A proposal regarding "brand accounts" on the forum

Hello everyone,

Discussion topic

I want to gather your thoughts on shared/“brand” accounts on the Privacy Guides forum.

2025-04-24 at 12.43.45546×176 9.45 KB

2025-04-24 at 12.43.54476×164 8.83 KB

While I can’t stress enough how fantastic it is that privacy-focused organizations are reaching out to the community here, as the forum grows and this occurs more often, I worry about the effect this will have on community discussions.

This forum was always meant to be a community of people interested in privacy, and not overly commercialized or support-focused. Frankly, brand accounts on any platform tend to be less clear and authentic because they have to speak for the entire brand, all the time.

They also can suggest a larger presence in the community than actually exists. I see community members try to ping or reach out to some of these accounts on occasion, but it isn’t very clear whether they are monitored.

Proposal

We have a good number of developers and other project members participating in many discussions with individual accounts. Our existing verification process ensures these people are who they claim to be, and very clearly marks them as affiliates of different projects:

2025-04-24 at 12.39.51546×172 12.6 KB

2025-04-24 at 13.31.57448×154 9.55 KB

2025-04-24 at 12.40.14544×176 12.6 KB

2025-04-24 at 12.40.22538×154 14.8 KB

Very often we see much higher quality contributions from teams which participate in this manner, because there is an understanding that they are not always speaking on behalf of their employers, and there is more direct accountability for their words. In other words, the community is better able to judge the qualifications and “powers” of the person posting, whereas a brand account could be hiding anyone from the CEO to a Tier 1 support staff that isn’t able to impact the company no matter what is asked of them.

Therefore, a new rule I might propose would be a one person = one account requirement, so that all company representatives are here in the manner above, rather than behind shared accounts.

(For particularly privacy-conscious organizations and individuals, I would point out that this is definitely not a real-name policy or anything, and “pen names” could be permissible as long as each account is individually operated.)

If we think this is a good idea, we would kindly/humbly reach out to groups who already have shared accounts on the forum, and ask them to become individual community members instead, and we would verify their team’s accounts like above if they choose to do so.

Potential Downsides

I see the downsides of this being mainly for brands themselves, not the rest of the community, but that doesn’t make them less valid. Mainly, this change could make it more challenging for organizations to participate. Shared accounts of course have more consistency in messaging, and can be manned by multiple people to ensure conversations aren’t missed.

The reduced visibility of an organization’s branding might also discourage those organizations from participating at all, which could diminish valuable contributions from these teams.

The solution proposed above of course will add more complexity for brands looking to contribute to discussions here, but I am currently leaning towards it being worth the change, because we tend to see teams with individual accounts be more active in discussions and more accountable.

I am particularly interested in the opinions of existing stakeholders here, like @Tuta_Official, @Proton_Team, @ForwardEmail, etc.: Whether this change to our community rules would make it unreasonable for you to contribute to discussions about your products/organizations here in the future?

Additional functionality

For companies/organizations committed to a larger presence in our community, and who require more structured representation here than our current verification system allows, we could potentially be open to company-affiliate badges (see @sgp’s profile for a live example of what this would look like with MAGIC Grants) to make it even clearer about whether their presence is official & company related or not, like so:

2025-04-24 at 12.53.23868×374 35.9 KB

This feature could also allow shared DM mailboxes and group pings (i.e. anyone could ping or message @company to notify all team members) if the company/org was really interested in having a very formal structure here, but that feature wouldn’t be required of them of course.

Ultimately we want to encourage as many privacy-related organizations to join here as possible, because their contributions to discussions greatly benefit everybody involved, but we also need to make sure that we uphold our own mission and values, and direct communication with the teams behind products will always be better for community discussion than communications with entities abstracted away behind brands.

I do anticipate that some brands will simply choose to not participate at all if this happens, which will be a bummer in the short-term, but as a long-term strategy I think this will improve the forum immensely. Personally I think this is likely the best path forwards, and I’m interested in the rest of yours’ thoughts as well

Edit: unfortunately due to an error I made attempting to edit this post, some votes from the first few hours of the poll were lost. Sorry

Is there a reasonable expectation of the person’s role behind the account?

