StashPay is now Open Source
I started StashPay for several reason, but primarily as a passion project. I missed programming and the creative process while working as a founder coach. I initially released the app as closed source but have now decided to open source it. I’ll also highlight how to remove myself and 3rd party vendors as single points of failure.
My Open Source Journey
In the previous 12 years of working as a developer and founder, I’ve built open source software in both grant funded as well as VC funded ventures. I started an email encryption startup in 2013, where I became core maintainer of OpenPGP.js an encryption library now used by over 100 million users in ProtonMail and the Mailvelope browser extension. I’ve contributed to one of the first self-custody lightning wallets at Lightning Labs and built the Photon key management infrastructure in the context of a Spiral grant. All built completely open source from day one. So why didn’t I start StashPay as open source?
In all those years, I hadn’t found a business model that works with open source. And when you watch VC funded startups use your code without paying while making demands and in some cases even acting like they did the work, you lose motivation. There are simply few open source business models that have proven to work for the software industry. In the absence of a business model many open source projects that start with good intentions end up turning against their user’s interest. Wordpress is just one recent example, Android is another. Without a revenue stream projects are incentivized to create a moat through vendor lockin or harvest and monetize user data.
Perhaps building a business isn’t my strength, but it was also never was my primary motivation. My conviction that open source was the right way to build things came first, while building a business model came second. For me a business was simply a vehicle to bring a product to life.
When I recently saw the indie hacker movement build and monetize small proprietary apps, I thought this might be a way to find a business model for a bitcoin wallet. I have now realized though that while this model may make sense for other domains like AI, I’m not sure it’s compatible with bitcoin wallets.
In bitcoin building open source is more than a licensing decision. It is an acknowledgement that we are all corruptible given the right incentives. To choose an open source license is to prevent future corruption of oneself and provide a backup plan to one’s users. It keeps us honest in the face of difficult decisions we have to make as programmers and business owners.
So, after doing some soul searching, I’ve decided to open source the StashPay wallet under the GPLv3 license. It just didn’t feel right to build a piece of software that allows users to handle their own money and data as closed source.
Users can now also verify that StashPay doesn’t take a cut of the fees from their payments. There actually isn’t even a server that StashPay currently operates. The wallet just connects to Electrum servers from Breez and Blockstream to fetch bitcoin/liquid blockchain data and it uses Boltz to do non-custodial submarine swaps to send and receive payments. All fees are currently passed on to the Liquid Network, Bitcoin miners or Boltz.
If and when StashPay charges money, it will be by providing additional services that provide value to users. These backend services may be built as closed source software. But the client app will remain fully open source and usable without these optional services. This will prevent StashPay from rent seeking in terms of the user’s money and their data.
But regardless of if StashPay becomes a business or remains a passion project, something has become clear to me. I’m building StashPay primarily for myself because I enjoy making stuff I want to use. A wallet is really a labour of love. An expression of something you build because you believe it needs to exist. Open sourcing it only feels like the next logical step in that journey.
Open Source Repository
The GitHub repo for StashPay can be found here. Make sure to also switch your source to this link if you’re using Obtainium to get APK updates on Android:
https://github.com/onionmill/stashpay
Removing single points of failure throughout the stack
The last few months have also helped to clarify further steps needed to improve user agency throughout the StashPay stack. Specifically, I’ve outlined ways to improve privacy and remove dependency on any single party within the Breez Liquid SDK. You can read about that here:
https://github.com/breez/breez-sdk-liquid/issues/554
These changes should lay the groundwork to reduce any single point of failure and give users a greater level of agency. Ultimately the goal is to allow StashPay users to configure the electrum servers that their device fetches blockchain data from and also the Boltz submarine swap server that their wallet does bitcoin and lightning payments through. Of course most users will never need to know about any of these details because StashPay will come preconfigured with default settings. But simply having the option can be powerful if and when it’s needed. I will share more on timelines for these improvements over the coming months as dependencies line up.
So in case there is any single entity that fails… be it Boltz, Breez or StashPay. Developers and users will be empowered to reconfigure the app based on their own needs. At a high level this is what Bitcoin has always meant to me. To take responsibility and empower the user to take control of their money and data.