Transparency efforts behind the Helium Browser · Helium Blog
Helium is a special kind of project with transparency, privacy, and consent at the very core of<br>every decision we make. This document outlines most of our efforts that we’ve done so far to ensure<br>that Helium is private, secure, and transparent for anyone who wishes to inspect it.<br>If any of the following efforts are no longer true, then we’ve broken our promise to you,<br>consciously or not. If that’s ever the case, please open an issue and hold us accountable.<br>Source and repositories<br>All of Helium source code is public and released under a copyleft license. This includes source<br>code of all remote components, such as web servers.<br>All Helium repositories have readable commit history with precise descriptions of the changes<br>that the commits contain. No 300 “Bug fix” commits.<br>Pull requests are public and are the only point of code’s entry into the main tree. Discussions<br>regarding PRs are mostly done in public. PRs are descriptive and easy to digest.<br>People aren’t required to sign a predatory CLA in order to contribute to Helium repositories.<br>Builds and releases<br>The builds are compiled directly from the code in public repos, not some internal repo where the<br>public repo lags behind for weeks/months/years.<br>The builds are transparently compiled and the build process is published for anyone to review.<br>The builds do not contain any proprietary blobs: all machine code is a result of publicly<br>accessible source code.<br>All Helium repositories have signed & immutable releases that cannot be changed after they’re<br>published.<br>User’s experience, freedom, and trust<br>The browser interface does not have any ads, promotions, or invasive banners begging people to<br>give their money/data.<br>The browser does not generate any web traffic until the user says it’s OK to do so. Helium asks<br>for user’s explicit consent before any new Helium services are enabled.<br>The user can replace Helium’s default services endpoint(s) with a self-hosted instance before any<br>web requests are made.<br>Helium’s ad blocking engine has no biased exceptions. No one is able to pay us to allow ads on a<br>certain domain and hide the “block” button somewhere deep in settings.<br>Helium does not have any dark patterns to drive users away from managing their privacy and<br>choices. If we inherit anything from source Chromium, we make sure to remove it as soon as<br>possible.<br>Legal documents and agreements, such as Privacy policy and Terms of use, are published on GitHub with full history of changes available to the public.<br>Fight for the human internet<br>As you might imagine, fighting against giant companies that harvest people’s personal data is<br>“irrational” and “not profitable”, but we believe that it’s the right thing to do. People are not<br>data harvesting endpoints for companies to leech off and build empires on top of. It’s inhumane to<br>treat people this way.<br>We all deserve a better internet that doesn’t abuse people for profit. Helium helps reduce noise,<br>protect your privacy, and confuse trackers, but we can’t fix the internet alone.<br>It’s your turn to make the internet better. Create a privacy-first alternative to a service you<br>use. Fix what you don’t like. Maybe do something no one has done before. Use Helium’s philosophy as<br>a vague guide for ensuring transparency and trust.<br>Have fun, be weird, cause havoc, and put people first. The internet is for everyone, and it’s<br>beautiful.
made by