Jump to content


Photo
- - - - -

April projects funding


  • Please log in to reply
18 replies to this topic

#1 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7701 posts

Posted 25 April 2014 - 01:05 PM

Hello!

We have many projects for this month (April) in no-profit forum. Great!
Which one shall we fund?

As explained in Guidelines:

In order to achieve total transparency, we would like to tie this project to AirVPN promotion but at the same time we wish that it is handled by the community to guarantee that it is a real and impartial work. Therefore we aim to build a staff of moderators that don't work with AirVPN Staff and can manage and decide how to distribute the funding availability that AirVPN service can allocate to no-profit projects.



We are thinking about a poll.
But we can't guarantee that people won't create many accounts only to submit a vote.

Available options:

  1. Any member can vote.
  2. Only premium members, with at least one month subscription, can vote (to avoid votes from Trial accounts)
  3. Only members of a special group can vote. Initially, those who have suggested a project would be included in that group: PirateParty, gigan3d, urbanconcrete, pfSense_fan, dwright. The same group would decide the next members, typically those who propose an on-topic project.
  4. ? Other ideas?

 

We're looking forward to hearing from you all.

 

Kind regards

 



#2 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 25 April 2014 - 02:23 PM

Option 2 seems to be most democatic, and IMHO only projects that currently help AirVPN infrastructure should be candidates.

For example, LibreSSL seems like a very good idea, but unless we see and use it everyday, I don't think it should be a candidate.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#3 athelstan

athelstan

    Member

  • Members
  • PipPip
  • 26 posts

Posted 25 April 2014 - 06:53 PM

I agree that Option 2 is best; it encourages participation and avoids creating a group of 'elite' members. In the light of this report yesterday http://www.securityweek.com/tech-titans-launch-core-infrastructure-initiative-secure-key-open-source-components I'm not sure how useful LibreSSL will be.

#4 Solex1

Solex1

    Advanced Member

  • Members
  • PipPipPip
  • 40 posts

Posted 25 April 2014 - 09:49 PM

Hello Staff and Menber,

 

It's a hard call  PirateParty, gigan3d, urbanconcrete, pfSense_fan, dwright contribute there time to help other. As does Airvpn Staff who are excellent.

Regards,

     Solex1



#5 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2627 posts
  • LocationGermany

Posted 25 April 2014 - 10:45 PM

Option 2 seems to be most democatic, and IMHO only projects that currently help AirVPN infrastructure should be candidates.

For example, LibreSSL seems like a very good idea, but unless we see and use it everyday, I don't think it should be a candidate.

 

I agree that Option 2 is best; it encourages participation and avoids creating a group of 'elite' members. In the light of this report yesterday http://www.securityweek.com/tech-titans-launch-core-infrastructure-initiative-secure-key-open-source-components I'm not sure how useful LibreSSL will be.

 

I agree with those two gentlemen.

 

And no, I don't like the people at LibreSSL. Would you change your girlfriend just because she accidentally sprained your leg? Your leg will be okay somewhen, and you can't know your new girlfriend's secrets. ;)

Sure it's important to have a choice and maybe they are doing the right thing with "cleaning OpenSSL's code" (their own words). But let's just sit down, make a camp fire, sing a song and relax. Let's just find out the destiny of LibreSSL. If security researchers and the time likewise explicitly say "yes, we recommend everyone prefering LibreSSL over OpenSSL" then we can think about funding it. To me it's a newborn and doesn't deserve much attention for now; at least that's what I say.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#6 urbanconcrete

urbanconcrete

    Advanced Member

  • Members
  • PipPipPip
  • 49 posts

Posted 25 April 2014 - 10:51 PM

I would say option two would be the best, but it would exclude me at the moment.   -_-

Is it possible to suggest something twice, like when i can subscribe a new plan ?



#7 PirateParty

PirateParty

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 26 April 2014 - 05:37 AM

I think option 2 is the best and mostly everyone else agrees  :yes:


https://cryptoforums.net/ Computing, Crypto, Security & Privacy Forum


#8 XQWeir97

XQWeir97

    Member

  • Members
  • PipPip
  • 19 posts

Posted 26 April 2014 - 01:40 PM

Option 2 seems to be most democatic, and IMHO only projects that currently help AirVPN infrastructure should be candidates.

For example, LibreSSL seems like a very good idea, but unless we see and use it everyday, I don't think it should be a candidate.

 

I don't know about most "democratic" process... (democratic equals "two wolves and a sheep voting for what's they're having for supper".) But the discussion of so-called "democracy" is for another topic.

