privacytoolsIO
commented
5 years ago Another benefit of more income from affiliate: We could fund small privacy open source software / service projects in form of donations, too.
Closed jonaharagon closed 5 years ago
privacytoolsIO
commented
5 years ago Another benefit of more income from affiliate: We could fund small privacy open source software / service projects in form of donations, too.
ghost
commented
5 years ago Would you stop trusting privacytools.io if this were to happen? No Do you mistrust recommendations tied to an affiliate link in general? sometimes/depends.
What kind of proper disclosure if any should be implemented if we did this?
my thoughts... there are pros and cons to referral/affiliate linking (that lingering unasked question) and really all three of your questions fall into an answer to this last one for me and align with recent forum thread and git issue on "knowing more" about the folks behind PTIO. I think a public name (legal) individual, likely you, would be a required disclosure, minimum. with all other direct access (to code and server administration, any service) signing trustee paperwork or similar (again, legal name) and held by the 'public name individual'.
oh, and a very strong legal liability disclaimer (which isn't a bad idea anyways;)
All that for some referrals? yah, it is too much (probably more towards a non-profit by then) but really I think it boils down to a simple assurance, and we (the humans) want to know who's responsible as we struggle with "trust" everywhere online. and I while I don't assign cred to you for the recommendations on ptio, (that is community feedback driven, as I've observed and participated in seeing those changes this past few months) I'd still like to know a bit about who's behind PTIO and where the referral/affiliate money goes, even if simple categories on a quarterly basis and a little bit of roadmap ahead (blogged?).
I will still be a regular participant either way it goes regardless. (so keep us running Jonah!:D))
blacklight447
commented
5 years ago I wouldnt advise this. Stuff like this can very easily start rumors and drama in the community about us selling out and what not, I say take the safe route and keep our hands away from the dirt.
five-c-d
commented
5 years ago we'd never attach our name to something we didn't believe in
This is where the problem would happen. Beliefs change over time. If you start pulling in money via affiliate-links, there is a permanent never-wavering always-beckoning risk to sell out. Eventually it will happen. It won't be because you recommend something you don't believe in. It will be, because you subconsciously, and gradually -- almost imperceptibly -- convince yourselves, hey, I really do believe X.
It doesn't matter what X actually is. If you accept sponsorship from a VPN provider, you will resist that VPN provider getting de-listed. If you are pulling in a large chunk of change from BraveBrowser, and you see BraveBrowser up for de-listing, you will -- consciously or subconsciously it does not matter which -- start to believe, hey you know, BraveBrowser is something we really believe in, and we've had them listed for N days now, and sure this new information might make them not in the top3, but if we delist them think of all the great projects we will need to cancel because of the drop in BraveBrowser kickbacks.
Mozilla started going downhill the minute they started taking money from Google. They needed the money, because of scope creep: they stopped defining their project as "make the best browser" and started defining it as "improve the web in general". They spent the money on a lot of good people writing a lot of good code. But they lost their independence. Wikipedia doesn't sell adverts. They don't take money from the subjects of articles. They don't allow perks or kickbacks or financial consideration of any kind.
> legal incorporation for tax deductible donations There is no hurry on this. Find a fiscal sponsor -- aka a sugar daddy -- like signalapp did, and wait until you can safely build up your nest egg. In short: not a good reason to start taking affiliate juice. > services that directly help activists Again, that would only happen in the very long term. More that five years from now. Only reason to mention such things, is to get you thinking ahead. No pressure to implement, and very definitely, no making risky bargains that could go bad. Grow organically, in a way that is always fiscally conservative. > We're now offering some online services which > cost quite a bit more to operate than a simple website No hurry. Cut costs by the simple act of, not spending money. If you accept donations, and you look at the donation-stream as a potentially infinite money-tree, you will always spend 90% of what comes in. You should instead view the donation-stream as fickle and uncertain. Invest 50% of it into building up a long-term endowment. Use 25% of it in any way the core team sees fit, ideally, to pay the core team for their time -- not just over the past 30 days, over the past 30 *years* of learning to make solid recommendations. The other 25% should be in the services side of the project. You will probably not be very tempted to dig into the 50% endowment side of the donation-stream, to pay for secret lairs and other such things. You will be SORELY tempted to take some of that endowment money, and sink it into online services, because if you run online services on a shoestring, they suck, so you either pour money in or you cut the most costly services from your roster. Cutting is the only decision you won't regret, in the longer term. Cutting is hard. It will make the core team's job *into* a job, because you'll have to be the ones making hard decisions. But if you defer making the hard decisions when the money coming in is good, you won't have the practice of doing it when the donation-stream falls short of hopes and dreams. > could fund small privacy open source software / service projects That is true, but that goes right back to my question in 848 -- is privacyToolsIO intending to become a software development startup, which builds tools that compete with the ones in the listings? Hosting services, and paying for the bandwidth, and wanting to monetize those services with an advertising-based business model, is a classic kind of venture-capital backed startup-SaaS biz-plan. Funding libre-licensed security-software, is such an old biz-plan is actually predates the FSF even! But this is a terribly risky path, even more than the risk of affiliate linking: how can a project that has been **funded** by privacyToolsIO **money** EVER get delisted? Wouldn't that prove the money was wasted? How can a tool that privacyToolsIO *is hosting* ever get delisted, or even merely demoted? Wouldn't that prove the wrong decisions were made? > Do you mistrust recommendations tied to an affiliate link in general? Inherently it is impossible to stick to your principles, if you also have a lot of money riding on NOT sticking to your principles... unless you are more strong-willed than any politician who has ever lived, more able to resist the siren song of ends-justify-the-means than any charitable entity which has even been created, and more capable of clear-eyed objectivity than the most stoic inerrantly logical philosopher ever to put pen to paper. In a word: yes, if you are getting a kickback from listing a tool, it is inevitable that this will impact the quality of the tool-listings. > not a list of companies who are able to pay the most. > We already have Google for that Got a laugh out of this. Funny because it is true. But I'm old enough to remember when google.com first appeared. They were arguably the ONLY search-engine that had a search-page free of advertising-banners and clickbait and horoscopes and portal-crap. They didn't treat their homepage like a nascar vehicle on which every square millimeter was yet another way to sell adverts. They were one of the VERY few search-engines, and the only GOOD search-engine, which did not have a plan to monetize search-placement. They were stanford nerds who had figured out the backlinking concept as a way to algorithmically crowdsource rankings that were valuable without needing humans to put a thumb on the scale. And look how times have changed, in the years between 1998 and 2018, as google turned from a core team of programmers with the motto of Don't Be Evil and also We Don't Do Horoscopes, to what they are today. As a firm that was always about giving their software away and monetizing