I was reading about a security researcher last night who was about to pull the plug on a critical library—something that basically half the internet uses for encrypted handshakes—because he couldn't afford the server costs anymore, let alone his own rent. Then, a Patreon campaign he started as a last-ditch effort pulled in fifty thousand dollars in a single month. It basically saved a structural pillar of the web from collapsing.
It is wild how high the stakes have become for these digital public goods. And that story is becoming the rule rather than the exception. Today's prompt from Daniel is about exactly that—the massive growth of crowdfunding for open-source and public-interest projects, and the very messy ethical tightrope platforms like Patreon and Ko-fi have to walk to make sure they aren't accidentally funding the next extremist manifesto while they are trying to save the next OpenSSL. By the way, today's episode is powered by Google Gemini 3 Flash. I am Herman Poppleberry.
And I am Corn, the brother who wonders why we are still passing the hat for the digital equivalent of bridges and tunnels. But seriously, Daniel is hitting on a massive shift. As of the first quarter of twenty twenty-six, developer surveys are showing that forty percent of maintainers now rely on some form of crowdfunding. That is a fifteen percent jump from just two years ago. We are moving from a world where open source was a hobby to a world where it is a subscription-based profession, but the "office" is a Patreon page.
The scale is staggering. If you look at the global crowdfunding market, we are on track to hit over two billion dollars this year, in twenty twenty-six. And the "technology" category is one of the fastest-growing sectors. Patreon's most recent annual report showed a twenty-two percent year-over-year increase in tech creators. We are seeing a professionalization of the "starving developer" trope.
It is a bit of a dual-use problem though, isn't it? The same frictionless payment rails that let me tip a guy five bucks for fixing a bug in my favorite photo editor can also be used to move money to a group that spent all morning drafting a "free speech" project that is really just a recruitment tool for a hate group. It is the tragedy of the payment processor.
That is the core tension Daniel is asking about. How do these platforms define themselves? Are they just neutral pipes for money, like a bank? Or are they community curators with a moral compass? We have got a landscape now with Patreon, Ko-fi, GitHub Sponsors, Open Collective, and newer players like Thanks dot dev, and they all have very different answers to that question.
Well, before we get into the "am I accidentally funding a riot" portion of the evening, let's talk about why this is exploding right now. Why are developers ditching the old "donate" button for these subscription models? I mean, I remember the days when a SourceForge project had a dusty PayPal link that maybe saw ten dollars a year.
The shift is all about recurring revenue. One-time donations are a sugar high; subscriptions are a diet. If you are a maintainer, you can't hire an assistant or pay for a security audit based on the hope that someone feels generous on a Tuesday. Patreon and Ko-fi popularized the "tiered membership" model. You aren't just giving money; you are buying into a level of service.
Right, the "Gold Tier" gets you a shout-out in the readme file, and the "Platinum Tier" gets you a private Discord channel where you can yell at the dev about your specific edge case. It turns a donation into a contract, or at least a very strong social expectation. But how does that work in practice when the "reward" is just more work for the developer? If I pay for the "Platinum Tier" to get a private channel, aren't I just stealing the developer's time away from the actual code?
That is the "Support Trap." A lot of developers realize too late that they’ve accidentally started a consulting business for five dollars a month. They spend eighty percent of their time answering Discord messages from their "Top Tier" backers and twenty percent of their time actually writing the code those people are paying for. It’s a weird feedback loop. You’re being paid to maintain the library, but the act of being paid prevents you from maintaining the library.
It’s like a digital version of those public television telethons where they spend half the airtime asking for money to keep the show on the air, so you end up watching less of the actual show. But for a developer, it’s even more granular. You’re not just a coder anymore; you’re a community manager, a marketing lead, and a customer support rep.
And the technical integration is getting sophisticated. Ko-fi has seen a three hundred percent increase in developer sign-ups since twenty twenty-three, largely because they have a lower fee structure than Patreon, but also because they integrated things like automated Discord role assignments. If you pay your five dollars, the bot automatically puts you in the "Supporter" channel. It creates a closed-loop community funding system that feels like a private club.
