Ask HN: Disruptive crypto tools: Develop with true names, or "go Satoshi"?

[not_satoshi]

In light of recent events, it is clear that the world needs better crypto tools that can be effectively used by laypeople to protect the privacy of their communications from powerful adversaries. I've been mulling over some ideas that I'd like to try, but I have one nagging concern to resolve before moving forward.

Is it a good idea to attach my real name to such new projects (or contributions to existing projects), or should I follow the lead of Satoshi Nakamoto and protect my activities with a pseudonym?

Psuedonymity pros:

- Even though I am not interested in doing anything illegal, even law-abiding individuals can be harassed and have their life complicated. (Nadim Kobeissi, developer of CryptoCat, is routinely delayed and questioned at airports.)

- Tools that are legal today could be illegal in the future.

- Pseudonymity could help shield from frivolous trademark and patent risks.

- You can always transition from pseudonymity to true names, but not the other way around.

True name pros:

- Less development friction.

- Accrual of non-pseudonymous reputation to further establish my real-world credentials as a serious software developer. This is a somewhat self-serving point, but we all have to put food on the table, and established reputation could provide more opportunities for pursuing my passion. (As well as perhaps allowing me to justify spending more time on such projects.)

Any thoughts?

[tptacek]

Lots of people build cryptographic tools that are much more dangerous to the surveillance state than "Cryptocat". Have we heard a lot of stories about the GPGMail developers being detained? What about the Truecrypt team? Are we just accepting on faith the idea that building crypto tools will get you harassed?

[jayfuerstenberg]

Go pseudo. For the same reason you'd develop the software in the first place, so people can operate in private.

But open source your work so if you make mistakes the ideas you have can be improved upon by others.

[ippisl]

Regarding using true name for credentials: For now use pseudonym , if at later point in time you need to prove yourself, you could expose your name to a limited group of people which you think are appropriate.

[waterphone]

Go pseudonym, for the reasons you listed. The U.S. government has a habit of harassing people doing legal things that they don't like, especially regarding cryptography and the like.

[noerps]

Since you are doing crypto, chances are high you are doing it wrong the first approaches.

Considering this, my choice would be to start with a believable pseudonym and generate a gpg- and/or rsa-key to sign stuff and tie it to that psudonym.

If something goes wrong you simply revoke and nothing happend. For the rare occasion of success you can still prove your are that person.

[not_satoshi]

I totally agree that first attempts may be "doing it wrong", and peer review is needed to strengthen the security through the cleansing fire of criticism. Theoretically, a collaboration of many developers where some, many, or all use pseudonyms, could be workable. (For instance, it looks like the I2P git repo is itself located (hidden?) on the I2P network.)

My thought was indeed to establish verifiable pseudonymity through the usual public key cryptography tools.

[dear]

What about an encrypted form of your true name?

[LoganCale]

not_satoshi and waterphone: You both appear to be hellbanned.

[not_satoshi]

Oh great. I wonder why? :/

[jlgreco]

You are not.