Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

💬 Discussion | Remove website links that encourage mass surveillance and harm credibility #868

Closed
ghost opened this issue Apr 16, 2019 · 16 comments
Labels
feedback wanted 🌐 website issue *Technical* issues with the website.

Comments

@ghost
Copy link

ghost commented Apr 16, 2019

There are some embarrassing links on the website that harm credibility and ultimately work to undermine the top-level purpose of PTIO existence. One is a bad endorsement; the others do reputation damage by making PTIO look as if it's not committed to its own cause.

entity context
Facebook links to PTIO Facebook account
Github links to this PTIO repo. Several problems exposed. This may be remedied eventually but ATM it's questionable.
LinkedIn links to PTIO LinkedIn account
Signal endorsement works against the mission (#779)
Twitter links to PTIO Twitter account

It would be like RMS running MS Windows for his own use-case, or for FSF work, while trying to lead people to do "as he says, not as he does". Such a failure to lead by good example would do substantial harm to his reputation and influence.

These accounts are perhaps a necessary evil:

  • Facebook
  • LinkedIn
  • Twitter

because they are needed to reach out to those who most need PTIO guidance. But to link back to those places from the website is purely destructive to the cause. Visitors wise enough to avoid those services immediately get the impression that PTIO is not up to the challenge of avoiding mass surveillance. Expectations are lowered so the catalog of recommendations is suspect before visitors even start browsing it. The linking needs to be one-way (from FB/LinkedIn/Twtr to the website).

The huge Twitter box is a bit obnoxious considering that the Mastodon account needs to be pimped.

Donations page pimps PayPal pretty loudly

I'm not sure if I need to go into all the privacy abuses of PayPal. PTIO may be unwilling to turn down PayPal money but certainly there's no need for that large PayPal branding in the middle of the page.
Then there is a statement: "The privacytools.io team does not necessarily endorse all of the cryptocurrencies listed on this page."

The phrasing should at least make PalPal less welcome than it currently is. PayPal & CC should be expressed as a last resort option.

Diagram showing how these links actually support mass surveillance

PDF
ptio_coi_design

@ghost ghost added the feedback wanted label Apr 16, 2019
@jonaharagon
Copy link
Contributor

Definitely agree, we should probably link one-way from Twitter, Facebook, and LinkedIn like you mentioned and replace the boxes with more privacy-respecting accounts, Mastodon, etc. I don't think we'll be replacing the GitHub or Reddit links since they're integral to contributing.

@BurungHantu1605 for donations, at the very least we should probably switch to a PayPal donate button rather than just literally using their logo on the page, it'll make the PayPal branding much more subtle and it'll look more like a CTA than just a random logo people might not immediately realize they should click.

@privacytoolsIO
Copy link
Contributor

The phrasing should at least make PalPal less welcome than it currently is. PayPal & CC should be expressed as a last resort option.

I agree with your theory. But people use PayPal way more to donate to privacytools compared to crypto. We don't have a choice here.

@IzzySoft
Copy link

Ditch Paypal. Doesn't look good on a privacy proponent. There's OpenCollective, there's Liberapay. At least the latter can be used to donate via Paypal (if the user wishes so) without PTIO recommending or linking to it directly (donors have other possibilities to spend their donations, including SEPA); unfortunately, the only ways to withdraw from Liberapay currently involve either Paypal or Stripe – though I hope they'll add direct SEPA one day, or at least Bitcoin.

Ditch Facebook. Privacy and Facebook are contradicting terms: Who's on Facebook doesn't take privacy seriously (enough) – and who takes privacy seriously isn't on Facebook. A privacy promoting site shouldn't link there (and no, "everybody does" and "many people are there" doesn't really count 😉).

As possible alternatives to Signal: Matrix has "rooms", XMPP has "MUCs" (MultiUserConferences). The two can even be bridged, so a Matrix room can be made available to XMPP users.

As for Twitter: in the long run, this should be obsoleted. I've removed the bird icons from my sites quite a while ago – instead of angry birds you now find peaceful mastodons there.

Can't tell about LinkedIn as I never used that. As for Github I already mentioned Codeberg as possible replacement, which also comes without the nasty reCaptcha.