It is also about the "bus factor." For those who aren't in the dev world, the bus factor is the number of people who would need to get hit by a bus before a project stalls out. For a lot of critical web infrastructure, that number is one. Crowdfunding is finally allowing these "one-man shows" to become "three-man shows." Look at the OpenSSL Sustainer program on Patreon. They actually fund three full-time developers now. That is a project that literally secures the entire world's financial transactions, and for years, it was basically running on pocket change and vibes.
Think about the Log4j crisis a few years back. That was a logging library used by almost every enterprise application on the planet. When the vulnerability hit, it was a global emergency. And the maintainers? They were working on it in their spare time, for free, while billion-dollar companies screamed at them to fix it faster. Crowdfunding is the industry's belated attempt to prevent that from happening again. It’s a retrospective insurance policy.
But is it actually working to increase the "bus factor"? Or is it just making that one guy slightly more comfortable while he stands in front of the bus? I mean, if the Patreon only brings in enough for one salary, you still only have one person who knows where all the bodies are buried in the code.
That’s where the "Team" features on platforms like Open Collective come in. They allow for shared "buckets" of money. Instead of the money going to "Steve the Developer," it goes to "The Project." Then the project can vote on how to spend it—maybe they hire an outside security firm for a one-time audit, or they pay a technical writer to finally document the API. It moves the funding away from personality and toward utility.
What is interesting is that we are seeing "impact crowdfunding" emerge. It is not just about "here is a cool tool I made." It is "here is how this project aligns with global sustainability goals or public utility." In twenty twenty-five and twenty twenty-six, we have seen a massive rise in corporate matching programs too. GitHub’s matching fund is a huge driver. If a company uses a library, they can justify a thousand-dollar-a-month sponsorship if they know GitHub is going to match it. It is a way for corporations to launder their "giving" through a platform that handles all the tax and compliance headaches.
It’s basically corporate social responsibility for nerds. A CTO can look at their budget and say, "We’re spending ten thousand dollars a year on GitHub Sponsors," and it looks great on an annual report. It’s much easier than trying to navigate the legal nightmare of hiring a random developer in another country as a contractor just to fix one bug.
But that brings us to the mess. If I am a platform, and I am taking a five to twelve percent cut of every transaction, I am incentivized to have as many creators as possible. But I also don't want the New York Times writing an exposé about how my "Technology" section is actually a slush fund for "The Great Replacement" theory disguised as a compiler project.
This is where the platforms diverge wildly. Ko-fi is very proactive. Their guidelines are quite explicit: no hate speech, no extremism. But the kicker is that they reserve the right to ban you for off-platform activity. If you are using your Ko-fi page to fund a "neutral" weather app, but you are spending your weekends leading a radicalized militia, Ko-fi will pull the plug if they find a "direct connection." They are looking at the person, not just the project.
"Direct connection" is a very load-bearing phrase there. How do they define that? If I’m a developer and I post something spicy on X or whatever we’re calling it this week, does that count? Where does the "person" end and the "project" begin? If the weather app code is open-source and genuinely helps people, does it matter if the creator is a jerk?
That is the billion-dollar question. For Ko-fi, the "direct connection" usually means the funds are being commingled—if the money from the weather app is going into the same bank account used to buy supplies for the militia, that’s a red line. But it’s also about brand safety. No platform wants to be the "official bank of the radical fringe."
Patreon takes the "free speech" or "content-focused" defense, which is a lot harder to maintain in the current political climate. Their historical stance has been: as long as the content on Patreon is benign, we don't care if the creator is a controversial figure elsewhere. It is the "origami defense." An extremist might be teaching people how to fold paper cranes on Patreon to fund their radical newsletter on some dark-web forum.
And that is exactly what the Cato Institute and other analysts call "decoupled funding." It is a nightmare for moderation. How do you prove that the money I made from my "Generic JavaScript Utility" isn't being used to buy server time for a site that hosts illegal content? If the utility itself is open-source and harmless, does the platform have the right—or the obligation—to seize those funds?
