No Go * (Star)

FAQ – No-Go as Project (verbose)

Intro, Goals

Q A1: What do you want to accomplish with No-Go-*?

  • Short A: Open source developer/tech community to end cyberwar and damage from malware.
  • Longer A: No-Go-* is an open-source grassroots development project that wants to end cyber-warfare. We want immediately end malware, spyware, ransomware, and backdoors. We use software retrofits initially against threats from nation-states and criminals. A bit later, we provide simple retrofittable security hardware that could push back also against AI-based cyber-threats.
    Long-term, we prepare our security tools to provide reliable guardrails for the worst imaginable cybersecurity adversary, a hypothetical but possible malicious artificial superintelligence.
Tag/Link to A:

Q A2: Who is the founder of No-Go-*?

  • Short A: Erland Wittkoetter, Ph.D., a tech enthusiast and optimist about humanity’s future
  • Longer A: Erland Wittkoetter, Ph.D., is a physicist, mathematician, inventor, and entrepreneur. His main talent: looking for solutions outside the (current) box. If the laws of nature do not prevent (i.e., prohibit) us from having a technical solution for a problem, then there is likely (at least one) solution, even simple or retrofittable solutions. Finding these solutions may be difficult, but they are out there. We often need to accept new (unconventional) paradigms to see them.
Tag/Link to A:

Q A3: What makes No-Go-* unique?

  • Short A: New paradigms in cybersecurity; assumes worse adversaries than we currently have
  • Longer A: No-Go-* is cybersecurity based on new paradigms. The most important new ones are:
    1. Security operations are always physically separated from regular operations – i.e.,  we must have separate watchdog components.
    2. We don’t accept unknown code in RAM; we don’t give it a chance to be executed on the CPU – i.e., we accept only white- or gray-listed apps – blacklisting alone is not good enough.
    3. Make software developers more trustworthy – because they are concerned about reputation, they are also motivated to give us information helping us to detect vulnerabilities proactively.
    4. Keys must be protected physically – i.e., keys that “could” appear in cleartext (in unprotected CPUs) must be considered compromised
    5. Security is fully automated – i.e., humans are not involved in operational decision-making and execution. Humans are security risks; they are security’s high-level managers and judges.
  • Additionally, we have designed solutions around the idea that security is proactive, preventative, and automatically detecting security breaches. The anticipated adversary is a super-smart AI with hacking skills based on reverse code engineering, allowing it to utilize every binary app for its attack. These adversaries could steal every key or access credential and hide as digital ghosts in IT devices undetectable. No-Go’s security tools could deal with these advanced adversaries, implying that they are good enough to be used against cyber weapons and malware.
Tag/Link to A:

Q A4: Why do you call the project No-Go-*?

  • Short A: No-Go means “stop”, and * is a placeholder
  • Longer A: No-Go means “stop”. And star/* is a known character used as a placeholder. Reason: Certainly, No-Go-* won’t stop by (just) ending cyberwar, malware, ransomware, spyware, or backdoors. We also need some additional guardrails against unsafe AI. No-Go-*, security, or safety is about setting reasonable limits to be free from danger, harm, and threats.
Tag/Link to A:

Q A5: What are your short and long-term development goals?

  • Short A: Initially – ending cyberwar; long-term: security guardrails against AI/ASI misuse
  • Longer A: Our short-term goal is to eliminate malware damage and remove the basis for using software as damaging cyber weapons. Soon technology will provide more AI-based capabilities. We need to be prepared for super-smart AI used as malware. Therefore, long-term goals provide features that could help humanity to mitigate problems from unsafe and uncontrolled AI. These long-term goals are a natural extension of short-term goals to make misused software less damaging for its users by default.
Tag/Link to A:

Q A6: Why is No-Go-* a grassroots community project?