I like to assume that a public persona is needed for the employees managing these accounts anyways. It won’t be harmful in most cases.

At least in terms of the verification process, we should account for employee turnover. We may need to approve separate representatives because the original point-of-contact would be: a) no longer at the company or b) assigned to other tasks because of a promotion.

This approach would work for smaller projects though, especially one-man or small team developers.

Currently we’ve had no issues with verification, so I don’t think that will be a concern. If an organization is interested in a more formal setup like the one I detailed at the end of the post, it would be possible for us to appoint certain company representatives with the ability to verify the rest of their team on their own, which could be nice for companies who want to ensure accuracy and control of that status (especially if they have high turnover, etc.)

This is part of my line of thinking, because if the people who are managing these accounts aren’t able to have a public individual persona associated with both themselves and their company, then I am not actually sure if they are even able to provide the type of value the community expects from their discussion participation.

I’d also like to hear the thoughts of some of the directly effected parties (both those who chose to make a brand account, and those who chose to make brand affiliated individual accounts).

It’s not a fully comparable situation, but as a partial analogue, I’ve appreciated how on the forum the PG team tend to speak more as individuals–affiliated with PG, but not necessarily speaking on behalf of PG as a whole or on behalf of some existing internal consensus in most cases. I think there is value in seeing different points of view of different team members, and value in people being able to feel they can share their thoughts without it necessarily being taken as an official statement from the organization.

On the other hand I can imagine there being value to general brand accounts that I’m not fully appreciating, and possibly some middle-road solutions between status quo and outright prohibition. I’m curious to hear what others think.

Most of the discussions here are related to services/products of companies. Especially for smaller companies it’s often harder to get feedback. Therefore we would be against this change, as it’d create an unnecessary barrier to communicate. This change would lead to folks going to other communities and discussions – and most importantly not permit us to comment or contribute (especially when false information is shared).

I do agree with Kevin here. If you want individual users @jonah we need to give some kind of user access management for organisations so that they can revoke access for employees.

Also I think that it will be confusing if it is an official response or a personal opinion and not allowing of employees to hide behind the brand, which is also a privacy feature for employees.

Given these two issues I wouldn’t be in favour of this.

What is the actual issue in this case? As noted, a system for organizations to verify their employees is not a problem.

Requiring transparency from vendors is a feature of this proposal, not a bug.

Genuine question: What exactly is the barrier that would prevent your team from commenting/contributing if this change were made?

Another potential option could be preventing brand accounts from posting to Privacy > Project Showcase, so they could participate in existing threads about them, but wouldn’t be able to post new threads about themselves.

Our areas related to self-promotion are intended for community members to show off what they’re working on, so we would want participants to have “more skin in the game” so to speak if they want to derive more value from the community than being simply a support presence.

well many organisations want - and should - protect their employees from such exposure. I think this is different from public ownership (which we do require).

I don’t think this is as easy as you make it seem. It will require some hierarchy of accounts, how do you propose to maintain and verify that specifically? I also don’t believe companies would be willing to set that up nor provide such information.

Generally I also question what we solve here. I don’t think there much of an problem here.

Personally I think a better compromise would be banning brand accounts/employees from making threads about their product and posting update notes that don’t have any relation to previous discussion in threads about their product. Posting update notes that say “fixed bug where changing your username was impossible on Tuesdays” is fine if a user here was having issues because of that, but companies posting every patch note makes the forum feel like an SEO farm or an RSS feed for privacy related products rather than a place for meaningful discussion.

TL;DR: I think brands should only be here to contribute to the discussion about their product. They should not be sparking the discussion or treating the forum as a blog.

Absolutely this. I don’t think we need a stream of release notes from companies. At the least, it should be sectioned off to its own category which I can ignore

I also see this, and if anything this allows the community of PG to help shape products to be privacy focused. This is powerful, as the community can give strong feedback where it’s needed. The Presearch engine is a strong example where the community was very candid on the product.