@ghost
Copy link
Author

ghost commented Apr 17, 2019

@BurungHantu1605

But people use PayPal way more to donate to privacytools compared to crypto.

You're not giving them all the options, so non-cryptocurrency holders are forced to use PayPal. Personally if I were to donate, the existing options are non-starters because I've been unable to actually get my hands on cryptocurrency in a secure way (exchangers either run on CloudFlare or they demand too much information, Bisq requires buyers to have cryptocurrency to start with). PayPal locked my account out of the pure blue, demanded a passport, kept my money, etc., and I'm also boycotting PayPal for ethical reasons anyway. Visa, Mastercard, Discover, and American Express all do detrimental lobbying so I hate to use them, and I certainly would not use them via PayPal. JCB is dead outside of Asia. Even if you accepted credit card without the PayPal middleman and I were to ignore the detrimental politics, the credit card company still takes a cut and that should concern you. Privacytools does not apparently offer a single option that is free of overhead. So why not:

  • expand on the cash option. "Cash" is accepted but in which currency? And how can it be given?
  • there is mention of $5 which likely means USD but not necessarily. Should be written as "US$ 5" or "5 USD". And if you have a USD account then you can accept paper checks, but there is no mention of this or how to make out the check.
  • offer a cryptocurrency kickback. Someone donates $100, but wants $50 back in BTC. PTIO probably needs to liquidate cryptocurrency that builds up anyway. Set an acceptable ratio limit and make it subject to availability. You would actually be giving donors a somewhat privacy-respecting way to get cryptocurrency and ultimately get donations you might not get otherwise.
  • get a SEPA account, put the IBAN on the donations page.

@IzzySoft
Interesting to see ways to pay with national currency that avoids (or back-seats) PP.

Ditch Facebook.

I'm with you.. but to play devil's advocate some people are forced to be there. E.g. I went back to school to collect another degree, and public schools these days have Facebook pages and it's the only way for students to learn about scheduling errors, unofficial optional seminars, and school-sanctioned social events. It's disgusting to see public services use Facebook because unlike private vendors we don't always have a choice to walk (and refuse public services). I was the only student that did not give in to Facebook and got isolated to some extent because of it. It's much less of a choice for a young student starting their first degree to be out of the loop on school events.

OTOH, the other (young) students had not the slightest appreciation for privacy anyway, so perhaps it's a tiny minority who actually care about privacy but use Facebook against their will. The school also started blocking Tor and I seemed to be the only one who noticed.

There needs to be a movement to pressure schools and school administrators off FB and Twitter, which I mention here: mastodon/mastodon#10537 (comment)

Can't tell about LinkedIn as I never used that.

MS owned, now requires phone reg:
https://github.com/privacytoolsIO/privacytools.io/issues/779#issuecomment-475853251

@five-c-d
Copy link

I think this goes right back to the question of, who the intended audience is, for www.privacyTools.io -- is it trying to make a political statement, and advertise the crypto-nerd status of the people running the website, to other cryptonerds? If so, then it might make sense to refuse to accept paypal, refuse to even HAVE a non-empty facebook page (except as a placeholder to prevent impersonation by a random human on the internet which merely links to the proper website and urges 'delete facebook after you click the link').

But if the mission of the website is to fight mass surveillance, as in, not just for the privacy-conscious cryptonerds but for the masses, then this is the wrong strategy. If you want to educate the masses about privacy, you have to do it where they exist: they won't come to you, by definition they don't know anything about privacy, that is WHY they are using the mainstream websites which are the worst privacy-offenders.

facebook as a megaphone for promoting privacy

PrivacyToolsIO which is trying to educate the masses, needs to have a very active facebook page, where it -- ironically -- spills a huge amount of digital ink urging people to delete their facebook pages, documenting the various privacy-breaches and privacy-scandals that facebook has been intimately involved with over the years, and so on.

