Facebook Sponsors Let's Encrypt (opens in new tab)

(letsencrypt.org)

217 pointstherealunreal10y ago50 comments

50 comments

41 comments · 9 top-level

Someone123410y ago· 10 in thread

I wonder why, really. I read Facebook's statement. But everyone always has internal motives (in particular when money is involved), and I wonder what Facebook gains from this?

I know why EFF/Mozilla does it (charity), Akamai do it ($$$ for them), Cisco might also profit from it somehow (e.g. upgraded enterprise appliances to support HTTPS on the proxy), but Facebook? I don't get Facebook's play here.

jedberg10y ago

Why can't their motivation be charity like Mozilla? Or maybe they just want to see a more secure internet?

They aren't totally evil. They want to use their power for good once in a while.

Someone123410y ago

Mozilla are a registered charity, Facebook are a for profit company.

3 more replies

estefan10y ago

Maybe when you're worth $40bn or whatever and you plan to give 99% of it away for philanthropic purposes, you don't need to live life with such a miserly attitude?

Someone123410y ago

Facebook, the company, is planning on giving away their entire net worth? Where are you getting this from? Also isn't Facebook worth somewhere in the region of $245 billion?

1 more reply

heroh10y ago

when FB runs an elaborate campaign to make plebs believe their dear leader is investing his fortune into a charity, when in reality he's invested it into a Delaware based LLC that allows him to avoid Estate taxes....then you start questioning the intent of FB.

It's not "philanthropic purpose" it's an investment vehicle that can be used to do virtually everyone, without scrutiny.

smacktoward10y ago

TFA says that Facebook has a "Gold" level sponsorship. Gold sponsorships cost $150K/year (see https://letsencrypt.org/become-a-sponsor/), which isn't much for a company the size of FB. (It's not even the most expensive sponsorship level available -- Akamai and Cisco are both "Platinum" sponsors, for instance, which costs $300-350K/year.)

So the motivation is pretty straightforward: they spend what to them is a small amount of cash in order to get a little goodwill and maybe some positive press. (Which are the usual reasons corporations sponsor not-for-profit projects anyway.) Everybody wins.

curiouscats10y ago

And really goodwill is the excuse used by the advocates in the company for whatever the sponsorship they want the company to make. It makes sense.

Also even just the goodwill of employees of their own employees (who want their company to support this or various open source projects etc.) makes donation make sense for many companies.

jsprogrammer10y ago

Deliver funding on the day of the public opening. Get some of the PR; some may perceive you (a fictional, corporate entity) as the primary driver of the project.

chipperyman57310y ago

The only people who care about free SSL certs would know enough about Let's Encrypt to know facebook didn't do much. LE isn't something most people find interesting.

1 more reply

SamReidHughes10y ago

By having a reputation for being cool like this, they can hire people more easily and more cheaply.

Cherian10y ago· 8 in thread

Before the skeptical comments rush in, can we for a moment take a step back and appreciate this. Facebook has a lot of leaders who has worked in the industry for long and I am sure they understand the value as much as we do. There’s a very strong possibility that FB did this without any motives.

notatoad10y ago

I'm on board with all the "facebook is evil" stuff and i don't use their product for various reasons, but their engineering department is really a good citizen of the internet and open source. Sponsoring Let's Encrypt is really in character for facebook, it's just the sort of thing they do.

mikecb10y ago

Especially with the Stamos hire (not to say that there aren't plenty of previous FBers that shared his views, but he is particularly vocal on issues like this.)

atomicfiredoll10y ago

This was my first thought too. It's not hard to imagine him pushing the idea of sponsoring a project like Let's Encrypt to other higher-ups in the company.

myth_buster10y ago

  Before the skeptical comments rush in

If the comment is in relation to the criticism to Mark's donations, I think this is a non sequitur... I believe people understand that in large orgs there are factions that operate with different motives. Also this is a good cause so perhaps it helps their image too. So people won't be too critical of it.

andreyf10y ago

I often wonder whether the relationships between brand-less factions in (and across) organizations has more of an impact than the official PR-heavy moves made under the institutional brand.

