Today, we’re taking the next big step in our open development: we’re publishing the code that powers the hardware device, mobile app, and server behind Bitkey, as well as electrical designs for the hardware. We’ve been sharing our thinking and designs to help people understand how our products work – now, we’re publishing our code to help people verify that Bitkey does what we say it does.
Open development is critical to self-custody for Bitkey – and so is transparent and straightforward communication with our customers and community. So we want to be clear about what publishing our code means, and why we’ve decided to share it.
Starting today, anyone can audit the code behind Bitkey to understand how it works, and to verify that it doesn't include functionality that could give Block control over our customers’ funds. When we launch soon, anyone with sufficient technical skills will be able to take advantage of our “reproducible builds” – meaning they can build the mobile app in order to verify that the code we’ve published on Github matches the Bitkey app available on the Google Play Store. Anyone can report security issues to us, expect us to investigate them, and expect us to publish any applicable security patches for the world to see. These are important characteristics for any self-custody wallet, and an important focus for Bitkey.
The repository we’re sharing includes code and design information for each of the following components of Bitkey:
- Firmware: the code that runs on the Bitkey hardware device. This code generates, secures, and manages one of the three keys in Bitkey’s multisignature design
- Mobile application: the code that makes up the Bitkey app which we will soon distribute on the Google Play Store and Apple App Store. This code comprises the primary interface customers use to interact with Bitkey, manages another one of the three keys in Bitkey’s design, and enables customers to interact with recovery tools like Bitkey’s encrypted cloud backups and social recovery features
- Server: the code that manages the third key that Block holds on behalf of Bitkey customers in order to help them recover from losing parts of their wallet
- Hardware schematics: the electrical designs for the Bitkey hardware device
The code we’re releasing is licensed under the Commons Clause, a modifier on an open source license (in our case, the MIT License) that allows use of the Bitkey code only in projects that do not provide a commercial product or service whose value derives, entirely or substantially, from the functionality provided by what we’re publishing today. In other words, you can use Bitkey code in a project you don’t charge for (go ahead and tinker!), but in most situations, you need to talk to us if you want to use Bitkey code in a paid product or service.
Why did we pick this license? Our priority is to provide a broad audience with safe and easy-to-use self-custody. We want to partner with others interested in this mission who want to build on top of Bitkey or modify their products to inter-operate with Bitkey – for example, a mobile app that works with Bitkey hardware. But we want to make sure that when we partner, the resulting product is safe, easy to use, and allows us to build a sustainable business so that we can continue to bring important products to a global audience. We feel the best way to accomplish this today is through the Commons Clause, though we’ll be looking for other ways to achieve this over time. If you want to build with Bitkey, come talk to us – we want to be part of the conversation.
We’re sharing a lot today, and our team is excited to hear feedback from those who review our Github repository. If you’re interested in contributing to Bitkey, consider joining our team or giving us feedback at bitkey@block.xyz.