While Tech Giants Flourish Mid-Pandemic, Security Nonprofits Need Our Help

Written by

The COVID 19 pandemic has had a mixed effect on companies in the technology industry. While the likes of Microsoft, Amazon and Google that rely heavily on the internet have flourished, some of the nonprofit organizations that keep it running properly have struggled. In April, the Tor Project had to trim 13 of its 35 employees, while in August, Mozilla had to lay off 250 people (about 25% of its staff), including people from its security team, with executives citing the pandemic as a cause

Tor adapted. At the end of August, it launched a membership program to help support itself. The project, initially developed by the US Naval Research Laboratory to help protect sensitive US government communications, was developed in the mid-1990s and released under a free license in 2002. In 2004, the Electronic Frontier Foundation began supporting its work, and it also takes sponsorship from a range of organizations including individuals, philanthropic funds and the public sector.

Its problem was that traditional grants have a long turnaround, the organization said, which snarls up software development schedules while it waits for the money to drip through. Many donations also come with strings attached, and it needs more unrestricted funds to free up its work.

Membership is just one approach to raising funds for these critical nonprofit projects. The Shadowserver Foundation, a voluntary organization that analyzes botnets and disseminates the information for free, was caught short earlier this year after its main sponsor Cisco pulled the plug (and to be fair, the company had been paying this part of the internet’s health bill almost single-handedly for 15 years).

The nonprofit had left itself vulnerable by not diversifying its sponsors. It scrabbled not only for funding but for data center space. The organization found the funding needed and also decamped to Digital Realty, a data center provider that could accommodate its massive capacity needs. However, it still found itself operating on a reduced budget.

Shadowserver can take charitable donations from organizations that want to support it, but noted that some donors meet internal blocks when trying to make recurring contributions. Instead, it launched a voluntary invoicing program. Companies can request an invoice that reflects the amount they want to pay, running through their procurement process to avoid entanglement in internal bureaucracies.

Spamhaus, another group that underpins the security and well-being of the internet by tracking spammers, chose a kind of freemium model to fund itself in 2004. It charges large commercial networks a yearly fee for premium service called Datafeed run by an independent company called Spamhaus Technology. That funds the free service that keeps so much of the rest of the internet clean.

Sometimes the need to generate revenues can take nonprofits into controversial territory. Mozilla, which also runs a company alongside its nonprofit entity, derives millions in revenues from a search engine deal with Google which some privacy advocates find problematic. It has also tried to diversify its revenues by focusing increasingly on products. It offers a premium version of its Pocket bookmarking system and this year launched a paid VPN.

These are organizations that we rely on to keep the internet healthy. They keep its arteries at least partly free from toxins. They provide an alternative to tech giants who are doing their best to homogenize the infrastructure. They provide valuable privacy tools for people in oppressive regimes that some of those tech giants have supported in pursuit of profit.

Now more than ever, as the world reels from the pandemic and big tech sees its fortunes soaring, we need these organizations and others like them to preserve the security, privacy and diversity of the internet. Those three concepts are intrinsically linked.

What’s hot on Infosecurity Magazine?