But it should not be a one-note-flute website, like the hypothetical "just click this link then delete facebook pls" kind of political statement site. People that are already on facebook, but want a bit more privacy -- and are not yet willing to go the extra mile and delete facebook after shifting everything over to mastodon or friendica or whatnot -- can still be educated about what browser to use when on facebook, what privacy-addons to install, what OS to run whilst on facebook, what VPN and Tor things to use when on facebook, and what messenger-app to use when NOT on facebook, etc.

The more they learn about privacy-oriented browser and OSes and messengers, the more likely they are to get the gumption needed to delete facebook at some point. And if we want to beat mass surveillance, that is one of the necessary steps ... which means privacyToolsIO needs an active facebook-page, an active facebook-group, and so on. The goal should always be to wean participants off of facebook and direct them towards the matrix-chatroom or the subreddit or the github discussions or the mastodon version. But for every facebook-user that is educated enough to leave, two more will arrive who are completely blissful about their privacy, due to lack of education.

twitter as a megaphone for promoting privacy

Same thing with Twitter, basically... there are better alternatives, but there is also a large audience that I believe privacyToolsIO needs to be educating: people on twitter that do not know enough about privacy to fight their way out of a paper bag. The twitter feed should be purposely designed to feed people bitesized advice that they can immediately put to use, and which will make them curious about other privacy-advice.

So, there might be a tweet that goes out every morning about a privacy-scandal that was in the news. Does not have to be a recent one -- though that helps -- it can be a "thread-bump" of some little-known scandal from a few years ago.

Then, every afternoon -- always at the same localtime of day -- send out a helpful privacy-tip tweet: "Want a little more privacy? Try [tool Xyz] which can [whatever category the tool belongs in] and is a recommended privacy-alternative to [popular tool that sucks]." By my rough count, there are over 150 tools listed now: 24 vpn/dns, 43 browsers/addons/tweaks/searchEngines, 14 email&alternatives, 13 messengers, 14 fileshare/cloud/sync/webhosts, 20 passwdMgr/cal/fileCrypto/notekeepers/pastebins/productivity, 10 darkweb/fediverse, and 21 os/related.

Even sending out a twit about one tool per day, it will take six months before starting over with the tool-list again. If you alternate with a privacy-scandal on the odd-numbered days and a tool on the even-numbered days, you can go an entire year without repeating a tweet... and then the next year, give the latest updates. FirefoxDay would always be January 1st, DebianDay would always be February 2nd, SignalappDay would always be March 3rd, and so on. Well, until libBletchey succeeds in getting it blacklisted at least ;-)

The facebook feed should not mirror the twitter-feed, that would be repetitive. Instead the facebook-postings would be on a weekly basis, rather than a daily-basis, and would be comparisons-of-tools rather than concentrating on a single tools. There are about 52 weeks in the year, so every other week would be a category-comparison posting about a particular section of the website:

  1. definition&purpose of privacy (comparison of philosophies),
  2. global surveillance overview (comparison of countries),
  3. key-disclosure (comparison of countries),
  4. vpn comparison,
  5. browser comparison,
  6. browser-addon comparison (in terms of hassle/effectiveness),
  7. browser-tweak comparison (in terms of hassle/purpose),
  8. webmail comparison,
  9. email-client-versus-email-alternatives comparison,
  10. search engine comparison,
  11. IM-and-VoIP comparison,
  12. fileshare-versus-cloud-versus-selfhost-versus-file-sync comparison,
  13. passwdMgr-comparison,
  14. calendar-and-contacts-comparison,
  15. at-rest encryption comparison,
  16. darkweb-and-fediverse comparison,
  17. dns-tools comparison,
  18. notekeeper-and-pastebin-tool-and-productivity-app comparison,
  19. desktop OS comparison,
  20. mobile OS comparison,
  21. router OS comparison.

That leaves a few weeks for vacation ;-) Or you can split out the combo-categories and fill up all 26 of the biweekly-comparison-broadcast slots. Ideally, you want to align the week where you broadcast a comparison-blast, with the 'official tweet day' of the most famous tool in that category: if FirefoxDay is celebrated with a twit on January 1st each year, then you should also release the browser-comparison that same week every year. If on February 2nd there is a twit about DebianDay, that is the week to do the desktop-OS-comparison blast, if signalapp is 3/3 then blast out the IM+VoIP comparison that same week, and so on.