—

Rather than a blanket ban, maybe we can set some rules / guidelines to facilitate productive conversations for brand ambassadors? I don’t want SEO spam, but I also believe it’s an opportunity to have our voices heard.

There are already pretty clear guidelines regarding self-promotion and the like on the forum:

This doesn’t really relate much to whether brand accounts should be allowed, though, and further discussion on this subject is best kept to a separate topic.

I haven’t really reached a clear conclusion on whether I think ‘brand accounts’ should or should not be banned. Perhaps it would be enough to simply strongly encourage the use of ‘individual accounts’ (as many brands already choose to use on this forum). It seems clear that some brands who would like to engage with the forum would be left unable to do so with this proposal as a hard rule.

I mean, I don’t think this has been clearly demonstrated actually, but I am definitely interested in hearing the thoughts of current organizations with brand accounts in our community

If we do such thing i would at least will like new projects to be able to show case their work.

I think it is important to this topic because the promotional aspect is why some of these brand accounts are here. Stronger rules against self promotion would (hopefully) clear up most of the problems with low quality posts that Jonah was talking about. The @Tuta_Official is a good example of brand accounts only being a problem when they make promotional posts. They’ve made posts about important topics such as chat control in the EU last summer, they’ve commented on posts about their products, but they’ve also made posts about sales and updates that don’t belong on this forum.

I think showcases should only be showcases. No promotional language, just the project name, what it does, a link to the source code (if available), any relevant info about their cryptography, and a link to their site where we can learn more. I’d say a fixed character limit of 1-3 thousand would probably help keep things under control as well.

To be clear this proposal isn’t about any particular accounts, and I’m not sure if I would agree with this assessment necessarily. It is less of a problem with companies like Tuta which are also active in other topics, because we do want people and organizations who are genuinely part of the community (which Tuta arguably is) to feel free to share news about things they are working on.

The problem is that there definitely is a line where brand accounts can be overly self-promotional, and enforcing that line with some companies and not others will appear to be somewhat arbitrary.

The advantage of the proposed rule to require real individuals behind accounts is that we can moderate these threads by taking action against individuals as necessary, without having to make a judgement call on an entire company of people at once. If we say that we want to allow genuine community members to showcase their work, for example, then we need a means to hold those community members accountable to a higher standard of discourse.

In creating this line, some brands like Proton or Tor which arguably haven’t really contributed to this problem in the first place will get caught up in the change anyways, for consistency’s sake, which is why we are seeking input from the affected accounts here.

well many organisations want - and should - protect their employees from such exposure.

Maybe this can be mitigated if verified employees use Anonymous accounts?

My concern is that this seemingly just makes it more annoying for brands to contribute and may just incentivize them to go elsewhere. Most of the individual accounts you point to as an example rarely contribute to the forum. While I am relatively new to this community (not as new as my anon account might show) I really haven’t seen much of an issue with these generalized brand accounts.

This is all to say that there doesn’t seem to be enough negative issues from this “problem” where solving it provides any actual benefit. To me, there is a lot more issues with bad faith user responses then bad faith brand responses.

I also don’t know if it makes sense for a company to have to dedicate a single individual or go through the process of verifying different individuals each time they want to respond to some form of disinformation intentionally or unintetionally spread about their product on these types of forums.

I agree that banning non-individual brand accounts is an excessive action to counter self-promotion. It will needlessly raise the barrier to participation, when the problems it purports to solve can simply be solved by more strict policies on self-promotion.

I don’t think ambiguity over the role of the individual positing is a problem that needs solving. I am anonymous. You don’t know if I am a software developer, law enforcement agent, abject fool, or even multiple people. All you can do is assess the quality of my posts to assess my character; or not worry about who I am and solely assess my posts on their merit. I don’t see how being uncertain whether the HypotheticalBrand account is being used by the CEO, CTO, or an intern is a problem. If you don’t know, you just don’t know. That shouldn’t be arbitrarily banned. We can encourage individual employee accounts without outright banning shared accounts.