Re: [tor-project] The Tor Project Social Contract
On Tue, Aug 2, 2016, at 07:59 AM, Lunar wrote:
Hi!
Mike Perry:
I hate to be late to the party, and I hate to start a libre/free/open flamewar, but I am concerned about the specific language "free of cost" with respect to our tools in Point #3. […] I see nothing wrong with paid versions of Tor tools, paid hardware, or paid access, so long as the implementations of security-critical components are open source and auditable. Maybe others disagree?
I disagree. :)
Wealth is already an important factor in one's ability to enjoy freedoms of opinion, expression, and association. If we agree that you can't really exercise these freedoms in the digital world without tools like Tor, I think such access to these tools should not be restricted by how much money you can spend on it.
While I agree that we should find ways to cover costs of production, or that I think it's ok to sell hardware with Tor preinstalled, I believe we should try to find business models that aim to balance the wealth disparities of this world, because I want our work to help balance power.
I agree with both of you in different ways. Requiring a user to be able to compile to get something free is not good enough. Some longer thoughts below, but I think the spirit of what we say should be "Always Free, but Pay What You Can". Using Onion Browser as an example, it is great that Mike Tigas has been able to independently support his work on that project by charging a small fee for the open-source software he builds. However, it has also severely limited adoption, and pushed users to less trustworthy apps, because there are many people who don't have the ability to purchase apps on iOS due to not having a credit card or being in a country where paid apps are not supported (like Iran, I believe). With iOS, there is no way to sideload from a free app store without making your device insecure, so the only "free as in beer" and secure way to get Onion Browser is to know someone who has a Mac, is an iOS developer, and who is willing to link your device to their IDE setup. What I would like to see from Onion Browser, and from all Tor-related apps/projects/community members that choose to support this contract, is to offer a free version always, and then a pro/premium pay version, or a "pay what you can" option, that is functionality equivalent. That way, novice users will always have access without any impediments due to their economic situation. This is also a model that I would like to adopt for Orbot and Orfox, and any app store that offers a built-in, easy payment system. Again, users would not be required to use this, but for people who already opt-in and are comfortable providing their payment information, then it is an easy way for Tor projects to gain sustainable grassroots support. On the hardware front, we are already working with Copperhead to sell premium-priced Nexus phones flashed with their open-source OS, that may someday have Orbot built into it. Copperhead offers their ROM free of charge for anyone to flash to a Nexus device, but again, that is a very serious impediment for non-technical users. What I am trying to setup there is a "buy one, give one" program, or again, a "pay what you can" system, that is backed by those who can afford to donate money along with their purchases.
Here's an attempt to reword to capture my thinking:
3. Our tools are universally available to access, use, adapt, and distribute
Ok with the rewording here.
Perhaps we could define "universally available" a bit more to ensure that in includes non-technical end-users? This means that we are talking about more than just "we publish the source code". Best, Nathan
Nathan Freitas:
On Tue, Aug 2, 2016, at 07:59 AM, Lunar wrote:
Hi!
Mike Perry:
I hate to be late to the party, and I hate to start a libre/free/open flamewar, but I am concerned about the specific language "free of cost" with respect to our tools in Point #3. […] I see nothing wrong with paid versions of Tor tools, paid hardware, or paid access, so long as the implementations of security-critical components are open source and auditable. Maybe others disagree?
I disagree. :)
Wealth is already an important factor in one's ability to enjoy freedoms of opinion, expression, and association. If we agree that you can't really exercise these freedoms in the digital world without tools like Tor, I think such access to these tools should not be restricted by how much money you can spend on it.
While I agree that we should find ways to cover costs of production, or that I think it's ok to sell hardware with Tor preinstalled, I believe we should try to find business models that aim to balance the wealth disparities of this world, because I want our work to help balance power.
I agree with both of you in different ways. Requiring a user to be able to compile to get something free is not good enough.
Some longer thoughts below, but I think the spirit of what we say should be "Always Free, but Pay What You Can".
Using Onion Browser as an example, it is great that Mike Tigas has been able to independently support his work on that project by charging a small fee for the open-source software he builds. However, it has also severely limited adoption, and pushed users to less trustworthy apps, because there are many people who don't have the ability to purchase apps on iOS due to not having a credit card or being in a country where paid apps are not supported (like Iran, I believe). With iOS, there is no way to sideload from a free app store without making your device insecure, so the only "free as in beer" and secure way to get Onion Browser is to know someone who has a Mac, is an iOS developer, and who is willing to link your device to their IDE setup.
