Plea for donations to open-source software projects
I think that if you are a software engineer, or you work in the tech sector, you should actively donate to the projects that you rely on. I think that doing so creates a larger market for software that is written in the interest of end-users, and it might reduce maintainer burnout by giving maintainers a chance of making working on their software a full-time job, rather than having to do it on the side.
With the increased resources, it can also lead to more secure software and more innovation, which can drive more people to use open-source, privacy respecting software rather than proprietary software. Underfunded software and burnt-out maintainers is, in my opinion, a large security risk.
I feel like donating to open-source software should be the norm, rather than the exception. It may already be, maybe I’m just the only person who hasn’t done so previously. But if you have never donated to the projects that you use daily, or that you rely on to keep your data safe, consider doing so. This article should motivate you and show you how to do it.
Why should you donate? #
This thought started when I reviewed what I am spending money on. My goal was to cancel subscriptions that I am not using. And I noticed something sad: I spend a lot more money on closed-source software, than I do on open-source software. I replaced a few services with open-source equivalents, such as Bitwarden and Proton. But it did get me thinking: if I do like open-source software so much, then why don’t I spend at least as much on it as I do to closed-source software?
In judaism, there is a concept of tzedakah, which means that donating is not an optional extra, but a necessity. There are similar ideas in other religions. But you don’t have to religiously motivate it.
We live in a world where advertisements are everywhere. We are constantly being told to spend money on things we don’t need. And to a certain extent, that is fine. But at some point, I feel that one should think critically, and use the resources we have strategically, rather than pleasing whims.
We all vote with our wallets. Almost all of us have some subscriptions to paid, proprietary services. Netflix, Spotify, and so on. We (at least financially) support closed-source, proprietary software. It’s not a bad thing, there are situation where there is no better choice. But at the same time I think we can all agree that open-source software is something that everyone benefits from. It can be studied, it can be hardened. You can tinker with it, implement features that you want.
But how much do we all spend on open-source, public software? I feel like the vast majority of people support open-source software in principle, but do not actually put their wallet where their mouth is (is that an expression?) and back some of these softwares and peoples working on them. And I think that we should change that. If everyone spent at least as much on open-source software as we do on closed-source software, then we might be able to shift the market. Even if only slightly.
Many core softwares are written by people in their spare time. On weekends, out of passion. Its fun to do. But it can alsp burn people out, as libxml2 shows us. There was the recent case of the xz-utils backdoor. I think that burnout was a contributing factor to the sequence of events. Could we have prevented this if Lasse Collin was able to sustain himself on donations? It is impossible to know for sure, but it might have prevented it.
In summary, I think if we all made it a priority to contribute to software projects financially, to the amount that we are able to, we can accomplish:
- Increasing the size of the open-source application and library ecosystem
- Increasing the amount of time and effort that is taken to make sure that open-source software is secure and robust
- Make open-source software available to a broader audience, for example by having excellent documentation (which also takes a lot of resources).
What if donations to the software we use were the norm? #
I want to live in a world where we can have more software that can be supported to the point where the maintainer can make it his (or her) full time job. Not everytbing needs to be freemium or have subscription models. We can write software and just get our shit together and give something back to the people that maintain it.
Especially when there is software that you rely on. The design of the VPN protocol and implementation is the security perimeter for your homelab? Give the author something back. Dont wait for Apple and Microsoft, they wont do it.
If all 350k software engineers in the US donated 10% of their expendable income to open source, we could have the equivalent of another Mozilla. And without needing a marketing budget or overhead, because it is just people giving directly to those who build things that are useful.
How can you contribute? #
My call to action is: setup some recurring monthly contributions for the open source software that is crucial to your life. Try to spend as much as you spend on subscription software. But even $5 is great. Its up to you, give what you can. If you cannot commit to a monthly schedule, do a one time donation. Show the maintainers you care! And the good thing is, you get to choose which projects matter to you, which ones you support.
And it doesnt matter how you do it. There are so many options: GitHub Sponsors, Liberapay, OpenCollective, many projects also just accept donations via PayPal, bank wire or cryptocurrencies.
