

Ask HN: Disruptive crypto tools: Develop with true names, or "go Satoshi"? - not_satoshi

In light of recent events, it is clear that the world needs better crypto tools that can be effectively used by laypeople to protect the privacy of their communications from powerful adversaries.  I&#x27;ve been mulling over some ideas that I&#x27;d like to try, but I have one nagging concern to resolve before moving forward.<p>Is it a good idea to attach my real name to such new projects (or contributions to existing projects), or should I follow the lead of Satoshi Nakamoto and protect my activities with a pseudonym?<p>Psuedonymity pros:<p>- Even though I am not interested in doing anything illegal, even law-abiding individuals can be harassed and have their life complicated.  (Nadim Kobeissi, developer of CryptoCat, is routinely delayed and questioned at airports.)<p>- Tools that are legal today could be illegal in the future.<p>- Pseudonymity could help shield from frivolous trademark and patent risks.<p>- You can always transition from pseudonymity to true names, but not the other way around.<p>True name pros:<p>- Less development friction.<p>- Accrual of non-pseudonymous reputation to further establish my real-world credentials as a serious software developer.  This is a somewhat self-serving point, but we all have to put food on the table, and established reputation could provide more opportunities for pursuing my passion.  (As well as perhaps allowing me to justify spending more time on such projects.)<p>Any thoughts?
======
tptacek
Lots of people build cryptographic tools that are much more dangerous to the
surveillance state than "Cryptocat". Have we heard a lot of stories about the
GPGMail developers being detained? What about the Truecrypt team? Are we just
accepting on faith the idea that building crypto tools will get you harassed?

------
jayfuerstenberg
Go pseudo. For the same reason you'd develop the software in the first place,
so people can operate in private.

But open source your work so if you make mistakes the ideas you have can be
improved upon by others.

------
ippisl
Regarding using true name for credentials: For now use pseudonym , if at later
point in time you need to prove yourself, you could expose your name to a
limited group of people which you think are appropriate.

------
waterphone
Go pseudonym, for the reasons you listed. The U.S. government has a habit of
harassing people doing legal things that they don't like, especially regarding
cryptography and the like.

------
noerps
Since you are doing crypto, chances are high you are doing it wrong the first
approaches.

Considering this, my choice would be to start with a believable pseudonym and
generate a gpg- and/or rsa-key to sign stuff and tie it to that psudonym.

If something goes wrong you simply revoke and nothing happend. For the rare
occasion of success you can still prove your are that person.

~~~
not_satoshi
I totally agree that first attempts may be "doing it wrong", and peer review
is needed to strengthen the security through the cleansing fire of criticism.
Theoretically, a collaboration of many developers where some, many, or all use
pseudonyms, could be workable. (For instance, it looks like the I2P git repo
is itself located (hidden?) on the I2P network.)

My thought was indeed to establish verifiable pseudonymity through the usual
public key cryptography tools.

------
dear
What about an encrypted form of your true name?

------
LoganCale
not_satoshi and waterphone: You both appear to be hellbanned.

~~~
not_satoshi
Oh great. I wonder why? :/

~~~
jlgreco
You are not.