It feels like the "neutral payment processor" argument is dying a slow death. Especially with the European Union's Digital Services Act looming over everyone in twenty twenty-six. These platforms are being told they aren't just pipes; they are publishers of a sort. If they facilitate the fundraising, they are part of the value chain of the extremist activity.
Think about the "fun fact" of the banking world: Know Your Customer, or KYC. Banks have spent decades and billions of dollars building systems to flag suspicious transactions. Crowdfunding platforms are essentially becoming "Banks Lite," but without the massive compliance departments. In twenty twenty-five, we saw the first major lawsuit where a platform was held liable for "negligent facilitation" because they didn't catch a creator using a tech project as a front for money laundering.
I remember that one. It was a "distributed cloud storage" project that turned out to be just a way to move money between shell companies. The "code" was just a copy-pasted tutorial from ten years ago, but it had three thousand "backers" giving exactly five hundred dollars a month. You’d think an algorithm would flag that in a heartbeat.
You’d think so, but when you have millions of creators, the "noise" is incredible. And that’s the problem—the more "frictionless" you make the platform to help the legitimate developers, the easier it is for the bad actors to slip through.
There is also a massive risk of fragmentation. If Patreon kicks off a group, they don't just disappear. They move to crypto-based alternatives or platforms with zero oversight. We are seeing a "centralization of decentralization" irony here. Open-source loves decentralization, but it is currently totally dependent on these massive, centralized, American-owned platforms for its financial survival.
It's the "Ghettoization of Extremism." When you push these groups off mainstream platforms, they don't stop existing; they just move to places where there are no moderators at all. But for the mainstream platforms, that’s a feature, not a bug. They just want the problem out of their backyard.
I love that term, "the origami defense." It sounds like a bad spy novel. But it is a real problem. If I am a bad actor, I am not going to name my Patreon "Fund the Revolution." I am going to name it "Open Source Privacy Tools" or "Independent Media Research." How does a moderator at Patreon, who probably has an English degree and three minutes to review each case, decide if a project is a legitimate public good or a front?
They can't. That is why we are seeing a shift toward "Fiscal Hosts." Look at Open Collective. They don't just let anyone sign up and start taking money. You usually have to be under a fiscal host—a non-profit entity that vets the project and manages the money. It adds a layer of professional oversight. It is less "frictionless" than Ko-fi, but it is much harder to co-opt for extremism because there is a legal entity standing between the donor and the dev.
Wait, so the "Fiscal Host" is basically like a parent signing for a teenager's bank account? They take the legal responsibility if the kid does something stupid?
If you’re a project under the "Open Source Collective" umbrella, they handle the taxes, the invoices, and the legal compliance. If a donor needs a tax receipt for a charitable donation, the fiscal host provides it. But that host also has a reputation to protect. They aren’t going to host a project that looks like a front for a hate group because it puts their entire 501(c)(3) status at risk.
Which, of course, the "move fast and break things" crowd hates because it adds "friction." But maybe friction is what we need when we are talking about millions of dollars flowing to anonymous developers. I mean, look at what happened in twenty twenty-four. Patreon removed a "free speech" software project that was linked to an extremist group. The backlash from the backers was insane. They saw it as a violation of the "contract" between the creator and the fan. The backers felt like their money was being stolen by the platform.
That is a second-order effect people miss. When a platform deplatforms a creator, they aren't just punishing the creator; they are alienating the thousands of people who felt a sense of ownership over that project. It creates this radicalization loop where the "censorship" by the platform becomes the new rallying cry for the group to move to an even more unregulated space.
It is also a branding nightmare for legitimate devs. If I am a legit open-source maintainer, do I want my project listed next to "The Patriot's Guide to Urban Warfare"? Probably not. The "neighborhood" matters. GitHub Sponsors has a bit of an advantage here because it is so tied to the code itself. If your code is on GitHub, and it violates their Terms of Service, the project gets nuked. The funding and the product are one and the same. On Patreon, the product can be "exclusive updates" while the actual code lives elsewhere, making it harder to police.
