Apologies if this is in the docs or a repost, but I couldn’t find the answers I was looking for, so I’m posting here.

As a potential developer, user and holo host, I’d like to know whether hApps satisfy the following properties:

1. Are hApps always and verifiably open-source? That is - can I always trust to know what the running source-code is, be it in github, some holo-repo, or (preferably) “live on the chain”? There is a trust barrier on the “old internet”, which is solved in e.g. Ethereum, and I’d be very glad to know it is also solved in Holochain.

2. Is there a mechanism to automatically remunerate the developers/maintainers of the hApp as a function of usage/installs/etc? As a potential developer, this will make Holochain a much more enticing target platform.

3. As a hApp host, can I see and choose what runs on my machine? This is important from a legal standpoint, to e.g. choose to not run a human-trafficking hApp (on the extreme!)

[EDIT] For me, the most valuable property of the “smart contract” is its open-source nature. From that you gain trust and can reason about the execution, error conditions etc. Then, the aspect of automatic remuneration is top of mind, since in my mind, the economy of the internet is broken specifically because of the lack of good options there.

Look forward to reading the answers!
-Victor

Great questions!

1. They dont have to be, however the libraries are and the community encourages an open-source mindset for a lot of reasons. It’s possible for a dHapp to incorporate elements of both. Holo doesn’t attempt to ‘solve trust’ because we have relationships with people in real life. Inevitably there is trust in all things. I trust that what my eyes are seeing is really whats happening. I “trust” the driver of the car (or at the very least assume the risk level is appropriate for my needs). Holochain takes into account the ‘human element’… With that being said, there are a lot of cool things being built into the network that help mitigate many problems associated with trust. It’s important to know who to trust and to assess metrics related to their past results/behavior, as well as to feel confident that who I am dealing with is actually who they say they are.

2. Yes absolutely there will be several ways to monetize dHapps. There is nothing automatic per se, but I plan to build stuff to help people with that, as I’m sure others will (or maybe already have). I’m a huge fan of REA: CoMakery Project
   GitHub - holo-rea/holo-rea: A ValueFlows / REA economic network coordination system implemented on Holochain & GraphQL
   Think of it as rebuilding the internet from scratch. Each Holoport is your little piece of what used to be a centralized server. It’s the people who shall own the internet of the future!

3. Yes Holochain gives developers, hosts, and users complete freedom. In essence, a dHapp is much more than just a traditional ‘app’, it’s a network with its own rules
   check out: https://developer.holochain.org/docs/guide/planning_a_dapp/ where there is a nice description of Membranes.

" Membrane¶

One of two types of permeable boundary that allow appropriate access and disallow inappropriate access:

The layer of protection around an agent‘s DNA instance, secured by capability-based security, that prevents unauthorized access to the instance or its source chain data.
A special validation rule in a DNA that checks the agent ID entry and determines the agent‘s right to become part of the DNA’s network."

Thank you @pqcdev for the thoughtful reply!

Here are some thoughts I’m having:

1. It’s great to see efforts to set up a fair dHapp economy on the Holochain. Hopefully, it’ll go a long way to prevent the kind of back-handed surveillance economy we’re seeing on the internet.

2. I believe it’s also good for the hApp hosts to have a say in choosing which hApps to host. This may be less efficient, since an algorithm could better dynamically distribute dHapps across a network, but I think the aspect of control is important, especially when legalities are involved. Maybe a compromise will eventually be achieved between efficiency and control via host-specific hApp-blacklists, and a distribution algo that takes those into account.

3. Regarding trust/open-source-iness. I’m not sure I’m convinced. Let’s not even take the “grandma wants to see grandchildren photos” example, but myself - I’m a software engineer, and I still use very dangerous software (e.g. Facebook) because I value my connections more. Yes, it’s a personal choice of what to use, but I honestly wish it was made for me in the direction of open-source, and transparent data-governance.

If the source is closed, what’s to block a popular app from installing a back-door either from greed, government-crackdown, or ignorance (via a 3rd party library)? I wish there was a mechanism in Holochain that verified apps both in terms of open-source, as well as data-governance.

Do you think this might be possible or desirable in the future?

My pleasure. Happy to have you

what you said resonates with me

2. There will be algos for hosting. Efficiency vs control will be less of a trade-off once biometrics are utilized for user accounts. It will be easy to flag and gossip about malicious actors.

3. Not sure I understand the question or concern posed here as it relates to Holo.

nothing. hence encouragement of open source.

working on it. feel free to DM about this.
There could be closed code that is unrelated to encryption and data governance, but then use open-source for those categories. Keep in mind that a developer is highly incentivized to use available libraries. Hosts could choose not to host the dHapp if they know the whole thing is closed. Even if they do run it, users could choose not to use it.

definitely!