[myrbergs_army]

Original author of the story here... Just to add that 1. yes, the reporting on Le Roux's childhood is more tentative based on a family source (well backed up by docs and images sent to me). But the fact that the same Le Roux created E4M which formed the basis of TrueCrypt is something I think I've established definitively, company and site registration trails show it very firmly (and PLR himself admits it in court, but that comes in a later part of my story). And 2. for the _very_ interested, TC is actually just a small part of Le Roux's story, of which we've released three of seven parts (weekly on Thursdays). I know, TL;DR, it's a lot.

[mirimir]

Aren't you nervous about doxxing someone like that so thoroughly?

[myrbergs_army]

As tptacek says, I don't view reporting like this as "doxxing." As the series hopefully shows, Le Roux was a hugely newsworthy figure for many different reasons, so reporting his background and how he got there is part of understanding where he is now. As for being nervous, many of the major players in the story are in US custody, and perhaps somewhat counterintuitively a lot of people involved want to tell their part of the story. If they have beefs, they are typically with each other not with me. I do try to be careful, though.

[samstave]

I am completely out of the loop on this guy!!! I can't believe it, other than this article what's the best summary of him??

[mirimir]

To me, it's just semantics. Let's say that someone published this much information about you. And let's say that they had whatever justifications. That there was widespread agreement that it was OK. Whatever. How would you feel?

[chipotle_coyote]

Are you essentially positing that the only relevant consideration to whether publishing information about someone is ethically defensible is whether or not the subject feels good about having that information revealed? It seems to me there is a material difference -- and a vast one at that -- between "I have done serious investigative work and wish to present evidence that Joe Foobar is a criminal kingpin who can be linked with drug-running and murders" and "I am publishing personal information about Joe Foobar because he said something mean about a group I identify with and I wish to screw with his life."

[mirimir]

The concept of "criminal kingpin" is entirely based on "a group I identify with". In this case, some nation or government or whatever. So, as I see it, there's arguably no fundamental distinction between your two examples. It's arguably all about power.

[toyg]

Dude, please. Laws are abstractions and relative and whatnot, but Really Bad People do exist and the public has a right to know. Otherwise, why have journalists or even laws at all?

[landryraccoon]

Are moral rules situationally dependent on the personal feelings of the person subject to those rules? I would hate to be in jail, but I think it's morally and ethically valid to put people in jail in certain circumstances. Similarly I think that politicians and public figures should be subject to a high degree of scrutiny and transparency about their personal lives, even though I personally wouldn't enjoy such treatment.

[mirimir]

By "feel", I meant more what you might feel justified in doing about it. The key "moral rule" for me is to only mess with people who have messed with me. I don't get into third-party stuff, and I have little sympathy for those who do.

[BHSPitMonkey]

So what you're saying is, it would be moral for this guy's murder victims to dox him, but not a reporter? The funny thing with murderers is that they can only really be stopped by third parties.

[kaybe]

Germany has the concept 'people of public interest' for which different rules concerning media appearance and photographs apply. Politicians are an example. You could argue that it applies in this case as well.

Wrong country of course, but the idea as an ethical code is out there, that the public has some right for information on some, and only some, people.

[smacktoward]

U.S. law has a similar concept; see https://en.wikipedia.org/wiki/Public_figure.

[cinquemb]

Don't you know it's only ok when a given journalist has the blessing of the status quo and doesn't use automatic means (google doesn't count anymore of course, but copypasta of random code to help one on one's search is a big no no) of releasing such information?

If such a "journalist" wanted to write (about potentially classified™ information) about people working for defense contractors who create products only a minority of people care to voice dissent but has the blessing of the status quo, it wouldn't be ok because it would put lives at danger™. There is also an exception to this for when a billionaire helps you write about such info, but only less than 1% of it will ever see the light of day, and one must consult with the thought leaders™ of the status quo in order to have a voice where all the token freedom loving organizations also supported by such billionaire will blogspam such carefully vetted position on one's behalf.

[burkaman]

I might feel upset, I guess. If you don't want that to happen, don't do anything newsworthy.