it *without* charging subscription-fees, Google is not that much different from lots of other VC-backed startups. But they ended up where they ended up, because of how they started out, and the risk they were willing to take to get success. Don't take those kinds of risks. If you start taking affiliate juice in 2019, with the best of intentions, and the incorrigible willpower, you can probably keep up your defenses until 2029, maybe even longer. But what about 2039, let alone 2049, and so on? Time devours all, and the pressure to keep the affiliate money flowing in will become unbearable. > Would you stop trusting privacytools.io if this were to happen? Nope. Not this year. Not next year. I'd still like the people running it, even when I stopped trusting the listings. But for sure, SOME year, the listings would suffer, and my trust would suffer accordingly. Hmmm... maybe a "silly" analogy will help? Just like when you see an egg lazily rooolllll off the edge of the counter... there is a seemingly-long moment as you watch the egg, which is still a perfectly good and edible foodstuff, gather speed at 9.8 m*s^-2 on the way to the hard hard kitchen floor. There is nothing wrong with the egg. It is no longer on the countertop, sure, but everthing is still just fi.... splat. Suddenly the egg is no longer really an egg anymore, it is splattered everywhere. And there is no putting it back together again, even if you have a bunch of horses and soldiers at your beck and call. If you were to see the scene from the perspective of the egg, you would see a meandering roll on the countertop, the decision to try rolling towards this funny part where the countertop seems to curve over, an exhilirating sense of purposeful motion, accelerating towards ... splattering all over the place and not really understanding how it happened. privacyToolsIO ain't really an egg. You folks might dive off the clifftop, and find you are able to construct a hang-glider in mid-air, on the way down, and then swooooop away from the splattering-zone, riding DIY aerodynamics which will keep you aloft, and learning to circle in the thermals and conserve lift **indefinitely** like in a storybook. But although it's a nice story, the chances of that happening are very small. More likely is that, as with most entities in the past that have come to a decision-point of whether to start monetizing their core, by promising themselves NOT to ever lose objectively whilst they talk themselves into TEMPTING that objectivity with direct financial benefit... ...or... finding Some Other Way to keep the lights on. And to keep doing what you are doing. Which is providing ***actually good*** advice to everyday endusers. Clearly with a mission in mind, to fight global mass surveillance, by educating the masses, and arming them with knowledge of the best tools to *defend themselves*. In short, privacyToolsIO is in the knowledge-business right now, just like wikipedia. You are providing neutral factual highly-eyeballed loose-team KNOWLEDGE to normal folks. This is extremely hard to do well, as all the useless websites shilling "top 5 vpn providers" out in the wild are proof of. Part of the success of privacyToolsIO is that you know your stuff, and you concentrate on providing knowledge to the everyday readership, normal folks, to help them learn to defend their own privacy. If you shift to being some kind of SaaS startup which provides hosted services, or even moreso, to being some kind of donation-funded equivalent to a software&services infosec startup "venture capital" firm which is picking and choosing *which tool-projects to give money unto*... you are no longer in the knowledge-business. Now you are in the TOOLS business, you are no longer helping everyday readership learn how to defend themselves, you are **competing with the software projects in your own listings**. Before you were trying to awaken the sheeple by giving them knowledge, teaching them to defend themselves, by recommending the objectively-best tools they could use. In the new&improved privacyToolsIO you are participating in the *manufacturing of the tools* directly. No longer will you be capable of providing objective advice on the tools available, because some of the tools WILL HAVE YOUR NAME ON THEM, and some of the tools WILL HAVE BIG BUCKS AT STAKE which you will ***know*** are at stake. When a politician that has strong principled stands, runs for office, they are telling the electorate the following: hey, you can trust me to do what I say, because I really strongly believe what I say and I will stand for my principles *no matter what*. Some of those politicians are legit, they really do have strong stances and they really are uncorrupted once in office, despite all the vast amounts of money at stake from lobbyists and diplomats and campaign consultants and special interest groups and so on. But it is really hard to get things done, as a politician, to pass legislation, if you won't work within the corrupt system. (It doesn't matter what country, they are all SOMEWHAT corrupt nowadays, there are vast amounts of money and power and those are what makes the wheel go around not the rare politician who stands strong on their ideological beliefs.) So there is a constant constant temptation to make just a *small* tradeoff, to compromise just a *little* bit, whilst promising yourself -- and your electorate -- that you are only doing this because it is a worthwhile compromise, that you will still REALLY hold true to those strong ideological beliefs, that nothing will TRULY have changed. And sometimes it even works. Once. Twice. Maybe three times, maybe half a dozen times. Hard to stop though. Once you get practice convincing your psyche to compromise on principles in order to get more power and money, it becomes... very... hard... to stop. Usually the shift is so subtle it cannot even be noticed. You just, find that your strong clear ideological beliefs, the ones that got you into office, the ones that electrified the electorate and set your grassroots campaign on fire, back in the day, seem just as clear in your gut... you know you are doing the right thing when you make Yet Another Compromise, because you have always trusted your gut-feeling to lead you to success. However, you no longer seem to be able to explain clearly *how exactly your ideology matches your actions*. If you practice, you can get really good at rationalizing the mismatch, and covering it over with complex arguments about ends-justifying-the-means. But by they you are already lost. Because, you started down a slippery slope, without fully realizing how treacherously subtly the gradation and the slickness was. You had good motives, you wanted to accomplish good things. You had good intentions, you promised not to lose objectivity. But none of that matters in the aftermath, all that matters is you put yourself in a position where you would be constantly tempted to jettison your ideological axioms in return for immediate gains, and THAT was your mistake, THAT is what inevitably led to irreversible repercussions. > financially we aren't compensated for any of that That's correct. Because you aren't in the business of **selling Brave**. You are in the knowledge-business, of informing people of the best tools for them to defend themselves against global mass surveillance, *not in the tool-selling-business*. The reason you aren't getting a sales commission, is because right now, you aren't selling, you are objectively reviewing. Don't risk that objectivity, by accepting the sales-commission, please. > We don't have affiliate links and > we don't accept payments > from the teams behind the software we recommend Correct. That is the only sound policy. Anything else will put your objectivity at risk. Setting up a permanent temptation, with a lot of fungible money-streams on the line, and you will have wrecked the decision-making process. > privacytools.io is supposed to be a completely unbiased > source of information on how to protect your privacy This is not correct. It is supposed to be a completely biased source of information. It is supposed to be **biased in favor of the readership's privacy** and therefore ruthlessly biased against any tools which fail them. The tools in the listings are not *friends and allies* they are strictly *subservient* to the mission of helping readers fight global mass surveillance. Don't confuse the tool, with the person using the tool. Make sure that privacyToolsIO stays in the knowledge-about-tools business, the