Bitcoin design principles
As a new technology, bitcoin offers the opportunity of a decentralized open financial system, where participants share the role of securing the network. This is important to give everyone equal and direct access to economic opportunities without fearing seizure or needing intermediaries. To make this a reality, we encourage everyone working on products to deliberately support the core principles of designing for bitcoin.
These are principles we in the Bitcoin Design Community identified and stand behind. Some of these come from the technology itself and others from the community’s behavior and ethos. Although every use case and product is different, applications should strive to follow these principles. Diverging from them should only be done with very good reason.
Let users control their private keys, with no risk for seizure or freezing of funds #
Our existing mental models of access to digital services are usernames and passwords controlled by a company with custody of your funds and data. With everyone having direct access to the bitcoin network, we no longer need to design products that require people to delegate control of their funds to middlemen. While it comes with greater responsibility, self-custody enables the open financial system of peer-to-peer transactions.
- Let users control their bitcoin and private keys directly
- Create an easy path to self-custody for bitcoin beginners
- Custody funds for your users
- Build products where the users’ funds can be seized, or frozen
Provide appropriate and progressive security for all types of users #
Self-custody often leaves the end-user responsible for the security of their private keys. They can only do a good job of that if we provide them with appropriate tools and awareness of best practices.
Security is especially important when onboarding people who are new to bitcoin. For example, new users are likely to start by only storing small amounts. After a while, they may become more comfortable with the idea of self-custody and begin to store larger amounts. The concept of progressive security is a good idea here, starting with automatic cloud backups. This would let a user upgrade their security and private key management scheme as their savings grow. Although common, recovery phrases that require manual backup might backfire for new users not yet familiar with safe backup practices.
Education and awareness are a big part of security, as they can protect users from bad actors and potentially their own security mistakes. It is unrealistic to expect beginners to take in all the knowledge acquired by advanced users in one go, for example, while onboarding to a bitcoin product. We should therefore consider how to continuously educate and level up user awareness of best practices and risks.
Security can also be a feeling. A polished, good-looking, easy-to-use product that transparently communicates how it works can help users feel more secure, especially when compared to another product that lacks these qualities but has the same security measures.
- Take safeguarding of users’ funds seriously
- Strive for no loss of funds, whether by negligence or theft
- Provide suitable private key management schemes for beginners
- Offer progressive security and upgrade paths
- Build with bad actors in mind
- Minimize risk of self-inflicted loss from user negligence
- Continuously educate users on best practice and risks
- Blame the user for losing funds
- Expect beginners to implement best practice backup strategies
- Underestimate the added feeling of security that can come from well polished products
Build borderless products without location, language or social barriers #
There are no background checks, credit checks, or gatekeepers to bitcoin. A Kenyan farmer should have the same access to bitcoin as a Wall Street trader.
While bitcoin is already used by a large number of people, it pales in comparison with the many more that are likely to use it in the future. We need to design products that are prepared for people unfamiliar with bitcoin. This means using plain and familiar language, explaining things in the context where they are needed, not overwhelming people with technical detail, and more.
- Provide equal and direct access to the bitcoin network
- Design bitcoin products that are usable by the widest range of people possible
- Use plain language that people new to bitcoin can understand regardless of prior knowledge
- Localize your product and make it multilingual
- Educate in place, when people are presented with a new concept
- Treat users who rely on assistive technologies as first-class citizens
- Exclude people by building features that only work in certain countries
- Add technical detail that is not required knowledge, or technical terms like seed phrase, XPUBs, mnemonics etc.
- Put all education up front and expect people to read and remember it
Enable import and export of wallet data, maximize backwards compatibility, and use open standards #
Bitcoin is an open-source protocol, operating in a decentralized manner. This has led to a number of standards being developed to ensure compatibility between products. It should be easy to switch and move your bitcoin wallet to a different application, should you wish. Ensuring that your product supports as many of these standards as possible is best practice and builds trust. More on wallet interoperability.
- Support import and export of wallet data
- For on-chain wallets, allow users to export and import wallets directly
- For Lightning wallets, offer a clear path for the user to move their Lightning funds to another wallet
- Support as many relevant BIPs and BOLTs as possible
- Be transparent with which ones you do and don’t support
- Maximize backwards compatibility
- Lock your users in
- Implement proprietary solutions when open standards exist
Be open and transparent with how your product works, open-source your code when possible #
While an open and decentralized financial system that users can connect with directly is great, it puts a burden on them to choose a product that they trust and like to use. We can make this easier by freely sharing information about how our products work and what technologies they use/rely on. By open-sourcing your code, you can let people verify that your claims are true, ultimately building more trust with your users. It is important to be transparent with users about the risks that come with self-custodying funds. Be sure to educate them about scenarios where they may risk losing access to their funds, along with best practices for avoiding this.
- Be open and transparent with how your product works
- For wallets, inform users of the fees your application charges
- Let people verify your claims by open-sourcing your code when possible
- Explain what risks the user is taking on, and how best to mitigate them
- Make claims that are not explained or verifiable
Minimize collection of personal information, and maximize financial transaction privacy #
A common misconception of bitcoin is that it provides complete anonymity and privacy of transactions. Since the blockchain is an unchangeable ledger of all transactions ever made, your complete transaction history could become visible once even a single one of your addresses is connected to you. If bitcoin is to become viable for a wider audience and daily use, we should take privacy seriously. This is certainly not to enable or encourage illicit activity but to protect individual financial privacy. We would not accept it if our bank published our financial transactions to our Twitter or Facebook feeds, so we should avoid a similar scenario with bitcoin.
The bitcoin network doesn’t need to know your name for you to use it. Strive to collect as little personal information as possible about your users. When absolutely required to provide the product services, collect only the bare minimum and consider if and when this can be discarded when no longer necessary. If you collect personal information, be transparent about why and how you will use and store it.
- Minimize the personal information you collect
- Encourage usage of the Lightning network for improved privacy
- Avoid address reuse
- Embrace privacy-preserving options when relevant (running a full node, compact block filters, Tor, coin selection, schnorr signatures, payjoin, coinswap, etc.)
- Collect and store personal information not required for the functionality of your product
Design products that encourage people to run a full bitcoin node #
Unlike traditional banking systems, the bitcoin economy does not require new users to seek permission from anyone. Bitcoin has no central point of control. No one person or entity is in charge. Connecting to any node on the network gives you the same rights and responsibilities, ensuring no single point of failure.
- Design products that encourage people to run a full bitcoin node
- Alternatively, use a light client with the p2p network using compact block filters
- Offer the user choice of what node and other external services to connect to
- Introduce a single point of failure between the user and the bitcoin network
- Build products that stop working if the project shuts down
Take a look at how these design principles and technologies are implemented in the various types of bitcoin software.