[dominotw]

> As the series hopefully shows, Le Roux was a hugely newsworthy figure for many different reasons, so reporting his background and how he got there is part of understanding where he is now.

Wasn't this Gawkers main argument in their defense against the hulk.

[tptacek]

I do not understand the comparison you are trying to make. Gawker was sued for releasing a clip of the actual sex tape. Everyone involved stipulated that a detailed story about the tape would have been fine.

[Nadya]

No, not quite. Their main argument was that it was newsworthy and "it", in particular, was the video and not the article. The article itself could exist, but without the video. The video couldn't as there was a reasonable expectation of privacy.

They were sued because they refused to take down the video and their defense was absolutely terrible in every regard including joking in legally binding statements without going through and marking them as jokes/sarcasm: so they are taken at face value in the court of law.

Making jokes about child porn ("newsworthy if the actor is over the age of four") isn't how you win over jurors.

[mratzloff]

Doxing is a targeted attack intended to harass and terrorize the victim as retribution for expressing dissenting opinions or beliefs. The ultimate goal is suppression of free speech.

Journalism is not doxing.

[tptacek]

Isn't "doxxing people" the actual job of a journalist?

[rincebrain]

There's a difference between learning private information and disclosing it.

Publishing information on a particular private individual because the public's benefit is sufficiently great is a hard line to even vaguely pin down - a home address, all private contact methods, and enough personal data to forge their identity on a passport application is probably never warranted to publish, but you're going to acquire that information while researching private citizens for any reason, and then pare it down to the minimum required to establish whatever story you're reporting on.

One might distinguish "doxxing" as "publishing all the information you can retrieve", without any filter or goal other than making the information as public as possible.

[tptacek]

Did I miss the place in these stories where the author published the subject's home address?

[rincebrain]

I was not attempting to insinuate that the author had done so; I was just thinking aloud on the distinction between "doxxing" someone and what journalists often do.

[clinta]

Does that make it okay? Do the reasons we find it socially unacceptable in other instances apply to journalists?

[tptacek]

Who finds it socially unacceptable? Redditors?

[patio11]

Police officers, almost universally. Abortionists. Parents of little children, frequently. "This guy we pictured in front of a gay bar." Many people who find themselves targeted by one of the (numerous) Internet hate machines. Elected officials. Unelected officials. Anyone involved in a contract negotiation with the Teamsters. People who take substantial efforts so that ex-romantic partners do not discover where they live because of a well-founded fear that that ex-partner would attempt to murder them. Television personalities. People who recently won the lottery. People named Adolf Hitler (no, not that one).

There exist numerous reasons to not love the idea of one's personal information, particularly regarding one's work or home, put out there broadly, particularly when it is attached to information one does not control and/or in a circumstance which would tend to show it to people who do not respect standard middle class norms of detachment. Redditors did not invent concern over this issue. Many of the people with strong concerns about it are demographically dissimilar to the modal Redditor.

Edit to add: It occasionally happens that journalists will transgress upon society's norms in this area and persons sympathetic to the aggrevied parties will transgress back. I have not heard a journalist say, in response to that "OK, fair commentary, wot wot." This often comes up in the context "We have published gun owners' addresses because the public has a right to know who owns guns." "We have published your address because the public has a right to know who writes newspapers."

I feel like I've read that story ~5 times over the years. First Googleable citation: http://www.nytimes.com/2013/01/07/nyregion/after-pinpointing...

[tptacek]

I'm a little confused. I agree that there is such a thing as maliciously or recklessly posting personally identifying information about people. Is that "doxxing"? If so, why are we pretending that this story constitutes "doxxing"?

Because that is what the comment to which I replied upthread claimed.

[Spooky23]

There's a difference between outing details of someone's life with salacious or hostile intent and telling a story.

The fact that this guy on one hand built an incredibly high quality application that had and has a major positive impact on the world is a story that needs to be told.

The fact that he's a damaged, amoral man who is allegedly a career criminal and drug dealer is a story that demands to be told. He represents the Id of mankind -- and personifies the paradox that perfect security and privacy benefits society at large, and that society also includes the bad guys.

[danielweber]

Reddit is hardly the only place. Off the top of my head, Twitter has rules against it, too.