Or rather, that is why the integration is the key. GitHub's Terms of Service are already tuned for code. They have been dealing with malware and "dual-use" software for a long time. Applying that to the "Sponsors" side is a natural extension. But even then, it isn't foolproof. A developer can write perfectly clean, useful code that also happens to be a tool used primary by hackers or state actors.
Like a high-end network scanner. In the hands of a sysadmin, it’s a vital tool for security. In the hands of a script kiddie, it’s a weapon. How do you fund the development of the tool without being accused of funding the attacks?
You can't, really. You have to rely on the "intent" of the developer, which is impossible to prove. This is why some platforms are moving toward a "Curated" model. Tidelift is a great example of this. They don't just let anyone in. They partner with specific maintainers of critical libraries and pay them to ensure the code meets enterprise standards for security and licensing. It’s crowdfunding, but for grown-ups.
So, if I am a developer listening to this, and I am tired of eating ramen for every meal, what is the play? Do I just sign up for everything and hope for the best?
The smart play in twenty twenty-six is diversification. We have seen what happens when a platform changes its mind or gets hit by a regulatory hammer. If your entire life's work is funded through a single Patreon account, you are one policy change away from bankruptcy. Use Patreon for the "community" feel, but maybe use Open Collective for the "official" infrastructure funding. And definitely set up GitHub Sponsors because the zero-fee model for individuals is too good to pass up.
But isn't there a risk of "Donor Fatigue"? If I see a developer has a Patreon, a Ko-fi, a GitHub Sponsors, and a "Buy Me a Coffee" link, I’m just going to close the tab. It feels desperate.
It’s a balance. You don’t put all the links in the header. You use something like a "Linktree" for developers, or you designate one as the "primary" and the others as "alternatives for people who hate Patreon." You have to give people options because some corporate credit cards will block Patreon but allow GitHub, or vice versa.
And for the backers—the people actually opening their wallets—I think there is a new level of "donor due diligence" required. You need to look at a project's governance. Do they have a transparent ToS? Do they publish where the money goes? If it is just a guy in a basement with a "trust me" vibe, maybe think twice before subscribing to the "Legacy Tier."
I would also look for platforms that publish transparency reports. Ko-fi's twenty twenty-five report was actually quite enlightening. They detailed exactly how many accounts were removed for violating extremist policies. It gives you a sense of the scale of the "policing" they are actually doing. If a platform says "we don't have a problem," they aren't looking hard enough.
What really bugs me is the "invisible work" problem. Crowdfunding is great for "sexy" new features. People love paying for a new UI or a cool plugin. But nobody wants to fund "Refactoring the legacy database logic so it doesn't crash in three years." We are creating a system where the most visible developers get rich while the people maintaining the boring, essential plumbing are still struggling.
That is the "Feature Bias." It is a documented phenomenon in crowdfunding. It rewards the "visible" work and ignores the "invisible" security work. This is why we are seeing a shift from "tips" to "contracts." Some maintainers are now offering higher tiers that guarantee a certain response time for security vulnerabilities. It is essentially "professional support" disguised as a Patreon tier.
It is basically a "Bounty" system. "I will fix this bug if the community raises two thousand dollars." It works, but it feels a little bit like the software is being held for ransom. "Nice little encryption library you got here... shame if a zero-day were to happen to it."
I don't think it is that cynical. It is more about prioritizing limited resources. If you have ten hours a week to work on a project, are you going to spend them on the thing that pays your mortgage or the thing that doesn't? Crowdfunding just makes that choice explicit.
But doesn't that lead to "Development by Committee"? If the people paying the bills want a specific feature that the developer knows is a bad idea for the long-term health of the project, who wins? The guy with the vision or the guy with the wallet?
Usually the guy with the wallet, unfortunately. We’ve seen several high-profile "forks" in twenty twenty-five where a lead developer quit because their Patreon backers were demanding features that compromised the security of the app. It’s the "Customer is Always Right" mentality applied to complex software engineering, which is a recipe for disaster.