What I would like to see from Onion Browser, and from all Tor-related apps/projects/community members that choose to support this contract, is to offer a free version always, and then a pro/premium pay version, or a "pay what you can" option, that is functionality equivalent. That way, novice users will always have access without any impediments due to their economic situation. This is also a model that I would like to adopt for Orbot and Orfox, and any app store that offers a built-in, easy payment system. Again, users would not be required to use this, but for people who already opt-in and are comfortable providing their payment information, then it is an easy way for Tor projects to gain sustainable grassroots support.
On the hardware front, we are already working with Copperhead to sell premium-priced Nexus phones flashed with their open-source OS, that may someday have Orbot built into it. Copperhead offers their ROM free of charge for anyone to flash to a Nexus device, but again, that is a very serious impediment for non-technical users. What I am trying to setup there is a "buy one, give one" program, or again, a "pay what you can" system, that is backed by those who can afford to donate money along with their purchases.
Here's an attempt to reword to capture my thinking:
3. Our tools are universally available to access, use, adapt, and distribute
Ok with the rewording here.
Perhaps we could define "universally available" a bit more to ensure that in includes non-technical end-users? This means that we are talking about more than just "we publish the source code".
Best, Nathan
Available is not the same as accessible. Available can mean "available for sale." "Available," "accessible," and "affordable" are terms that have specific meanings when it comes to access for low-income people. Human rights activists, for instance, are often people with very limited resources--and for whom free of cost and easily accessed software is essential. When we look at tiny school fees [0] charged to children in developing countries, these tiny fees often constitute huge barriers to education and there is a successful movement to abolish them. The same is true for discounted costs that people pay in African countries for life-saving medications and the barriers those pose to patient survival. Health and education are human rights. At Tor we would argue that privacy is a right, too--it's also a right enshrined in European law. I believe that our tools should remain free to users and we should strategize other ways to make money. "Pay what you can" software is an idea widely understood in the global north; is it also in the global south? Pay with what? Bitcoin? Credit cards? If you get the software installed at your local roadside store, who do you pay? These are all barriers to using Tor. Moxie Marlinspike has gotten around this by licensing his software to big companies so that they are the ones that pay, while users get the software for free. He also gets grants. Not only WhatsApp users but also Signal users benefit from this strategy. If you are a huge company, perhaps we can offer to incorporate Tor-licensed software into your product for a big fee (and in some of the ways that Nathan is discussing). And we are soliciting grants from charitable foundations. There are lots of ways to figure this out, but already the countries with the most people on the Internet are China and India respectively [1], and most are accessing it via phones, and more and more are very poor. Which is great--they can access the Internet now! Let's make sure they can download free Tor software, too so that they can access all of it. Is our user a poor US highschool student who can pay what he will? Or is our user a Chinese farmer with a $60 smart phone and no bank account? Do we need an advisory board of users from developing countries? +1 for free software that is free as in beer +1 for Robin Hood, Katie [0] School fees: http://www.unicef.org/education/bege_61665.html [1] Internet users by country: http://www.internetlivestats.com/internet-users-by-country/
_______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
Nathan Freitas:
On Tue, Aug 2, 2016, at 07:59 AM, Lunar wrote:
Hi!
Mike Perry:
I hate to be late to the party, and I hate to start a libre/free/open flamewar, but I am concerned about the specific language "free of cost" with respect to our tools in Point #3. […] I see nothing wrong with paid versions of Tor tools, paid hardware, or paid access, so long as the implementations of security-critical components are open source and auditable. Maybe others disagree?
I disagree. :)
Wealth is already an important factor in one's ability to enjoy freedoms of opinion, expression, and association. If we agree that you can't really exercise these freedoms in the digital world without tools like Tor, I think such access to these tools should not be restricted by how much money you can spend on it.
While I agree that we should find ways to cover costs of production, or that I think it's ok to sell hardware with Tor preinstalled, I believe we should try to find business models that aim to balance the wealth disparities of this world, because I want our work to help balance power.
I agree with both of you in different ways. Requiring a user to be able to compile to get something free is not good enough.
Yes, I definitely hear Lunar and Kate's concerns about monetary barriers being real, and I think you're doing a great job getting us to synthesis here, Nathan. Thanks!
Some longer thoughts below, but I think the spirit of what we say should be "Always Free, but Pay What You Can".
This is good. I am still a little wary about some edge cases around "Always", especially when we start talking about hardware, but for pure software, I think this makes sense. More below.
