### Total Data Ownership: Rethinking Open Source Business Models for Local-First Software In recent years, we've seen the rise of local-first software, emphasizing data sovereignty, offline capabilities, and user control. However, building sustainable businesses around such software has remained challenging. TDO is a business model that bridges the gap between user data sovereignty and business sustainability. #### The Challenge of Local-First Local-first software principles, as outlined by Martin Kleppmann and others, promise a future where users maintain control over their data while benefiting from modern collaboration features. However, existing business models like open-core or pure SaaS don't align well with these principles. Open-core often compromises on essential features, while SaaS inherently centralizes data control. Open Source is also great, but doesn't have a funding model. [Quality software deserves your hard‑earned cash](https://stephango.com/quality-software). #### Enter Total Data Onwership TDO splits the traditional application stack in a novel way. Instead of layering paid features on top of a central open-source project (as in open-core), it divides the stack based on data ownership concerns: **Open Components:** - Client applications (desktop, mobile, web) - Collaboration server (handling CRDTs, sync) - Data storage formats and protocols **Closed Components:** - Authentication & Authorization - Distribution network - Billing #### The Technical Architecture ![[TDO Architecture.png]] The key innovation in TDO is the separation of authorization from data contents. Here's how it works: 1. The client obtains an auth token from the authentication server 2. The client communicates with the collaboration via a shared secret 3. The auth server cannot read collaboration data (no access to the client certificate) 4. The collaboration server cannot authenticate users (no access to auth secrets) This architecture ensures that when the customer self hosts the collaboration server even the service provider cannot access user data. It's not just a policy - it's cryptographically enforced. The provider could also offer an optional extension of global crdt-update distribution. These messages would be encrypted by the document server. #### Business Benefits TDO offers several advantages over traditional models: 1. **Clear Value Proposition**: Companies pay for infrastructure and authentication, not data access 2. **Reduced Liability**: Service providers never have access to customer data 3. **Network Effects**: The distribution network becomes more valuable with scale 4. **Enterprise Ready**: Security and compliance are built into the architecture 5. **Partial Self-Hosting**: Organizations can self-host collaboration servers while using managed auth #### Ideal Use Cases TDO is particularly well-suited for: - Collaborative document editing - Team knowledge bases - Design tools - Development environments - Financial planning software Any application where data sovereignty is crucial, but full self-hosting is operationally challenging. #### The Future of TDO As local-first software continues to gain traction, we need business models that align incentives between users and providers. TDO provides a framework for building sustainable businesses while respecting user sovereignty. #### Building a TDO Application If you're interested in building developers interested in implementing TDO: 1. Start with local-first architecture and CRDTs 2. Implement the dual-token authentication system 3. Build collaboration server with zero-knowledge principles #### Conclusion TDO represents a new frontier in open source business models. It provides a path to build sustainable businesses around local-first software while maintaining true data sovereignty. As more organizations prioritize data control and privacy, this model could become the standard for collaborative software.