  • she can request Monero via her blog ... but most donors won't/can't pay in Monero
  • most donors could/would pay via Amex or Paypal ... but Alice cannot risk accepting
  • voila! the new payments.privacytools.io which allows Alice to anonymously accept Paypal/Amex/etc (anything donors want), subtracts processing-fees and optionally some kind of service-fee ("dear donor: if you would like to give an extra USD$4.44 to privacyToolsIO for hosting Alice's blog and her donation-earmarking page we would appreciate it"). The bulk of it would go to Alice's control, and she could get it converted (less forex and exchange-fees and whatnot) into the form of her choice, such as Monero or whatever

This is risky to do because there are a lot of "Know Your Customer" and anti-money-laundering rules that would have to be VERY scrupulously observed -- sometimes Alice really will be a drugdealer or a terrorist trying to use payment.privacyTools.io as a money-laundering service to by explosives or whatever! But it does seem like exactly the kind of thing that would be IMPOSSIBLY tough for Alice herself (the legit political dissident) to manage, but possibly-not-quite-impossible for privacyToolsIO team to pull off?

@jonaharagon
Copy link
Contributor

And please look into purchasing a secret lair

let me just drop this right here https://www.privacytools.io/donate/

What are the chances of this becoming a privacyToolsIO service[...]

This sounds like a nightmare. Presumably we'd need to collect information from Alice for the legal reasons you mentioned, and then it's no different from any other payment processor.

@five-c-d
Copy link

five-c-d commented Jun 1, 2019

Yes, it would be a nightmare. But whether you, as in, Jonah Aragon, would need to collect that info, would strongly depend on whether you were processing the payments.

think like a VPN or webmail provider, except, with no-logs payouts?

Just like a lot of privacy-respecting VPNs and webmail providers are pretty careful about picking their legal jurisdiction, if it ends up making sense for payment.privacyTools.io to exist, the only way it would make sense was if all of the following conditions could be met

  1. Alice is able to start accepting donations, pseudo-anonymously -- which means, the jurisdiction in which the payment-processing portion of privacyToolsIO existed would have to be something like the small island-nations some VPN providers use?
  2. donors would need to be able to earmark money for Alice, when they donated to privacyToolsIO via the button on social.privacyTools.io (or whatever platform Alice is writing from/on)
  3. after the earmarked-for-Alice donation arrived in the privacyToolsIO core-team's control, you would need to document it for transparency-reasons (i.e. this will not be possible until and unless you become your own 501c4+501c3 entity at some point ... NOT just having a fiscal sponsor but a dedicated legal entity yourself)
  4. then, after the taxation-side was properly handled, as part of an expenditure of your 501c4 to educate the world, you would convert some of the privacyToolsIO assets into Monero or whatever Alice wanted (or for more efficiency just "unearmark donor USD" and then "transfer the Alice-tag over to unearmarked Monero already donated beforehand"). Then you would document the expenditure... and Alice would have her funding.

So yeah, nightmare. Might not even be possible to find a suitable jurisdiction, such that the linkage between the endpoint of step#4 and the startpoint of step#1, is safe enough for Alice to take the risk.

However, I don't think the goal should be, to make Alice's payment safe from the federal+provincial government of the USA+Delaware (assuming 501c4) or the commonwealth+cantonal government of the EU+Switzerland (assuming continental charity of some form). Those people are not Alice's enemies, nor the donor's enemies, as long as Alice is actually a political dissident in a draconian country, at least.

The adversary, the people that Alice needs to keep anonymous from, are the people running her country, the draconian secret service and the draconian politicians. This is a much smaller problem to surmount, and I suspect with some lawyers familiar with international tax-laws and offshore accounting practices and such, it would actually be possible to set this up for Alice. Definitely not easy, and has a lot of pre-reqs which would have to be in place before it could even hypothetically be done.

don't think the question whether there should be
[$ACTION] is going to be decided today. I just hope
I got some people thinking about the future
and I'll leave it at that.

Right :-) Same here. If you do set some kind of fiscal sponsor up, and then later, create your own non-profit entity, look into the jurisdiction-question (where to base your non-profit entity's financial assets) beforehand please.

With an eye to... hey are we going to be able to make expenditures to recipients, without knowing who the recipients are ? Such as, transfer 999 usd from your entity's official donation-funds into 3 btc, and then send those btc to "Alice" in the Seychelles or some other kind of tax-haven nation. If so, as in, if that scenario is hypothetically plausible in certain jurisdictions, might be worth tuning where you base your non-profit (if and when).

Back more-on-topic, though, I think that the new services from privacyToolsIO are definitely cool stuff, and a good thing. But what I don't get a sense of, is a long-term plan? Is the goal to get out of the "business" of recommending software-tools, and instead, get into the business of competing with the tools you used to recommend? There is just one entry left in the pastebin-tools listings, for instance, and now privacyToolsIO offers such a thing. What is the rationale for the service-end of the project? Is it intended to supplement the listings, or to eventually replace them outright?

@jonaharagon
Copy link
Contributor

Back more-on-topic, though, I think that the new services from privacyToolsIO are definitely cool stuff, and a good thing. But what I don't get a sense of, is a long-term plan?

The goal is either to foster a larger community among the people here/visiting the site (forum, chat, write, social), support federated technologies (matrix, activitypub, tor, ipfs), or in some cases just to create centralized services that I [personally] trust (mail, bin, git). On the second note, we actually run services we don't yet publish on the site but are IMO useful, like a Tor relay and a public IPFS gateway at ipfs.privacytools.io. And the latter services (bin, git) I don't ultimately care if people use, I just need a place to paste things and stuff 😝

@Mikaela
Copy link
Contributor Author

Mikaela commented Aug 15, 2019

Is anyone actively working on this? If not, please feel free to assign it at me, even if I may not be able to look into it in a week or so.

I have an idea:

  1. Make a new page that includes _includes/sections/team/*
  2. Make those files CODEOWNERed by the individual team members.

I think initially it should just contain people who are marked as public members at GitHub

@Mikaela
Copy link
Contributor Author

Mikaela commented Aug 16, 2019

Assigning to me so I can see it at https://github.com/issues/assigned as a todo and won't forget it. Please feel free to PR or something though, I will open a draft PR when I start.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved approved, waiting for a PR ✨ enhancement todo 🌐 website issue *Technical* issues with the website.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants