What privacy services have been sold or taken on major investors? We should find out

That would be great @jonah. We would first need to agree on appropriate questions to ask services. I recommended some recently. Those are just a starting place, and I’m sure we could add to those and refine them.

To be fair, we should ask the same questions of every service in a particular category, like “search engines.” Then document the answers or non-answers. If a question isn’t relevant for a particular service, that could be noted, too.

There should also be a place to document additional information relevant to the particular service – information that might be important for evaluating the privacy and trustworthiness of a service.

Perhaps you could open a thread at PrivacytoolsIO for gathering question recommendations to start. What do you think?

Liz McIntyre

1 Like

I’ll move forward by posting a request for input on questions at reddit r/privacytoolsIO, unless there’s an objection.

Sounds good to me. If you want to write a post requesting input and kind of explaining this project I’ll sticky it in the Subreddit as well.

Sounds good. Thanks, @jonah

Sounds good to me. If you want to write a post requesting input and kind of explaining this project I’ll sticky it in the Subreddit as well.

Hi @jonah. Here’s the post: https://redd.it/dpqipq

Let me know if you think any changes are needed before you sticky.

EDIT: I thought I posted at r/privacytoolsIO, but accidentally first posted at r/privacy. I just pasted in the new privacytoolsio post link.

1 Like

Long ramble incoming, but I feel this topic is important! :slight_smile:

TLDR: Venture capital is evil and often has clauses at a certain funding round to force you to sell in the future. So even if founders own 60% of the company they might be forced to sell. So do not only ask for ownership, but for any related legal conditions too.


As a founder I got to dive into how venture capital works, so I got to understand how many companies come to the point of selling to one of the big guys. It usually goes something like this:

  • you found a new hip startup X, which gets 300.000€ for 15% of the company, no strings attached. Cool!
  • in a rather successful year or two, you hire employees, get your product going and have your first happy users.
  • as the first 300.000€ go to an end, you realize despite being a success, you have no where near enough revenue to sustain the company and with its employees
  • hence, you search for new investors
  • they are very interested: the best match offers you 500.000€ for just 5% and promises to let you do your thing. But he wants you to add a legal clause so he will be able to sell in the future. He assures you this is only a safety measure.
  • so what now? Either deny, fire several employees and maybe even shut down. Or you accept, hire new talent, build all the new cool features you want and hey, it’s only a safety measure right?
  • you accept
  • this may continue a few rounds, giving you millions to spend on employees and scaling, all with friendly investors, always focusing on keeping your burn rate high, growth is the most important metric - right?
  • but at some point you come to the point where the money burns out again. You don’t have a working business model (yet) or have too little revenue to uphold your immense burn rate. What do you do now? Now big corp comes into play and offers to buy you. But they don’t care about your earlier promises - instead they want to cash out on user data. Do you sell or cut down on expenses? Oh yeah, you do not that choice anymore, remember that clause? Exactly, you have to sell. The early investors want to cash out.
  • hip startup gets bought by a data hungry evil corp

The twisted thing about this is that the first investor promises no strings attached because he knows that those strings will very likely come in later. Or they insert the clauses directly, counting on your legal inexperience. As you can see, ownership is one thing, but even when the founder(s) still own more than half of the company, they may be forced to sell because of a legal clause.


We avoided VC like the plague. But even with our company being 100% owned (split 40% 30% 30%) - there are different ways on how you set things up: we could have enabled one to manage his shares on his own. But instead we added a 80% requirement - hence all three have to accept - if any single share changes ownership.


As a result

I suggest to not only be asking for ownership, but also for all the legal conditions regarding selling. Of course this is might be considered as ‘sensitive’ information - but if this is a bonus question and the company decides not to answer - that already says a lot.

5 Likes

@davegson I couldn’t agree more with your post. It’s actually really satisfying hearing someone else’s observation of this situation. There’s obviously also a thousand other variations of the same thing. I myself am starting a privacy based business and I am glad to have learned about some of these issues or else I wouldn’t really belong in this field.

One of my goals is to refuse anyone’s help that wants me to put “jet fuel” on my business. Would I accept a no-strings-attached investment, sure. But I’m not going to spend it like crazy with big risks, even if that means people hating me. I also need to be very aware of our debts, and really never have any. I like the idea of always having 10x what you need in the bank and if you don’t, that’s when you react and fire people or do whatever it takes to bring down the costs.

Personally I would rather fall off a cliff than do something as dishonest as selling out my user base and break commitments I made to them. I’ve learned that in life money isn’t actually what’s directly responsible for my happiness, it’s making people happy and being an honest person. The reason I call my business privacy-based is because this is personally one of my core values and will always be reflected in every decision I make.

3 Likes

Can you share what business of kind of business?

1 Like

Hey @LizMcIntyre, it’s a bookmarking tool that works from any browser or device.
Here’s the link: https://webcull.com
I strongly believe bookmarks are a highly personal thing hence the pledge to be privacy-focused.

2 Likes

Cool. I’ll have to take a look.

1 Like

@growthboot thanks for chipping in and sharing your thoughts. I do agree on what you say and applaud your strong values! At the same time I want to point out, from my perspective your project does not follow those values.

After inspecting your project, it sadly did not fulfill any of my three most fundamental needs as a privacy enthusiast (open source, business model, ownership). I’m pointing this out since I feel others have similar views on this as well, and if you want to be successful in serving the privacy community - which I hope you will be - you will have to target their needs. I feel the most crucial one is being open source, which is also one of the key requirement for software being listed on privacytools.

1 Like

Thanks for the response @davegson. Though I completely disagree with that perspective of privacy. We are not open source because from a security perspective, it is safer for our user’s data. I am highly experienced in security with going on 20 years of experience and come here with an engineering perspective. I understand it’s not a rule because there are exceptions, but open source projects are almost by definition easier to hack because the code is completely exposed. I don’t want to make it easier to hack our user data so I am protecting our backend code from being open and more easily exploitable. This is because I want privacy for our users. It’s not a failsafe method but it’s a deterrent just like putting a lock on a bike. I am disappointed in this privacy community and others to make such a misjudgment in creating a distinction of what defines a privacy-based company.

The fact of the matter is, there is no AI that could ever be created to reliably detect if a company has fully open-sourced their code. The code could be either, on a layer that is carefully hidden or the privacy infringements could happen on a business level and be completely invisible to the code. So open-source is not a defining factor in privacy, there may be correlations but it’s far from being a reliable indicator. Whatever you want to know about tracking cookies or anything like that can be analyzed without seeing the code. Also, since javascript runs on the client-side of a computer, it can all be read by an intermediate programmer because client-side code is inherently open source.
These fallacy based indicators misinform the general public on what a good qualifier is when analyzing a company for privacy. As well as it alienates companies like mine who are going privacy-based from communities like this.

To answer the other two points:
2) We have two locations on our site that have donation links. One in our FAQ section and the other within the app. We are currently adding more, and we just started a Patreon and working on a Kickstarter right now (links going up by tomorrow hopefully). We are a donation-based company until we create one of the ideas that will fund us without infringing on our users’ privacy (we have plenty of ideas that don’t including putting ads in our bookmark manger). Until then, our costs are low and we could fund this for a lifetime out of pocket.
3) We are totally open to doing audits by pro researchers who sign an NDA. I wasn’t aware we need to provide more info about who we are. We are totally open to that and will look into just how to present the information. To answer quickly right now, my childhood buddy Peter Forest has (15.10%) and I got the rest (84.9%). We’re not hiding it, we just didn’t know we needed to present it on our site. We have that info in a bunch of other places on the web.

About the open-source not being a privacy indicator thing. I will be doing a lot more posts/blog posts and trying to create a dialog about this in the near future. I can see it’s a widespread misjudgment so I’m afraid I might need to be taking this head-on. I feel guilty because I’ve been involved in throwing this thread way off-topic though I’m afraid. It’s actually a really good topic. I’m going to write a blog post then create a fresh topic about this stuff on here and r/privacy.

2 Likes

I know about putting ones heart and soul into a project, I do feel you on that, but do not be disappointed when someone else has another definition of what a privacy-based company is. I explicitly mentioned it’s my perspective, and I feel this community is accepting enough to simply agree to disagree.

I’ve been involved as well, especially laying my focus on the open source! I do feel that is an interesting discussion, and one the privacytools team will have had plenty of discussions about - so they will have plenty of insight! But true, this is for another thread.


However, ownership and business model are totally on topic.

Ownership

Thanks for sharing your percentages. As mentioned above, I’d really like to have every company share those metrics - it gives a lot of insight in who really runs the company.

Business Model

“How do you make money?” also got mentioned in the reddit thread, and I agree this is a good question. Especially if a project wants to evolve into a company, financing full-time founders & employees, including an office and what not - this becomes a crucial question. It leads down to how a company supports their burn rate.

If you only count on investors, it’s very likely it will end up in my already mentioned scenario. And this community has experienced being screwed over time and time again, hence its oftentimes enormous skepticism.

And I’ve heard living off of donations is very tough as well. I wish this to succeed, but it often does not. Which in return impacts the morale of employees, who then have to worry about their income, and maybe even downsize their working hours.

That’s why, I’d like to ask companies one variant of this very important question.

How do you make money?
What’s your business model?
How do you support your burn rate?