As with the tool-one-day-scandal-or-breach-the-day-after pattern of the twit megaphone, with the fbook posts it would be tool-comparison on a biweekly basis, with privacy-breach-summary-news coming out the remainder of the weeks. There won't be a MAJOR privacy scandal every two weeks, but there will certainly be something worth mentioning in the world of privacy-software or legislation or similar, almost every couple of weeks. You can also discuss the principles of privacy on the off-weeks, the reasons WHY people ought to want privacy, and then during tool-comparison weeks explain how to GET more privacy.

Everything in my schemes above is perfectly plausible to implement without making use of facebook and without making use of twitter. But when you send out a big blast about privacy via mastodon, you are doing what is known as preaching to the choir: pretty much everybody on mastodon is already privacy-conscious, whereas pretty much everybody on facebook is clearly NOT there just yet! In more ways than one ;-)

mastodon for exclusives and advanced topics

It makes sense to post your easy-tip-of-the-day via twitter, where you suck in the beginners with an alternating sequence of tragedies and tools-pointers. It makes sense to post your simplified-weekly-comparisons-and-privacy-news-summaries on facebook, where once again you can suck in the less-privacy-conscious folks to educate them. But to keep the mastodon portion from languishing, or merely becoming a less-popular mirror of the facebook&twitter feeds, you reserve the advanced tutorials and the tougher philosophical concepts for there alone.

Facebook and twitter are the wrong places to discuss the problem of baseband chipsets and Intel Management Engine, because if you are running windows 10 and checking your gmail in your google chrome with all default settings, hardware-layer exploits are the least of your worries :-) Mastodon is a solid place to discuss advanced topics, and typically these will not be repetitive like the facebook&twitter megaphones but will have their own rhythm.

It will help, though, if you coordinate the scheduling, so that the week there is a facebook-blast about desktop OSes and a twit about DebianDay, there is already a mastodon post about Intel ME and Libreboot that can be linked to right in the twitter&facebook blasts. Similarly, when there is a twit about SignalappDay and a facebook-posting about VoIP comparisons, that is when you want to have a mastodon post already up about baseband-killswitches and the Librem5 ... which probably won't even run signalapp at launch, but will have XMPP-OMEMO and possibly FractalBbq+MegOlm which are both sig-protocol derivations.

Anyways, I don't necessarily disagree with the desire to alter&improve the way www.PrivacyTools.io links to various other websites. That said, I think we want to have the links there, just, stripped of their spying-capacity (facebook likes to use tracking in their "like us [random page] on facebook" button so they can build shadow-profiles of people that refuse to be on facebook). The point is to encourage 'continuing education' rather than losing touch with the readership.

When a visitor -- often somebody that was recommended "hey try this site it will help you understand why win10 is not so great" or similar advice -- shows up, we want to get them educated by what they read, but we also want them to know they can have some one-a-day only tips via the twitter-feed and one-a-week only info blast via facebook. These should ALSO be posted in other places, presumably in the /rss subsection of www.privacyTools.io or whatever, so that people who dislike fbook&twit can still get the beginner-content.

offer a cryptocurrency kickback. Someone donates $100, but wants $50 back in BTC

p.s. This is a cool idea, but there are serious legal ramifications if the owners of privacyToolsIO become a financial services website -- as in, getting your doors kicked down by the consumer protection division of the treasury department during a no-knock dawn raid, kind of ramifications, if you are not careful. So please investigate whether this cool idea does not have any downsides, before implementing it in any way.

@IzzySoft
Copy link

Short variant:

A privacy group should lead by example (please don't take that as complaint – we're still in "suggestion mode" 😉).

TL;DR:

@five-c-d I partially disagree. FB has the power because people give it to them. Because people "give in" because "everybody else does". A group or person who wants to raise awareness for privacy should not say "contact us there" on their website, thus sending other people (who might not yet be there) over for participation. Having a "placeholder account" with a static "placeholder page" over there saying "contact us outside of FB because …", for those who are already there, is a different thing – if someone wants to sacrifice (parts of) their privacy for it. But not bringing outside people to those privacy-violating services if the goal is to pull them off.

Similarly for Twitter. I still have my account at the birdsite – but while I initially duplicated my toots and tweeted them, I stopped posting new stuff there (that all goes to my Mastodon account only). I still need to check if birdsite allows for "pinned tweets" so I can make my last one, in the manner described by the previous paragraph.

As for Paypal, if you insist: Send people over to Liberapay instead. There they can pay using Paypal (as long as they wish) and later, with a higher awareness of their privacy, switch to SEPA. They can setup regular donations, like USD 1 per month (or just 50ct or even USD 100 if they wish) for long term support. No need to make them nerds and pay with crypto – but give the nerds who want a privacy-friendly way the chance to use it. Or would it hurt anyone else if the option were there?

"financial services": Why? They only wanted to spend USD 50 but sent USD 100, so as a honest receiver you send back the change – as the baker does when you pay a 60 cent bread roll with a 500 cent paper 😄 In Germany, even supermarkets do something similar: If you pay with a card, you can withdraw cash at the same time as if it were change. Apart from that: what financial service? As long as Bitcoin isn't officially accepted currency, selling bitcoin must be considered the same way as selling bread rolls. And last time I checked my local bakery wasn't a "financial service".


@libBletchley students (and workers) here in Germany get similar pressure – but thanks to laws have a lever to complain. What you described for your school would be considered illegal here. It's done nevertheless. You then can complain to the data protection commissioner if the school won't listen (and people do so) – which means trouble, as it's illegal. Schools start to be afraid of that – so they stop using FB/WA themselves while looking away if a class establishes a WA group… It's a start.

@five-c-d
Copy link

considered the same way as selling bread rolls

Correct, meaning, if you accept usd100 and you provide btc equivalent of one half that value, you are a retail merchant selling bitcoin with a 99% profit-markup, thus, you must charge sales tax, you are in the financial industry (money-changing and forex sector), you must comply with SEC regulations, you must pay income tax, you must be registered with all the appropriate federal and state-level paperwork, etc etc. Cool idea but investigate first and make sure it is a wise & viable plan, aligned with what the privacyToolsIO people are willing to reveal&do. (All these things I've listed may or may not be true -- but from looking into something similar several years ago methinks they ARE very likely true in some jurisdictions and at least one of the project-people is in that jurisdiction I have in mind :-)

person who wants to raise awareness for privacy
should not say "contact us there" on their website

Re: fbook, I'm not suggesting privacyToolsIO does it because every website needs a facebook page, I'm suggesting it because privacyToolsIO wants to educate endusers about privacy and facebook is what might be termed "a target-rich environment" :-) Agree that the fbook blasts should not be exclusive to fbook, they should be available via an RSS feed straight from the main website. I recommend not mirroring them to mastodon because I don't want mastodon to be 'the poor cousin' who gets the leftovers. As for contact us, that is different: my advice would be to completely shut off comments, on facebook as well as on twitter if that is possible, and ask people to use github/mastodon/matrix/reddit/emails/etc, whatever the existing ways of holding discussions are intended to be.

One could also imagine "limited time" fbook blasts, where there is a blog-post on Wednesday to the fbook page which does some comparison-of-all-VPN-tools type thing... but then a week later that post is replaced with the sentence "because we recommend you delete facebook we have blanked this and the content can now be found at www.privacytools.io/2020-02-02" or whatever. In any case, definitely agree that we do not want to 'improve the fbook platform' by providing timely privacy-news... but this is a balancing act, we also want to rescue the folks that are feeling stuck in the maw of fbook, yearning to be freed, but unable to think how to do so :-)

As people become privacy-conscious, they will gradually and incrementally improve their tools: it is easier to start using 7zip&peaZip for file-crypto, as a replacement for unencrypted zipfiles, than it is to start using firefox+noscript as a replacement for chrome. It is easier to start using signalapp+riotIM for messenging, as a replacement for whatsapp+skype, than it is to start using qubes+trisquel as a replacement for windows. Switching away from facebook&twitter is hard, maybe harder than switching OSes, so we should not expect that casual readership will do that first thing out of the gate. It might take some convincing... and the daily and weekly feeds, I suggest, are a way to do that gradual persuasion-work.