Take, for example, the changes that have happened at Microsoft since Ballmer's departure. I have a hard time imagining the branching GitHub's Atom to make an open source "light IDE", deprecating IE, and Google's using TypeScript for Angular2 happening while Ballmer's faction was in power. Microsoft has the same name, but it's acting like a very different beast.

I'm not sure how one could observe these factions cut across institutions, but I'd be interested if anyone has any suggested readings.

2 more replies

rand33410y ago

No, I think it's related to Facebook being a PRISM company and having a deplorable privacy policy, and generally giving no shits about privacy or security. Also, Mark's internet.org wasn't going to support HTTPS.

awqrre10y ago

Apparently this is a donation that has happened unlike Mark's donations. (sorry if I state the obvious but hopefully he doesn't divorce before those donations happen (knock on wood))

1 more reply

tellor10y ago

Sorry, I'm is not registered user of that SN, but periodic getting spam emails about invitation. Hope that without any motives.

Thinking beware with gifts ...

toomim10y ago· 5 in thread

And the bigger news is that letsencrypt starts its public beta today! You don't need to buy SSL certs anymore! Wow! Someone submit this story!

patcon10y ago

Yay! I've had the sliding deadline in my calendar for months! :)

jsprogrammer10y ago

Yeah, but the commercials also need to be played.

OldSchoolJohnny10y ago

That's what they claimed but there's no evidence of it on their site.

pfg10y ago

Public beta starts around 6pm UTC, so I imagine an announcement will be posted soon.

// edit: there we go, just posted: https://letsencrypt.org/2015/12/03/entering-public-beta.html

StavrosK10y ago

Well I just issued 7 certs, so it's working.

merpnderp10y ago· 3 in thread

React, Casandra, Flux, and tons more, Internet.org and now this? I can now feel a little less bad that every time I click like, that at least my personal information is supporting some great projects.

https://code.facebook.com/projects/

SuperKlaus10y ago

I don't see Casandra on that list. Isn't that an Apache project?

scott_karana10y ago

I don't see it either, probably because after creating it, they eventually passed stewardship over to the Apache Foundation. I'm not sure how much they still use it, even.

https://en.wikipedia.org/wiki/Apache_Cassandra#History

merpnderp10y ago

Yes it's an Apache project, but was created by Facebook.

brwnll10y ago· 2 in thread

Is there any indication what the sponsorship money of Let's Encrypt goes toward?

Corporate sponsorship looks to be somewhere around $2m/year.

Is the money needed for scaling? Hiring engineers? Broadening product line?

pfg10y ago

I would imagine most of the money goes towards:

- Development of the official client[1] and boulder[2], the CA server software behind Let's Encrypt. Both are relatively big projects with lots of things to add/improve on.

- Hosting CA servers in two separate data centers. HSMs for key storage are usually rather expensive as well. CRLs and OCSP are quite bandwidth-intensive[3], that's probably where Akamai's sponsorship comes in. Ops teams have to be available 24/7 in case of outages.

- I'd guess the auditing costs are quite substantial as well. I'm not sure what's necessary to get added to the various root programs out there (Microsoft, Mozilla etc.), but I doubt it's free (unless that's part of some sponsorship).

(I'm not affiliated with Let's Encrypt, just my perspective)

[1]: https://github.com/letsencrypt/letsencrypt [2]: https://github.com/letsencrypt/boulder [3]: https://blog.cloudflare.com/the-hard-costs-of-heartbleed/

joshmoz10y ago

Head of Let's Encrypt here. Our #1 expense is salary/benefits (we are hiring, letsencrypt.org/jobs). Other major costs include hosting, auditing, hardware, and legal/administrative.

obeone10y ago· 2 in thread

Being careful not to look a gift horse in the mouth, but... It is interesting that Facebook ($300 Billion market cap) decided to support at the $150k level instead of the $350k level (i.e. saving themselves from a rounding-error $200,000 additional commitment).

