If there is a single Legal Entity responsible for developing, deploying and managing this trusted server, they have little incentive to excel, especially if they are running as a non-profit. They only need to function well enough to keep advertisers using their system and paying their bills.
Instead, we need competition, which can breed innovation and allow publishers and advertisers to differently balance tradeoffs between cost, speed, reliability, effectiveness, etc. If this takes on even a small percentage of web (and streaming) advertising, the scale is large enough to support multiple competitors, just as users have a choice of multiple browsers (and unlike browsers which are free, there is money to be made). This might be accomplished by spinning up three Legal Entities, all managed by the board and using the same, initial open source code. Or we might allow startups or existing companies to compete with the Legal Entity, as long as they follow the standards set by the Governance Board, can meet agreed upon privacy/security requirements and submit to audits.
Obviously, to be trusted, each of these would need to continue running the open source code, but they could make different infrastructure decisions. We might also allow them to retain sole use of any new features they develop for a 1-3 year period after they contribute the code back to the open source community. (This makes maintaining the open source hard as it means there could be lots of divergent, incompatible branches, but it is better than allowing them to fork or to have them not contribute their code back for public review before they deploy it to production). Another option would allow competitors to immediately use the new feature, but with a 1ms penalty for the first year.
A variation would use a single Legal Entity, but allow a browser vendor or ad tech vendor (on the sell or buy side) to contribute optimizations or new APIs. For their work, they might be granted exclusive access to these APIs for some short period of time, perhaps based on the value of the new functionality. Or they might be granted a share of the revenue from those who utilize their new functionality. In fact, for a share of the revenue, even individuals might be more inclined to submit incremental improvements and bug fixes. With this model, the Legal Entity might not actually do much code development, but might only be responsible for security reviews.
Similarly, various infrastructure companies like Akamai or AWS could each host instances of the unmodified open source software with publishers choosing to use the host that provides the best service for the price. In this case, the Legal Entity might simply function as an auditor to verify that the host has not compromised the users' privacy protections.
I'm sure that there are other ways to promote competition and encourage innovation as well. I just worry that if we grant Garuda a monopoly, we will start with a mediocre system that ages poorly.
If there is a single Legal Entity responsible for developing, deploying and managing this trusted server, they have little incentive to excel, especially if they are running as a non-profit. They only need to function well enough to keep advertisers using their system and paying their bills.
Instead, we need competition, which can breed innovation and allow publishers and advertisers to differently balance tradeoffs between cost, speed, reliability, effectiveness, etc. If this takes on even a small percentage of web (and streaming) advertising, the scale is large enough to support multiple competitors, just as users have a choice of multiple browsers (and unlike browsers which are free, there is money to be made). This might be accomplished by spinning up three Legal Entities, all managed by the board and using the same, initial open source code. Or we might allow startups or existing companies to compete with the Legal Entity, as long as they follow the standards set by the Governance Board, can meet agreed upon privacy/security requirements and submit to audits.
Obviously, to be trusted, each of these would need to continue running the open source code, but they could make different infrastructure decisions. We might also allow them to retain sole use of any new features they develop for a 1-3 year period after they contribute the code back to the open source community. (This makes maintaining the open source hard as it means there could be lots of divergent, incompatible branches, but it is better than allowing them to fork or to have them not contribute their code back for public review before they deploy it to production). Another option would allow competitors to immediately use the new feature, but with a 1ms penalty for the first year.
A variation would use a single Legal Entity, but allow a browser vendor or ad tech vendor (on the sell or buy side) to contribute optimizations or new APIs. For their work, they might be granted exclusive access to these APIs for some short period of time, perhaps based on the value of the new functionality. Or they might be granted a share of the revenue from those who utilize their new functionality. In fact, for a share of the revenue, even individuals might be more inclined to submit incremental improvements and bug fixes. With this model, the Legal Entity might not actually do much code development, but might only be responsible for security reviews.
Similarly, various infrastructure companies like Akamai or AWS could each host instances of the unmodified open source software with publishers choosing to use the host that provides the best service for the price. In this case, the Legal Entity might simply function as an auditor to verify that the host has not compromised the users' privacy protections.
I'm sure that there are other ways to promote competition and encourage innovation as well. I just worry that if we grant Garuda a monopoly, we will start with a mediocre system that ages poorly.