NB: I'm not claiming these rules are good or bad. But it's not like only freaks that are members of The Other have concerns about doxxing.

[794CD01]

Not everyone finds it socially unacceptable.

[analognoise]

The same can be said about cannibalism.

[794CD01]

Yes, it can. What's your point?

[akavel]

Personally, I interpreted the question as a shorthand for: "Aren't you afraid LeRoux could see that as doxxing, and of potential dangerous consequences to yourself?"

[mirimir]

Yes, that's what I meant. But I do also consider the distinction between doxxing and journalism to be highly subjective. The judgment typically comes down to ingroup vs outgroup. Once someone is identified as "other", they're fair game.

This all occurs to me as a show trial. They're making an example of him, as authoritarian systems tend to do. And one aspect of that is being dragged through the mud. Being slandered. It's dog pack behavior, and I find it disgusting.

[mirimir]

Some people who do that consider themselves journalists. But then, people who doxx people might also consider themselves journalists. It's a hard call.

[omginternets]

Yeah, I'd like to know the answer to this as well.

Do you think their might be repercussions for this? If not, why? If so, how has this affected you?

[CiPHPerCoder]

Why should they be nervous about doing their job?

Also, one X, not two: https://stallman.org/doxing.html

[m0nty]

> Thus, we usually have to write the name of the oil company as "Exxon", though its proper spelling is "e exx o n". (Don't make the mistake of pronouncing "Exxon" like "exon"; you will appear unsophisticated.)

The development of the Exxon exx is shown here:

http://www.logodesignlove.com/exxon-logo-raymond-loewy

It's clearly a double-x rather than any more exotic character, the styling is just that - styling.

The Wikipedia article has it as /ˈɛksɒn/ and that's the pronunciation used in their commercials:

https://www.youtube.com/watch?v=_s80Hbac2b8

So that's way off-topic. But what he says about "dox" vs. "doxx" is as much a preference as "focused" and "focussed", or "busing" and "bussing" - there's no "correct" way, not even if it is the original way.

[harryjo]

The additonal 'x' was added cosmetically, to disambiguate form (a person named) "Exon"

https://en.wikipedia.org/wiki/Exxon#History

There's no particular reason to believe they wanted to change the pronunciation as well.

[tedks]

>The development of the Exxon exx is shown here:

woosh

[dfc]

Is Stallman a new William Safire or Brian Garner? I never knew this was one of his areas of expertise. Oxford lists "doxx" as an alternate but accepted version. I don't have an OED license so I dont have access to the full etymology they use.

http://www.oxforddictionaries.com/definition/english/dox

[cakeface]

The OED does not have listings for "dox", "doxing" or "doxxing". Well, one entry for "dox" that relates to orthodoxy but that does not apply here.

[CiPHPerCoder]

It's simple: Dox is short for "docs". Shortening a 4-letter word to a 3-letter word is sensible (albeit lazy). Shortening a 4-letter word to a 4-letter word ("doxx") is stupid.

I don't know why people spell it with two. Maybe they think it looks cooler? But really it's hacker slang for "I accessed and published sensitive information about an individual" and is in most cases horrible.

[ksenzee]

> Don't make the mistake of pronouncing "Exxon" like "exon"; you will appear unsophisticated.

This is some really advanced trolling, on the level of the emperor's new clothes.

[harryjo]

https://stallman.org/articles/exxon.html April 1 2013

[jrochkind1]

Does he really think he can just imagine things, and then convince other people they are true?

Wikipedia says:

> The company initially planned to change its name to "Exon", in keeping with the four-letter format of Enco and Esso. However, during the planning process, it was noted that James Exon was the governor of Nebraska. Renaming the company after a sitting governor seemed ill-advised, and the second "x" was added to the new name and logo.

No mention of them wanting to name the company with a greek chi but not having that on their typewriters.

To be fair, the wikipedia claim isn't cited. Neither is rms's of course.

[ksenzee]

Convincing other people of things that are false is standard practice every April 1. I believe that whole Exxon article is an April Fool's joke.