@growthboot, thank you for sharing that you do have other plans - I’d really like to hear them, I know it’d make me more confident in your product. I’ll open a thread on your reddit. :wink:

1 Like

@davegson I’m not. I’m starting to wonder if you fully grasped the reasoning for my disappointment. It has nothing to do with that an opinion is different than mine. I very much appreciate different viewpoints. I have to be clear about this because I don’t want to be gas-lighted into being someone who is intolerant to other people’s opinions. The issue I have goes far beyond myself or my business, it’s my expert opinion on the topic in general. A topic that seems to be proliferated through the privacy communities, being the #1 rule on r/privacy, that a privacy-based company needs to be open-source. I’m disappointed by seeing large communities make logical mistakes like this that hurt people and businesses trying to help people.
Allow me to reiterate the logical mistake I’m disappointed about, since it appears to have been overlooked or misunderstood in your reply to me. For companies that are holding lots of personal information, open-source is more vulnerable so therefor less private. I care about more than only my business, this is about any business that has completely honest intentions getting improperly filtered out based on an irrational false-indicator. I personally have a duty to my users to protect their privacy which got me turned on to this topic. I’m not against open-source, I love open-source, I have a project on github, I use open-source projects all the time, but for WebCull even a non-tech person can pretty easily understand that going open-source is dangerous for my users on a fundamental level.

“What privacy services have been sold or taken on major investors? We should find out”. That’s a topic that I just recently started researching and is about past open-source businesses/projects who have sold out. I’m totally for being involved in that research and think it’s a super important part of a community like this. The conversation we’re having (though interesting) is on a different level and is about open-source being an indicator of privacy. I do see the relationship those two things have and I could be wrong but I don’t think that was really what this thread was intended for.

Your questions seem to have changed a bit (which I like) because at first, you sent me to a Reddit link that has “Are they open source?” as your first question to know if a company can be considered to be privacy-based according to this community (which again, is really not a good privacy-based question).

As for the business model. I don’t mind answering the questions you’ve asked, they are good questions. I like that you have two separate questions now asking both the model and support for burn rate. I’m not sure if I answered that about my own business so here it is. We are funding it ourselves right now but the expenses are far lower than a cup of coffee per day so it will be a lifetime before we can’t afford this project.

As I said previously, I would not gamble on debt and risk my users’ privacy. It’s against my constitution, so the scenario you laid out cannot happen to me or my business. And if it was about to happen, if let’s say both of us got sick (even though we got free health care here in Canada, say we both die) and we couldn’t afford it and it’s not making money from donations, simple, we’d warn our users that we’re closing and shut the doors, we don’t have massive investments to loose here, this is bootstrapped. There are ways around the problems you’ve mentioned, they are not inevitabilities for people who are aware of them and care to make a change.

And hey, after enough time if people don’t think this is worth donating to and we’re not making money from anything, it’s probably not worth sticking around, though I don’t think it’s the case. Still, we don’t plan on living on donations even if they do work out (we’re bootstrapping so we are hoping donations come in to make things more affordable to us and get more done), we have many plans, awesome plans for financing, which is why we are in this business. Let’s take this up on the awesome Reddit thread you started, which I will reply to soon, giving you more details on our plans. Link here for anyone reading: How do you plan on making money?

I love that you started that Reddit thread btw, I love that you’re talking to me, it’s been great. If you want to send me any material that you think I should read, please do send it over. I’m here to share and learn and meet great people like yourself. Thanks :100:

1 Like

@growthboot

for WebCull even a non-tech person can pretty easily understand that going open-source is dangerous for my users on a fundamental level.

There’s a whole thread for this topic:

This thread is focused on researching which privacy services may have become compromised in some way because their ownership has changed.

2 Likes

Thanks for the link! I’ll go check it out. I won’t respond to that quote here because I don’t want to have a part in continuing to change the topic of this thread.

I am concerned that visiting your site isn’t exactly private. Always one of the first things I check for. Your privacy policy does address this but also states you may use ad tracking later (specifically google) in the app itself which basically negates the entire privacy aspect of the tool.

1 Like

I think you misread our privacy policy:

"We do not have Google AdSense or any other third party tracker within our bookmark tool. We may use AdSense in the future but only on our website homepage or direct links, to aggregate data about the performance of the marketing of our website. This is something that is considered standard practice in the industry. "

That means NOT within the app, that means within the hompage or direct links to one of our landing pages. Not within an account. Still, even though that wouldn’t negate any of our claims about privacy and our app since it’s not talking about within the app, I’m gonna change that to never. Needs to be updated because we decided recently to take an even harder stance towards privacy even extending to our homepage.

As for the tracking, we do not have third-party tracking, never did. If you inspect the site using console, its easy to see that those cookies you mention are not found. Maybe you’re finding this because of the youtube embed on the homepage.

Definetly our privacy policy needs to be updated to state that we will never use thrird-party tracking on any part of our site. But we do use some google resources, like youtube embed (on the website, not the app) and google fonts.

1 Like

@danarel I just want to give an update. I updated our privacy policy to state that we will never use third-party tracking tools, ever. I also made it so the youtube video doesn’t embed itself into the website until clicked which got rid of those tracking warnings on the load. I wish I didn’t have to use youtube at all but from a bandwidth standpoint, that’s our only option right now.

3 Likes

Thanks for getting the focus back @strypey .

On that note…We’ve had some helpful input on questions to ask ALL privacy services, and it seems the comments have waned. I believe it’s time to come up with a suggested final list.

Would it be best for me to propose a final list at the current PrivacytoolsIO reddit thread or? Would love your input @danarel @jonah @strypey and everyone else who would like to weigh in.

3 Likes