Good point about making it a one-way comms area though: you can subscribe to fbook&twitter blasts, but to converse you'll have to try mastodon/github/matrix/reddit/etc because that is where participation occurs. If that is too hard of a hardline stance, maybe allow questions to be posted on the facebook page and twitter page, but only answer on the other channels? (Then post the pointer-to-the-link-with-the-answer on twitter or fbook along with a disclaimer 'for privacy reasons we put your answer here' type of thing.)

@IzzySoft
Copy link

Maintain that however you feel suited (as for Birdsite, there are even cross-posting tools). But I'd avoid linking there from the main page, or "announcing" those activities in any way. Cut the links to such sites down to a minimum – e.g. just a single link on a sub-page stating those are legit accounts and why they are not "hyped".

@ghost
Copy link
Author

ghost commented Apr 17, 2019

just a single link on a sub-page stating those are legit accounts and why they are not "hyped".

Good point. People see an inactive LinkedIn account and automatically assume the person or project is inactive. In this case it should be inactive, but it's a good idea to state why, and where to find all the action.

This is BTW another reason to tell people delete their personal LinkedIn account. If they are not actively keeping the content current, prospective employers get the impression the person is inactive or unmotivated and it works against them, so it's better to delete the account than to have a stale one.

@five-c-d
Copy link

five-c-d commented Apr 20, 2019

But I'd avoid linking there from the main page

To me, this is Yet Another Opportunity for education, via an on-the-spot comparison. The footer of the page is where contributions-and-constructive-criticism are solicited -- https://www.privacytools.io/index.html#participate -- which is to say, where people that made it all the way through the site are asked if they want to learn more.

Get involved
with privacyToolsIO
daily tip weekly review groupchat codebase
Ye Olde-Fashioned Sites
  (But, be aware!)
🐦 twit 🤦‍♂️ fbook 🔻 reddit 🏢 github
More Privacy-Friendly
  (Better, why?)
🐘 mastodon 🏟️ discourse ⚜️ riotIM 🔬 gitlab



Help your friends,
share privacyToolsIO
short blast long blast group blast work blast
Ye Olde-Fashioned Sites 🐦 twit 🤦‍♂️ fbook 🔻 reddit 🏢 linkedIn
More Privacy-Friendly 🐘 mastodon 💠 diaspora 📞 chat 📧 email
p.s.encrypt!

That 2nd box would be at the bottom of each subpage, including the homepage, where the share-buttons are currently displayed. The get-involved box would be at the bottom of the homepage, and on the contact-us-page, but not every page.

Goal here is to get people to listen, so that the will learn more about privacy. The more they learn, the more likely they are to eventually wean themselves of fbook / twit / etc. But paradoxically, if we want to get the masses away from Zuck, we have to use his platform to help free their minds :-) As long as the flow is one-way, that will keep the privacyToolsIO community from bifurcating into a people-that-discuss-on-fbook subset versus the people-that-refuse-to-use-fbook subset that many of us fall into here.

p.s. There is currently still a StumbleUpon share-button, but they went defunct in summer 2018.   🤸‍♂️ stumble   Recommend removing it, unless I'm confused?

p.p.s. @IzzySoft , your site is awesome :-) https://android.izzysoft.de/applists.php \o/

@IzzySoft
Copy link

Thanks @five-c-d 😍

If you insist on listing those tracking sites, maybe at least "gray them out" and add a "why not" link/details – where the link goes to a longer explanation while the title has a "quick-info"? Because that could help not to scare away those who already are "one step further" and argue: "Hey, what should I learn privacy-wise from a company (sic) that sends me to FB?"

@five-c-d
Copy link

I don't insist, I'm just advocating what makes sense to me ;-) Currently the homepage does NOT link to facebook, though there is a privacyToolsIO username there. Homepage does prominently link to twitter+reddit+github, which historically are the main ways that privacyToolsIO founders helped educate the masses (twitter+reddit) and manage advice on what should and should not be listed (github+reddit).