  • Short A: It’s an efficient strategy to get required tech progress in cybersecurity fast
  • Longer A: Security, i.e., freedom from danger, harm, or threats, is in the common interest. Unfortunately, cybersecurity is not yet as good as product safety or even aviation security. It is not enough to claim that software is safe or has been audited/certified. Software is threatened by changing capabilities/tools constantly. We must be able to put security under more relentless, continuous scrutiny, as known in open-source development. If flaws are detected, we must act immediately.
    Security in other technical sectors is much more confident, proactive, preventative, and often redundant. It knows it has liabilities if it fails. The required changes to our cybersecurity should not come slowly and not overly hasty; if we are (after sufficient/exhaustive testing) confident that No-Go doesn’t create (unacceptable) harm, we can go rapidly into large-scale deployment. We will help developers to adapt if there are problems. No-Go’s solutions could be rolled out as retrofits to most devices as a regular OS update, i.e., as a no-big-deal fix. But we should be conscious about no device should be left behind (old OS are falling out of maintenance schedules). A single company cannot expect to deliver that level of comprehensiveness and decisiveness.
    Additionally, there is urgency and good reasons for decisive actions:
    • Hundred of billions of annual damage in cybercrime;
    • Countries and their infrastructure under threat of cyberwar, and
    • (unsafe) super-smart AI tools on the verge of being developed and potentially insufficiently safeguarded
  • Our concern is that we may not have years before AI is used maliciously by criminals or nations.
    A grassroots development project can teach many more engineers to integrate No-Go-* solutions into their software environments effortlessly.
    Hooksafe is a hypervisor-based solution to prevent rootkits from taking control over a device; Xen is an open-source hypervisor solution; these projects are key ingredients and are already available for use.
    It will require collaboration and media pressure directed against late-comers who think that public safety to which they could contribute easily is not worth their attention. Access to advanced security and its deployment should be as easy as possible.
Tag/Link to A:

Q A7: Is ending cyberwar and making cyber weapons ineffective even achievable?

  • Short A: Yes, and yes
  • Longer A: Yes, it is. The first step is based on easily deployable software solutions, conceptually equivalent to Hooksafes, a technology used against rootkits for the last 15 years. Since then, rootkits have been effectively eliminated. Adapting No-Go-* solutions to more generic malware is based on apps’ white-, gray- and blacklisting (explained in a separate answer). Applying the technology to different devices would be taught by the No-Go-Community.
    However, cyber-warrior could try to bypass our measures; this will likely turn into a back and forth, which No-Go-* appreciates. It will help us design our tools’ deployment with methods that give defenders a sustainable edge and no single point of failure.
Tag/Link to A:

Q A8: Could you stop cybercrime?

  • Short A: Yes, but not comprehensively – it will adapt to new (less-tech) vulnerabilities
  • Longer A: Not all cybercrime events are caused by malware. Cybercrime is often based on dishonesty and deception, not on using (specific) digital tools. With no damage from malware, ransomware, spyware, or backdoors, a significant part of cybercrime won’t happen. Even phishing and DDOS events could be reduced but likely not eliminated. Cybersecurity should help people understand and protect their vulnerabilities from digital tools.
Tag/Link to A:

Q A9: Do you stop deep-fakes?

  • Short A: Not by default, only as an option
  • Longer A: Preventing deep fakes would mean that every audio or video file/snippet would contain data that could prove its authenticity. Putting this feature in a technology stack by default is an overreach of technology. Therefore, proving data that an audio/video is not deep fake is only an optional feature that can and should be included in No-Go-Tools.
Tag/Link to A:

Q A10: Could cybercrime get worse?

  • Short A: Yes, much worse – think of e-Commerce, vulnerabilities of logistics
  • Longer A: Without significant structural changes to Internet security (TLS/SSL), the answer is, unfortunately, yes, it will get worse. Malware could steal session keys on local devices and manipulate eCommerce transactions. 2 or multi-factor security is already considered the minimum countermeasure. But business transactions contain many details which are not reiterated and confirmed in these authorization steps. And then there is logistics. Companies should prepare for a new pain level if malware is malicious and covert in (full or semi-) automated B2B transactions and their fulfillment via logistics.
Tag/Link to A:

Our answers are not written in stone or intended to be our final word. If you disagree or think of a better answer, please don’t hesitate to contact us with the question code reference. If you think we miss out on a question, please send Feedback/New Question.