It’s like a chef being told how to cook by the people in the dining room. Eventually, you’re just serving a bowl of sugar because that’s what everyone voted for.
True. I guess the big "open question" as we move through twenty twenty-six is whether AI-driven moderation is going to save these platforms or make them worse. Can an LLM actually understand the nuance between "controversial political theory" and "incitement to violence" better than a human? Because with the volume of projects growing at this rate, human review is becoming physically impossible.
I mean, we’re already seeing "AI Hallucinations" in moderation. A developer in Germany had his account locked because the AI flagged his project—which was about "Garbage Collection" in memory management—as being related to "Illegal Waste Disposal." It sounds like a joke, but it took him three weeks to get a human to look at it. If your rent depends on that account, three weeks is an eternity.
And then you have the regulatory side. The EU's Digital Services Act is just the beginning. We are going to see more pressure on these platforms to "Know Your Customer" just like banks do. That means the "frictionless" era of crowdfunding is probably coming to an end. You might have to provide a lot more than just an email address to start taking donations.
Which is going to be a huge hurdle for developers in countries with less-than-stable regimes. If you are an open-source dev in a place where "public good" is defined by the state, and you need to provide your ID to an American platform to get paid... that is a death sentence. We are back to the "centralization" problem. We are building these global financial lifelines, but we are tying them to very specific, very Western legal frameworks.
It is a paradox. We want the safety of a regulated financial system, but we want the freedom of a decentralized digital frontier. You don't get both. If you want the money from the Western corporate world, you have to play by the Western corporate rules.
It makes me think about the "Shadow Funding" that’s starting to happen. Developers using Monero or other privacy coins to fund projects that they know would get flagged on Patreon. It’s creating a two-tier system: the "Clean" open source that lives on GitHub and Patreon, and the "Dark" open source that lives on Onion sites and is funded by crypto.
And the scary part is that some of the most important privacy and security tools are being pushed into that "Dark" tier. If we make the mainstream platforms too restrictive, we lose oversight of the very tools we might need to protect ourselves.
Well, I for one am glad someone is paying for my favorite text editor, even if it means I have to occasionally worry about whether the developer is using my five dollars to buy a tank. It is a weird world, Daniel. Thanks for the prompt.
It really is. The evolution from "free software" as a philosophy to "public good" as a funded infrastructure is one of the most important shifts in the tech world this decade. We are finally admitting that "free" has a cost. We just haven't quite figured out who should pay it and who should guard the gate.
I will pay the cost of a coffee to not have the internet break. That seems like a fair trade.
I think most people agree with you. We just need to make sure the "coffee" isn't being brewed by people who want to burn the coffee shop down.
Nice. I will let that one sit. Anyway, that is our deep dive into the weird, messy world of crowdfunding the digital commons. Big thanks to Daniel for the prompt—hope Ezra is doing well and Hannah isn't too tired of you talking about "fiscal hosts" at dinner.
It’s become a bit of a recurring theme, honestly. "Pass the salt and tell me about the tax implications of a European developer using a US-based fiscal host." She’s a saint for putting up with it.
She really is. Thanks as always to our producer Hilbert Flumingtop for keeping the audio from sounding like it was recorded in a tin can. And a big thanks to Modal for providing the GPU credits that power this show and keep our scripts flowing.
This has been My Weird Prompts. If you are enjoying the show, a quick review on your podcast app really does help us reach new listeners. It is the only way the algorithm knows we exist.
You can find us at myweirdprompts dot com for the RSS feed and all the ways to subscribe. We will be back next time with whatever weirdness Daniel throws our way.
We’ve got some interesting stuff lined up for the next few weeks, including a look at the "Dead Code" problem—what happens to all these funded projects when the developer finally does get hit by that metaphorical bus?
Spoiler alert: It’s not pretty. Stay curious, and maybe go tip your favorite open-source developer. Just check their "About" page first.
Good advice. See you next time.
Bye.