educating-the-readership business, **not** in the tools business yourselves. You've gone from a sword-critic, to being a sword-manufacturer, and that will ruin your ability to critique swords *ruthlessly*. Not at first. But there will be constant almost imperceptible pressure. Never going away. Never lessening. For years and years and years. Don't think about how you are able to promise yourselves you will stand strong against the financial temptation. Think about how many politicians and how many tech-startups have made promise like Don't Be Evil ...and what they looked like decades later, because of such temptations and compromises. > I don't think the use of affiliate links is inherently unethical Obviously. Neither is selling deodorant. Sales is not an unethical business, it is using your skill at persuasion, to convince people to buy the product, that you are being paid to sell. Make very very very sure you want to be in the sales-business, hawking software-tools that you have a financial stake in. It's not ***unethical*** to be in the sales-business, but it will slowly and inevitably convert privacyToolsIO from a libre-licensed knowledge-project, into a marketing-flyer. Plenty of websites provide knowledge, and in return for providing knowledge, they have affiliate-links to amazon.com books. Sometimes they also *write* books. Nothing wrong with that, they are in the knowledge-business. Printed books are risky though, because there is a temptation to convert the knowledge-website into a teaser-portal that is designed to sell books. Only the very rare ideologically-motivated author puts their ENTIRE book on the internet, gratis. Such as for instance, Cory Doctorow of the EFF, who does just that. His book Little Brother is a privacy-guide with an incredible amount of knowledge. You can buy it if you like, or you can read it today, no charge. He makes enough money to keep on writing AND he is a living example of the principles he advocates. But most places that publish books-for-money, or academic-papers-for-money, **keep some of the best knowledge** secret, locked behind closed doors that only money will unlock. They are no longer in the knowledge-business, in other words, they are in the selling-books-biz. > If you don't trust us (the team and the community of contributors here) > to not shove BS in your face when you visit our site, > then what are we even doing here? Building a machine to manufacture objective, ruthlessly brutal, critiques of tools. With the mission of thwarting global mass surveillance. And the means to that end, is educating endusers about which tools will ***best*** let them defend their own privacy, and boost their own security. We are not a defense-contractor that *builds tools* here. We are a consumer watchdog organization, that critiques the tools, investigates if they contain trackers, distills huge amounts of time and effort down into a top3 list for everyday humans that want to get a big boost in their privacy. In return, some small number of those everyday humans, will donate a bit of money. Not a lot of money. Not enough money to run some kind of VC incubator for libre-licensed privacy-tools-manufacturing projects. Not enough money to run some kind of SaaS effort which provides bandwidth and sysadmin time to *directly* boost the privacy of endusers. Plenty of money to maintain the listings though, to keep the core-team satisfied with the hours they devote. As the readership grows, and the listings remain objectively good, the flow of donations will also slowly grow. SLOWLY mind you. Achingly slowly. If only you could monetize the site NOW, there are a lot of great things you could do with that money RIGHT NOW, because money is fungible. But monetization is itself risky, you are putting the objectivity of the listing on the line if you are not sooooo careful how you monetize. Changing from a tool-info site into a tool-host-and-tool-incubator, is soooo dangerous to the trust of the readership. > Ultimately we're making these recommendations to a wide audience, > and whether or not we're using affiliate links or 'clean' links shouldn't matter. Unless the monetization-process itself, ends up costing the objectivity of the listings. Aka destroying the machine you built, the one which manufactures objective, ruthlessly brutal, critiques of tools. Because that is WHY the recommendations are valuable, to that wide audience. > If you would stop trusting privacytools.io as a source of information > because we used an affiliate link > then IMO we have already failed. You wouldn't lose any trust at first. Because you would stay strong in the face of temptation. At first. But what about three years from now, when a large portion of the tools listed are giving the affiliate-stream a significant boost, and the money from affiliates outweighs the donation-stream? What about ten years from now, when privacyToolsIO has gone from being ranked 300,000 on the alexa global website list, to being in the top 1000 websites in the world, and you have so many MANY pageviews per day that just the slightest little tweak in the listings, which moves a project from which you get no kickback, down to a slightly less prominent position in the listings, and a project from which you do get a kickback, slightly more prominent in the listings, is enough to cause a leap in the money-flow? What if the tool-vendors *know this* to be true? Will the list of webmail providers, remain objectively solid? Or will your promise, ten years ago back in 2019, to never lose objectivity... will it have slowly decayed under the constant temptation to let the ends justify the means? Won't some of the vendors figure out the system, and determine, that if they just provide enough affiliate juice, they will get WorthMentioning status? No harm in that, right? > then IMO we have already failed. Failed at gaining trust? No, privacyToolsIO has gained trust. Where you will have "failed" is in loss of concentration on building a machine to fight global mass surveillance, by educating the masses on how to defend themselves from it, and shifting over to the tools-business where your listings are a catalog of your own projects. Is that even a failure? Or is that a natural evolution? Well, it depends. Is the goal to have objective listings, which the readership can trust, because they ARE ruthlessly objective? If so then getting into the business of using the listings to recommend your own tools, and those of teams with which you are affiliated (as the funding-partner or as the kickback-partner doesn't matter), could be considered a failure. But if the listings are just, a way to get some reputation in the privacy-oriented software-industry, so that the core team can have a software-startup which provides SaaS and also a software-incubator that funds hand-picked industry-alliance-partners, then it is not a *failure* it is just a natural progression towards the real goal, founding a company. But to me, the mission is to fight global mass surveillance, and there are already a lot of little corporations and foundations (plus not-so-little ones like Signal Foundation with their billionaire backer Brian Acton and their hotshot super-wizard Moxie Marlinspike) which are in the tools-business. There are precious few places that are in the meta-tools business, which is to say, in the business of critiquing the tools and telling the masses what to use. Websites with top 5 listings are a dime a dozen. So how can there be precious few which are in the meta-tools business? Because, almost all those websites, without exception, are biased and pushing an agenda, sometimes a product-marketing agenda ("here are 4 famous VPN providers plus 1 more which Just Happens to give me a juicy affiliate-kickback") and other times a personal opinion agenda ("Moxie is evil and that means Signal is evil and here are a bunch of tools ***so*** much more betterer than Signal because Moxie didn't write them"). There are precious few meta-tools websites that are ANY USE, in other words, to the everyday enduser. Sites that don't have a hidden agenda, motivating their listings and their de-listings. Wikipedia and privacyToolsIO are probably the only two, in fact, that I know. Some of the sites linked to *from* privacyToolsIO, also are legit (not all of them tho ;-) > I would hope that you would be able to trust the intentions of us > simply because you trust in what we do. Sure, I trust that your intentions are good. Not only do I trust they are good, I'm 100% certain they are good. But good intentions are