Discuss Home · Bootstrapped Podcast · Scribbleton Personal Wiki · HelpSpot Customer Service Software · Thermostat NPS

Protecting oneself when using oDesk, etc for coders


I’d like to hire coders via oDesk to do some specific tasks. But I worry about the danger to my business of granting a stranger, most likely in a different legal jurisdiction to mine, access to my source code. The chance of a oDesker stealing the code is minimal but potentially deadly to my business.

Maybe I could re-architect my source code into discrete units and just grant access to the necessary unit. But over time the same person might eventually get access to each unit, as I give them different tasks.

How do you deal with this? What suggestions do you have for me?


I used to use oDesk quite a bit and faced the same questions, but in the end I wound up either hiring someone in the US (or wherever you may be) to better protect myself legally, or outsourced some of the harder components, while I then kept enough to myself to put it all together.

I know of some folks that have longer-term working relationships with folks from oDesk, it’s really just a matter of doing your due diligence to learn whether or not the person is as legit as they seem, ask a lot of questions, give them tests, ask for references. Even then there are no guarantees.

In any instance, even if you were to hire someone locally, you still face the possibility of the theft, but they can’t steal your execution. More often than not, people don’t see the vision, even if they have the code.


I’ve heard of it happening. The outsourcers then set up in direct competition. IIRC they were in Russia, so effectively beyond the reach of the law.


What @ShawnArnwine said.

I generally don’t worry about it, for my tools. Source code is valuable for me, but not nearly as much as the total infrastructure package + my relationships + execution of the overall business. It’s a risk for me, but I think I face bigger and more immediate issues, so that’s where I focus.

Some businesses are different obviously (esp. with downloadable software) and if you feel like it’s critical for you, I’d recommend hiring in your home country. It’s more expensive, but you have better leverage with contracts & law.


Is your code so unique? The more I work on bootstrapping, the more I think that the most of the value is in marketing.

What they going to do after the code is stolen? Open a web site and sell it? How they are going to promote it? Ads? They work on oDesk, they do not have enough budget. Marketing on forums? They do not have experience with the business area, and hence their posts will be… inefficient.

You underestimate the power of law in Russia. Of course, they are beyond the reach of American law, but this is an independent country, you know.


When I said “effectively beyond the reach of the law” I meant it wouldn’t be practical for a small European or US software company to take legal action. I didn’t mean to imply there was no law in Russia. Sorry, should have made that clearer!


In the context of the topic, to hire locally (US, Canada, Britain, …) is to be able to take a legal action against a local programmer. Legal action in US (Canada, …) costs a lot.

Same action can be taken against a party in Russia. Russia has an anti-pirate law, it has an economic police (ОБЭП) that makes a lot of businesses lay bricks when they raid offices searching for illegal software, and it has lawyers, too.

The cost of legal action (via a representing lawyer) in Russia though would be times smaller than in US.

Hence, I believe, if someone is prepared to sue in US, the same party should be able to sue in Russia (India, China, …).


Exactly. Unless you are building engine control for the latest fighter plane, chances are there are a dozen open source programs that already do what you are making, and does it better.

@SteveMcLeod, if you don’t trust outside programmers, don’t hire them. This is not a technical problem, so it can’t be fixed via technical means.