Using Onion Browser as an example, it is great that Mike Tigas has been able to independently support his work on that project by charging a small fee for the open-source software he builds. However, it has also severely limited adoption, and pushed users to less trustworthy apps, because there are many people who don't have the ability to purchase apps on iOS due to not having a credit card or being in a country where paid apps are not supported (like Iran, I believe). With iOS, there is no way to sideload from a free app store without making your device insecure, so the only "free as in beer" and secure way to get Onion Browser is to know someone who has a Mac, is an iOS developer, and who is willing to link your device to their IDE setup.
Ok, I agree with you here. For pure software, I do vastly prefer the "Always Free, but pay what you can" model, and agree that half-measures on the "Free" part (such as free source code only) can have really bad failure modes. To add another bad outcome to your text above: There are a handful of free OnionBrowser rebuilds in the iOS app store, for example, but none of them are kept up to date. This is a source of harm to users who think the rebuilds are kept current, and you have me fully convinced that it is not a great outcome.
What I would like to see from Onion Browser, and from all Tor-related apps/projects/community members that choose to support this contract, is to offer a free version always, and then a pro/premium pay version, or a "pay what you can" option, that is functionality equivalent. That way, novice users will always have access without any impediments due to their economic situation. This is also a model that I would like to adopt for Orbot and Orfox, and any app store that offers a built-in, easy payment system. Again, users would not be required to use this, but for people who already opt-in and are comfortable providing their payment information, then it is an easy way for Tor projects to gain sustainable grassroots support.
Right. I especially don't want us to frown on people who effectively run donations campaigns through app stores like you describe above. That just seems silly.
On the hardware front, we are already working with Copperhead to sell premium-priced Nexus phones flashed with their open-source OS, that may someday have Orbot built into it. Copperhead offers their ROM free of charge for anyone to flash to a Nexus device, but again, that is a very serious impediment for non-technical users. What I am trying to setup there is a "buy one, give one" program, or again, a "pay what you can" system, that is backed by those who can afford to donate money along with their purchases.
I don't know if I feel comfortable demanding that people who bundle Tor in their hardware necessarily adopt a "buy one, give one" model to adhere to the "Always free, but pay what you can" standard. Here's another example: Let's say that some major IoT company decides to use Tor onion services for authenticated, secure, and private device control. Those devices aren't free, nor is the rest of the software they run, but this company is more than willing to dedicate engineers and/or money to improving Tor onion service scalability, and they upstream all of their modifications to Tor itself. If we define the social contract to frown on this type of behavior because the actual product using Tor is not Free, are this company's engineers not welcome at dev meetings? Should Tor not take funding from this company? If the consequences for violating these norms are exclusionary (such as exclusion from dev meetings, certain mailinglists, team IRC meetings, and/or community governance), then I think they should aim for the largest acceptable union of our value systems on software development, not the intersection. This will ensure that the maximum number of people will ultimately end up using and benefiting from Tor. As a related point: tor-core chose the MIT license, not a GPL-family license, for similar reasons. -- Mike Perry
Hi all, see comments at the very bottom: Mike Perry:
Nathan Freitas:
On Tue, Aug 2, 2016, at 07:59 AM, Lunar wrote:
Hi!
Mike Perry:
I hate to be late to the party, and I hate to start a libre/free/open flamewar, but I am concerned about the specific language "free of cost" with respect to our tools in Point #3. […] I see nothing wrong with paid versions of Tor tools, paid hardware, or paid access, so long as the implementations of security-critical components are open source and auditable. Maybe others disagree?
I disagree. :)
Wealth is already an important factor in one's ability to enjoy freedoms of opinion, expression, and association. If we agree that you can't really exercise these freedoms in the digital world without tools like Tor, I think such access to these tools should not be restricted by how much money you can spend on it.
While I agree that we should find ways to cover costs of production, or that I think it's ok to sell hardware with Tor preinstalled, I believe we should try to find business models that aim to balance the wealth disparities of this world, because I want our work to help balance power.
I agree with both of you in different ways. Requiring a user to be able to compile to get something free is not good enough.
Yes, I definitely hear Lunar and Kate's concerns about monetary barriers being real, and I think you're doing a great job getting us to synthesis here, Nathan. Thanks!
Some longer thoughts below, but I think the spirit of what we say should be "Always Free, but Pay What You Can".
This is good. I am still a little wary about some edge cases around "Always", especially when we start talking about hardware, but for pure software, I think this makes sense. More below.
Using Onion Browser as an example, it is great that Mike Tigas has been able to independently support his work on that project by charging a small fee for the open-source software he builds. However, it has also severely limited adoption, and pushed users to less trustworthy apps, because there are many people who don't have the ability to purchase apps on iOS due to not having a credit card or being in a country where paid apps are not supported (like Iran, I believe). With iOS, there is no way to sideload from a free app store without making your device insecure, so the only "free as in beer" and secure way to get Onion Browser is to know someone who has a Mac, is an iOS developer, and who is willing to link your device to their IDE setup.