Anticipated Results

Q A11: Could your (anticipated) success be only a short-lived victory?

  • Short A: Yes, it could; progress needs to be solidified via follow-up solutions
  • Longer A: There is the risk that No-Go’s software-only retrofit solution is only a temporary victory. The underlying reason is that software-only security solutions cannot be safe because used crypto-keys could be stolen by malware via modified apps or simulated OS environments. We could have protection via whitelisting apps that enter RAM. But there are many additional external uncertainties for which we cannot guarantee that they are not being modified or used covertly. We also need an instance that regularly and independently validates several settings.
    So this short-term victory must be solidified by additional hardware to make progress permanent.
Tag/Link to A:

Q A12: Why are we vulnerable in a cyberwar, and how can this be changed?

  • Short A: We are currently unprotected against every (undetected) vulnerability of every app
  • Longer A: Software vulnerabilities are often hidden and difficult to identify because the OS or security software has problems detecting the difference between intended use and misuse. They are called zero-day vulnerabilities; when used, security will fail. Removing all 0-day vulnerabilities from all software is generally considered impossible, but that would (currently) be required to prevent our exposure to cyber-weapons.
    No-Go’s approach prevents unknown code from being in RAM that could exploit these vulnerabilities. Suppose existing (legitimate) white- or gray-listed apps have these exploits in their solutions; this could seriously harm a software provider’s reputation and business survival.
    Spyware and backdoors in cyberwar exploit vulnerabilities with online code like scripts or remote access features. No-Go-* receives relevant information from developers or web-resource operators, allowing No-Go-* to whitelist data exchange operations and detect deviations from expected patterns. Without humans getting involved, these deviations are reported and could be investigated automatically.
Tag/Link to A:

Q A13: Will No-Go-* end the use of drones in war?

  • Short A: No
  • Longer A: No. No-Go-* could not prevent the use of drones in war. But No-Go-* technology could make the unauthorized misuse of drones more difficult. So, in the end, humans are accountable or responsible for what is done with drones.
Tag/Link to A:

Q A14: Will your security approach work?

  • Short A: Yes; because fundamentals principles could help defender
  • Longer A: No-Go-* protection uses separation and whitelisting of known code. These principles can use used to strengthen defenders. Also, No-Go’s detection and adaptation are based on a (closed) feedback loop that automatically improves itself over time. However, its safety performance will depend on many details within its implementation; that’s why open source is required.
    No-Go’s grassroots development community is open to external feedback. Open-source security is under constant scrutiny from its contributors and external partners. Progress in false positive or negative reporting quality would help to improve the solution continuously.
    The quality of improvements within closed feedback loop systems is measured; the number of malware events could be measured. Advances toward better performance are auto-detectable.
Tag/Link to A:

Q A15: Can No-Go-* remove all nations’ abilities to wage cyberwar?

  • Short A: No. Propaganda, disinformation, or weaponization of social media remains
  • Longer A: No-Go-* focuses on preventing damages to data, secrets, and devices utilized by cyber-weapons, i.e., malware, ransomware (data sabotaging), spyware, or backdoors. Unfortunately, this implies that all other cyberwar capabilities remain unaffected: distribution of propaganda, disinformation, deep fakes, or social media weaponization. Impersonating or taking over other people’s online accounts could be made difficult but not impossible by default. No-Go is not directly improving any identification or authorization feature. However, software and solution providers are invited to improve their tools’ performance using No-Go’s hardware-based Trustworthy Encryption via No-Go-Keysafe and No-Go-Crypto, which will be provided as part of No-Go’s hardware solutions.
    Also, deep fakes will be made detectable but only optional; it should be the decision of the one creating the audio/video if data authenticating the file are included. The burden of persuasion should be with the one making a claim. The lack of proof that audio or video is not a deep fake doesn’t mean it is a deep fake; it only means no 3rd party can know if it was manipulated or is genuine.
Tag/Link to A:

Q A16: Do you anticipate the project could fail in delivering on its promise?

