[tor-talk] Fwd: I Encourage Everyone, Right Here And Now, To Donate Money To His Three Main Security Programs, Which He Uses The Most!

[WhonixQubes]

привет :)

Thanks for posting this story.

GPG is certainly a fundamental tool that many of us rely upon and is 
well-deserving of more donations and funding.

I will certainly donate some euros to him soon.


I'm developing security/anonymity-focused free software (Qubes + Whonix) 
without any funding or donations, but am largely driven by my strong 
personal desires for having and using such software. This strong 
personal desire sustains me as long as I need such software for myself 
(probably several years into the future). And I'm focused on a software 
platform that affects my entire computing base, from low-level system 
infrastructure to high-level user applications.

I could see how not really truly personally needing his own software, or 
focusing so tightly on maintaining a secondary component of his own 
computing needs and for other people, would wear on a developer/person 
over time, compared to the development situation I'm currently in.


Overall the free software community focused on security and privacy 
really needs meaningful investment made into it that reflect its 
fundamental value to society.

Sadly, most users just want shiny new stuff with cool features, and so 
closed source mainstream technology corporations see the majority of all 
demand and revenue from users.

Sadly, the most powerful arms of governments around the world do not 
want robust open source security and privacy/anonymity tools to be 
successful.

Leveraging the self-interest of corporations and wealthy individuals is 
probably where the most fertile ground currently exists for large 
funding of open source security/privacy tools.

There probably needs to be a further mass culture shift of realizing...

Open Source = Trustable = Secure/Private

Closed Source  = Untrustable = Backdoored/Spyware


The corporations and wealthy individuals take in trillions per year. 
Spending a fraction of a fraction to ensure the technology that their 
organizations, families, and themselves personally use is 
trustworthy/secure/private and is not compromising their own lives 
should be an investment no-brainer for them, since they as a class 
control trillions per year in financial resources. If they can just make 
the very good association to open source technology and very bad 
association to closed source technology. Unlike less-powerful 
organizations and less-wealthy people, they have both the means and 
motives to ensure that their technology is not screwing them, by 
investing into key open source projects.

As more business executives and business IT people make the association 
of closed source being untrustworthy, there is probably some growing 
market demand for business products to deliver open source security and 
privacy technologies to businesses/corporations. It would be great if 
there were more beneficial financial links between successful open 
source security/privacy products and the open source infrastructure we 
all widely rely upon. For example, just *one* popular security/privacy 
tool, based on open source, could generate the funds to double or more 
Tor's current stream of annual funding.

And, also, I wonder why "bad guys" of the world don't regularly invest 
many millions into open source technology development. It would seem to 
be in their logical opsec self-interest and they have the economic means 
as well. Not that they'd openly write checks with their name on it, but 
done anonymously via cryptocurrency etc.


Low open source funding is probably one of the biggest security holes to 
the integrity of our infrastructure/security/privacy/anonymity tools.

It is hard to even point to a stack of existing tools for anybody, even 
including to us security/anonymity tool developers, to remain truly 
secure and private, since so much key infrastructure is so over-bloated, 
under-verified, and ripe for exploits.

This quote from the article is probably also one of the key reasons why 
our industry of open source security/privacy remains so grossly 
under-financed...

"Really I am better at programming than this business stuff."

The "business stuff" is a fundamental key for ensuring the successful -- 
not just social mission -- but actual core technical integrity of our 
security/privacy technology.

We'd be many years ahead of our current development and verification 
curve as an industry if we had greater financial resources within our 
currently teeny tiny industry that probably at least hundreds of 
millions of people are directly trusting in and relying upon.

Those who have the most money and most to lose should be running to 
invest in key projects. And we should do better at positioning ourselves 
and our industry for such (ethical) investments.


Such a critical issue!

Thanks,

WhonixQubes