Ok, I agree with you here. For pure software, I do vastly prefer the "Always Free, but pay what you can" model, and agree that half-measures on the "Free" part (such as free source code only) can have really bad failure modes. To add another bad outcome to your text above: There are a handful of free OnionBrowser rebuilds in the iOS app store, for example, but none of them are kept up to date. This is a source of harm to users who think the rebuilds are kept current, and you have me fully convinced that it is not a great outcome.
What I would like to see from Onion Browser, and from all Tor-related apps/projects/community members that choose to support this contract, is to offer a free version always, and then a pro/premium pay version, or a "pay what you can" option, that is functionality equivalent. That way, novice users will always have access without any impediments due to their economic situation. This is also a model that I would like to adopt for Orbot and Orfox, and any app store that offers a built-in, easy payment system. Again, users would not be required to use this, but for people who already opt-in and are comfortable providing their payment information, then it is an easy way for Tor projects to gain sustainable grassroots support.
Right. I especially don't want us to frown on people who effectively run donations campaigns through app stores like you describe above. That just seems silly.
On the hardware front, we are already working with Copperhead to sell premium-priced Nexus phones flashed with their open-source OS, that may someday have Orbot built into it. Copperhead offers their ROM free of charge for anyone to flash to a Nexus device, but again, that is a very serious impediment for non-technical users. What I am trying to setup there is a "buy one, give one" program, or again, a "pay what you can" system, that is backed by those who can afford to donate money along with their purchases.
I don't know if I feel comfortable demanding that people who bundle Tor in their hardware necessarily adopt a "buy one, give one" model to adhere to the "Always free, but pay what you can" standard.
Here's another example: Let's say that some major IoT company decides to use Tor onion services for authenticated, secure, and private device control. Those devices aren't free, nor is the rest of the software they run, but this company is more than willing to dedicate engineers and/or money to improving Tor onion service scalability, and they upstream all of their modifications to Tor itself.
If we define the social contract to frown on this type of behavior because the actual product using Tor is not Free, are this company's engineers not welcome at dev meetings? Should Tor not take funding from this company?
If the consequences for violating these norms are exclusionary (such as exclusion from dev meetings, certain mailinglists, team IRC meetings, and/or community governance), then I think they should aim for the largest acceptable union of our value systems on software development, not the intersection. This will ensure that the maximum number of people will ultimately end up using and benefiting from Tor.
As a related point: tor-core chose the MIT license, not a GPL-family license, for similar reasons.
Here's the suggested rewrite from a few mails ago. I think it addresses all the points made here: Suggested rewrite: 3. Our tools are universally available to access, use, adapt, and distribute The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We will make most of our tools free of cost. We do not restrict access to our tools unless it is for the security of all users, and we design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools. The added line is "we will make most of our tools free of cost". Is that descriptive enough? Alison
Suggested rewrite:
3. Our tools are universally available to access, use, adapt, and distribute
The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We will make most of our tools free of cost. We do not restrict access to our tools unless it is for the security of all users, and we design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.
The added line is "we will make most of our tools free of cost". Is that descriptive enough?
Alison
+1 - Katie
_______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
On Wed, Aug 03, 2016 at 04:49:00PM +0000, Alison wrote: [snip]
Here's the suggested rewrite from a few mails ago. I think it addresses all the points made here:
Suggested rewrite:
3. Our tools are universally available to access, use, adapt, and distribute
The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We will make most of our tools free of cost. We do not restrict access to our tools unless it is for the security of all users, and we design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.
The added line is "we will make most of our tools free of cost". Is that descriptive enough?
"Most" might invite people to contemplate what fraction of the tools are free of cost: Is it 51%, three-quarters, all but a few exceptions, etc.? This is a distraction from the point being made. How about, "We will generally make our tools, documentation, trainings, research results, services and support free of cost to users." I also thought it useful to underscore here that we're not by omission implying that Tor is following some 'give away the razors, sell the razor blades' approach wrt support etc. Hence the mention of other things besides tools. If that's a can of worms not to be touched at this time, drop all that other stuff and revert to just 'tools' with the 'generally' vs. 'most' switch. Also, perhaps I'm being pedantic, but we're not making our tools free of cost. Making our tools costs a lot, we're just not charging the end users. I rephrased that aspect as well. Also, maybe use 'typically' instead of 'generally'? The important point is that this is the norm, the usual, but we don't want to imply precluding the sorts of integration or deployment that Mike mentioned. I think 'generally' works best here but your intuition may vary. aloha, Paul
Paul Syverson:
On Wed, Aug 03, 2016 at 04:49:00PM +0000, Alison wrote:
The added line is "we will make most of our tools free of cost". Is that descriptive enough?