...although looking at it more carefully, the doxing article is not dated April 1, and it has the same claim in it. Maybe he forgot what he was doing and successfully trolled himself. I don't know. But yes, the Exxon thing is obviously, demonstrably false.

[ksenzee]

Like I say, it's impressive. I might have to try it myself this Friday.

[jrochkind1]

Also, if I understand him right, he insists that the oil company Exxon is mis-spelling as well as mis-pronouncing it's own name, and he knows better. rms is an interesting guy.

[GFK_of_xmaspast]

That's an unorthodoxx opinino.

[cantrevealname]

The birth certificate says, "Paul Calder Le Roux", but the diplomatic passport names him, "Paul SOLOTSHI Calder Le Roux".

What's with the SOLOTSHI? Was that a nickname, an additional real name, or just a false name he threw in to the mix?

[svenfaw]

Am I the only one who first read it as "Satoshi"?

[jron]

There are some interesting circumstantial connections to Satoshi:

Considered to be a "brilliant" programmer with a strong C++ background - Most people would call you crazy if you attempted to put a 6 billion dollar prize behind an internet facing application without memory safety

Author of crypto/privacy software - E4M and possibly TrueCrypt written in C++

Experience hiding identity both online and off

Millionaire - Satoshi never converted any of his btc fortune

Anti-authoritarian

Understands the benefits of digital currency - Has millions of dollars stacked in boxes

Understands the payment problem - Illegal prescription drug marketplaces

Has an interest in internet gambling software - The first version of btc actually had some code for a marketplace and poker: http://imgur.com/a/NPiIs

Multifocal - Satoshi vanished around April 23 2011 to "move on to other things"

South African spelling/phrasing - analyse, colour, defence, bloody hard

[sitharus]

> South African spelling/phrasing - analyse, colour, defence, bloody hard

That's common across all of the Commonwealth countries. Could easily be Australia or NZ. If he calls traffic lights 'robots' you could be certain.

[ralusek]

I was analysing the robot and this zef prawn offered me a sweetie. Fook prawns.

[Natanael_L]

Satoshis original code wasn't considered brilliant, though. Not crap, but more in the style of an academic that understood programming than that of an experienced programmer.

The code was written as a basic proof of concept, not with long term maintainability in mind, and the code for the wallet client was not well separated from the code for parsing the blockchain, or from the networking code or from the mining code, etc...

No brilliant programmer would have been willing to publish such a rudimentary proof of concept when interoperability and network effects are such important parts of its main idea.

[jron]

Brilliant code != beautiful code. Dan Kaminsky called Satoshi's programming alien technology with regard to security.

I haven't looked for similarities but I'm guessing someone has already compared the two using Aylin's CodeStylometry work: https://github.com/calaylin/CodeStylometry

[jron]

This was a pretty amazing presentation on the above project if you're interested in stylometry: https://www.youtube.com/watch?v=YMa04HovKfs

[erikpukinskis]

You've never seen a genius half-ass something?

[jonquark]

No - I read it like that too - before a double take. Now that would be a story :)

[droffel]

Satoshi Nakamoto: Arms Dealer

Coming to a theater near you, this Summer.

[myrbergs_army]

Also read it that way the first time and lost my mind for a second.

[distracted_boy]

You are not.

[neilk]

Solotshi appears to be a very uncommon Congolese name. Le Roux's story starts in Africa, and the author alleges he was an arms dealer - maybe there's some connection there.

http://forebears.io/surnames/solotshi

Or maybe, as the above website shows, it's an alternative spelling for a similar Moldovan or Georgian name? I have no idea.

[krylon]

Fascinating story!

The funny thing is, if someone wrote a novel with this plot, I would probably dismiss it as too far-fetched. Sometimes truth is indeed stranger than fiction.

[acqq]

But E4M is not Truecrypt, see the post of jron citing Wikipedia here.

https://news.ycombinator.com/item?id=11382303

Paul Le Roux stole E4M source from SecurStar, and TrueCrypt programmers "forked" that source code. So Paul Le Roux surely didn't "write" TrueCrypt as such, isn't the current title here on HN inaccurate?

Mods can we please have the real article title

"He Always Had a Dark Side"

here instead of the current one?