There has recently been a shift away from those, however, and towards nnnnn.privacytools.io self-hosted services (discourse-forum + mastodon-instance + synapse-homeserver for use with riotIM chat-app-in-a-browser + various other options). Homepage was updated to link to riotIM and mastodon self-hosted services first, prior to twitter/reddit/github, so the "final look" is still in flux methinks.

Agree about the greying-out suggestion, and also about the why-these-are-better-alternatives link, good thinking. I cannot update my suggestion because I don't know how to apply style="background-color:#CCBBAA" in github-flavoured-markdown :-)

@strypey
Copy link

strypey commented Apr 21, 2019

I have thoughts on the issues surrounding what tools PTIO ought to use to do its dev work and to engage with the non-geek huddled masses. I grappled with these issues (especially the risk of bifurcation of conversations) in my time with the NZ Pirate Party and they're far from simple. That being the case, it may be more constructive to hive off some of these discussions into their own issues and use this as a meta-issue to track progress on them. Some proposed categories for these sub-issues:

  • Signal already has its own issue (❌ Software Removal | Signal #779 )
  • which payment/ donation tools to use for PTIO
  • which code forge to use for dev of PTIO site
  • which forums to use for "internal" discussion of PTIO site contents (additions, removals, modifications, heads-ups on news tools etc)
  • strategy for using ad-delivery datafarms ("social media platforms") to communicate with and educate a general audience, including FarceBook, AdTube, Twitless, FencedIn, and I would now add Reddit to this category too (serves Amazon ads and no longer releasing source code under free license). If PTIO is effective this will become less and less necessary over time, as more people start using and strengthening the network effect of non-datafarm tools.

Focusing in on the payments issue, figuring out ways of receiving payments/ donations online that are a) effective and secure, and b) ethical (including privacy-respecting) is a huge research project that's desperately needed. I wrote a blog post a while back with an overview of the research and testing that needs to be done in this area. If anyone else is keep to form a working group on this, I'd love to be involved. That could start with an issue on it here on GH, but I'd be happy to set up a mailing list on the Disintermedia project on CoActivate, or use something else (libre and privacy-respecting obviously ;)

@five-c-d
Copy link

five-c-d commented Apr 21, 2019

If PTIO is effective this will become less and less necessary over time

This is true in theory, but in practice it will take decades unless I'm shockingly badly misunderstanding the situation. Most people are so uneducated about privacy-issues that it will take YEARS to convince them curtains-on-the-windows-of-their-digital-house and door-locks-on-their-digital-car make any sense let alone are crucially important. And although it is a good website, privacyTools.io has an alexa-rank of top-200k-websites-in-the-world at the moment. It is in the top-100k-websites for english-speaking countries, as well as places where the population has a lot of English-fluent people: USA, UK, ~India (not quite in top 100k yet), Germany, Poland, etc. But it is not yet as famous as wikipedia, or anything!

So I think, this particular issue#868 should primarily be about whether-and-if-so-how, to link unto twitter/reddit/facebook as discussion & participation areas (as distinct from strategic "recruiting areas" where we try to funnel people off those sites and onto alternatives). Github-versus-alternatives is discussed in other issues already, some opened recently by @libBletchley this year, but others older. I would recommend starting a new a distinct github-issue to discuss Paypal-vs-alternatives, it is a complex subtopic.

form a working group on this

Suggest you open up a discussion-issue, here on github, and then see where it leads. There are a lot of ways that privacyToolsIO can receive fungible assets, and some of them are more effective than others (paypal being where a lot of money rolls in apparently to help fund the bandwidth of the mastodon-self-hosting instance and suchnot). Some of them are going to be more privacy-respecting, but the question of whether the payment-processor is ethical is very much distinct: now you are going over into a discussion of whether they are muslim versus christian versus atheist people owning the payment-processor, whether the payment-processor does business with customers in 5eyes countries, if the people who work at the payment-processor believe in global warming, and all kinds of things that are totally unrelated to privacy/security.