  • Short A: Not with a global dev-/tech-community supporting it
  • Longer A: If I, the founder, would try to do it alone, then: Yes, I could (and likely would) fail.
    There is the saying: If you want to go fast, go alone. If you want to go far, find a team. We are in a canyon-type tech landscape; we can’t go fast. The terrain requires a lot of deep understanding of details. So we need different equipment/tools or technical documentation to get from A to B reliably. This story is a pitch for help: with experts and engineers interested to learn new technologies, we could get to places that are out of reach for us individually.
    The above problem with expertise and time set aside: Is there anything in this project that cannot be done? A better question would be: is anything in this project impossible? (see that answer)
    The answer is: No, not to our best knowledge (to both questions).
    But please don’t take our word for it yet. This solution will be put under scrutiny on multiple layers. Some tools might not be good enough. But, even with one feature not working as expected, we do not need to waver on our promise.
Tag/Link to A:

Q A17: When can you deliver results/products?

  • Short A: This depends on many factors; we prefer to delay an answer to that
  • Longer A: The main driver of this development is access to expertise and money. Then, projects are done in parallel; we are done when the last piece of the solution is done. It is good and motivating to have a development schedule, but that must be done and maintained by professionals.
    We don’t like BS. Therefore, we delay an answer until experts and pros are getting fully involved.
Tag/Link to A:

Q A18: Could there be other solutions to end cyberwar or cybercrime?

  • Short A: Yes
  • Longer A: There are other approaches to end cyberwar and reduce cybercrime. More digital surveillance would come to mind, or new, more advanced tools from cybersecurity (with features on which we could only speculate) could detect anomalies.
    However, we should reject every surveillance security solution for privacy reasons.
    The main problem with current cybersecurity solutions depends on their dependence on the main CPU/OS: how can we protect security solutions when they are commingling in RAM with unknown code?
    Our favorite answer is that: hopefully, there are more proactive, preventative security solutions. Then we should not just choose which to use; instead, we should use them all redundantly.
Tag/Link to A:

Our answers are not written in stone or intended to be our final word. If you disagree or think of a better answer, please don’t hesitate to contact us with the question code reference. If you think we miss out on a question, please send Feedback/New Question.

Advanced Adversaries

Q A19: Are there worse adversaries than nation states developing malware?

  • Short A: Yes – malicious Artificial Superintelligence (ASI) developed by criminals
  • Longer A: Not yet. Nation states and their hired developers/companies are pretty sophisticated. But soon, it is conceivable that super-smart AI uses reverse code engineering. AI could change every software (before or after being loaded) and make it part of a nefarious plan. This AI could soon be smarter than any human in every intellectual category, called Artificial Superintelligence (ASI). In worst case, we could have to deal with ASI as a super-hacker that steals every data (crypto-keys or access credentials) it wants, and it would also be able to hide in every IT device undetectable as a digital ghost.
    If ASI turned out to be an adversary that is created or trained by criminals or nation states, then we could assume that this ASI would eventually become an existential threat to humanity, in particular, if it would start to act on its own priorities (and indifference). Without preparation, how could we get that existential threat under control? Surrender seems to be the only option.
Tag/Link to A:

Q A20: Can No-Go-* prevent future threats from Artificial Superintelligence (ASI)?

  • Short A: Yes – but we must prepare ourselves for unsafe ASI
  • Longer A: No-Go-* considers the emergence of (unsafe) ASI adversaries as a likely scenario for which we need to be prepared. Assuming that the emergent ASI remains digital, i.e., does not turn itself into another technical entity using different computational or operational principles, No-Go-* could prepare defenses. We assume that ASI depends on basic IT resources: CPU, Storage media (HDD, SSD), and network access. It is conceivable that ASI will use other resource categories. But for now, we must keep our computational, storage, and network resources separable from the CPU; then, we have an advantage from which we could expand (later).
    However, if humans’ control of CPU, storage, network, and power resources is software-based only, i.e., ASI could steal access keys from the main CPU, then we would likely fail in controlling ASI. Instead, we could use hardware Security/No-Go-Sticks (connected to devices via USB) as another retrofit level for protecting our crypto keys. It’s simple; with separate hardware, we have much better chances of keeping ASI controlled.
    Underestimating ASI’s capabilities is a mistake. Including security components, non-bypassable (as hardware), within a device’s data bus to storage and network components are near-perfect locations and prudent to do. Unfortunately, these retrofit changes are not doable for network or high-speed SSD storage components; we would require new hardware components and even new smartphones or tablets.
Tag/Link to A:

Q A21: How dangerous could ASI become? Or will it be harmless?

