You’re at a garage sale and see a wonderful recipe book. “How much? $5? Sweet!”. The seller gives you a form where you fill out your home address, date of birth, a list of websites you recently visited, and several written testimonies from companies you purchased from before, to confirm you would never use stolen money. You sign it, hand over the five dollar bill, get the book and you’re all set!
If the above sounds a bit odd, it’s really an understatement of how online purchases work. When you enter your creditcard number on a website, countless checks are run to ensure you’re not some fraudster. Everyone has a secret consumer score, as Kashmir Hill described for The New York Times several years ago in I Got Access to My Secret Consumer Score.
Creditcards were never designed to be used online and they’re inherently unsuitable for the task. The only reason they work at all is through a massive surveillance effort that keeps fraud rates within reason. If privacy regulators actually understood how this anti-fraud surveillance worked, and would act consistently to crack down on it, online retail would grind to a halt.
Oh, you just use incognito mode? That doesn’t change your IP address. Do you always reject cookies? Even when they ask again and again every night until your finally click Accept All because you’re busy? That doesn’t stop browser fingerprinting. You use different browsers and change your IP all the time? Well fortunately there’s also device fingerprinting.
If you’ve ever tried to pay with a creditcard while using a VPN you may have seen it declined. I’m not sure if that’s still a very common problem. It’s possible that the above fingerprinting has gotten so good that using a VPN doesn’t interfere with getting a reliable fraud score. Neither possibility is good news.
Enough Rant, What To Do?
Bitcoin fixes this. To be more precise, Bitcoin’s lightning network fixes this, because it offers fast, cheap and relatively private transactions. A regular Bitcoin transaction is stored forever on the blockchain. It doesn’t have your name on it, but some companies can and do trace it.
One particularly nice feature of Lightning payments is that the merchant can’t see where it came from. There’s also no chargebacks, which removes the need for surveillance (that just leaves ads and general government overreach to deal with).
So here’s the list of ingredients you need in order to sell a digital product without asking for any personally identifying information:
- Server: unless you’re Tim Ferriss, even a Raspberry Pi will do.
- Bitcoin full node: you don’t have to store the full chain!
- Lightning node (Core Lightning or Lnd, I use the former)
- BTCPay Server (be your own payment gateway)
- WooCommerce1 Shopify works fine too, but they have access to your customer data. : use the downloadable product feature
- Some plugins and tweaks
If you’ve never done 1-4, your best bet is to follow one of the guides on the BTCPay website. Not a software and hardware pro? No problem! Just get a hosted BTCPay server, node included.
Similarly there are tons of companies that can host WordPress (5) with WooCommerce (6) for you. You can figure out self sovereignty later!
Can’t let go of fiat? Crave to have others spy on your customers? No problem! WooCommerce lets you add Stripe just as easy. It works fine along side BTCPay.2I disabled Stripe for small purchases as well as on the Tor site. At the time of writing it’s only used for Australians who want to buy the physical book (for complicated book distribution reasons I might rant about in some other blog later).
Personally I don’t like Docker so I run each of the components as systemd services on my own Ubuntu machine. But that’s the maximum pain approach.
8. Tor: offer a hidden service for your customers, this is tricky though 3I used most of the setup here. I first had to enable multi-site mode, which I otherwise have no need for. BTCPay can also be run as a hidden service, see this hacky approach.
You can see this in action yourself by buying a PDF chapter of my book for €0.49