I’m taking a break from open source privacy work for a while. Quite simply, I can’t afford to contribute anymore. The weekly commitment (research, analysis, documentation, code, meetings) – which is anywhere between 10 and 20 hours per week – is time I’m not paying bills. The simple fact is, you can’t pay the bills and work on privacy. Individual sponsorship has dried up, open source ecosystem companies are not interested in sponsoring privacy contributors, and the professional privacy and legal sectors won’t support the work either.
But it’s not just about keeping the lights on, and it never was. Every few months I have to watch my work being personalised and politicised in project currents I never asked to be swept up in. Having to constantly go around begging for money to do the work I want to do, while having to defend my professional integrity in the process, devalues both me and the work.
Privacy should not be this much of a struggle. The people who want to work on it – and it’s not just me – should not have to beg for funding to cover their time, professional development, and travel and accommodation expenses. The projects which privacy advocates want to support should not use the exploitation of their labour as a PR opportunity for their own ideas. And the people who do work on privacy should not have to put up with abuse, harassment, and actual threats to their personal safety from within their own projects.
But I do.
For now, I’ll continue to show up for WordPress core-privacy office hours, and our cross-project group too. I’ll be at WordCamp Europe co-leading the team table at contributor day, and we’ve scheduled an open cafe chat on the afternoon of the second day (Saturday the 22nd). Aside from that, I’m going to do work that pays the rent.
I still have plenty of projects and work across many areas of privacy and open source project structures which I want to do, so if you’re interested in supporting me, see the form below or drop me a note privately.
You’re also welcome to read my final project case study from the Mozilla Open Leaders initiative, where I learned enough about open source project health – and dysfunction – to know that I had to make this choice.
It’s been a busy few months for my work on behalf of open source privacy initiatives. This is a periodic update on what I have been working on with the support of your sponsorship.
Cross-CMS open source privacy
In January the cross-CMS open source privacy working group – consisting of representatives from the privacy initiatives in WordPress, Drupal, Joomla, Umbraco, and Typo3’s privacy initiatives – got to work. Our vision is that “through collaboration, open source CMS projects can help transform our development communities into ones which empower user privacy through a positive and proactive approach to governance, standards, and tools, rather than a negative and reactive approach to privacy as a legal compliance obligation.”
On the internal level, we have set up a Github repo where we work in the open; we hold supportive weekly office hour chats, where we discuss what our projects have achieved and where we need further support; and we have begun giving talks at each others’ conferences in support of the cross-project work.
On the external level, we’ve learnt that the greatest practical need right now is for us to support each others’ projects in creating and resourcing privacy initiatives, help projects to acknowledge those teams within project governance structures, and help privacy initiatives to define the scope of their work.
One example of the ways we are supporting each other has been creating a draft auditing framework which developers of plugins, modules, and extensions can use to evaluate the privacy health of their work. The questions deal with general privacy principles rather than specific legal requirements, and can be customised to each project’s codebases and data handling issues. Have a look and leave a comment.
Mozilla Open Leaders
In January I was accepted into the Mozilla Open Leaders training programme, an intensive 14 week course on developing leadership skills for open source projects, in support of my work in the cross-CMS open source privacy initiative. There are, as far as we know, very few precedents for open source teams collaborating across projects, so it is important that we establish our own governance and approaches correctly. The programme is equipping me with the practical skills needed to set up a new open project, as open by design, from the start. The mentor and cohort support is also helping me to navigate the small-p politics of working across multiple complex open source projects.
One of the best things about the Mozilla project is that participation brings you into the Mozilla network of experts and projects – all of whom sincerely want to help me and our project succeed. I’m making the most of it!
WordPress.org core-privacy team
I continue to provide weekly input and support to the WordPress.org core privacy team, which works to ship enhancements to the base standard of privacy for 33.3% of the sites on the open web, while also supporting the work of the development ecosystem. This week the team shipped its V2 roadmap where we outlined our plans for what we’ll be working on in 2019. It’s a beauty.
I am incredibly proud of what a relatively small team has accomplished, as well as how several members of that team are beginning to develop leadership skills in privacy well beyond simple ticket fixes.
Last weekend I spoke at DrupalCamp London about the cross-CMS privacy initiative to a small but very receptive group of developers.
I have two upcoming talks in April: first, a pep talk for mobile app developers at CodeMobile in Chester;
and second, a half-day workshop on building privacy-conscious projects at PHP Yorkshire in York (cancelled due to zero ticket sales). The latter is a test run for a toolkit I’m developing for projects and companies to use to integrate best privacy practice on the governance, project, and code levels – so I’d really love to see you there. (cancelled due to lack of support)
Bills bills bills
As always, I am seeking out further sources of financial support for my work on open source privacy so that I can keep the lights on and the rent paid. The Mozilla programme has taken my time commitments on open source privacy to over 20 hours per week; and believe me, those are 20 pretty intense hours, all of which remain unpaid and unsupported by any project.
If you know of projects, developers, influencers, or companies which would be willing to sponsor my time, please direct them here.
I will not use your details for any purpose other than to email you an occasional update.