Helium is a special kind of project with transparency, privacy, and consent at the very core of every decision we make. This document outlines most of our efforts that we’ve done so far to ensure that Helium is private, secure, and transparent for anyone who wishes to inspect it.

If any of the following efforts are no longer true, then we’ve broken our promise to you, consciously or not. If that’s ever the case, please open an issue and hold us accountable.

Source and repositories

  1. All of Helium source code is public and released under a copyleft license. This includes source code of all remote components, such as web servers.
  2. All Helium repositories have readable commit history with precise descriptions of the changes that the commits contain. No 300 “Bug fix” commits.
  3. Pull requests are public and are the only point of code’s entry into the main tree. Discussions regarding PRs are mostly done in public. PRs are descriptive and easy to digest.
  4. People aren’t required to sign a predatory CLA in order to contribute to Helium repositories.

Builds and releases

  1. The builds are compiled directly from the code in public repos, not some internal repo where the public repo lags behind for weeks/months/years.
  2. The builds are transparently compiled and the build process is published for anyone to review.
  3. The builds do not contain any proprietary blobs: all machine code is a result of publicly accessible source code.
  4. All Helium repositories have signed & immutable releases that cannot be changed after they’re published.

User’s experience, freedom, and trust

  1. The browser interface does not have any ads, promotions, or invasive banners begging people to give their money/data.
  2. The browser does not generate any web traffic until the user says it’s OK to do so. Helium asks for user’s explicit consent before any new Helium services are enabled.
  3. The user can replace Helium’s default services endpoint(s) with a self-hosted instance before any web requests are made.
  4. Helium’s ad blocking engine has no biased exceptions. No one is able to pay us to allow ads on a certain domain and hide the “block” button somewhere deep in settings.
  5. Helium does not have any dark patterns to drive users away from managing their privacy and choices. If we inherit anything from source Chromium, we make sure to remove it as soon as possible.
  6. Legal documents and agreements, such as Privacy policy and Terms of use, are published on GitHub with full history of changes available to the public.

Fight for the human internet

As you might imagine, fighting against giant companies that harvest people’s personal data is “irrational” and “not profitable”, but we believe that it’s the right thing to do. People are not data harvesting endpoints for companies to leech off and build empires on top of. It’s inhumane to treat people this way.

We all deserve a better internet that doesn’t abuse people for profit. Helium helps reduce noise, protect your privacy, and confuse trackers, but we can’t fix the internet alone.

It’s your turn to make the internet better. Create a privacy-first alternative to a service you use. Fix what you don’t like. Maybe do something no one has done before. Use Helium’s philosophy as a vague guide for ensuring transparency and trust.

Have fun, be weird, cause havoc, and put people first. The internet is for everyone, and it’s beautiful.