 

I want to thank AirVpn for your willingness to bring this before your customers. Although you would like "transparency" and our input for suggestions, I don't believe you would have to necessarily be subject to our vote. I believe the ultimate decision is yours, as Air is a private company. We very much appreciate that you would seek our input. After all, there might be a better choice, or one that is more deserving, that receives a minority of votes. The majority isn't necessarily knowledgeable about the issues, nor are they always right.

 

With that being said, any project that coincides with the stated Mission of AirVpn would certainly be acceptable to me.

 

It seems that Option 2 would give you the best cross-section of suggestions and ideas.

 

Best regards,


Laurelli

<my rant>Privacy is a right and expectation that the citizens of the world once enjoyed, but took for granted, and have lost. Today we are made to believe that we only need privacy if we are doing something wrong. I do not believe this lie. Today we are told by our governments that we can have no expectations of privacy, for our own "safety" and for "the greater good" of society. Personally, I don't need a big brother to protect me, and I will NEVER choose to surrender my rights and my liberties for so-called safety and security from a boogie man. I will continue to use services, such as AirVpn, in order to exercise my right and expectation of privacy. Would that the sheep would learn.</end rant>

 


#9 S.O.A.

S.O.A.

    Advanced Member

  • Members
  • PipPipPip
  • 262 posts

Posted 27 April 2014 - 12:13 AM

Option 2



#10 dom1ab

dom1ab

    Member

  • Members
  • PipPip
  • 27 posts

Posted 27 April 2014 - 08:11 PM

I think a poll with option 2 would be the best thing to do.



#11 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 27 April 2014 - 11:04 PM

Option 2 seems to be most democatic, and IMHO only projects that currently help AirVPN infrastructure should be candidates.
For example, LibreSSL seems like a very good idea, but unless we see and use it everyday, I don't think it should be a candidate.

 

I agree that Option 2 is best; it encourages participation and avoids creating a group of 'elite' members. In the light of this report yesterday http://www.securityweek.com/tech-titans-launch-core-infrastructure-initiative-secure-key-open-source-components I'm not sure how useful LibreSSL will be.

 
I agree with those two gentlemen.
 
And no, I don't like the people at LibreSSL. Would you change your girlfriend just because she accidentally sprained your leg? Your leg will be okay somewhen, and you can't know your new girlfriend's secrets. ;)
Sure it's important to have a choice and maybe they are doing the right thing with "cleaning OpenSSL's code" (their own words). But let's just sit down, make a camp fire, sing a song and relax. Let's just find out the destiny of LibreSSL. If security researchers and the time likewise explicitly say "yes, we recommend everyone prefering LibreSSL over OpenSSL" then we can think about funding it. To me it's a newborn and doesn't deserve much attention for now; at least that's what I say.

I figured many would think my suggestion was premature. Part of me does as well.... however...

To play along with your analogy: Imagine you are a fitness and health guru and you met a lovely young lady that shared your passion for fitness. This girl is everything you have been looking for. Attractive, intelligent and the time you spend together is magic. You share your every bit of being. She's the only one for you.

Now imagine that once she got you hooked, knowing you loved her every bit of being, she no longer had to try. She's "the only show in town" and she knows it. She stops going to the gym with you. She stops jogging with you. She stops the healthy eating lifestyle you one shared. She lets herself go and is no longer the fitness queen you wanted to share your life with. She becomes "bloated". To top it off, now she ignores you, and starts to pay attention to other men.

Do you continue to hope she will get back to the woman you fell in love with? Do you look for alternatives? It's hard because we become invested in our relationships, and want/hope for the best concerning those we care about. But you have to do what is best for you. That is what dating is supposed to be about, finding out who is right for us. Sometimes, after dating the beauty queen who didn't appreciate you, you will give more attention to the nerdy girl who appreciates you back...

Privacy and security is our fitness and health passion, and OpenSSL is that girl that seemed to be everything you were looking for. They were not keeping up with you, and they were taking on code for government compatibility programs and code for systems that 99.9999% of the internet don't use and could potentially open vulnerabilities for you.

Whether or not OpenSSL gets fixed, I do not believe we can continue to trust to put all of our eggs in one basket. A little competition, if anything, will be good to drive change at this time. It will encourage them to keep "fit" knowing they could lose their partners. Whether one "likes" them or not is irrelevant, the code that the OpenBSD Foundation puts out has time and time again stood out as some of the best and most secure out there. Most people use code regularly that OpenBSD Foundation created, it even appears in some windows firewall software. PF is regarded as the most secure firewall, and many people rely on OpenSSH. Yet they almost had to shut down a year ago until a billionaire donated a decent sum. They still only brought in about $60,000 to use on hosting fees and fund developers. It would be a huge loss to the well being and security of ALL OF US and the internet as a whole if they had to "close shop".