[mark212]

read the article before flaming. The author lays out a very well supported case for concluding that PLR wrote the E4M code then was hired by SecurStar to turn it into a commercial product. Also claims PLR was one of the TrueCrypt programmers, so yes, the title is accurate as far as what the author is claiming in the article.

[acqq]

Can you please quote the exact part where we can see that PLR was one of the TrueCrypt programmers? I somehow missed that what you claim while (admittedly) speed-reading, namely, I've got only this in the article:

"Indeed, even today the question of who launched the software remains unanswered. “The origin of TrueCrypt has always been very mysterious,” says Matthew Green".

And also as Mahn writes:

https://news.ycombinator.com/item?id=11383392

"The article is unclear as for whether he was still involved with TrueCrypt by the time they got him though. It sounds like he had quite a lot going on to even care for TrueCrypt at that point."

I surely don't dispute that PLR wrote E4M and that TrueCrypt was kind of "fork" of that (see again my older post). But the following product is not the same thing as the original source, just as Marc Andreessen didn't "wrote the Internet Explorer" even if the later was once based on some Mosaic source.

And HN is generally against editorializing the titles to make them more linkbaity. And this one is surely such at the moment.

[pwnna]

OP of this post here. Not sure why you're downvoted and tried to upvote it to rebalance.

I also realized after reading the article for the second time that it did not say that PLR is TC's author directly, but rather that it is unclear if he is.

I made a mistake while first posting as my reading made me believe he's the author of TC. I tried to point it out here: https://news.ycombinator.com/item?id=11382412

Additionally, Matthew Green's twitter also further reinforced that belief. However it is too late for me to change the title but I'm not sure what I would even change it to. After all, it seems his original work is the foundation of TC (which you can argue to be different, but the title question remains).

Edit: @matthew_d_green's twitter has also published corrections at this point. However when I first learned about the post I only saw his initial tweet. It's a shame that I didn't realize that PLR is actually not the author/maintainer, tho.

[acqq]

Thanks to you and lvs. At least I see the title was just changed to the original article's from the linkbaity one to which I've complained. Now it's finally

"He Always Had a Dark Side"

[pwnna]

I'm not sure if that accurately reflect why this is relevant either. I think it is fairly significant that PLR is very much connected to TC (and it is suspected that he is involved with TC financially).

I do not have a better title suggestion at this point, however.

[misnome]

But this means absolutely nothing.

[lvs]

I'm not sure why you're getting downvoted. I agree. The article does not say what the HN title says. It's plain as day.

[br1b]

Paul Le Roux stole E4M source from SecurStar...

I surely don't dispute that PLR wrote E4M....

[acqq]

Writing something is not equal to owning. The topic here is the source in ownership of SecurStar which apparently PLR produced while working for SecurStar.

Just like if you'd work for Microsoft and then the code you produced while working there, under the contract that you've signed that the code belongs to them, you put into your own program. You wrote the program but the code you've put there is stolen.

[kenandavis]

Ahoy, moderators! Could we add a subtitle so that there's some context for the headline? He Always Had a Dark Side: How a multi-millionaire international arms dealer wrote the code for TrueCrypt

[mratzloff]

Please, turn this series into a podcast. If done well, it would be as compelling as Serial. It would be a compelling character study.

[ekianjo]

Why does everything have to end up in a podcast?

[Jommi]

because reading is such a drag.

No but really turning a long text into podcast can really add to a work. Just Look at something like Serial.

[ekianjo]

Serial works this way because it uses a lot of interviews from external folks. That would not work at all in writing. You have to design for reading or design for podcasting, there's rarely a case where something works well on both media.

[mratzloff]

Yes, but I think it's probably possible that interviews could be conducted. Maybe interviews were even already conducted and recorded for this approximately 50,000 word series...

[kenshaw]

Ok -- this is badly tripping me out. A former employee of mine in the Philippines is (was?) his wife. I'm pretty sure I met this guy while I lived in the Philippines. Even though I haven't seen her since 2008 (I think?) her family contacted me about 2 years ago wondering if I had spoken to her (I hadn't of course).

[ikeboy]

http://journal-neo.org/2015/06/12/paul-calder-le-roux-arch-v... reported the same last year, although without the evidence you mention.

