The end of Jo The Fish
Some of you may have noticed that a few months ago, Jo The Fish ceased to exist. Today, I am sharing more details on the why, and share insights into what I have learned throughout the journey.
What is Jo The fish and why did I start it?
A few years ago, I found myself going to a bar with friends in my hometown in Belgium. Like many of us, I didn’t do research into whose business this was, I just wanted to spend some time with friends. Later I found out that the bar was owned by an individual that openly shared extreme propaganda on his social media. Acts of racism, anti-LGBT views, violence against minorities, financially supporting violent movements…
I felt gutted, it felt like I was indirectly supporting harmful and disgusting views. If I can choose, I’d rather spend my money at a business owned by an individual that wouldn’t use his wealth to harass and call violence against others.
This got me to think: it is very hard to know who you are doing business with in person, but it is nearly impossible online.
Wouldn't we all be better off if we spent our money at businesses that share a basic level of human decency?
What we aimed to build
Regardless of people's political views, I believe there is a common ground of basic human decency. Jo The Fish was built to alert users of businesses that presented relations with predefined basic indicators. The interaction would initially be through a browser plug-in, but this could evolve to other forms.
Jo The Fish flags businesses that objectively relate to, are managed by, are/were funded by, are/were founded by or* financially support* individuals or organisations that are tied to the below topics:
- Objectively proven acts of Murder, Genocide or Violent retaliation against innocent civilians or protected minorities. Examples: Death by stoning against members of the LGBT community, Genocide against Uyghurs, Russia's war crimes…
- Suppress, attempt to criminalise or demoralise protected minorities. Example: gay conversion therapy.
- Terrorism & War Crimes. Examples: Russian state-owned businesses, shadow businesses run by Al-Queda, a cafe participating in Islamic State soldier recruiting…
- US sanctions and embargoes. Example: financial constructions attempting to hide relations to US-sanctioned organisations.
- Wanted criminals. Example: a trading platform that is a hidden pyramid scheme run by a Europol-wanted individual.
The plan was to avoid political discussions to the furthest extent possible. This is/was hard in the world we live in. I strongly believe any reasonable person would agree that the above points are bad. We are not talking about anything touchy or up for discussion here. Paying terrorist organisations to keep your factory open during a war, trading platforms that do not intend to allow you to withdraw money, throwing rocks at a gay person's head until the person dies… These actions cannot be argued as acceptable by any reasonable individual.
If we could reduce revenue flow to these organisations, we'd at least not be participating in the issue and essentially trigger to do better.
How did we do it?
With the backing of incubators like Mozilla Builders we were able to build a team of individuals that cared about these topics, and wanted to put in the work to make this project a success. This was always planned to be a non-profit and voluntary project. The team was amazing.
Our reviewers would spend time researching companies and individuals. Through reliable sources such as tax filings, court convictions, financial constructions… we were able to unfold some ties between organisations.
To an extent, this has worked. We managed to manually make a list of organisations that have traceable relations with the above categories. Some well-known examples:
- Lukoil (Oil giant) - owned by the Russian government.
- Lafarge (cement manufacturing) - Financially supported the State of Iraq and al-Sham (ISIS) and the al-Nusrah Front (ANF) in order to keep its Syria-based factory open during conflict.
- Chick-fill-A (burger chain) - for repeatedly financially supporting anti-LGBT movements.
Why did it end?
A lot of manual labour went into the project. This project hugely benefited from COVID as suddenly a large number of people had more time available to spend doing side projects. Given our team mostly consisted of students taking on this project on the side, as COVID measure eased the time people had available to invest into the project also disappeared.
Remarkably we were able to run this project completely for free for a long time. We built an architecture on vendors like Netlify, Heroku, Cloudflare and Firebase allowing us to get an MVP out quickly at 0 costs. A browser extension only costs 5$ to launch on the Google Chrome plug-in store and a lot of actions can take place client-side. Over time we decided to use more advanced technology in an attempt to automatically detect suspicious behaviours of companies. This resulted in an incredibly expensive cloud bill which was kindly waved by the vendor. Since we could not find a feasible way to run the service in a cost-efficient way, that meant the end of that project… This architecture was also not going to last. As more and more users were onboarded, we started noticing limitations and were financially unable to build the right long-term solutions.
Google's introduction of Extension Manifest 3 also crippled a core element of our platform for the right reasons. For some time, we were able to track most visited websites without storing PII. This allowed us to prioritise research. While we appreciate and encourage Google to take steps to improve privacy and security of Google extensions, this was an essential tool for our platform that disappeared when Google prevented plugins from running on all sites. Overall, this change is a great thing!
Apart from a small one-time 1000$ grant from Mozilla (which went towards merchandise for our volunteers), this project ran completely on 0 funds. This was intentional: we did not want to spend any additional funding on it at the time. There was no intention to raise money for this project, it was an act of doing the right thing and learning as we went. By the time money became the bottleneck, people also didn't have the ability to continue committing time on the project anymore as COVID measures eased and life went back to normal.
Given the type of activities we brought to light, we cannot ignore the potential risk to our own safety. While threats never materialised, none of us felt like living a life where we had to look over our shoulders.
The dark side of the web
Given our plugin had access to user’s browser sessions, bad actors were very fond of our app. It is generally known within our industry that the type of plug-in we built attracts bad actors who want to buy the app to use for malicious intent. Because of how browser plugins used to work, a bad actor could update a plugin and distribute the update without the user’s knowledge. Allowing them to inject bad code and skim internet activity. This did not happen to Jo The Fish. We took every possible step to secure our product. However, the risk is huge and amplified given the product in question relies on a community.
All of the above points made the team shift attention to different projects. After exactly 1 year since the last code change, I decided that it would be the right time to close the project and move to different projects.
Jo The Fish had over 1000 daily active users at its peak. I believe it is reasonable to say that our project diverted some shoppers to spend their money elsewhere. That to me is a win.
The team was essentially the product. We went above and beyond, learned a lot in the process and are happy with the story.
While this project has ceased to exist, it may reappear in the future in some form but no concrete plans exist today.
I'd like to end by the key lesson I learned throughout this project: building a profitable business becomes a lot easier I you don’t care about harming society. If we as consumers don’t draw the line, we are contributing to harmful practices. Be vigilant.