[state]

> end up in a position where we'll need to sell data later

The point is that there's nothing structurally preventing you from selling data later. Unfortunately that's not a great reassurance, as much as one may want to believe in the project.

To be clear: I think this is an interesting undertaking and you guys are producing good stuff. This structural problem is concerning though, and deserves some serious thought.

[jtheory]

It's possible to set up encryption model where it will be particularly hard to sell data later -- this is one of the things we've spent a decent amount of time building in the company I work for, for this reason. No, we're not selling data, and we're actively working to block that pathway in future even if the leadership has completely changed.

E.g., data at rest for private accounts is encrypted with per-account keys based at some level on the user's login, and internally can't be decrypted until the user is signs in next.