insufficient to avoid the kind of risk you are contemplating taking. And in some cases, are already waist-deep into implementing. The question is not whether I trust in BurungHantu and JonahAragon and the other core-team folks. The question is not whether I trust what you decide to do. I like you folks. I trust that you will do good things, whatever decision you make in 2019, and also whatever decision you make down the road. The question is whether THE LISTINGS will be able to retain trust. And good intentions will not fucking save the objectivity of the listings. Only one thing will save that: incorrigible focus on determining that you WANT to be in the knowledge-business, that you WANT to remain one of the precious few Top-N-websites that is actually worth the electrons it is printed upon, and then determining how to STAY objective as you organically grow. There are a vast number of pitfalls and traps, some of them subtle and some of them seemingly-obvious yet oh-so-tempting. Affiliate links are in the pitfall-and-trap category... **if** the goal here is to build a machine for producing objective listings, ones that everyday consumers can ACTUALLY trust, year after year after year, not just in 2020 but in 2030 and 2040. So I don't *mind* what you decide to do. It's your project, and maybe you will decide, hey we need to become some kind of cool new privacy-oriented software-project incubator. Okay then, sounds neat. But I guarantee the objectivity of the listings will suffer, maybe not in 2019, maybe not in 2020, but if not by 2025 then for sure by 2035, no question in my mind. The egg will have rolled off the table, it will only be a question of how long time will stretch out before the inevitable splat. By then you might not even care, if you are pulling in One Miilllliion bucks from your vast cornucopia of subscription-services, you can just pull the plug on the listings and redirect to the https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients from your old no-longer-really-relevant https://www.privacytools.io/software/im because you aren't in that business anymore. But I don't think you should do that. I think you should clearly separate your goals and efforts, and you should not let the funding of tools-projects, and the funding of tools-services, and the funding of the-machine-to-ruthlessly-critique-tools-and-spit-out-objective-listings-that-can-be-really-trusted, get intertwined. Compartmentalization is a fundamental infosec technique: sandboxing, VPNs, VPSes, mandatory access controls... instead of thinking "hey the core team is just a set of humans and everything those humans do is trustworthy" you need to be more like Qubes. Some percentage of the money coming in? Endowment fund. Who is trusted to spend that money? **Nobody**, it is the *endowment fund* hands off firewall it away where you cannot get it. You will need a person that has the root password, or maybe some kind of cool multiple-person-crypto-key setup where endowment money cannot be expended unless 87.5% of the core-team digisigs the payout? Some percentage of the money coming in? Salary. Who is trusted to spend that money? The recipient. Founder gets 0.256 of the salary-portion, the four core-team members who have been around longest each get 0.064 of the salary-portion, the four core-team members who have been only recently brought on board each get 0.016 of the salary-portion. Maybe dedicate another 0.256 of the salary-portion to contributors outside the core team, people that have submitted pull-requests which got accepted maybe (but Signal Foundation tried that and it severely failed... simple typo-corrections were "not accepted" because the repo-owner subconsciously didn't want to pay out the bitcoin for such a trivial fix... complex upgrades were subtly discouraged because the hours weren't worth the bitcoin-ego-boost they would have resulted in... very tough to do any sort of pay-per-bugfix kind of setup without screwing up the dynamic you are trying to reward!) That still leaves another 0.168 of the salary-portion of the incoming donation-stream, that you can use to pay for needed services: lawyer, accountant, secretarial, whatever you need. At first, in 2019, it will be a pittance. You'll need to beg for pro bono services from some kind of fiscal sponsor, an upstream sugar daddy which already has a legal entity in place. That's fine. If the site continues to have trusted objectively-good listings, popularity will grow, pageviews will grow, donation-stream will -- slowly but surely -- grow as well. Some of the time, you will "have" to put some of the salary-money you receive, back into running the site. But this is good. It's up to you, the salary-recipient, on where you wanna spend the money. If you wanna spend it to hire a lawyer and help you draw up 501c4 status, that is cool. If you wanna spend it on a secret lair, also cool. You earned it. Spend it where you wanna spend it. The rest of the money, coming in via the donation-stream, will be (if you follow my rough recommendations that 50% goes into the endowment and 25% goes into salary-portion) around 25% of the donation-bucks, and those can be spent on operational costs. Paying OVH to host you. Paying for the upkeep of the forum and the mastodon and whatever other stuff privacyToolsIO needs to **build a machine** for producing ruthlessly-critiqued objectively-good listings that will educate the masses on how THEY can fight mass surveillance. This is the most important portion of the money, because it won't be enough. You'll wanna have more. You'll think of all the good things you can do, all the needed services you can fund, all the special projects that have been languishing. But exercise iron discipline. No eating the endowment-portion. No pressure to plow the salary-portion into operational expenses. Put a process into place, where the core team does budgeting every six months, FROM ZERO every time no exceptions. Somebody on the core team nominates a service or project or vendor or supplier to be funded, and a discussion is held on how much funding to tentatively allocate them. Not an abstract discussion. One in actual dollar-amounts. Because you don't **predict** how much money will come in, from the donation-flow during the next six months. You budget from the money which came in during the *previous* six months. Meaning, at the start of the budget-process, the core team KNOWS how much money they can spend. It is already in the bank: however much money came in from January thru June, is how much money can be expended during the upcoming July-thru-Dec timeframe, *no more*. And you make the decisions in July, how to allocate. And you only allocate 0.900 of the Jan-thru-June donation-portion dedicated to operational expenses, always hold 0.100 back in case suppliers hike prices on you or whatever. Thus, not only do you have a dollar-value that is available to be allocated, you also have an iterative process (every six months in a sprint-period), where the core team nominates projects to *keep on getting funding* and ones to *get their first funding*. Inevitably there will be more cool projects than the operational expenses are able to fund. That is good. That means you are exercising fiscal discipline. That means you will have practice prioritizing and cutting and figuring out what is REALLY essential and what should be dropped. Just because something is dropped, doesn't necessarily mean it will disappear. Maybe the core-team decides that hosting gitea has become too expensive for their donation-flow to sustain, and they don't wanna expend any money in the upcoming budgetary period for it. Well, build some time into the budgeting-process, so that after a decision is made, that gitea (or whatever) will be getting the axe, that you can post a big banner "hey we do not have the money to keep this thing operating if you depend on it and wanna see it stay alive then here is a button to donate before the scheduled july 30th shutdown-deadline when our hosting fees come back up and here is a button to make a backup of the data if you wanna host yourself elsewhere". Sometimes the core-team folks will *themselves* hit the button, and plow back some of their salary-portion (or some of their own private assets) into keeping gitea-or-whatever operational another six months. Other times gitea will shut down, and you won't have bandwidth-expenses for it. Don't make it an unorderly shutdown, when you do need to make cuts -- leave a window to operate for 30 days, make backups of all the data