There you are, happily using an alternative service to the offerings of Big Tech. It feels good, you think, to exit the corporate strategies of the hyperscalers. No longer are you beholden to the whims of Silicon Valley. Ah, the sweet scent of moral superiority.
And then…the CEO of your alternative service turns out to be a fascist sympathizer. Let's get out the old outrage checklist:
- Confirm the story (yep, it's real).
- Get mad on social media.
- Publicly claim you'll cancel your account, maybe demand a refund.
- Search for an alternative.
- Wait for the next tech dingus to pull this and return to Step 1.
This keeps on happening. Maybe something about being a tech CEO Nazifies you. Maybe fascist-leaning white dudes end up as CEOs for some reason. Ultimately the why doesn't matter to you, the user. If you feel morally responsible for the products you use, the burden is now on you to act. And act. And act.
Many truths are in tension here. Conscientious users with the means to freely choose their tools and products who continue to use the things that support fascism have some moral responsibility for that action. Using such tools doesn't make one a monster, despite the common refrain of the nuance-allergic internet. Still, not a great look and using those tools should not rest comfortably with such users. Concurrently, this moral awareness can be counterproductive. If a conscientious user spends all their time flitting between tools looking for safe harbor they expend energy in a search for a technological moral sanctuary which otherwise could have gone toward doing real work, doing real good.
A thought experiment: If community organizers use Facebook to get people out to vote, protest, help their neighbors, etc., are they doing something wrong?
Even if one argues they are, in an absolutist sense, doing something wrong, one would have to concede that the good performed by such an individual massively outweighs the wrong. It would be absurd to accost someone for reaching out to people where they are. Plus, the fight against Meta's particular evil need not be everyone's fight. You can't expect, nor would you really want, everyone to focus on your personal righteous cause. The tool usage is a function of the intended audience, and the sins of Meta are not fully visited on its users. And Meta's sins are grave indeed.
If we were to rerun the thought experiment above for X, I suspect the calculus changes for many. If a community organizer used X to reach an audience, I suspect one argument might be that the only reachable audience is deplorable people anyway. It would be a waste of time and a way to enrich a monster. Which feels worse: X or Meta, and why? Is X a metonym for Elon in ways that Meta is not for Zuck? Do we collectively despise one more than the other? Or perhaps we view Facebook as our parents' social media, and we can't fully blame them for being out-of-touch, whereas X is a pile of 8chan refugees who never matured past 14. Oh, and journalists who have to be there to "cover the conversation."
Let's conduct the experiment once more, but this time the tool is Mullvad's VPN instead of social media. Imagine an activist using the tool to mask their online behavior and prevent profiling/fingerprinting. They do useful and important work. They build processes and procedures around Mullvad. Then Mullvad's founder does a fash. Suddenly, using the tool is "supporting fascism." Is the activist obligated to move to a different VPN? Are they evil if they don't?
I hope this thought experiment demonstrates that our own moral valuation of others' choices of tools and platforms is hardly objective. Moreover, no single heuristic for right action exists in the complicated interplay of people, technology, money, and power. All we can do is try our best for ourselves and the people around us. What else is there?
And let me be transparent: I've been, and am, on both sides of this. I ditched Twitter when Musk bought it. I've de-Googled to the degree possible. I try my best to avoid vibe-coded applications. On the other hand, I moved to Proton for mail, which some consider unacceptable given recent sponsorship choices and previous comments by their CEO. I can not constantly move around seeking safety from jackass CEOs. That's the situation for me as an individual. Organizations trying to do the right thing face even greater challenges when their "ethical" choices turn out to be not-so-much. The obligation to keep switching seems absurd.
As someone with technical knowledge and resources, I could choose to host many of my own services if I wanted to. I could run my own storage service, email, even VPN. I wrote a dang book on how to deploy a lot of services for oneself. But that's me. It can't be the case that everyone is on the hook for self-hosting tools and services that agree with their principles.
So, what then? Shrug our shoulders and say "Welp, no ethical consumption under capitalism" and move on? Surely there's an alternative to constant migration or utter surrender.
If individual self-hosting for all is off the table, what about a massive open alternative that anyone could join and easily spin up their own services—hosted, but managed?
A monolithic organization has several issues, including jurisdictional boundaries, trust and safety, and cost at scale. By the time you have capacity for (conservatively) tens of thousands of users, you're already in the realm of significant management overhead for the infrastructure. At the same time, your risk exposure and attack surface scale with your user base, without the requisite security teams to back that up. That's worse than current state.
Near as I can tell, the only workable alternative is a grassroots effort to bring ethical services to small communities. And because support for the services should be the responsibility of that community, a cooperative model makes a good deal of sense. Like webrings, this is hardly a new idea. Co-ops for bulletin board systems have been around longer than the web we know. Also like webrings, the idea could use some updating for modern realities.