It cost them more than that to make the decision and the press release.

danso10y ago

Maybe there's an internal policy at which $199,999 is a cut-off, i.e. at a certain point, the sponsorship decision is moved to a higher-level of bureaucracy and approval. Which is completely the sensible thing to do: there's no reason why President Obama has to be the one who personally signs off on million-dollar toilets in Iraq (even if the buck stops with the President), and neither should every sponsorship decision be put on the desk of Mark Zuckerberg or Sheryl Sandberg...and an efficient way to do that is to set off a discrete cut-offs, so that you don't have a middle manager thinking they have the discretion to do the exact same moral reasoning as you suggest, "Oh why just give the Palo Alto Elementary Science Fair $10,000 when we could give it $100,000 and no one would even notice?"

Besides internal order, I imagine there's additional concerns and contractual obligations that relate to a public company's stakeholders, e.g. the shareholders who invest with a guarantee that a company has consistent policies in place to manage its spending, whether operational or charitable.

dubcanada10y ago

What does a companies donation amount have to do with anything?

estefan10y ago· 1 in thread

Cool project. I hope nginx support for the client isn't far away.

DiThi10y ago

This involves a bit more manual (but scriptable) steps, but the example it shows is for nginx, in addition to being very small and having barely any dependencies. https://github.com/diafygi/acme-tiny

gmisra10y ago· 1 in thread

Taken in isolation, this is a laudable move. But shouldn't it be evaluated within the context of their own internet.org initiative?

For those unaware, internet.org does not support TLS/HTTPS for most connections. It is probably the single largest attempt in history to remove secure access from a population, just in the name of advertising instead of national security.

andreyf10y ago

Internet.org does not support TLS/HTTPS for most connections

Source, please?

EDIT: https://www.eff.org/deeplinks/2015/05/internetorg-not-neutra...

EDIT2: this is from May. I wonder if anything has changed since.

electriclove10y ago

Why not a Platinum sponsor?

j / k navigate · click thread line to collapse

50 comments

41 comments · 9 top-level

Someone123410y ago· 10 in thread

I wonder why, really. I read Facebook's statement. But everyone always has internal motives (in particular when money is involved), and I wonder what Facebook gains from this?

jedberg10y ago

Why can't their motivation be charity like Mozilla? Or maybe they just want to see a more secure internet?

They aren't totally evil. They want to use their power for good once in a while.

Someone123410y ago

Mozilla are a registered charity, Facebook are a for profit company.

3 more replies

estefan10y ago

Maybe when you're worth $40bn or whatever and you plan to give 99% of it away for philanthropic purposes, you don't need to live life with such a miserly attitude?

Someone123410y ago

Facebook, the company, is planning on giving away their entire net worth? Where are you getting this from? Also isn't Facebook worth somewhere in the region of $245 billion?

1 more reply

heroh10y ago

It's not "philanthropic purpose" it's an investment vehicle that can be used to do virtually everyone, without scrutiny.

smacktoward10y ago

curiouscats10y ago

And really goodwill is the excuse used by the advocates in the company for whatever the sponsorship they want the company to make. It makes sense.

Also even just the goodwill of employees of their own employees (who want their company to support this or various open source projects etc.) makes donation make sense for many companies.

jsprogrammer10y ago

Deliver funding on the day of the public opening. Get some of the PR; some may perceive you (a fictional, corporate entity) as the primary driver of the project.

chipperyman57310y ago

The only people who care about free SSL certs would know enough about Let's Encrypt to know facebook didn't do much. LE isn't something most people find interesting.

1 more reply

SamReidHughes10y ago

By having a reputation for being cool like this, they can hire people more easily and more cheaply.