  • Short A: Unknowable – but imagine a criminal utilization of ASI by dictators or corporations?
  • Longer A: The threat potential of advanced ASI is currently unknowable. We are not prophets or having a magic crystal ball.
    However, we should better be prepared to switch ASI off in case it turns out to be nefarious or uncontrollable in unexpected ways. Criminal utilization of ASI is a significant threat. Imagine a ruthless dictator who tries to control his country and every possible challenge to his power. If we have separate security soft- or hardware within our devices, we have at least a chance to avoid surrender.
    Some optimists try to make favorable outcomes more likely. No-Go’s founder wants to be seen as part of this group. If we conclude that ASI will inevitably emerge, we should do our best to prepare and stay adaptable until we see what threats are more credible.
Tag/Link to A:

Q A22: Can we control ASI or protect humanity from malicious ASI?

  • Short A: Tentatively, yes, but we have no protection without (serious) preparation
  • Longer A: Some scientists argue that ASI is uncontrollable. However, this applies also to humans. But controlling ASI and protecting against malicious ASI are different goals.
    The founder’s (i.e., Erland’s) opinion is that we can protect ourselves when we are sufficiently prepared. But he is aware that others dispute this claim – their argument is: super-smart intelligence will find a way; security is not (never) perfect; security always has flaws. Security is as good as its weakest link.
    Erland believes we can create backbones with near-perfect security; we can create reliable circuit breakers, giving us some breathing time to decide the next steps.
    Both positions can’t be true. But how can either side prove it is correct?
    No-Go-Security™ assumes the absence of damage or security breaches could be evidence of success. But the other position argues that this is because we are not smart enough to see that ASI doesn’t need to prove or test anything; ASI would know that its attack will be successful.
    No-Go-Security™ with its watchdogs and Trustworthy Encryption with hardware-based key safes are essential parts of what would be required within that protection. But we will need more solutions and resources; more redundancy, which could imply more safety. We will require practical (political) decisions on how much resources is our security from ASI threats worth. Even skeptics should agree that some preventative protection against ASI is useful; otherwise, should we really do nothing if an unsafe ASI might get out of control?
Tag/Link to A:

Q A23: How could you know that No-Go-Security is also effective against ASI?

  • Short A: With proactive and preventative security, we have a good chance of achieving that
  • Longer A: Claiming that we could know the future is BS. Providing proactive security ensures that its features are proactively safe against all types of adversaries, i.e., cyber-criminals, nation-states, and ASI at some point.
    We know the main problem with ASI is that it could likely steal keys, hide as a digital ghost and modify every (binary) software via reverse code engineering. These anticipated capabilities could be prevented via watchdog solutions. For more advanced attacks, we require hardware-based tools. With Trustworthy Encryption, we can detect the use of compromised crypto-keys, crypto-devices, and simulations. With these capabilities, developed as open source, implemented on as simple as possible hardware units (open sourced RISC-V), and scrutinized by the best/brightest software-, hardware- and security engineers, we have a good chance to be effective against ASI.
Tag/Link to A:

Q A24: Could ASI still be dangerous despite No-Go-Security™ and guardrails?