My suggestion was not just for LibreSSL, it was for the OpenBSD Foundation in general.

I hope you all will take a moment to think about that, and the opportunity that security and privacy minded individuals that we all are have to drive change, rather than sit around and be taken for a ride by the same pretty girl who keeps hurting us.

That all being said, My vote won't count (I don't disagree with it either) if option 2 is a requirement, and I don't expect an exception to be made for me. I am most definitely a premium member, but I do not and would not post to the forums from any account I actually connected to the VPN with - I consider it a layer of "plausible deniability". Call me paranoid, but I doubt I am the only one who thinks that way considering how many lurkers there are each day.

So just some food for thought.

Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#12 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2627 posts
  • LocationGermany

Posted 28 April 2014 - 09:17 PM

The point I tried to make clear is that it's new. In IT security, creating a new protocol for security purposes is very risky. MTProto in Telegram is an excellent example. Telegram claimed it's written by devs who have a PhD in Maths. Proven insecure. And it's just one example.

Although it's a fork of OpenSSL, LibreSSL is doing the same. They are creating something new related to security. And they claim it would be better. You wouldn't believe in someone who just claims to be a hero without proofing it first, would you? (If there wouldn't be anyone else to believe in, you would, but we didn't reach this point yet.)

 

My opinion is still not to fund them right now.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#13 urbanconcrete

urbanconcrete

    Advanced Member

  • Members
  • PipPipPip
  • 49 posts

Posted 02 May 2014 - 09:20 AM

Maybe it´s possible to split the amount by voting percentage or use the idea of gigan3rd in his "browser extension" thread.
I don´t know how much me talk about...

#14 yukatan65

yukatan65

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 02 May 2014 - 05:39 PM

Option 2 best.



#15 dom1ab

dom1ab

    Member

  • Members
  • PipPip
  • 27 posts

Posted 08 May 2014 - 04:37 PM

So, when will the poll be created?



#16 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7701 posts

Posted 08 May 2014 - 06:12 PM

So, when will the poll be created?

 

Hello!

 

Once we define how to do it you'll be notified. Surely not later than mid-May to begin everything, so that we can deliver the funds before the end of May.

 

Kind regards



#17 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7701 posts

Posted 14 May 2014 - 12:06 AM

We're going to start with the April poll with a new option, let's see how it goes.

Only persons who have contributed to our forums with at least 5 posts are allowed to vote.

We have some perplexity whether to allow only premium users to vote:
- Some people could use different accounts for VPN and forum posts.
- The information whether a forum member is a premium member or not is NOT public. We want to avoid to disclose this information with this kind of distinction. If the community wants to know, for transparency purposes, who voted an option, that would become a privacy problem.

#18 athelstan

athelstan

    Member

  • Members
  • PipPip
  • 26 posts

Posted 14 May 2014 - 02:07 AM

This seems unsatisfactory to me. It allows people who are not premium users to get a vote by making a few trivial posts. It allows people who are no longer premium users, but have posted in the past, to vote. It prevents people who may have been premium users for a long time, and may visit the forum regularly without posting, from voting.

 

Since the donations are funded by your premium users, I think it's fair that they are the only people who should be able to vote. And that all of them should be able to vote - subject perhaps to a 1 month minimum subscription. I don't believe that there is any 'transparency' justification for identifying voters in what should be a secret ballot. At a minimum, voters should be able to withhold their identities, in the same way that users can choose to do so in the Top Ten lists on the Status page.



#19 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2627 posts
  • LocationGermany

Posted 14 May 2014 - 08:17 AM

Option 2 (Users with subscription >1 month) is still the best and the one with the least false positives/negatives. You wouldn't pay 7€ a month just to be able to vote multiple times. Before the big update users might have set up two or more accounts to be able to view AirVPN with more than one device simultaneously. And maybe some of those subscriptions are still there. As I wrote, people wouldn't renew those subscriptions just because they want to vote twice. They might be able to do so now but not later. Of course there might be people who are doing exactly that but they are exceptions - and five votes too much don't change the outcome if one hundred users vote. Or even more. Right?

 

I have thought of a combination of some options but they are only raising the number of false positives/negatives. For example, option 2 (users with subscription >1 month) and 4 (users with forum posts >5) would exclude three days subscription (mostly trial) accounts and all users who are just enjoying AirVPN without the need of posting in the forums.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 14545 - BW: 59167 Mbit/sYour IP: 54.226.36.60Guest Access.