PrivacyToolsIO needs money to wage a mindshare-war in the battle to thwart mass surveillance, as well as to fund the tools&services the site provides. Whether that money comes to them via donors who are ethical-by-some-metric, whether that money comes to them thru payment-processor-firms who are ethical-by-some-metric and/or run by people who are ethical-by-some-metric, is a very sticky wicket slippery-slope kind of discussion. Money is fungible, and the donation-bucks that arrive will be used for educating humans about privacy, which is a good cause. I don't believe the ends justify the means, and that privacyToolsIO should accept money from anybody via any mechanism, but I do not want to see strict purist standards of "privacyToolsIO is evil if they accept money because all money is evil" type of thing. That is counterproductive to the actual goal here, which is to educate people about privacy with an eye to thwarting mass surveillance.

would now add Reddit to this category too

The primary downside to reddit is that everything is stored unencrypted. They are not facebook, but they are not really safe from facebook and google and other such firms, either. This is not a black-n-white area though, there is a spectrum of inherently-not-privacy-respecting all the way to so-privacy-respecting-it-is-useless-as-a-public-forum. We could try to hold all discussions about how to improve the website-listings in a secret underground bunker in the Swiss Alps using an airgapped internal LAN ... and tell no one the location ... which would be very private. But not very effective :-)

@Mikaela Mikaela added the Ghost label May 20, 2019
@nitrohorse nitrohorse added 🌐 website issue *Technical* issues with the website. and removed 👻 labels Aug 3, 2019
@jonaharagon
Copy link
Contributor

We're now placing a higher focus on our forum over Reddit, and Liberapay and crypto over Paypal. All the other pages are barely used (i.e. pointers to PTIO). I'm not sure if we need to make any further changes.

@strypey
Copy link

strypey commented Apr 9, 2020

I know this issue was closed, but for the record ...

@five-c-d

So I think, this particular issue#868 should primarily be about whether-and-if-so-how, to link unto twitter/reddit/facebook as discussion & participation areas (as distinct from strategic "recruiting areas" where we try to funnel people off those sites and onto alternatives).

I accept that neither PTIO nor any other tech activist group have any control over what websites people generally use. But what we do have control over are what websites we ask people to use, in order to participate in our projects. If anyone who cases enough about privacy that they have already deleted their accounts on all datafarms (or never had them) has to set up accounts on them in order to participate in PTIO, we are doing something badly wrong.

As Stallman put it in regards to another datafarm:
"for you to use Skype is to encourage someone else to use Skype, which means you're pressuring someone else to surrender freedom as well."
https://stallman.org/skype.html

In contrast, if we hold discussions about PTIO listings on the PTIO-hosted Discourse forum, instead of Reddit or FB, we do three things:

  • Encourage people to try out one of the tools that any community can use for group discussions instead of using datafarms, where they will discover that free code tools can be just as user-friendly, if not more so.
  • Avoid asking people to use those datafarms (any more than they already do)
  • Avoid contributing to the network effect by which datafarms suck in more people to milk for their data.

Even if PTIO was the only organization doing this, it would have a small positive effect, and avoid a small negative effect (in relation to the project's own privacy goals). But it isn't. Many other tech activist organizations already do this (eg the FSF), and the more we do it, the larger a positive (network) effect we create.

but the question of whether the payment-processor is ethical is very much distinct: now you are going over into a discussion of whether they are muslim versus christian versus atheist people owning the payment-processor ...

This is a strawman. If it's not obvious, when I ask if online services are "ethical" in this context, I mean tech ethics, such as whether a service respects privacy, software freedom (without which there's no way of checking that privacy promises are kept), and so on.

We could try to hold all discussions about how to improve the website-listings in a secret underground bunker in the Swiss Alps using an airgapped internal LAN ... and tell no one the location ... which would be very private. But not very effective :-)

This kind of reductio-ad-absurdum is disrespectful to your fellow volunteers. I, for one, would really appreciate it, if you could confine yourself to disagreeing with the arguments that other volunteers have actually put forward, rather than putting obviously wrong arguments into their mouths, so you can present your own counterarguments as obviously right.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
feedback wanted 🌐 website issue *Technical* issues with the website.
Projects
None yet
Development

No branches or pull requests

7 participants