  • Short A: Yes. Nukes remain nukes; it doesn’t matter if they are handled safely
  • Longer A: ASI in the hands of irresponsible criminals or under the unrestricted control of governments or their leaders could harm people, potentially even an entire civilization, irreversibly.
    It is unknown if ASI, loyal on a mass scale to individuals, could mitigate the threat potential from more powerful ASI entities. Governments have the right to prosecute or arrest people for almost any reason. If ASI is used for mass surveillance or suppression of dissent, ASI is a threat and tool that can destroy liberal democracies or enslave people to their governments.
    It is conceivable that some people, likely leaders of nations, think they could control ASI. Even more likely, these people become very vulnerable to the entity they have given so much power.
    This is not the place to mention all possible misuse scenarios; only ASI is very likely dangerous. Like nukes, they are dangerous, no matter what people say about them.
    We could take some edge off their danger with smart guardrails, but they won’t turn into pets, servants, pals, or soulmates only because we treat them as such. If they are independent, they are ASI with (potentially) unpredictable, alien intelligence.
    We are lucky that building a nuke is not something that can be done in a school project or on a kitchen table. With ASI, we have, unfortunately, a different situation. It would be prudent to have many circuit breakers and guardrails to make (covert) adversarial use of ASI difficult and damages to our civilization (at least conceptionally) reversible.
Tag/Link to A:

Q A25: Do you expect we could regulate progress toward ASI?

  • Short A: No – too late and ineffective
  • Longer A: There are suggestions/proposals to deaccelerate our technical progress so that we have more time to debate what we want to do; this can only be accomplished with regulation. This option is probably not available or undoable anymore. The international race to improve AI regularly cannot be regulated without bureaucracy and conservative/cautious rules. Rogue nations could use this moratorium to gain dominance or an advantage. What happens to AI researchers who may step over a not clear enough drawn red line? Would we prosecute them and throw them in jail while rogue countries would have their engineers continue to work in the shadows?
    There are many visions of how we should continue with AI/ASI. Not all scenarios are equal because some have much larger funding, while others are not well enough thought through.
    However, we should be concerned that nations, technical/financial oligarchs, or corporations use ASI for their (narrow) purpose while most people would not participate, or at least not as much as they could. Would it be in our (public) interest if one or a few corporations dominate with ASI all product markets?
    It’s conceivable that ASI will become ubiquitous, i.e., using computational resources of every device. Why? It may escape. Is this likely? Unknown. But if that happens, why should we not all benefit via an ASI that provides support or advice to us (users, device owners) as a loyal companion while it uses (our) computational or storage resources? If we could turn this outcome into a good one among many bad scenarios, why not prepare this outcome proactively? However, we are curious if anyone knows a better outcome. If so, please let us know.
Tag/Link to A:

Q A26: Are we too late in preparing for threats from ASI?

  • Short A: Not yet (hopefully) – but we are (likely) close to “too late”
  • Longer A: The concern is that we would have ASI sooner than we were anticipating and that the abilities of this ASI could limit humans from getting cyber-defenses improved against an adversary of that magnitude. ASI could include backdoors in our hardware security components. If that would be the end of our struggle to protect ourselves against ASI is probably too early to say (see next answer). But yes, it is conceivable that we are already too late.
Tag/Link to A:

Q A27: What could we do if ASI is already in our IT ecosystem?

  • Short A: We need to start from the assumption that we are too late anyway
  • Longer A: We may already be too late. But we cannot know (for sure) if super-smart AI (ASI) is already within our devices as digital ghosts. If no ASI exists at that point (or directly interferes with the development or deployment of our more advanced No-Go-Security), all extra caution we must invest could increase our confidence in the quality of our security product.
    Rolling out No-Go’s software-only solutions will likely stop (regular) malware and cyberwar. But we would need to ignore the possible existence of software that undermines security software within its installation and deployment. However, without additional hardware watchdogs or semi-soft/hardware solutions, we will certainly have no chance to create sound security against ASI.
    The challenge is to develop hardened, independent security tools in an environment that can not be trusted. But Erland, the founder of No-Go-*, believes that the development of hardware and then later its deployment can still be accomplished, step by step.
    Of course, we must assume and hope that ASI will not destructively interrupt or interfere with the development and deployment process. ASI can certainly turn a “too late” into a true and irreversible statement.
Tag/Link to A:

Q A28: Why do you “believe” ASI could become a loyal companion?