I'm not sure it covers the intent that (at least for me) came with this discussion. I'd like us to state we don't want cost to be a barrier to access our tools, rather than just a half-statement.
"Most" might invite people to contemplate what fraction of the tools are free of cost: Is it 51%, three-quarters, all but a few exceptions, etc.? This is a distraction from the point being made.
How about, "We will generally make our "
I like the long list, but it might be too long… Anyway, another angle: 3. Our tools are universally available to access, use, adapt, and distribute The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We do not restrict access to our tools unless it is for the security of all users. {+Wealth should not be a determining factor to access our tools, and we do our best to distributed them free of charge or at a fair price.+} We design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools. I'm glad we're trying to improve this. -- Lunar <lunar@torproject.org>
On Wed, Aug 03, 2016 at 07:34:03PM +0200, Lunar wrote:
Paul Syverson:
On Wed, Aug 03, 2016 at 04:49:00PM +0000, Alison wrote:
The added line is "we will make most of our tools free of cost". Is that descriptive enough?
I'm not sure it covers the intent that (at least for me) came with this discussion. I'd like us to state we don't want cost to be a barrier to access our tools, rather than just a half-statement.
"Most" might invite people to contemplate what fraction of the tools are free of cost: Is it 51%, three-quarters, all but a few exceptions, etc.? This is a distraction from the point being made.
How about, "We will generally make our "
I like the long list, but it might be too long…
Anyway, another angle:
3. Our tools are universally available to access, use, adapt, and distribute
The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We do not restrict access to our tools unless it is for the security of all users. {+Wealth should not be a determining factor to access our tools, and we do our best to distributed them free of charge or at a fair price.+} We design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.
I'm glad we're trying to improve this.
Me too. I don't like "fair price" though, since it is already contentious in many cases (As an example that sometimes surfaces in public: is including the cost of development of a drug or disease treatment a determiner of the fair price for the patient?) Also, sometimes it's not the price per se but the need for an economic transaction that can be a barrier to access. Here's another refinement on yours that maybe does what both of us want. (I also added back 'services' to 'tools' rather than give the whole list. Please object if you think even that is too much.)
3. Our tools are universally available to access, use, adapt, and distribute
The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use.
Ability to pay should not be a determining factor in access to our tools or services, and we do our best to make these available to all users without restriction. More generally, we do not restrict access to our tools unless it is for the security of all users.
We design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.
aloha, Paul
On Wed, Aug 03, 2016 at 02:16:23PM -0400, Paul Syverson wrote:
On Wed, Aug 03, 2016 at 07:34:03PM +0200, Lunar wrote:
Paul Syverson:
On Wed, Aug 03, 2016 at 04:49:00PM +0000, Alison wrote:
The added line is "we will make most of our tools free of cost". Is that descriptive enough?
I'm not sure it covers the intent that (at least for me) came with this discussion. I'd like us to state we don't want cost to be a barrier to access our tools, rather than just a half-statement.
"Most" might invite people to contemplate what fraction of the tools are free of cost: Is it 51%, three-quarters, all but a few exceptions, etc.? This is a distraction from the point being made.
How about, "We will generally make our "
I like the long list, but it might be too long…
Anyway, another angle:
3. Our tools are universally available to access, use, adapt, and distribute
The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We do not restrict access to our tools unless it is for the security of all users. {+Wealth should not be a determining factor to access our tools, and we do our best to distributed them free of charge or at a fair price.+} We design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.
I'm glad we're trying to improve this.
Me too. I don't like "fair price" though, since it is already contentious in many cases (As an example that sometimes surfaces in public: is including the cost of development of a drug or disease treatment a determiner of the fair price for the patient?)
Also, sometimes it's not the price per se but the need for an economic transaction that can be a barrier to access.
Here's another refinement on yours that maybe does what both of us want. (I also added back 'services' to 'tools' rather than give the whole list. Please object if you think even that is too much.)
3. Our tools are universally available to access, use, adapt, and distribute
The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use.
Ability to pay should not be a determining factor in access to our tools or services, and we do our best to make these available to all users without restriction. More generally, we do not restrict access to our tools unless it is for the security of all users.
We design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.
