The World’s Email Encryption Software Relies on One Guy, Who is Going Broke

After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project.

The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.

Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.

"I'm too idealistic," he told me in an interview at a hacker convention in Germany in December. "In early 2013 I was really about to give it all up and take a straight job." But then the Snowden news broke, and "I realized this was not the time to cancel."

Link

Another link

Not really surprised. Many people believe software should be free but forget someone has spend the time to develop and maintain it.

I imagine the world would end for many if Facebook or Instagram went belly up.

a reply to: roadgravel

The guy is living in an ivory tower common in the academic world - he wants to give everything away and be a do-gooder. It's irrational.

He should have had a plan to monetize the code from the get-go - he could have offered it as a freebee for a while, then sell it outright. I wonder why he doesn't try to sell the whole kit and kaboodle now to Google. He can walk away with some money and let Google solve the problems with the code.

originally posted by: Phantom423
a reply to: roadgravel

The guy is living in an ivory tower common in the academic world - he wants to give everything away and be a do-gooder. It's irrational.

He should have had a plan to monetize the code from the get-go - he could have offered it as a freebee for a while, then sell it outright. I wonder why he doesn't try to sell the whole kit and kaboodle now to Google. He can walk away with some money and let Google solve the problems with the code.

Who would trust Google with their encrypted data? Google makes money out of mining peoples personal data. There's a history of corporations putting backdoors in encryption software. Either the data is over-encrypted so that it is partially decrypted, or the passwords are placed at the end of the encrypted data file. From what we have seen with the encrypted internet (https) is that there were some bugs which skipped execution of critical blocks of code.

a reply to: Phantom423

His integrity hasn't been for sale.

I went with protonmail, took me 5 months to get an account
after i signed up but worth it.
It's still beta but better than whats out there.

I remember the PGP fiasco, great when it first came out.

Clicked on thread thinking "wow Zimmerman must be down on his luck"
Then realised it was just appalling journalism.

Although admirable work by Koch in re-writing, tweaking and releasing a license free version of PGP, there is no GNU without PGP and the genius that is Phil Zimmerman.

If I am concerned enough to encrypt data to someone, I would do it myself on my system with software that has been shown to be non tampered with (or as best can be known). Relying on monetized services opens oneself to greed that money brings.

I doubt most people understand how much work goes into software.

originally posted by: Phantom423
a reply to: roadgravel

The guy is living in an ivory tower common in the academic world - he wants to give everything away and be a do-gooder. It's irrational.

He should have had a plan to monetize the code from the get-go - he could have offered it as a freebee for a while, then sell it outright. I wonder why he doesn't try to sell the whole kit and kaboodle now to Google. He can walk away with some money and let Google solve the problems with the code.

Consider -- Since 'monitization' has done 'so much' for the world particularly the usefullness of the internet to ordinary people. -- that he is the rational one.

ah - here it is:

The well-being of a community of people working together will be the greater,

the less the individual claims for himself the proceeds of his work,

i.e. the more of these proceeds he makes over to his fellow-workers,

the more his own needs are satisfied, not out of his own work but out of the work done by others.

—Steiner, The Fundamental Social Law[77]

en.wikipedia.org...

originally posted by: roadgravel
I doubt most people understand how much work goes into software.

Can I amend that to Software that works consistantly, serves the user well and accuately and supported well with no cost to the user.

I see so much software now-a-days that has become patched-over trash.

A lot of work, skill and creativity goes into well designed and executed software.

David A. Wheeler argues that the copyleft provided by the GPL was crucial to the success of Linux-based systems, giving the programmers who contributed to the kernel the assurance that their work would benefit the whole world and remain free, rather than being exploited by software companies that would not have to give anything back to the community

GNU General Public License

a reply to: FyreByrd

Most commercial software has been shipped off the India.

originally posted by: roadgravel
a reply to: FyreByrd

Most commercial software has been shipped off the India.

Which, in my 8 years of personal experience having that happen (and 30 years in the industry), having to review to CRAP that is generated there, I can wholeheartedly agree. The software industry does not promote real software engineering anymore, it promotes programming. The difference, to those not in-the-know, is:

• Engineering involves design, performance, modularity (for ease of support and extension) and scalability.
  
• Programming involves shoot-from-the hip development, just-in-time delivery, with no thought toward future support, performance, or scalability
  

Cheaper and first-to-market rules the industry. The "fix/patch it later" is rampant. I can understand (in a way) the developer in the OP feeling the way he does. However without the support of a team, especially in such a critical area, the long-term health and stability of any code-base is like a house-of-cards. Have we not learned anything from the issues in OpenSSL?

Well I don't know anything about Google culture. But the guy has to eat. And what's wrong with selling the product? A couple of comments here suggest that somehow monetization is an immoral thing. What's worse - monetizing the project or losing it completely and suffering a nervous breakdown from the frustration??

a reply to: roadgravel

Yea GPL is great look what Suse did with that. Nice work around.

The guys at CERN needed some cash for hardware and location
In Switzerland. Its also stated that once Protonmail software
matures they will release it as open source software.

Maybe he should package it as a software product and sell it. The world needs more privacy in the age of no privacy, he could've far surpassed the grants he's been given on a business level. Look at Microsoft, every new software product they toss out onto the shelves sells like hotcakes no matter how little or redundant it is.



a reply to: roadgravel

a reply to: roadgravel

No not the world, we don't all use Gnu Privacy Guard

He's already funded for the next several years.

For almost two decades, the open source GnuPG encryption project has teetered on the brink of insolvency. Now, following word of that plight, the lone developer keeping the project alive has received more than $135,000—in a single day, no less.

So GnuPG is not in danger.