This seems a reasonable criteria to take into account.
Reliability in the long run is essential as many already have pointed out especially for centralized services.
I’m thinking maybe we could set a minimum of like 3-5 years and then rate the service higher the more time is on the market?
We could maybe accept new younger services if there is no equivalent already on the market and adding a disclaimer warning that it hasn’t pass the test of time yet.
I would say we shouldn’t ban from some criterias but rather encourage good criterias. Some rule like " For online providers, we prefer projects that are sustainable in the long term. This can be achieved trough freemium /subscription based model or donations because of strong community or institutional support. (Grants are also acceptable, as long as it is compatible with the company mission, ie Tor/Proton can’t receive money from the NSA but can from another government branch with a censorship-evasion goal.)
For funding, especially Venture Capital (VC) funding it should be avoided or kept to a reasonable level. A Mail company can’t except to make millions a year and therefore shouldn’t receive millions in VC-funding.q
Even more than that actually, 105 Million + an additional 1 Million per year I think.
But it isn’t an Apples to Apples comparison. Brian Acton is a Signal Foundation board member and passionate about Signal’s mission, the loan is unsecured, 0% interest, and doesn’t need to be repaid for 50 years. Signal is also a non profit corporation.
1Password is venture capital funded and is also listed on Privacy Guides, looks like they are expanding pretty rapidly too, however they are quite a long standing company having been established in 2006.
They are recieving huge amounts of VC funding, in 2022 they closed their Series C funding round with $620 million.
I don’t think this has had any impact on the product itself, just something to be aware of.
To be honest I don’t think VC funding is really a measure of anything. It may be an interesting thing to look at if the VC has funded other privacy invasive projects in the past (because they simply don’t care how they get to monetization) but other than that I can’t really see it meaning anything.
I think the issue for Skiff might have simply been poor management in a couple of areas specifically their funding model from clients (for example giving 100GB away for free to every free user) while generous isn’t going to encourage anyone to pay for the service. Services like these can’t run for free.
The other thing being marketing, they were particularly aggressive and push with being listed on PG - I suspect to inflate their numbers as they knew this Notion thing was going to happen.
That is why we weren’t in a rush to add it, particularly when it it initially had zero data liberation features, among the other issues mentioned in the other thread.
You are plain wrong IMO. Once company gets backed by VC, they become their dependant. Sad. Think how many valid companies were ruined by this kind of, say it straight, greed? VC = greed; like it or not.
Having said above, I wholeheartedly agree with banning VC backed projects.
I think it’s important to remember a company is that, a business, they sell a product. I think the issue is when the company has no method to be sustainable, the problems start to reveal themselves.
Whether or not a company is VC funded, it is, that a company and the intention is to turn a profit. I do think companies without a good business model though are more susceptible to adopting bad practices out of desperation to remain viable.
The reason I don’t think we should simply ban a thing that is VC funded, is because there are plenty of reasons a company can go under, and we’ve seen that it can have nothing to do with VC funding (eg CTemplar). Likewise we’ve also seen companies with a good model, end up being quite successful, Proton, Bitwarden, Matrix etc.
Thats clear sign of management’s lack of ability to manage company properly. Every company can be brought to misery if everything management think of is money.
Exactly, and it can have nothing to do with VC funding, simply who is in the boss chair.
If we look at CTemplar example, bad marketing, can mean people don’t trust the company. You rarely get a second chance to have a do-over in that regard. As a result the prices were higher than competitors, which further gave people little reason to choose them. Ultimately that’s why they had to cease operations.
Thinking of money is exactly what a company should be doing. Where is it going to come from? How much have we got to spend? What is the competition doing? How much are we going to make over X time. If we keep spending this much money now, how long will it last etc.
These are basic market research things, which if you have no idea about you’re not going to be successful.
Bad marketing simply can be saying some bullshit that people don’t believe, or call you out on, and then having to step away from it.
Directly not, but VC’s operates the way that they excersise their influence (by offering financial/personal profits like new house/car/whatever to CEO); by this they make CEO dependant. CEO than acts out of fear/thankfullness/whatever and brings company to misery. And thats when they (VC) buys out company (marketed as miraculously saved etc).
This is the way VC works. One should stay away from them regardless.
Money as in profit. Problem (I was thinking of) was they think of money as personal gain.
Lets put it straight: VC means form of corruption. They are shady. I would not trust VC no matter what.
A VC really only adds extra scrutiny to the business process imho. If it’s unsustainable business it’s going always going to be unsustainable regardless.