Originally I favored Lunar's version, but after thinking about it for some time I think Paul's phrasing is important and re-enforces a point Nathan made about simply not having the option of paying for something, even if someone can monetarily afford it. I worry this commitment is becoming lengthy, but it's important and I'm glad Mike started this discussion. I also just noticed a slight contradiction that's now arising regarding restricting access to our tools. I'll try rephrasing it. I also sometimes mis-read the first sentence and coupled "less simply" instead of "simply being". I'll include a suggested rewording for that, too. The more diverse our users, the less is implied about any person by simply being a Tor user. This diversity is a fundamental goal and we aim to create tools and services anyone can access and use. Someone's ability to pay for these tools or services should not be a determining factor in their ability to access and use them. Moreover, we do not restrict access to our tools unless it is for improving the security of all users. In addition, we expect the code and research we publish will be reviewed and improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute this information. We also design, build, and deploy our tools without collecting identifiable information about our users. Unfortunately, now the last sentence seems like an add-on and doesn't fit very well. I think it's an essential commitment we should make, but maybe it doesn't belong under #3? Is #6 a better place? On the other hand, now I worry this focus on free access encourages advertisement-based solutions which are generally not suitable for our goals, and explicitly saying we don't collect identifiable information maybe prevents this. Should we mention third-parties? This seems like a rabbit hole... I think it's important we remember this is an aspirational document, too, and not strictly something that describes what we do or could do in the future.
On Sun, Aug 07, 2016 at 06:02:26AM +0000, Matthew Finkel wrote: [snip]
I worry this commitment is becoming lengthy, but it's important and I'm glad Mike started this discussion. I also just noticed a slight contradiction that's now arising regarding restricting access to our tools. I'll try rephrasing it. I also sometimes mis-read the first sentence and coupled "less simply" instead of "simply being". I'll include a suggested rewording for that, too.
I think the rewording is good. I'm not entirely happy with the connotation of the "improving the security of all users" sentence, however. Somehow to me it more conjurs up images of thinking as one is coding that this tool is too dangerous and advanced for the unwashed masses than does the rewording I attempt below. (I almost used 'supervened' rather than 'superceded', but that goes perhaps too far the other way: We made this tool with no idea of the danger we were getting into, and then had to take action because the resulting insecurity was too great. 'Dominated' would be another possibility vs. 'superceded', but perhaps gives the wrong connotation to those not inclined to think in terms of lattices, orderings, etc.) One other suggestion affecting both "becoming lengthy" and the disconnectedness you noted below. Why not split it into two commitments? Thus The more diverse our users, the less is implied about any person by simply being a Tor user. This diversity is a fundamental goal and we aim to create tools and services anyone can access and use. Someone's ability to pay for these tools or services should not be a determining factor in their ability to access and use them. Moreover, we do not restrict access to our tools unless access is superceded by our intent to make users secure. We expect the code and research we publish will be reviewed and improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute this information. We also design, build, and deploy our tools without collecting identifiable information about our users. Of course that's becoming lengthy in another sense of too many commitments items, but on balance I think it works.
Unfortunately, now the last sentence seems like an add-on and doesn't fit very well. I think it's an essential commitment we should make, but maybe it doesn't belong under #3? Is #6 a better place? On the other hand, now I worry this focus on free access encourages advertisement-based solutions which are generally not suitable for our goals, and explicitly saying we don't collect identifiable information maybe prevents this. Should we mention third-parties? This seems like a rabbit hole...
Hopefully the split above, addresses most of this. WRT third parties, I don't think we want to take the red pill here.
I think it's important we remember this is an aspirational document, too, and not strictly something that describes what we do or could do in the future.
D'accord. aloha, Paul
Thanks everyone for all your amazing input on this document! The consensus period is over and the positive responses were overwhelming - in fact, there was only one dissent, and that person decided to quit Tor over our use of "human rights". *shrug emoji* Here's the final product: https://pad.riseup.net/p/G38YNGrXoOtr. The last few changes I made incorporated Matt and Paul's final edits on point 3. This one is the longest point, but I don't think it needs to be split...it's really not so long that it's out of flow with the rest of the document. I'm gonna get final copyedits from Katie before I publish this on the blog, and then I'm going to add it to the Community Team Wiki and somewhere on here: https://www.torproject.org/about/overview.html.en. Based on conversations about this, it seems best to create a new part of that page for "Tor values" where we include our mission statement, the social contract, and other things that fit. Thank you again for all the work you've done on the social contract! I am so proud of the final product and I can't wait to share it with the community. Alison Paul Syverson:
On Sun, Aug 07, 2016 at 06:02:26AM +0000, Matthew Finkel wrote: [snip]
I worry this commitment is becoming lengthy, but it's important and I'm glad Mike started this discussion. I also just noticed a slight contradiction that's now arising regarding restricting access to our tools. I'll try rephrasing it. I also sometimes mis-read the first sentence and coupled "less simply" instead of "simply being". I'll include a suggested rewording for that, too.
