Could a nonprofit digital security organization work?
9/9/2022 6:49 am | : 4 mins. | Share to:
A recent discussion on HackerNews about the Bitwarden funding round included something which I found a very compelling idea and have been thinking about it for the past two days. The idea was a nonprofit that managed and provided privacy and security tools. I find this compelling because it would, ostensibly, remove the slippery capitalistic slope and hopefully ensure a service users could trust.
The closest example I know of is Mozilla, makers of the Firefox browser (my browser of choice.) And they do provide a number of tools in this realm such as password management (though, only through the Firefox browser) as well as email protection (when you don't want to give your real email, they provide a redirection) and even a VPN tool.
My first bit of criticism is that with few exceptions, these tools funnel through Firefox and are not standalone offerings. Which, in the larger scope, is a minor thing as more and more computer-based activities become online-based driven through the web browser. The biggest pain point, and the reason I don't use Firefox's built in password manager, is that I also utilize it for credentials which I need outside of the browser. So, for example, I have Bitwarden's desktop client installed on my mobile phone and laptop.
My other criticism of them (in the vein of this discussion, admittedly I do not know enough to know if this is really a problem.) Organizationally, they utilize a corporation within their nonprofit structure. There is a very good chance that there is a sound reason for this that has to do with taxes or benefits, etc. though for people like myself it seems like a way to just make more money without the restrictions of a nonprofit. A cursory Google search says the top reason is to "separate activities from the parent company," which I interpret as being: "So we can make more money."
My resistance, and the entire reason a nonprofit seems interesting, is that it removes the capitalistic incentives for the company and lets it focus on the moral incentives. The downside being the criticism which I saw in the HN conversation, this is a demotivator for employees. If they joined it as a 'startup' then they have financial motivations which likely are being rewarded by the Bitwarden VC funding round, for example.
Perhaps this entire idea is pipe dream, but I find it an enticing one. I'd love to start this sort of nonprofit and try to develop it into a sustainable for-good enterprise.