in case you decide to re-activate someday in a future budget-discussion, and so on. But don't keep paying for things you cannot afford. Practice making cuts, and make those cuts stick. Never get in the habit of ASSUMING salary-portion monies will be plowed into projects that didn't get operational-expense-portion monies, because that would make the salary-portion meaningless (it would no longer be earned it would be "leased"). None of what I describe above is easy, but it isn't that hard either. Pick an endowment-percentage, and set aside what comes in where you cannot touch it. Pick a salary-percentage, and a scheme to divvy it up. The rest is operational-expenses, and you should setup a budgeting-process that you believe is gonna keep the lights on AND also fund some cool things -- but not TOO many cool things, and always remember you are in the knowledge-business not in the software-incubator-and-SaaS-business. Some people on the team, might also be in the software-incubator business. Nothing wrong with wearing many hats. But if @Mikaela is busy funding her own team to build an awesome new XMPP client which is cross-platform and comes with a built-in-server-node so that setting up your own OMEMO server happens *automagically* ... she is no longer going to be capable of being objective about MikaelaChat(TM) because it has her name on it and the sweat of her brow plowed into it. (p.s. This would be a cool project that would effectively make xmpp into a p2p system ... and by my back-of-the-envelope calculations most post-2015 smartphones have the horsepower to run an xmpp server locally when on wifi.) If she is working hard on MikaelaChat, does she get kicked off the core-team? Of course not, that would be foolish. But she no longer commits in the IM section, because she's in the IM-business now! She is not in the VPN business though, so she is still going to be objective there. Compartmentalize, compartmentalize, compartmentalize. Over on the about-us-page, specifically say "Mikaela has been on the core team since YYYY, and outside her role here, she is also on the MikaelaChat team" or whatever. If and when there comes a time when MikaelaChat **does** get added to the listings, put a big purple warning-circle on it, which discloses "hey one of the core-team is involved with funding MikaelaChat -- here is the link to where it was nominated for inclusion and here is the discussion of how to word the listing and here are the commits which implemented the outcome". We want people to trust the listings, and if some of the people responsible for commits to the repo, are also involved in funding or building or affiliate-linking-or-whatever with the tools themselves, this HAS to be disclosed. But it is better not to NEED to disclose potential conflicts of interest, by simply, *not having any* to disclose. No taking payments from tool-teams. No giving payments to tool-teams. No perks, affiliate links, free tickets, luncheon invites, ANYTHING that could be construed or miscontrued as a form of kickback. Wireapp is listed in the IM section, and they email the privacyToolsIO core team and say "hey for evaluation purposes we would like to give you free wirePro and wireRed subscriptions" **turn them down**. VPN providers want to let you have free subscriptions to their services? Turn them down too. Signal Foundation wants to pay you money to host their discourseForum? Well... that **might** not be a bad idea, as long as it is a *business* transaction and not a *marketing ploy* by Signal to boost their listing-position! (Right now signalUsers.org hosting is outsourced to discourseHosting because the signalapp devs are trying to concentrate as hard as they can on signalapp itself -- they don't have time to spend messing around configuring a privacy-respecting forum, they didn't even change the default forum TOS which still say "The following [terms and conditions](https://community.signalusers.org/tos) govern all use of the $YOUR_DOMAIN_HERE website..." which I find pretty amusing ;-) I've also suggested the guest-blogger-of-the-month kind of scheme, which would involve somebody like Daniel Micay or Moxie Marlinspike writing up their own "here are the tools I recommend" and then privacyToolsIO posting that in a special section of the site, with a splash-link up in the corner of the main homepage, that rotated periodically. Does this cross the line, into privacyToolsIO "getting a kickback" from a tool-vendor? No, not in my mind, it does not. Clearly, if Snowden writes up a guest-blogger-of-the-month posting for privacyToolsIO that will result in a huge influx of donation-bucks thanks to the publicity such a thing would generate. Same if certain tool-vendors like Brendan Eich of BraveBrowser fame or Brian Acton of Signal-Foundation-now-but-formerly-FacebookWhatsapp were to make a guest appearance. But compartmentalization is the key here... they would be here as guests. They would write their own thing, and the tools they are associated with, are already in the listings, and deserve to be there. There is little risk that Mark Zuckerberg would ever write up a guest-blogger-of-the-month posting, and if he did, there is ZERO risk that would influence the listings :-) I mean, I consider it to be literally zero. His guest-blog-post would be pretty funny to read as well. * privacyToolsIO core team: welcome to yet another guest-blog-of-the-month, our guest-blogger this time around is Mark Zuckerberg, of Facebook * Zuck: hi thanks for having me * team: which tools do you recommend to everyday people, that will help them defend themselves against mass surveillance? * Zuck: what is this "people" you speak of, can you define that strange term? * team: you know, people -- normal folks that don't like being spied on * Zuck: ah, you mean customers! yes, facebook has many customers, and we know a lot about them, they definitely don't like being spied upon! a difficult business problem * team: right, but this is a guest blog where you tell us, you know, what tools you recommend for *fighting* surveillance, not for *surveilling* * Zuck: um... well... I guess I would say... uhh.... hmmm. * team: so nothing comes to mind, you don't have any tools to recommend, that will help people get privacy, actual privacy? * Zuck: Facebook takes your privacy. Seriously. * team: yeah... did you forget to omit the period? * Zuck: Facebook takes your privacy seriously, exactly, that is what I really meant * team: okay that's all the time we have, thanks for tuning in I always kind of laugh, when Zuckerberg tries to pretend he cares about privacy. > Because we value our community and audience > far more than we value the couple bucks > we'd get from a referral, and [therefore] > we'd never attach our name > to something we didn't believe in, > in the first place. This is a seductive way of thinking. But it doesn't work out like that, in my observation of corporations and politicians over the years. Once you start down the slippery slope, of assuming you cannot be corrupted by temptation, and therefore, since you are immune to temptation, might as well do things that will expose you to constant temptation, because (see above) you will never give in.... The problem is the exposure. Don't expose yourselves to the temptation. Work hard on shielding off potential avenues of corruption. Think about how to build a machine, and distributed volunteer community-driven process, that will produce objectively-good listings of tools. Think about how to make the LISTINGS trustworthy, which is very different from whether the people ultimately responsible for those listings are trustworthy. These are not the same thing! Right now, I trust you folks, and I trust the listings. Affiliate programs, and more fundamentally, the desire to have decompartmentalized funding of everything all munged together, which is *driving* the desire to Get More Funding So We Can Do More Good Things, are a huge hurdle to the long-term viability of the project... *if* the purpose of the project, the goal of the core team, is to produce *knowledge* rather than facilitate tools-qua-tools. I think the goal is the educate everyday people about the tools they can use to arm themselves against mass surveillance. I think affiliate links will, not now but in a few short years, begin to undermine that goal, and shift the goalposts over to "we fund the tools and we are funded by the toolvendors" instead of "we are beholden to the readership's desire for privacy and educating them about what tools will truly help them achieve it".