I think the rewording is good. I'm not entirely happy with the connotation of the "improving the security of all users" sentence, however. Somehow to me it more conjurs up images of thinking as one is coding that this tool is too dangerous and advanced for the unwashed masses than does the rewording I attempt below. (I almost used 'supervened' rather than 'superceded', but that goes perhaps too far the other way: We made this tool with no idea of the danger we were getting into, and then had to take action because the resulting insecurity was too great. 'Dominated' would be another possibility vs. 'superceded', but perhaps gives the wrong connotation to those not inclined to think in terms of lattices, orderings, etc.)
One other suggestion affecting both "becoming lengthy" and the disconnectedness you noted below. Why not split it into two commitments? Thus
The more diverse our users, the less is implied about any person by simply being a Tor user. This diversity is a fundamental goal and we aim to create tools and services anyone can access and use. Someone's ability to pay for these tools or services should not be a determining factor in their ability to access and use them. Moreover, we do not restrict access to our tools unless access is superceded by our intent to make users secure.
We expect the code and research we publish will be reviewed and improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute this information. We also design, build, and deploy our tools without collecting identifiable information about our users.
Of course that's becoming lengthy in another sense of too many commitments items, but on balance I think it works.
Unfortunately, now the last sentence seems like an add-on and doesn't fit very well. I think it's an essential commitment we should make, but maybe it doesn't belong under #3? Is #6 a better place? On the other hand, now I worry this focus on free access encourages advertisement-based solutions which are generally not suitable for our goals, and explicitly saying we don't collect identifiable information maybe prevents this. Should we mention third-parties? This seems like a rabbit hole...
Hopefully the split above, addresses most of this. WRT third parties, I don't think we want to take the red pill here.
I think it's important we remember this is an aspirational document, too, and not strictly something that describes what we do or could do in the future.
D'accord.
aloha, Paul _______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
On 8 August 2016 at 10:59, Alison <macrina@riseup.net> wrote:
It's excellent Alison: congratulations :)
On Mon, Aug 08, 2016 at 11:44:33AM -0700, Sue Gardner wrote:
On 8 August 2016 at 10:59, Alison <macrina@riseup.net> wrote:
It's excellent Alison: congratulations :)
Yes, congrats. (And sorry that some of us indeed ended up doing some editing by committee. Hope the changes on net were worth the evolution away from your instructions.) aloha, Paul
Sue Gardner:
On 8 August 2016 at 10:59, Alison <macrina@riseup.net> wrote:
It's excellent Alison: congratulations :)
Thank you Sue! Alison
Lunar:
[...] for the security of all users. {+Wealth should not be a determining factor to access our tools, and we do our best to distributed them free of charge or at a fair price.+} We design, build, and deploy [...]
I think this rewording nails it on the head: the spirit that we (I?) want here in #3 is that we _should_ strive to make our tools as accessible as possible with regard to acquisition, use, and reuse: including (as Katie pointed out) the accessibility issue of cost. The Social Contract should encourage everyone who works on Tor-related projects to keep things like this (freedom of availability & accessibility) in mind. (Along with the other points in the Social Contract.) I think it does a great job at that. Kudos to everyone who put this together and everybody who's been contributing to this conversation. -- Mike Tigas @mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923
Mike Perry:
Nathan Freitas:
Lunar:
Wealth is already an important factor in one's ability to enjoy freedoms of opinion, expression, and association. If we agree that you can't really exercise these freedoms in the digital world without tools like Tor, I think such access to these tools should not be restricted by how much money you can spend on it.
While I agree that we should find ways to cover costs of production, or that I think it's ok to sell hardware with Tor preinstalled, I believe we should try to find business models that aim to balance the wealth disparities of this world, because I want our work to help balance power.
I agree with both of you in different ways. Requiring a user to be able to compile to get something free is not good enough.
Yes, I definitely hear Lunar and Kate's concerns about monetary barriers being real, and I think you're doing a great job getting us to synthesis here, Nathan. Thanks!
Some longer thoughts below, but I think the spirit of what we say should be "Always Free, but Pay What You Can".
