How to prove source code without opensourcing it
Hi, i am working on a crypto trading bot as a service and thanks to many bad element this sector has got a bad reputation and i have got that people are not so ok with sharing their account API even if the access is limited to buy and sell (withdrawal blocked). They are asking for to open source the code but that's just like asking to give the code to competitors.
Whats are my option here ?
-Is there any third party who can audit my code and verify the security ?
-I don't mind sharing under NDA but that is still hard as its not scalable plus i will have reservation if that guy will follow the NDA, i cant run around him if he doesn't.
-Oauth or sms code before placing the order but that doesn't prove that u cant access the control to manipulate the trade plan.
My main aim to be convince to user that i can access in between this phone and his exchange account.
I have a friend who's working on a similar project. I'm helping him sell his bot through my service by taking care of the billing and spinning up a now bot instance when someone purchases the bot -- saving him a lot of time
Couple of suggestions for what you could do:
Charge for access to the code
Sell your bot as normal then sell access to the code to the people who want that extra level of access. This has the benefit of making you more money and giving you a smaller list of people who have access to your code (reducing the risk of someone sharing the code)
Grant access to the server
If you run the bot on individual servers (one bot per server), you can grant the person access to the server. That way they can do their own checks and investigating to make sure everything is running as expected.
As other's have said, the majority of those people are going to be outliers so it really comes down to how much time you want to put into appealing to those outliers
Thanks for the idea, i will look into your offering too. The problem is i am not selling a bot. By bot its means a Code that trade on it self based on some guideline or external factor.
My idea is a app looks no different than the existing mobile app in app store. it only trade as per users guideline. It still like a bot away but i want to make it work like a regular app. No hassle type. It app is meant to regular people who are not into crypto but know trading from stock or other markets.
That said i will have to look into offering special option for outlier as u mentioned at a later stage.
Oh right so there's a "bot" type thing that your app connects to an app?
Then yeah, I think having some kind plan that lets them audit your service themselves will work.
That will give you a way to answer the people who have those concerns and also give your users extra confidence in your app being legit.
let me put in a different way. Lets way i make a third party app to let u read, write and forward ur gmail account. and there is a time based reply forwarding feature which may look like a bot but its time is set by user.
Now the users are asking me to open source the app code for review coz they feel i might read and write there mails.
but that like tell the competitor please clone my app. M not saying others cant build the same app but the fact that they have to spend time and money will deter alot of people.
This bot is running on your server or on the client's machine? In the first case open sourcing your code will not prove nothing anyway
M building it for my server. I know that open source wont help but the question is what will. How can i convince users that i can interfere.
its like , How do u know that some one in google cant read ur emails ?
Ignore those people and don't worry about it. People asking for access to source code are 0.01% outliers. Focus on the needs of the other 99.99% of your potential users.
There is no service that I know of that was successful because the maker revealed the code to suspicious potential users.
Or to put it differently: are your competitors doing that and succeeding because of that?
If yes, then I would like to know who they are.
If no, then you don't have to either.
Build a good product and ignore those demanding source code. Majority of them would not put the effort to read the code anyway.
thanks, this put me at ease. However, I will still be looking for solution just to put my users at ease without giving the code away.
If you believe other actors will behave legally then you can make your code public without making it open source. Use a license like License Zero Prosperity License.
Just read it, not sure how it will help me. I will let user use my code for non commerical use but if anyone does use how will i know. He can be closed source or change a few lines of code !
There are 4 ways - one you may like and other 2 are required together
(plus => +)
or
or
No offense, but that's how this SHIT works.
Will be working on 1 & 2. Will take it slow and build a user base that trust. thanks