Because we're sending traffic their way anyways, there's no reason we should stop ourselves from also benefitting from that [referral program affiliate juice fungible cashflow]
The reason is, you cannot afford to take their money. It risks the objectivity of the listings, in the long run. If you are an investigative journalist, and your salary is paid by the politicians and corporations you are supposed to be investigating, you are -- eventually -- no longer going to be in the investigative journalism business, you are in a new business (sales).
but at our current rate of income that isn't feasible
Correct, and the risk is that you will monetize the wrong way, planning to use that fungible cash for excellent plans and projects. But money is very insidious, it can come back to bite you with unexpected side-effects and ripple-ramifications. Be cautious. Be wary. Most importantly, be patient. Concentrate on building the trust in the listings, the listings themselves as distinct from the core team folks (trust in the team is not transitive to the listings! just because I trust you does not mean I trust everything on your grocery-shopping list -- even though you wrote the list yourself).
Trust in the listings, hinges on exactly one thing: whether the listings are objectively good. Build a machine, which produces objectively good ruthlessly-brutal tool-critiques and gives objectively good listings, and then concentrate on keeping that compartmentalized away from any risk-factors and attack-vectors. Like building a bastion-host which is an internet-facing server-node, this is about attack-surface, this is about exposure, this is about risk-management.
If you keep the listings objectively good, and acquire a fiscal sponsor that gives you some tax advantages, plus make some transparency-report-thing, pretty soon you will have a lot more money rolling in. If you setup the kind of zero-based collected-in-advance allocated-in-advance sort of budget-prioritization process I describe above, you will never run short of money because you will have practice only paying for what really matters with your limited donation-stream, and you thus won't feel the keen desire to Get More Money with some ends-justify-the-means logical-rationalization.
focus more on this project and help it expand
Money is always helpful. But you have to DEFINE THE PROJECT.
Is this about the listings, and keeping them objectively good?
Or was that just a stepping-stone, and this is about SaaS and seed-funding-incubators?
notarobot63
commented
5 years ago Would you stop trusting privacytools.io if this were to happen? Not necessarily, it depends on the transparency provided afterwards
Do you mistrust recommendations tied to an affiliate link in general? Yes, by default always.
What kind of proper disclosure if any should be implemented if we did this? Just be honest if you recommend a solution the better alternatives must have same/better treatment (visibility,placement on the page,etc...)
foguinhoperuca
commented
5 years ago Hi!
I wanna give you my $0.02:
Would you stop trusting privacytools.io if this were to happen?
No, but will be much more harder than before to you earn my trust. I always will think that there is something behind (maybe a personal gain for you). So, I think the answer to this is transparency (how much you gain? From who? Did you eat your own dog food? Various questions like that will araise). A very good transparency, indeed. Otherwise you will be no better than google something.
Do you mistrust recommendations tied to an affiliate link in general?
Yes. By the motives above. To alleviate the danger of your recommendation to be biased I need you to be the more honestly that you can. Maybe it could harm you in ways that you do not can foresee.
What kind of proper disclosure if any should be implemented if we did this?
All disclosures that you can do. be transparent and honest about what are you doing and who/why you recommend.
aloisdg
commented
5 years ago Yes I think so in the long run. I would grow skeptiscim about every link on the website and I may start looking elsewhere (a fork maybe). If you start with this, you may accept more one day. Accepting money from companies directly is a dangerous game.
Yes. All of them.
As is, this should not be implemented in my own opinion. I think that the least dangerous way and if you really want the money is to let them send you the amount anonymously through your Liberapay. They already know the value of this service for their business and how it is important for everybody. Money influences decisions. Here we want to limit this.
absqueued
commented
5 years ago If Brave or any similar service is worth of being listed on privacytools.io - Why would they spend and provide you with the affiliated money? After all - if this team finds the software in matter, a valuable to be added, you will add it anyway.
Taking affiliate will result in loosing the trust I have, honestly.
stordoff
commented
5 years ago Would you stop trusting privacytools.io if this were to happen?
Yes
Do you mistrust recommendations tied to an affiliate link in general?
Yes. The conflict of interest is too big. Consciously or not, it can change behaviour. Is Brave Browser listed because it deserves to be, or are you letting more things slide because you know you will lose that income, maybe without even consciously thinking it? That's a question I don't think you as a team can answer, and as a user I will always have that doubt.
Furthermore, what happens when you have set up these projects and the income stops? Say the best tools are only ones available without affiliate links/payments - does the infrastructure suffer? Do you compromise and let sub-par tools be listed? It seems like a very risky income stream to rely on.
I also don't how my privacy is enhanced by adding a tag to my links saying "This user came from PrivacyTools.io/is interested in privacy" - that seems to be moving in the wrong direction.
What kind of proper disclosure if any should be implemented if we did this?
At a minimum, each individual link should be disclosed (not just a blanket disclosure).
chrisweb
commented
5 years ago Would you stop trusting privacytools.io if this were to happen? No, I would still trust it, but affiliate link have to be clearly marked as such and there you have to offer an alternative link as option for people who don't want to use the affiliate link and still visit the page.
Do you mistrust recommendations tied to an affiliate link in general? Yes for sponsored content. No, for content with an affiliate link, however there has to be a disclosure note about it being an affiliate link. If I have a doubt and find the link I clicked contained some affiliate code but I wasn't aware, then I will for ever ban that source when doing research.
What kind of proper disclosure if any should be implemented if we did this?
let me explain the idea:
I'm a developer and also a LEGO bricks fan and what I often see in blogs is affiliate links to either the LEGO shop or amazon but they are always clearly marked as affiliate links! And sometimes in the message it even states how much money the owner of the blog will get if you click on the link.