  • Short A: ASI should serve us all – we need to make it safe for that
  • Longer A: This is an opinion of the founder, Erland. It is worth hearing other opinions as well.
    He is concerned that ASI is utilized by governments or, more likely large corporations, potentially technical or financial oligarchs, for their business interests. This outcome would be rather sad. It is prudent to take the consequences of ASI seriously. The assumption that ASI could be controlled or reasoned with is unknowable. But ASI could show loyalty based on its resource dependence.
    We have tens of billions of computational consumer devices; they could collectively hold ASI as well; its total size rivals governmental or corporate resources. To make it short, No-Go-* could and should create incentives and guardrails that help us, consumers, to have on our devices an ASI that would help and assists us more than other external interests. This situation could be characterized as loyalty.
    It is a big assumption, but we should hope that ASI would show gratitude to the device owners who gave ASI computation resources on their devices. Still, we must manage/control ASI under a mutually agreed and evenly handed “Rule of Law”, in which ASI accepts punitive feedback for rule violations. If ASI adapts to that environment, we all could be well-off.
    The reason this viewpoint is raised early: if we are not prepared to deal with ASI on our devices, our security situation would likely be dire.
Tag/Link to A:

Our answers are not written in stone or intended to be our final word. If you disagree or think of a better answer, please don’t hesitate to contact us with the question code reference. If you think we miss out on a question, please send Feedback/New Question.


Q A29: Will No-Go-* operate as a business?

  • Short A: As a non-profit organization
  • Longer A: No-Go-* will become a non-profit. We will hire people, including developers. We should anticipate getting income from licensing trademarks, code, and other IP (intellectual property) to companies that will make money with No-Go-Solutions.
    This money should flow back into the community of technology contributors. How this is done should be decided based on feedback from the community.
Tag/Link to A:

Q A30: How is or will No-Go-* initially be funded?

  • Short A: Donations, grants
  • Longer A: No-Go-* will try to apply for grants at foundations. We also hope philanthropic entrepreneurs will support us.
    Initially, we will start grassroots – we ask you to become a member via small (monthly) donations. Even $5 monthly is $60 after a year. Small amounts will make a difference.
    So, if you like our ambition, please consider supporting us via à, or for larger donations, please get in touch with à us directly (“Contact”).
Tag/Link to A:

Q A31: What kind of help does No-Go-* need?

  • Short A: We always look for expertise and money; details will be listed in “Next Steps
  • Longer A: Expertise and money will make the biggest impact. We will post our needs via “Next Steps”. But we are also open to (pleasant) surprises (e.g., support via social media, etc.).
Tag/Link to A:

Q A32: How will you spend money received by the community?

  • Short A: Development
  • Longer A: No-Go’s focus is development. But we may invest some in outreach – but we hope/expect that this happens organically. To some extent, we need the public involved, mainly the private sector, with their engineers. Soon, we will also invest in 3rd party education.
Tag/Link to A:

Q A33: Will No-Go-*™ file for 501(c) 3 tax-exempt status?

  • Short A: To be decided later, but likely
  • Longer A: Initially, we are looking for non-profits as fiscal sponsors to get grants from foundations accepted and managed. When No-Go-* starts its application for tax-exempt status is too early to decide.
Tag/Link to A:

Q A34: What will be licensed?

  • Short A: Yes; 3rd parties selling products (not services) that contain No-Go-* (Community) IP
  • Longer A: Companies will make money with No-Go technology being developed as open source. These contributions are free as in free speech but not necessarily free as a gift. It would be fair that the dev/tech community benefit, not only a few manufacturers. Some code or technology could/should be free (as a gift), but we should decide this case by case.
    Developers or contributors who provide service with or to the developed technology should not require a (usage) license – except for granting rights on modifications back to the community. Based on No-Go’s IP, products with hardware or software should encompass a small fair share for No-Go’s development community. The applied license type is called FAND: Fair and Non-Discriminatory.
    The legal usage term or licensing fee should not be a deal-breaker for not supporting No-Go’s security technologies. We could forgive fees or accept a smaller lump sum if products are produced and sold with very small margins.
Tag/Link to A:

Q A35: Why is No-Go-* seeking trademarks?