This strategy is not without challenges.
So You Want to Start a Tech Co-Op
Starting from the position that you want to start a tech co-op to provide…something to members, you have some questions to answer.
Is it Worth it?
You're about to create a legal entity, accept responsibility for some number of users' data (or support), and manage the governance of this entity to provide whatever value you've determined. Your new legal entity may also be held liable for the actions of its members or for noncompliance with regulatory requirements.
All this to avoid the scuzziness of using services that contribute to causes you don't like. You better really believe this is the way forward, and that steering clear of distasteful services is worth the pain and suffering you are about to endure.
It might be! But before embarking, know whether you have the courage of your convictions.
What Do You Offer?
Throw a dart at any layer of the technology stack, and you can find something villainous. From the processor on up to the applications, there's a reason to dislike the big providers out there. Your little tech co-op will not have the capacity to become a new ISP, IaaS, SaaS, DNS registrar, etc. all at once. You have to pick your battles. And it's okay to start small. But be realistic about what is possible, even if that means shunting responsibility for services to the users themselves.
Indeed, one version of a tech co-op supports users in building out their own infrastructure rather than hosting much of anything. This is empowering in one sense, but perhaps undermining in another, since the entire purpose of buying into a co-op would ostensibly involve reduced technical overhead for any given member. Striking the right balance of hosting and individual support may be the most difficult and critical decision in shaping a tech co-op.
Whatever you offer needs to be worth it. Think about the services folks are interested in removing from corporate control. Email, social media, storage, web hosting? Can your co-op effectively replace these for users? If so, for how long?
What Can You Promise?
When you take it upon yourself to offer services to others, you're making a covenant with those users. How reliable can you make your services? How many people are going to sort and maintain the systems? How resilient can you make them to denial-of-service attacks? How quickly can you patch vulnerabilities? Do you have incident response and forensic data collection capacity? What about high availability? How quickly can you recover from an outage? What's the backup strategy? These are important questions for which the co-op needs serious answers. If you want users to trust you as a real alternative to the skeezy-but-effective corporate services, you can't be righteous but unreliable.
Of all the guarantees users should expect from you, safety is by far the most important—and the hardest to deliver. Not only do you need to be concerned about safety from external attacks, but also malicious users who abuse your services. Trust and Safety policies and procedures can't be an afterthought. Jeff Moss's thread on what DEF CON would have needed to provide private email/VPN is instructive here. Most organizations don't have the bandwidth to contend with a constant barrage of CSAM and other abuse material, to say nothing of more quotidian moderation duties.
And then there's safety from the state.
Are You Willing to Fight?
Who will be interested in departing corpo tech services? Almost definitionally, you'll be engaging with marginalized groups—folks who fear what corpos might do with their data. Providing a safe alternative for such people is noble work—but if you claim safety, you need to back it up. To put a finer point on it, what will you do when the lawyers or cops show up demanding your data? What will you/should you be able to provide, and in what jurisdictions? Are you able to mount a legal defense? Are you willing to face litigation or prosecution to protect your users/co-op members? This is not a theoretical risk, as the operators of the Mastodon server kolektiva.social learned in 2023.
As a rule, small organizations can't reasonably defend against a hostile state. It's why resistance networks have historically been clandestine. But if you're offering services that produce connections to outside entities on the internet, secrecy only goes so far.
This reality is uncomfortable, but unavoidable. The very act of offering an alternative to corporate technology services is somewhat counter-cultural, somewhat subversive. Maybe you're small enough to avoid scrutiny, but maybe not. We know about security through obscurity, after all.
Still Interested?
It probably seems like I'm trying to dissuade you from this whole co-op idea. Not exactly, but I want everyone to understand exactly what they'd be getting into. And ultimately, you need to ask: is it worth it?
All of this duty, all this risk, derives from a desire to avoid unethical services. But of course, we're being choosy about which services we care about. We're mostly ignoring ISP or internet backbone-level services, operated by entities no less ghoulish than email or storage providers.
And yet, the desire to break free where we can remains. The cost-benefit analysis of such an undertaking belongs to any given community considering a tech co-op. Acceptable risk for one group may be unacceptable for another.
I don't know where I land on this. I still believe that in the long term, community computing is the only way forward. The alternative is ceding all control of our information and computing capacity. That might mean accepting tremendous operational burden and risk to provide computing resources for those in our lives. It might mean building the skills to operate systems for ourselves so we're ready to provide those services when there are no other alternatives, and the risk is unavoidable. Choosing the easily-accessible service without fear of consequence is a kind of privilege—a privilege which may not be long for this world, and for some is already a memory.
So maybe this is worth doing, even on extremely small scales, to keep the fires of knowledge lit.