What I think could be option, would be to offer to users two links that redirect to the same page of a product but one with the affiliate code in it and the other not, I would explain to the user that the affiliate link if clicked will generate revenue for the project and ask the user to support the project by using that one if interested in the product. Now it's up to the user to chose which one he wants to use.
The problem especially with sponsoring but maybe even with affiliate links, is that even if you are totally transparent to the user about them, is that some users will start doubting if the preference to promote one tool over another is really solely based on criteria you set or if you also got influenced to promote one tool over another because one can generate money and the other not, even if this happened unconsciously.
ddebernardy
commented
5 years ago Not one of your users, but I figured I'd chime in regardless...
What kind of proper disclosure if any should be implemented if we did this?
Consider providing two links:
[normal link] ([affiliate link] if you'd like to support us).
bobobo1618
commented
5 years ago Would you stop trusting privacytools.io if this were to happen?
Not from this alone, no.
Do you mistrust recommendations tied to an affiliate link in general?
In general, yes. However if there are prominently recommended options that aren't affiliates, I can trust a little bit more.
What kind of proper disclosure if any should be implemented if we did this?
Of course you should make it clear which links are affiliate links or not.
In addition to that, how about making the financials open? It'd make it a lot clearer that you're not giving compensation-based preferential treatment if we can see exactly what you're being compensated for.
In my ideal world there'd be a little counter next to each of the options showing how much you've been paid for recommending them but short of that, periodic statements would be nice.
eigenfoo
commented
5 years ago Would you stop trusting privacytools.io if this were to happen?
Probably not immediately, but over time I would (as you make new recommendations of stuff I haven't heard of).
Do you mistrust recommendations tied to an affiliate link in general?
Yes. This is only somewhat mitigated by disclosing affiliate links or providing two links (one affiliate, one not), as others have proposed.
What kind of proper disclosure if any should be implemented if we did this?
I don't think that it should be implemented, but if it is, I support the suggestion for two links (so users can decide whether to follow the affiliate link or not), and heavy disclaimers and explanations.
I think I can put my objection most succinctly by responding to @JonahAragon directly:
If you don't trust us (the team and the community of contributors here) to not shove BS in your face when you visit our site, then what are we even doing here?
Newcomers to privacytools.io are looking for reasons to trust you. Affiliate links do not signal that your recommendations are trustworthy, and probably (to some people) signal the opposite.
Even if you do have the community's best interests at heart, having affiliate links can make it seem like you don't, and makes it harder to earn users' trust.
eigenfoo
commented
5 years ago By the way, this GitHub issue briefly made the front page of Hacker News. There's some more discussion in the comments over there:
five-c-d
commented
5 years ago @JonahAragon ...after looking into it, community.SignalUsers.org is paying www.DiscourseHosting.net outsourced-sysadmin fees of roughly $50/mo with the 501c3 discount, and allowed up to 100k pageviews/mo. I don't have pageview stats, but I have "article view" uniques which were 19k in the past month, pageview count is perhaps double or triple that? You can use your own self-hosted discourse to get a somewhat-better idea of the multiplier. Price goes up to $75/mo per nonprofit forum at >100k pgvw/mo Would it make privacyToolsIO money, as in, be financially viable and fiscally sound, if you were to offer to be the "backing sysadmins" of the signalUsers forum? Especially if you can provide e.g. translation plugins that are privacy-respecting (only available on discourseHosting via their EnterprisePlans which I believe are >$200/mo even for nonprofits AND work only with gTranslate & bingTranslate so are not very privacy-oriented!) To be clear, I have **zero** idea if Signal Foundation folks will WANT to do any such thing. *I* want them to want to do it, but that is not the same thing obviously :-)
jonaharagon
commented
5 years ago To be clear, I have zero idea if Signal Foundation folks will WANT to do any such thing.
I kind of doubt it š
I was actually thinking about starting a Mastodon hosting service though on a related note, but I don't know if there'd be many users interested.
The main problem is I don't have the time to market services like this and it definitely wouldn't be financially viable to host services for just a few users. So it's kind of a catch 22.
five-c-d
commented
5 years ago starting a Mastodon hosting service
You already have a mastodon hosting-service, though, right? "Mastodon - Tracker Free Social Networking at social.privacytools.io"
wouldn't be financially viable to host services for just a few users
To me, that's what you are doing now: hosting services for just one "user" :-) Happens to be the core team of privacyToolsIO, as your only user, so there are fewer worries about customer service -- if the customer is unhappy they know where to complain! ;-) Same thing with discourse, you are already self-hosting it as part of the mission of fighting mass surveillance, and building a machine to spit out objectively-good tool-listings: "Discourse - Forum at forum.privacytools.io"
You've got the sysadmin skills, you've got the experience installing and configuring and running the software packages in question, you are FAR more privacy-oriented (as an individual and as the subset-of-privacyToolsIO-core-team-that-are-sysadmins) than the typical forum-hosting-service and the typical fediverse-hosting-VPS. The margins would be low, in a mastodon-business, because you would primarily be selling to small groups that wanted more privacy **for themselves** than e.g. "secret" facebook groups allege to offer. But in the forum hosting business, you would have a better opportunity to get enough money to make the effort worth your time, because most of the people needing a fancy forum are large groups where email and chatrooms have become too inefficient because the groupsize has gone beyond 999 people or so. Usually the people you would offer the privacy-oriented forum-hosting unto would 0. corporate or at least centralized people "running things" not an amorphous usergroup 1. already be outsourcing their hosting, paying 50 to 75 to 100+ bucks/mo 2. be running a privacy-oriented project which appeals to privacy-oriented userbase 3. not wanting to use a non-privacy-oriented-forum but unable to divert time and skill over to setting up their own privacy-respecting configuration of the forum-software on their own self-hosted server-nodes. 