Projects I contribute to #
Here is a list of projects I have contributed to, and why they are important to me. But if you do this, find the projects that matter to you personally. My criteria to donate to a project is simple: it should be something that I either actively use, or I want to use, it should be open-source, and it should be permissively licensed (MIT, GPL, Apache 2.0 or equivalent).
| Project | Description |
|---|---|
| CoreBoot | Open-source bootloader that gives you control over what code runs at the highest privilege level. To be fair, I am not a fan of the fact that modern laptops have BIOSes that have network connectivity, and run at a privilege level higher than your operating system. It doesn’t take much imagination to see how this is a dangerous combination. It is used by a bunch of companies that care about security for one reason or another on their bare-metal servers. You can use it on laptops too, but not many models are supported. It’s a fun weekend project to buy a ThinkPad X230 and flash it on it. |
| GrapheneOS | A secure and privacy-perserving distribution of Android. In a world where attacks on end-user devices are becoming frightenly common, it is good to have options like this. Especially given that the vast majority of people use their phones as an extension of their brain. |
| Lets Encrypt | A project by the Internet Security Research Group, to issue free TLS certificates in an automated way for everyone. This project is a stepping stone to a safer internet, and is what allowed us to go from a world where encrypted traffic was only a fraction of all traffic, to today where the vast majority of internet traffic is encrypted, and browsers show warnings when accessing unencrypted websites (or don’t let you see them at all). |
| Mozilla | A company (and foundation) that builds, amongst other things, the Firefox browser. Mozilla is very active in the Rust ecosystem. In general, they do a lot of good things for the open-source community, and should be supported. Mozilla the company makes most of its revenue from a deal with Google to have it as their default search engine. |
| OpenBSD | Project behind OpenBSD, a BSD flavour that is prized for stability and security out-of-the-box. It doesn’t come with a lot of bells and whistles, but it is rock-solid. The same project also develops OpenSSH, which is ubiquotus on Linux, Unix and now even Windows. |
| Servo | Project to implement a browser engine in Rust. Browsers are highly complex pieces of software with a large attack surface. If you look at the amounts of CVEs issued for popular browsers, many of which allow Remote-Code Execution or have been found to be exploited in the wild, it seems like if there is one place where it makes sense to use Rust (in combination with good sandboxing and isolation), then that is browser engines. |
| Signal | A secure end-to-end encrypted messenger, the project also came up with the popular double-ratchet algorithm for building perfect forward security into encrypted messengers. |
| VideoLAN | The project behind the VLC Media Player. I’ve used VLC Media Player for as long as I can remember, it tends to be the only player that can play odd files. |
| WireGuard | My VPN protocol of choice. It’s simple, the whitepaper is very well-written. It does not have a million configuration options, just a simple protocol that does what it needs to. A lot of good VPN services, such as Mullvad offer this as their default option. It is also what powers Tailscale. |
| ffmpeg | Library to read, write, convert and modify video and audio files. It supports a lot of encodings and container formats. |
| Gnome | Desktop for Linux. |
| Aurora | Google-free frontend for the Play Store. |
If some of these projects matter to you, you can donate to them as well. But likely, you have your own list of tools that you love and want to support.
Donation platforms #
If you want to contribute to a project, you need to find out how you can do it. Not all open-source project have something setup where people can donate, there are even some projects that do not want contributions. Generally, you can look on the repository or the project homepage for a donation link, which will have information on how to do it.
There are also some platforms for people to donate to projects to. This is not a comprehensive list, but these are some platforms that are used by various projects:
| Platform | Description |
|---|---|
| Liberapay | Open platform for donating to open-source platforms. It has a low fee structure, which means that more of the money you donate goes to the actual project. |
| Software in the Public Interest | Non-profit registered in NY that acts as a fiscal host for open-source projects, allowing them to take in donations. |
| Software Freedom Conservacy | Non-profit dedicated to ensuring the right to repair, improve and reinstall software. |
| Open Collective | Platform to make it easy to raise money for open projects, and disburse the money to contributors. It has slightly higher fees, depending on the Fiscal Host the project uses. Unfortunately, they stopped supporting cryptocurrency payments for the time being. |
| GitHub Sponsors | GitHub has a way to sponsor open-source authors built right into the platform! Unfortunately, they do take a 3% fee on top of the credit-card company fees. |
If you don’t know which projects to support, you can just donate something to one of the non-profits I have listed there. Or maybe go and support the FSF. Or maybe one of the other organisations supporting open-source software, or in some way contribute to the ecosystem. It’s really up to you. But every donation matters!