Cherian10y ago· 8 in thread

notatoad10y ago

mikecb10y ago

Especially with the Stamos hire (not to say that there aren't plenty of previous FBers that shared his views, but he is particularly vocal on issues like this.)

atomicfiredoll10y ago

This was my first thought too. It's not hard to imagine him pushing the idea of sponsoring a project like Let's Encrypt to other higher-ups in the company.

myth_buster10y ago

  Before the skeptical comments rush in

andreyf10y ago

I often wonder whether the relationships between brand-less factions in (and across) organizations has more of an impact than the official PR-heavy moves made under the institutional brand.

I'm not sure how one could observe these factions cut across institutions, but I'd be interested if anyone has any suggested readings.

2 more replies

rand33410y ago

awqrre10y ago

Apparently this is a donation that has happened unlike Mark's donations. (sorry if I state the obvious but hopefully he doesn't divorce before those donations happen (knock on wood))

1 more reply

tellor10y ago

Sorry, I'm is not registered user of that SN, but periodic getting spam emails about invitation. Hope that without any motives.

Thinking beware with gifts ...

toomim10y ago· 5 in thread

And the bigger news is that letsencrypt starts its public beta today! You don't need to buy SSL certs anymore! Wow! Someone submit this story!

patcon10y ago

Yay! I've had the sliding deadline in my calendar for months! :)

jsprogrammer10y ago

Yeah, but the commercials also need to be played.

OldSchoolJohnny10y ago

That's what they claimed but there's no evidence of it on their site.

pfg10y ago

Public beta starts around 6pm UTC, so I imagine an announcement will be posted soon.

// edit: there we go, just posted: https://letsencrypt.org/2015/12/03/entering-public-beta.html

StavrosK10y ago

Well I just issued 7 certs, so it's working.

merpnderp10y ago· 3 in thread

https://code.facebook.com/projects/

SuperKlaus10y ago

I don't see Casandra on that list. Isn't that an Apache project?

scott_karana10y ago

I don't see it either, probably because after creating it, they eventually passed stewardship over to the Apache Foundation. I'm not sure how much they still use it, even.

https://en.wikipedia.org/wiki/Apache_Cassandra#History

merpnderp10y ago

Yes it's an Apache project, but was created by Facebook.

brwnll10y ago· 2 in thread

Is there any indication what the sponsorship money of Let's Encrypt goes toward?

Corporate sponsorship looks to be somewhere around $2m/year.

Is the money needed for scaling? Hiring engineers? Broadening product line?

pfg10y ago

I would imagine most of the money goes towards:

- Development of the official client[1] and boulder[2], the CA server software behind Let's Encrypt. Both are relatively big projects with lots of things to add/improve on.

(I'm not affiliated with Let's Encrypt, just my perspective)

[1]: https://github.com/letsencrypt/letsencrypt [2]: https://github.com/letsencrypt/boulder [3]: https://blog.cloudflare.com/the-hard-costs-of-heartbleed/

joshmoz10y ago

Head of Let's Encrypt here. Our #1 expense is salary/benefits (we are hiring, letsencrypt.org/jobs). Other major costs include hosting, auditing, hardware, and legal/administrative.

obeone10y ago· 2 in thread

It cost them more than that to make the decision and the press release.

danso10y ago

dubcanada10y ago

What does a companies donation amount have to do with anything?

estefan10y ago· 1 in thread

Cool project. I hope nginx support for the client isn't far away.

DiThi10y ago

This involves a bit more manual (but scriptable) steps, but the example it shows is for nginx, in addition to being very small and having barely any dependencies. https://github.com/diafygi/acme-tiny

gmisra10y ago· 1 in thread

Taken in isolation, this is a laudable move. But shouldn't it be evaluated within the context of their own internet.org initiative?

andreyf10y ago

Internet.org does not support TLS/HTTPS for most connections

Source, please?

EDIT: https://www.eff.org/deeplinks/2015/05/internetorg-not-neutra...

EDIT2: this is from May. I wonder if anything has changed since.

electriclove10y ago

Why not a Platinum sponsor?

j / k navigate · click thread line to collapse