Its inspiring to see so much financial commitment to an idea like this, but disheartening to see it go to the wrong place -- a Kickstarter, not the Tor Project.
Maybe we, as the FOSS community, need to start utilizing crowd sourcing more. Maybe we can use the marketing from Heartbleed etc. to launch a Kickstarter to audit OpenSSL, and use the NSA revelations to launch a Kickstarter to run more exit nodes (which are depereately needed -- about 1k nodes for 2M users). The project to audit Truecrypt seemed to reap the benefits of this quite effectively.
I'm not familiar with the TOS for Kickstarter so maybe this isn't possible, but clearly the general public clearly has more interest than we (I) thought. They just don't know how to channel their support effectively.
The problem with traditional fundraisers is that the rewards don't align well at all with FOSS projects. I ran a fundraiser for a FOSS project and part of the reason I feel it was successful was because I put a lot of work into coming up with rewards that were a good fit with the community.
The big thing is that most FOSS fundraisers adopt the same perks used by proprietary software. These are typically vanity rewards or early-access. Early access is straight up anti-social when it comes to FOSS. Giving people the ability to steer the project makes a lot more sense.
Of course no one has software for that, so I had to make my own.
> run more exit nodes (which are depereately needed -- about 1k nodes for 2M users)
What is the ideal ratio of exit nodes to users? It seems that too close to 1:1 is going to be almost as bad as too few nodes, at least to my (not particularly well versed in Tor infrastructure) thinking.
Thats a difficult question I'm not qualified to answer, and in hindsight that statistic was confusing. The real issue with the tiny amount of exit nodes in operation is a fundamental weakness in Tor; if an attacker can run a large enough percentage of Tor nodes (not necessarily just exit nodes), they can use traffic confirmation attacks to deanonymize users.
https://www.bountysource.com/ wants 10% on cashout, which sounds like a reasonable fee of operation. I have no problem with people making a living of that. OSS is no charity.
Well, there's Gratipay (formerly Gittip), which is a great platform since it allows you to support an open-source project through regular payments. Unfortunately, the project has not yet received broad adoption, which I hope will change in the future, though.
It's all well and good to build one, but this project didn't get 600K because it's a good idea - it got it because it hit the right buttons on the largest by far crowdfunding website around.
If it's not permitted on Kickstarter, we would probably do better to convince them to allow it, with certain restrictions of course. A purpose-built site simply wouldn't have the traffic to produce that kind of funding for smaller projects.
Agreed. The money would be much better if given to The Guardian Project. I wish those guys would get involved in building hardware project like this - as the demand is definitely there.
Maybe we, as the FOSS community, need to start utilizing crowd sourcing more. Maybe we can use the marketing from Heartbleed etc. to launch a Kickstarter to audit OpenSSL, and use the NSA revelations to launch a Kickstarter to run more exit nodes (which are depereately needed -- about 1k nodes for 2M users). The project to audit Truecrypt seemed to reap the benefits of this quite effectively.
I'm not familiar with the TOS for Kickstarter so maybe this isn't possible, but clearly the general public clearly has more interest than we (I) thought. They just don't know how to channel their support effectively.