Services come and go for many reasons and there is no real way to predict that. As a user there really is only two things you can do make sure the services provide data liberty ie a way for you to export all your data, or alternatively only go with a business that is big and been around for a long time. The latter means not jumping on brand new services which are yet to prove themselves. Everything else is pretty much theater.
In regard to email providers, the best thing you can do is make sure you use your own domain, and make sure you have a copy of your email, either in maildir, or mbox etc. I find isync a great way to keep a whole copy of my mail locally. This is one of the reasons I’d never choose a provider which doesn’t allow me to access email through open protocol like IMAP/JMAP etc.
It’s really just a loan on the viability of a business. If the business was never viable then it was never going to make it anyway.
If we were to implement a ban on VC funded projects it would be simply hypocritical as there are many products which have benefited from VC funding, (Proton, Bitwarden, Matrix, SimpleX etc). Should we remove these too? Of course not. But then we’re basically saying “okay that’s fine if you got VC funded in the past but we’re not going to allow anyone else to”. This really isn’t a measure of whether or not the product is even any good.
That also really isn’t in the spirit of what Privacy Guides is about - especially as privately funded businesses can fail as well, and maybe even less transparent about where there funding comes from or how much they have.
If a company has no VC funding, and no private investor, where are they supposed to get capital from initially? Believe it or not it is quite difficult to start a new sustainable company and compete with larger corporations that can afford to make a loss on a bad product. (Google kills products all the time, and doesn’t go bankrupt because of it).
If they’re a privacy respecting service, they won’t be selling data and will be encrypting it E2EE as much as possible. They’re still going to have to pay for data center fees to remain online. and continue to pay for development. Unless they have a money tree, that’s never going to work is it?
I think that specifically with email providers, we could include a strict time period of how long the product has been on the market (beta excluded) before being able to get included. Since changing email providers can be cumbersome, we should be careful when recommending new ones. So, maybe something like three years could be good. Since Skiff came out of beta in November 2021, this rule could have prevented our mistake of adding them too soon.
That isn’t really a measure of anything. Skiff isn’t a new product and was around for quite some time before we added it. An arbitary timeframe after a few years has a diminishing return on the metric it is trying to measure. For example if 2 years is not good enough is 3 years good enough? what about 4? none of these values really mean anything.
I think the problem is people want a “be all” “end all” item on the critiera that rules out every service that could sell or whatever. The issue is the world is not perfect and no such item can be added. Likewise people often want things listed or items added that validate their own personal choices and that is not what Privacy Guides is about.
Really the best protection there is to have your own domain. Some people nevertheless will not want to do this.
That’s not exactly new, and while the email part was 2021. I was looking at the Wikipedia article and found this amusing gem:
According with a WSJ article published in 2023, allegedly the Russian government banned Skiff from Russia, because of Skiff’s end-to-end encryption business model (and also due to the company’s persistence in not handing over users data for the Russian Government).[19] As a result skiff faced a 81% drop in traffic from Russia, and Andrew Milich itself stated that Skiff’s engineers were scrambling to find ways to restore access to Russian users after the occurrence.[19]
I think we all looked over the best argument made by @davidcollini here which he turned into another one. But just quoting this out of context this is really the right answer imo. Skiff Mail did not bring anything that current recommendations did not solve.
We should be way more hesitant especially with critical categories like email or instant messengers to make other recommendations. It also doesn’t benefit us much to add more players here realistically. We can always add them when suddenly something dissolves. I think we can all agree that Skiff did not have the same reputation yet as Tuta and Proton have.
PG has a thoughtful system to recommend solid providers - it keeps competition healthy and looks out for us users. I think we can build on that:
Create an “up-and-comers” category where new guys operate <5 years before they graduate with the veterans. Lets fresh ideas bubble up while still ensuring some maturity.
Note how providers are funded (independent, VC) and structured (B Corp, co-op, etc.) so we know the real deal.
Keep multiple recs, even if there’s a clear #1 player - gives us backups if something goes south.
Consider a public policy like “match or beat the incumbents” for any newbies - keeps innovation cranking.
Stick to the strict screening before giving recommendations so fly-by-night guys don’t squeak through. Keeps things stable long-term.
The big moves are formalizing that up-and-comer status, being transparent on who funds/structures providers, always having back-ups recs, and keeping quality bars sky-high over time. That provides options while incentivizing maturity and competition.
I think there’s also a bit of confusion here. notion.so bought Skiff, and they’re not even a VC. I think people are getting confused with notion.vc which funded Element. This is just a product which simply had a regular private sale.