First, let’s be clear - Ripple is open source. In 2013 the whole code of the project was made available on github.com were anyone can go online and create their own version of the Ripple network and begin to promote it. In that sense, Ripple is open source since the code is open to be viewed.
However, that isn’t the whole story.
There are a small number of differences between what might be called a ‘hard’ open source project (e.g. Bitcoin) and a ‘soft’ open source project like Ripple.
The principle issue is this
- The idea of the source code of an open source project is all the code that controls the type of behaviour the project can engage in,
- Ripple Lab’s nodes exert high levels of control over the Ripple network and can dictate. in real time and without updates, the types of behaviour allowed,
- Although the source code of a standard node is open source the source code of Ripple Labs’ nodes are unknown.
- Therefore, the network is not open source in the spirit of idea.
The first point is null on a traditional software project since the code is the project. However, a network is different agents running different code and communicating with one another and the whole network constitutes the project. The stated goal of the Open Source Initiative is to use ‘transparency of process’ and when the software is a network their should be clear and transparent knowledge of what general process the network will go through or be allowed to go through.
On the second point, many Network Validators are run by Ripple Labs at this time. Network validators transmit transactions to other peers but they also check to see if transactions are valid and can reject transaction on any terms they choose. Participants on the network choose a list of Network Validators they they trust and that list of these trusted validators is called their Unique Node List (UNL). Ripple Labs provide a default UNL for their open source clint and this UNL consists of ten Ripple Labs’ nodes and eight from other sources, some of them unclear. As Peter Todd sets out in his recent review of the available code, all users of the network have a strong financial and business incentive to only use that UNL since if they do not they strongly risk being isolated and undergoing a denial of service attack that would be remarkably costly for any business.
In addition to this, Ripple Labs does not provide a universal list of Network Validators and their is no strong incentive in the network for individuals to start or maintain a Network Validator themselves. Ripple makes the case that users will wish to run nodes to support the network they rely on or to get quicker access although this model has been employed in Bitcoin with limited success.
We could assume that Ripple Labs’ nodes run the standard network daemon that is open source and available online but why would we assume that?
A point to make at the end - none of this means that Ripple is ‘bad’ or ‘untrustworthy’ or ‘closed’. Ripple Labs publishing their code was an honest response to the calls from the community (and likely from business) and should be taken in good faith. It makes sense for Ripple Labs to maintain the level of control they do and nobody should fault them for that - they have a lot of money ridding on this project and so do their backers. The cautious note is only this - don’t think of Ripple like you think of Ethereum or Bitcoin. Ripple is a commercial product built by a commercial and profit-making company that wishes to grow and develop itself based on its own creation and more power to them. But remember, with the Ripple UNL as the default and incentivised list, and with that list being predominantly Ripple Labs’ nodes controlled by Ripple Labs, and with no strong incentive to run nodes, Ripple Labs can encode their nodes to reject any transactions according to rules they see fit. Since we don’t know the code that controls those nodes, it could be argued that although the project is open source according to the letter of the law, it in not according to the spirit of the law.