[seibelj]

A focused non-profit attacking a real problem can be extremely effective. I hope the rich tech people on HN strongly consider building or donating significant amounts to tech non-profits and open source. Certainly this is more impactful than another advertising network investment.

[toomuchtodo]

The concern I have is that these vital non-profits (one might say critical infrastructure, depending on the org) have to go hat in hand to the community each and every year for their operating funds, whereas if they had an endowment or some other investment account backing them, they'd be able to survive in perpetuity.

At a 4% withdrawal rate, Let's Encrypt would need $100 million invested to not need to ask for funds in the future (assuming they don't drastically increase their operating expenses).

Governance and oversight is mandatory though; Wikipedia has net assets almost near $113 million [1] and requires less than 600 servers to operate (plus colo costs, connectivity, technical staff, etc). On the other end of the spectrum, OpenStreetMap costs $118k a year to operate [2].

[1] https://en.wikipedia.org/wiki/Wikimedia_Foundation

[2] https://twitter.com/floledermann/status/1057254329290235907

[adventured]

> whereas if they had an endowment or some other investment account backing them, they'd be able to survive in perpetuity

There's a strong argument that entities like Wikipedia having to constantly go back to the community trough to survive, assists in keeping them well behaved. I prefer to keep Wikipedia begging and slightly desperate, rather than obese, detached, entitled, crusty and overly bureaucratic.

The user community that funds them can kill them off through funding deprivation in a short amount of time if Wikipedia decided to become a scumbag. Their annual cost to operate has perpetually increased, it's closing in on $100 million now (three or four more fiscal years at the rate they've been increasing it). They wouldn't survive long without the donations flowing in every year. They could plausibly make a large deal with eg Google on advertising if the user funding dried up due to bad behavior, however that would just be more likely to accelerate their implosion.

It's dangerous to the mission of a charity / non-profit to hand it a position of certain financial perpetuity. All organizations are very much susceptible to bureaucratic creep and wandering off mission in such situations. It's why many of the great philanthropists (Buffett, Gates and Carnegie to name a few) have sought to expend their fortunes relatively rapidly in charity rather than have the charitable trove exist in perpetuity via a perma-institution for parasites to attach to over many decades.

[adriand]

This is a great comment and a really valuable perspective. I have to note, however, that financially precarious nonprofits can also veer off in bad directions, or become ossified, or whatever, and the result is they fail outright.

A benefit to Wikipedia’s situation is they go directly to their user base for funds. When nonprofits are financially precarious or dependent and rely on small numbers of moneyed donors, they can just as easily go off mission and/or become corrupted.

[kijin]

> When nonprofits are financially precarious or dependent and rely on small numbers of moneyed donors, they can just as easily go off mission and/or become corrupted.

What you're describing is exactly the situation that Mozilla has been in for the last decade or so, and I always feel a little uncomfortable about it. The vast majority of their income is from search deals with one or two vendors.

[taohansen]

This was the Buddha's own thinking when he established his order of monks. Sadly, it has not weathered the last couple thousand years in such grace, as many East Asian Buddhist monasteries have become thoroughly corrupt, with monks misappropriating funds.

Perhaps nothing can preserve institutions from ossifying than date-determined termination.

[tcd]

LE cannot die, much like Wikipedia. Google et al would buy them before that happens.

[tialaramex]

Transferring ownership or control of a root CA requires assent from the trust stores.

That's one (of several) reasons WoSign / StartCom was distrusted, they tried very hard to conceal the change in ownership of StartCom.

Assent might well be given, but it isn't automatic. This came up for Symantec selling their CA business, and also for other CA outfits doing internal reorganisations which wanted to be clear that these were paper exercises (e.g. for branding) and had no effect on which people controlled the CA in practice.

[RcouF1uZ4gsC]

In the specific case of Google acquiring Let’s Encrypt, the fact that they control the majority of browser share means that it will get added to the Chrome trust list, and everybody else will have to go along.

[tialaramex]

There is not really a "Chrome Trust List". The Chrome browser does have Google-specific policies, but it doesn't use a Google trust store, it uses the OS supplied trust store, e.g. on Windows it consumes SChannel's Trust Store and the macOS version of Chrome uses the macOS Trust Store.

On a Google Android device, such as a Pixel, Google are responsible for the OS trust store, as they build the entire OS, but in practice it's basically the Mozilla trust store.

To the extent that we can say "Everybody else will have to go along" with anything when it comes to the trust roots, I'd suggest it's whatever Mozilla, a public charity, chooses to do. A brutally frank person might suggest that for-profit trust stores (all the big ones except Mozilla are for-profits) see considerable value in having unwelcome but necessary decisions made officially by somebody else before they "reluctantly" go along with them.

Also, Google is a very big company, the people who work on Google's Certificate Authority, the people who work on Chrome, and the people who co-operate with Mozilla are three separate groups at Google.

[zaphirplane]

Sounds a technicality, what I know is chrome and Firefox independently distrusted Symantec. Google didn’t have to wait for Mozilla