[TaylorGood]

Brilliant writing; some of the better long-form I've discovered..

[allenz]

You might like longform.org.

[nxzero]

When do you think Le Roux first knew that you where working on this story?

[ars]

Long form is awesome, but it's not for everyone. Have considered also publishing a summary document? (Instead of letting random commenters do it.)

[Cyph0n]

Absolutely excellent reporting and writing. I'll start reading the other 2 parts now.

[12981238129]

It's light years away from the New Yorker, in style, facts, and content.

I would not be surprised if it's a false alarm, like the Satoshi "exposure".

[runn1ng]

The story is really, really captivating and really Bond-ian. Thanks for telling it so far.

[9erdelta]

Fantastic story! I'm really excited to read all 7 parts.

[aryehof]

I really enjoyed reading all three parts. Many thanks!

[skynetv2]

really well written. i have to read the other two yet

[iheartmemcache]

Setup a Patreon. I'll throw in $20 per article for long-form journalism like this. Youtubers who make long-ish videos (i.e., EE's who tear down industrial gear narrating analysis[1]) have recently taken to this model and it's absolutely fantastic. My money goes to support the continued generation of new content, cutting out the middleman. "Pay because it's good" is the best content monetization model yet.

[1] Ben from Applied Science [https://www.youtube.com/user/bkraz333] Mikeselectricstuff [https://www.youtube.com/user/mikeselectricstuff] and AvE are all incredible. Some of the underappreciated but really educational channels are(Sharhair from the Signal Path[https://www.youtube.com/channel/UCKxRARSpahF1Mt-2vbPug-g] and Paul from Mr Carlsons Lab [https://www.youtube.com/user/MrCarlsonsLab], along with HAM'er W2AEW [https://www.youtube.com/user/w2aew]. These guys don't even have Patreons - they just do it to because they want to disseminate knowledge.

[finnh]

But Atavist actually sells content. Why don't you just pay Atavist Mag?

[jjoonathan]

Are you me? I subscribe to Applied Science, AvE, Signal Path, and W2AEW. I'll have to check out Mikeselectricstuff and Mr Carlson's Lab. EEVblog is missing from the list, but arguably that one goes without saying :-)

[cellularmitosis]

Another addition to the above excellent list is "bigclivedotcom". Lots of teardowns of cheap Chinese electronics with an eye towards what exactly makes them dangerous. https://www.youtube.com/user/bigclivedotcom/videos

[Obi_Juan_Kenobi]

Clive is the best. Sometimes the cheap eBay gadgets get a little repetitive, but he does mix in a lot of different stuff. I really enjoy his videos on printing circuit boards and making his little 'nixie' lamps. He's just fun to listen to.

[milankragujevic]

Clive is really awesome! Re-ignited my electronics flame :)

[jacobush]

Are you I? :)

[corin_]

Get your grammar correct before trying to be a grammar pedant.

[jacobush]

Have an upvote. Was just trying to joke around, but then again, this isn't Slashdot or Reddit.

[benchez]

The writer is one of the founders of the magazine that published this story, he'd be cutting himself out by setting up a Patreon.

[Mz]

"Pay because it's good" is the best content monetization model yet.

Glad to see this sentiment here.

If Patreon is too involved, content creators can also put a PayPal tip jar on their site:

http://micheleincalifornia.blogspot.com/2015/11/how-to-make-...

[orik]

I think Patreon is a tough sell for 'long-format' journalism because there's such a large gap between stories.

[Nickoladze]

There's an option to pay per content released instead of monthly.

[anyfoo]

Awesome, thank you. In fact I was already subscribed to all of those channels except AvE and MrCarlsonsLab, so given that I just subscribed immediately without even checking out the videos.

[valisystem]

I don't read long content on lcd screens, I really wish for a (paid and proper) ebook release. Is it possible? How could I be notified?

[samstave]

You should edit the line that implies that everyone on Reddit is a troll.

That's basically trolling in itself: "a troll like the type of person you'd find on Reddit"

Reddit fucking rocks and an AMAZING amount of quality people/content comes from Reddit...