[tor-project] The Tor Project Social Contract

Mike Tigas mike at tig.as
Wed Aug 3 23:18:52 UTC 2016

Mike Perry:
> Nathan Freitas:
>> Lunar:
>>> Wealth is already an important factor in one's ability to enjoy freedoms
>>> of opinion, expression, and association. If we agree that you can't
>>> really exercise these freedoms in the digital world without tools like
>>> Tor, I think such access to these tools should not be restricted by
>>> how much money you can spend on it.
>>> While I agree that we should find ways to cover costs of production,
>>> or that I think it's ok to sell hardware with Tor preinstalled,
>>> I believe we should try to find business models that aim to balance the
>>> wealth disparities of this world, because I want our work to help
>>> balance power.
>> I agree with both of you in different ways. Requiring a user to be able
>> to compile to get something free is not good enough. 
> Yes, I definitely hear Lunar and Kate's concerns about monetary barriers
> being real, and I think you're doing a great job getting us to synthesis
> here, Nathan. Thanks!
>> Some longer thoughts below, but I think the spirit of what we say should
>> be "Always Free, but Pay What You Can". 
> This is good. I am still a little wary about some edge cases around
> "Always", especially when we start talking about hardware, but for
> pure software, I think this makes sense. More below.
> [...]
> Here's another example: Let's say that some major IoT company decides to
> use Tor onion services for authenticated, secure, and private device
> control. Those devices aren't free, nor is the rest of the software they
> run, but this company is more than willing to dedicate engineers and/or
> money to improving Tor onion service scalability, and they upstream all
> of their modifications to Tor itself.
> If we define the social contract to frown on this type of behavior
> because the actual product using Tor is not Free, are this company's
> engineers not welcome at dev meetings? Should Tor not take funding from
> this company?
> If the consequences for violating these norms are exclusionary (such as
> exclusion from dev meetings, certain mailinglists, team IRC meetings,
> and/or community governance), then I think they should aim for the
> largest acceptable union of our value systems on software development,
> not the intersection. This will ensure that the maximum number of people
> will ultimately end up using and benefiting from Tor.
> As a related point: tor-core chose the MIT license, not a GPL-family
> license, for similar reasons.

While (as noted in other parts this thread) I think we're converging on
a better wording of #3 regarding _aspiring_ to be free of cost, I think
the input on this section of the thread is also an important reminder
that to put Tor in the hands of as many people as possible, we will
often need to enter into walled gardens or create products that need to
have some cost attached, to provide Tor to as many people as possible
that can benefit from access to it.

>>> Mike Perry:
>>>> 3. OnionBrowser costs $1 in the iOS App Store, but it is open
>>>> source, and people are free to build their own versions. Would
>>>> Mike Tigas be in violation of the social contract for doing this?
>>>> For an extra wrinkle, OnionBrowser was not initially open source.
>>>> Does that make a difference? (I think it does.)

Actually, it was! <https://mike.tig.as/blog/2012/04/16/onionbrowser/>
From the start I always wanted folks to have the ability to audit the
source code because I was convinced I'd done something amiss.

But OK, I did a really horrible job of telling anybody about it, since I
was semi-terrified of approaching the Tor community at the time. (Note:
I think this was more social anxiety on my part -- I didn't know any of
you! -- rather than anything about the Tor community at the time.)

More on-topic, a quick (possibly half-baked) thought:
When I built Onion Browser, I was mostly scratching my own itch and
hadn't thought about the wider world of users. And at the time, the cost
of the Apple Developer Program was a lot of money to me, and anything I
could do to make that up was very helpful. (These things would probably
be different if I was starting now.)

What do we do about future people who want to work on something
Tor-related of their own creation but do not have the socioeconomic
means to do it for free? Or if they can't get financial support for it
by Tor or the other orgs in this space (because they are not networked
enough in this space, or their idea isn't in a current funding area, or
etc)? What does it mean if the projects and viewpoints of the "extended"
Tor community only represent those who already have the means to work on
things like that?

What I'm getting at is: I think we shouldn't lose sight of
developer-accessibility and community-accessibility as we try to reduce
the barriers for our users. (I think these all go hand-in-hand?) Having
more people working on this and more diverse representations of cultures
and experiences involved in this will only surely make us better.

I do think this *is* noted well by the same point in the Social
Contract, regarding free ability of use and adaptation and
redistribution. But just wanted to air that out since I'm not sure that
view was represented here. (Again, quick thought. Possibly half-baked /
incomplete / etc.)

(Off-topic side note: Among other improvements this year, I _am_ working
on making Onion Browser gratis this year and figuring out some other way
of allowing user financial support, such as what Nathan has been
discussing; I hope someday that my app is no longer a weird FOSS edge
case or counterexample that gets invoked from time to time. :) )

Mike Tigas
@mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160803/c497a0b2/attachment-0001.sig>

More information about the tor-project mailing list