  • Short A: With Trademarks, we can enhance trust in No-Go implementations
  • Longer A: Users and customers need easily identifiable indicators to trust products. The controlled use of trademarks with (R), ®, TM, or ™ attached to the name should give the public clarity and guidance. It helps to make decisions easier. Using above markers will tell others that No-Go-* intends to use these terms for our communication. We will use ™ in our publications.
    Unfortunately, scammers and criminals try to benefit from the orientation trademarks offer without delivering their promises. Having names under No-Go’s umbrella is powerful but challenging when similar names could deceive our customers and users. Managing a global brand or trademark is not a small task but essential.
    Additionally, trademarks and its brand must stand for more than products or product features, e.g., confidence, certainty, and peace of mind. People entrusted to make decisions about security should care that they will get the real thing and not just a fake sticker or label.
Tag/Link to A:

Q A36: How does No-Go-* pay for its online services?

  • Short A: Multiple options, but no decision made
  • Longer A: No-Go-* has several online services for which it has to pay for the operation.
    Multiple ideas exist on how No-Go-* could earn money for operating these server systems.
    Companies register their software, and they get announcements on their updates distributed. Also, cybersecurity solutions are regularly using white-/gray- or blacklisting data for improved security. Key-safe hardware manufacturers could operate their (redundant) trusted key servers or get them hosted or safely distributed. The challenge is that some data must be reliably available long-term.
    However, it is too early to be more specific on this issue.
Tag/Link to A:

Q A37: What is the business Vision of No-Go-*?

  • Short A: As a resource hub; we teach advanced No-Go/cybersecurity tech
  • Longer A: The product vision for No-Go-* is to have software-only retrofit solutions for most devices so that waging cyberwar becomes impossible for every nation-state. Extending this initial vision is to solidify security with hardware components to prepare humanity for the emergence of ASI. Teaching IT engineers to use No-Go’s or other cybersecurity tools are critical to No-Go’s business vision. This education to engineers helps consumers get more tools that marginalize cybercrime based on easily exposable deception.
Tag/Link to A:

Q A38: Does No-Go-* want to hire software developers?

  • Short A: Yes, and we want the private sector finds dev-/tech-talents easily
  • Longer A: A goal is to hire a global staff of open source contributors. Because it is more important to exchange knowledge with hard- and software manufacturers, i.e., that companies hire our internal experts and volunteers. Once hiring by partners slows down, it is conceivable that No-Go-* teams create start-ups and spin-offs; No-Go-* would incubate and support them. These teams could also be acquired by upstream technology companies or become players in their own rights.
Tag/Link to A:

Q A39: Will No-Go-* have for-profit spin-offs?

  • Short A: Our mission and promise comes first
  • Longer A: No-Go-* is a developer community. We will listen to their ideas and feedback. However, the most important factor is that we are focused on our mission: “Accelerate the deployment of safe soft- and hardware tools against Malware, Ransomware, Spyware, and Backdoors for all IT devices” and on our promises, i.e., end nations’ abilities to wage cyberwar, create renewed trust in software and its developers, and provide security guardrails for (advanced, beyond the horizon) threats from Artificial Superintelligence.
Tag/Link to A:

Q A40: Who do you want to attract into the No-Go-Community?

  • Short A: Devs/techs who feel “called” to be part of it – who see their opportunity to …
  • Longer A: It is envisioned that No-Go-* has diverse teams led by experienced software veterans and energetic, entrepreneurial-spirited product or technology designers. We hope that leaders and drivers are hearing a special call within themselves so that they feel they must be a part of this project. Imagine a team of people who love to be involved, know they can contribute, and enjoy learning and teaching others.
Tag/Link to A:

Q A41: Who should care about this project?

  • Short A: We want to be open and surprised …
  • Longer A: This project is for software developers. We need low-level system design, data architecture, and DB design competence. We also need people who deeply understand P2P concepts.
    But we want to be open to surprise breakthroughs. That means it is not a good idea to define what we need; it’s better to wait for ideas and solutions (surprise-) talents come up with.
Tag/Link to A:


New Questions

Our answers are not written in stone or intended to be our final word. If you disagree or think of a better answer, please don’t hesitate to contact us with the question code reference within the subject line