This is good. I am still a little wary about some edge cases around "Always", especially when we start talking about hardware, but for pure software, I think this makes sense. More below. [...] Here's another example: Let's say that some major IoT company decides to use Tor onion services for authenticated, secure, and private device control. Those devices aren't free, nor is the rest of the software they run, but this company is more than willing to dedicate engineers and/or money to improving Tor onion service scalability, and they upstream all of their modifications to Tor itself.
If we define the social contract to frown on this type of behavior because the actual product using Tor is not Free, are this company's engineers not welcome at dev meetings? Should Tor not take funding from this company?
If the consequences for violating these norms are exclusionary (such as exclusion from dev meetings, certain mailinglists, team IRC meetings, and/or community governance), then I think they should aim for the largest acceptable union of our value systems on software development, not the intersection. This will ensure that the maximum number of people will ultimately end up using and benefiting from Tor.
As a related point: tor-core chose the MIT license, not a GPL-family license, for similar reasons.
While (as noted in other parts this thread) I think we're converging on a better wording of #3 regarding _aspiring_ to be free of cost, I think the input on this section of the thread is also an important reminder that to put Tor in the hands of as many people as possible, we will often need to enter into walled gardens or create products that need to have some cost attached, to provide Tor to as many people as possible that can benefit from access to it.
Mike Perry:
3. OnionBrowser costs $1 in the iOS App Store, but it is open source, and people are free to build their own versions. Would Mike Tigas be in violation of the social contract for doing this? For an extra wrinkle, OnionBrowser was not initially open source. Does that make a difference? (I think it does.)
Actually, it was! <https://mike.tig.as/blog/2012/04/16/onionbrowser/> From the start I always wanted folks to have the ability to audit the source code because I was convinced I'd done something amiss. But OK, I did a really horrible job of telling anybody about it, since I was semi-terrified of approaching the Tor community at the time. (Note: I think this was more social anxiety on my part -- I didn't know any of you! -- rather than anything about the Tor community at the time.) More on-topic, a quick (possibly half-baked) thought: When I built Onion Browser, I was mostly scratching my own itch and hadn't thought about the wider world of users. And at the time, the cost of the Apple Developer Program was a lot of money to me, and anything I could do to make that up was very helpful. (These things would probably be different if I was starting now.) What do we do about future people who want to work on something Tor-related of their own creation but do not have the socioeconomic means to do it for free? Or if they can't get financial support for it by Tor or the other orgs in this space (because they are not networked enough in this space, or their idea isn't in a current funding area, or etc)? What does it mean if the projects and viewpoints of the "extended" Tor community only represent those who already have the means to work on things like that? What I'm getting at is: I think we shouldn't lose sight of developer-accessibility and community-accessibility as we try to reduce the barriers for our users. (I think these all go hand-in-hand?) Having more people working on this and more diverse representations of cultures and experiences involved in this will only surely make us better. I do think this *is* noted well by the same point in the Social Contract, regarding free ability of use and adaptation and redistribution. But just wanted to air that out since I'm not sure that view was represented here. (Again, quick thought. Possibly half-baked / incomplete / etc.) (Off-topic side note: Among other improvements this year, I _am_ working on making Onion Browser gratis this year and figuring out some other way of allowing user financial support, such as what Nathan has been discussing; I hope someday that my app is no longer a weird FOSS edge case or counterexample that gets invoked from time to time. :) ) -- Mike Tigas @mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923
Hi all, Mike Tigas:
What do we do about future people who want to work on something Tor-related of their own creation but do not have the socioeconomic means to do it for free? Or if they can't get financial support for it by Tor or the other orgs in this space (because they are not networked enough in this space, or their idea isn't in a current funding area, or etc)? What does it mean if the projects and viewpoints of the "extended" Tor community only represent those who already have the means to work on things like that?
What I'm getting at is: I think we shouldn't lose sight of developer-accessibility and community-accessibility as we try to reduce the barriers for our users. (I think these all go hand-in-hand?) Having more people working on this and more diverse representations of cultures and experiences involved in this will only surely make us better.
I do think this *is* noted well by the same point in the Social Contract, regarding free ability of use and adaptation and redistribution. But just wanted to air that out since I'm not sure that view was represented here. (Again, quick thought. Possibly half-baked / incomplete / etc.)
This is a VITAL point and I'm so glad you brought it up Mike. Here's a line from the revised point 3: "Ability to pay should not be a determining factor in access to our tools or services" Do we feel that "access" here covers not just users but potential contributors? I know you said yes, but I want to be certain that we cover this because it's essential. Alison
participants (9)
-
Alison -
Kate -
Lunar -
Matthew Finkel -
Mike Perry -
Mike Tigas -
Nathan Freitas -
Paul Syverson -
Sue Gardner