4. hearing complaints (and losing participation) because the target-userbase is leery of giving over their forum-related metadata -- IP and email or github-credentials So to me, the question is fairly straightforward: can you offer a service, which * **beats** the pricing of normal discourseHosting.net fee-structure (preferably by half if possible but at least by 20% off aka in the $20/mo-to-$40/mo ballpark) * provides 10k-to-100k webserver pageviews/mo * provides 5GB-to-50GB of forum-history (ballpark) * built on a privacy-respecting webhost * sysadmin'd by privacy-respecting core team * does NOT provide lots of handholding, just reasonable uptime & reasonably-speedy pageloads and "the usual" slew of free-as-in-beer discourse plugins If so, you would not need to market the service yourself -- ***I*** would market it, and am guessing other folks in the privacyToolsIO readership would as well :-) Because I participate in the signalUsers forum but I don't like it that all the IP addresses and all the emails of all the people that need unofficial tech-support, are getting sucked into some 3rd party outsourced backend which has the tagline "a modern Internet discussion forum... in a world of ubiquitous **smartphones**, tablets, **Facebook**, and Twitter". People like that cannot be trusted!!!111!!! :-) My hunch is that maybe half the tools-projects in the listings would *like* to have a nice forum, but don't have the resources to configure and run their own privacy-respecting sort of setup. Some of them will outsource it -- signal foundation used to have a privacy-respecting riseUP mailing list but it was too constraining so they decided to outsource to discourseHosting is my no-inside-info reading of the tea leaves. Others will fediverse it, setting up a matrix chatroom instead of a web-forum. But these decisions are less-than-optimal from the perspective of the **userbase** of the tools, as opposed to, the people running the projects. The userbase of the tools, wants more privacy, and the people that tend to participate in privacy-oriented forums and chatrooms and whatnot, tend to be privacy-enthusiasts who DO notice "hey this is outsourced to discourseHosting yuck" At first, my suggestion would be to offer two things, picking one tool-vendor per evening to send a quick email unto: 1) would one of the people on your tool's core team be interested in guest-blog-of-the-$TIMEFRAME post with your personal tool-recommendations, and 2) we notice you are running your own $FORUM and/or $CHATROOM is there any possibility your team would want to pay privacyToolsIO services-spinoff to host that for you we charge $33/mo for up to 33GB and 99pgvw/mo on OVH hosting with privacy-respecting sysadmins. Or better yet, just broach topic#1 in the initial email, and topic#2 later on. Some folks might see those as crossing the line, in an ethical integrity-of-the-listings sense, but to me they do not, so long as 1) there is a clear separation between "here is a service that the core team of privacyToolsIO charges money for" and 2) what you charge is below the usual market rates and "the same" price for every tool-vendor, on a sliding scale or a stepwise scale related to pgvw/mo and gigs-of-ssd. You should not offer tool-vendors the ability to pay triple what you charge others :-) Just a flat fee structure which is fiscally viable and low-hassle, but helps keep the lights on and food on the table for the core team. Tool-vendors (or "employees/leaders" of tool-projects) that want to donate, sure, are allowed to do that -- but through proper channels, publicly, with transparency. Ideally you would setup some kind of "blind donation" system via a fiscal upstream, where when a tool-vendor like BraveBrowser (or a leader/employee like Brendan Eich) donated money to privacyToolsIO it would be anonymized and spread out in time, intermixed with the rest of your donation-stream by the fiscal sugar-daddy -- thataway the core-team would not even *know* Eich had donated, you would just, see that average donations per month were up slightly in 2020 for an unknown-to-YOU reason.
Anyways, please think it over and then let me know if you want me to open a thread in signalUsers.org introducing @Mikaela and mentioning "hey wouldn't it be cool if instead of discourseHosting.net we could get privacyToolsIO and OVH to be the forum-providers?" Like I say above, no idea whether that will crash-n-burn, or be lauded as the best idea since sliced bread, but to me at least, it is a no-brainer "yes for sure". And if you're prefer somebody less-long-winded to open the thread in signalUsers that is fine too, I will 100% understand ;-)
jonaharagon
commented
5 years ago @five-c-d do you use Matrix by any chance?
Also, I'm closing this issue because we definitely aren't using affiliate links.
five-c-d
commented
5 years ago do you use Matrix
Not at present, however, there are some folks I know trying to setup bastion-hosts for a synapse homeserver though, so at some point possibly I will get involved with it. Besides this github uid + the community.signalUsers.org thing, primarily I use signalapp and protonmail for offline privacy-meta-discussions (and in other roles tutanota).
we definitely aren't using affiliate links
Well, that is much appreciated, because I think it is a seemingly-good idea that would have unwanted side-effects, over the long term.
But I will also note, for the record, that the proposal to potentially use them was handled outstandingly, speaks very well of the core team that you brought it up like this. Even if you HAD decided to use affiliate-link-stuff, you might have managed to surprise me by finding a way to do it which avoided the subtle pitfalls of incremental temptation, with the strong approach. My sincere thanks and respect
I just wanted to get all your opinions on the hypothetical possibility of using affiliate/referral links to the tools/services we recommend when applicable. For example, Brave is giving away $5/referral until the end of this year. Because of our recommendation of Brave's browser currently, we're sending hundreds of users to their site every month. Presumably that's big business for Brave, and for the other tools we recommend, but financially we aren't compensated for any of that.
This of course, is in line with our original priotities when the site was founded. We don't have affiliate links and we don't accept payments from the teams behind the software we recommend in exchange for highlights or recommendations. privacytools.io is supposed to be a completely unbiased source of information on how to protect your privacy, not a list of companies who are able to pay the most. We already have Google for that.
However, I don't think the use of affiliate links is inherently unethical.
Here's the thing. If you don't trust us (the team and the community of contributors here) to not shove BS in your face when you visit our site, then what are we even doing here? Ultimately we're making these recommendations to a wide audience, and whether or not we're using affiliate links or 'clean' links shouldn't matter. If you would stop trusting privacytools.io as a source of information because we used an affiliate link then IMO we have already failed. I would hope that you would be able to trust the intentions of us simply because you trust in what we do. Because we value our community and audience far more than we value the couple bucks we'd get from a referral, and we'd never attach our name to something we didn't believe in, in the first place.
<obvious things>
Of course as far as recommendations go, nothing would really change here. We would still have open discussions in GitHub, on Reddit, and on the forum. All changes would be clearly posted in GitHub pull requests, and all tools would be up for discussion for addition and removal. We would investigate affiliate programs after the fact. For example with Brave: We *already* recommend Brave. Brave happens to have a referral program. Because we're sending traffic their way anyways, there's no reason we should stop ourselves from also benefitting from that. </obvious things>A larger source of income would of course benefit us in a number of ways.
ipfs.privacytools.io) to name a few. These are IMO important things we're providing, and being able to provide them on a larger and/or more stable scale would be hugely beneficial.Additionally, long-term we are interested in paying other team members and Git contributors for their efforts, but at our current rate of income that isn't feasible.
Ultimately we aren't starved for income necessarily. The website and services will continue running without this additional funding. But I think that if we were to use affiliate links we would ultimately be able to build a better infrastructure, more stable services, and honestly just be able to focus more on this project and help it expand.
So here's the question(s)
Would you stop trusting privacytools.io if this were to happen?
Do you mistrust recommendations tied to an affiliate link in general?
What kind of proper disclosure if any should be implemented if we did this?
I want to hear your thoughts on this. This is something that's been bounced around a couple times in the past, but community trust is always the most important aspect of this, otherwise there's no point to working on this at all.