blog banner
GnuPG Fundraising Rally

GnuPG Fundraising Rally

Hello, my name is Werner Koch. In 1997, I started GnuPG so that people would have a free tool to protect their communication. GPG has been far more
successful than I imagined. Today, activists rely on GnuPG to coordinate their activities: For us, GPG encryption was invaluable, because it was one part of a very crucial set of strategies to help secure our communications
and secure identities as we try to do what we do best, which is fight for democracy. Lawyers depend on GPG to safely speak with their colleagues and clients: GPG is the way that I most often communicate with people who are in need around the world. Journalists use GPG to securely discuss stories with their collegues and their sources: I do strongly believe that had we not been using GnuPG all of this time, many of our sources and many of our journalists, would be in danger or in jail. GPG has even become a critical part
of the Internet’s infrastructure. I would say that the majority of people who rely on GnuPG have no idea that it’s there. In 2014, GnuPG’s future looked bleak. I even had to let go of my last employee, and could only work on GPG part-time. But, a last ditch donation campaign raised 250 000 euros from individual donors. Also, Facebook, Stripe and the Linux Foundation committed to regular donations. Thanks to your donations, Werner was not only able
to work on GnuPG full-time, but he could hire five additional
software developers. Hello, from Japan! With this team, we have been able to not just maintain GnuPG and provide regular updates, but actually implement some new features. One of our main focuses has been making GnuPG easier to use to help fight mass surveillance. For this, I developed a new key discovery service, which is called the web key directory and it makes finding someone’s encryption
key easier and more reliable. I’ve implemented a new trust model called TOFU. Although it doesn’t provide as strong
authentication as the web of trust, its improved usability means that TOFU is more likely to catch man-in-the-middle attacks and phishing attempts for most users. I have implemented a new test engine for GnuPG, written many new tests, and adopted and improved a set of Python bindings for interacting with GnuPG. And, we’re moving beyond GnuPG’s core. My main job has been helping improve Enigmail, the OpenPGP plug-in for Thunderbird. I’ve set up a community platform that makes it easy to report problems and discuss new ideas. I’ve spent a lot of time improving GnuPG’s smartcard infrastructure. And I’m also developing a new
security token called Gnuk. Its schematics are free so that anyone can build one. We want to continue this work in the long term. But, we want to do it in such a way that our first loyalty is unambiguously
to the general public. This means that the majority of our funding needs to come from individual
donors and not corporations. This is why we are appealing to you today. We need you to make sure that GnuPG which has proven to be important
to so many people is able to not only fix security problems quickly, but also continues to improve. A great way to ensure our long-term stability is to make recurring donations. Our goal is to raise 15 000 euros per month. To do that, we hope to convince 2000 of you to commit to donating just 5 or 10 Euros per month the cost of 2 or 3 cups of coffee. This money allow us to fund three developers including supplies and travel. With that money, we will firstly continue to support GnuPG and its users. And we’ll write a book called “An Advanced Introduction to GnuPG,” which will explain how to securely use GnuPG to digital security trainers, programmers using GnuPG, and, of course, enthusiasts. If we can double that— if 4000 of you donate
just 5 to 10 euros per month— then we will increase the size of our team and dedicate them to help other projects in the GnuPG community. One project that we really want to contribute to is GPGTools. We want to make sure that the Apple mailer is supported as soon as a new version
of macOS is released. Now, maybe you don’t use GPG to encrypt your email. Nevertheless, some journalists whose work you value rely on GPG to protect their sources, and some activists fighting for a cause that you sympathize with rely on GPG to protect their communication, and some lawyers speaking with their clients rely on GPG to protect
attorney-client conversations. And, you probably interact with many Linux-based systems everyday at least two-thirds of the Internet are run on Linux-based systems and these rely on GnuPG for security. So please, if you recognize
the importance of GnuPG even if you don’t use it directly consider donating to support our work, and the work of so many others. If you care about investigative journalism,
support GnuPG. It’s that simple. To me, I think it was really amazing to be asked to be part of this process. And, I just hope that people fund GnuPG
encryption and they fund it often.

Leave a Reply

Your email address will not be published. Required fields are marked *