Topic: Risk of jail for developers. Should you be anonymous? (Read 2132 times)

The only "safe haven" for the devs are Russia, China, North Korea and Cuba probably.  You decide how safe these places are.

Any other country that treats the US as a friend will give anybody to the US on a platter.

Nowhere to run.

Do you think El Salvador would go against the US demands just because they like btc? Don't think so.

This is a very concerning topic, long term it could be risky. I hope that game theory will push some countries to adopt bitcoin, and some developers might find a safe haven there

The open source probably can't go anonymous again due to exposure,same time not just a good legal defence system or lawyers but accountable,courageous and trustworthy ones. Because it you fighting a more powerful system which can use all power just to subdue you.

I agree for Developers to be anonymous, but that isn't a healthy way either especially in terms of social relationships. Though we know that most developers always decide to remain anonymous except those who run social softwares.

In theory, you can also circumvent that using Tor.  Simply employ Tor as a proxy and exit through a VPN.  Github would then only see the IP address of the VPN, which presumably isn't blacklisted.  However, I understand your perspective.  Personally, I believe it might be wiser to migrate to your GitLab page, similar to what Samourai did:  https://web.archive.org/web/20230320230927/https://code.samourai.io/wallet.  This cannot be censored that easily.   

Well, if you assume, that there is no privacy, and something can be traced end-to-end, then there are still some tricks, which you can use. For example: every connection in the classical Internet has IP addresses on both ends. In the past, it was obvious, that if you are connected anywhere, then you can easily trace everyone, based on that IP alone, because it was normal to have static IP.

Later, the reality changed a little bit in that matter, because we started running out of IPv4 addresses. Which means, that currently, you no longer have 1:1 mapping. If you have some IPv4 address, then it is usually shared by thousands of people, unless you rent some kind of server.

And guess what: even if everyone has some IP, then some privacy-focused networks were still created on top of that. One of those examples is Tor. The trick is quite simple: you allow other people to send valid network packages on your behalf. And if you form large enough network, then you can no longer identify each participant.

Another interesting observation is that you can extend this trick into other fields. For example: if people will start blacklisting Bitcoin addresses, then expect that more than one person will be hidden behind a single public key. Another example is social media accounts: you can have a lot of alternative accounts, but you can also have the opposite: one account, publishing posts, written by many different people.

If you think about possible solutions, then there are more options, than you can imagine. There are great ideas, which are just not yet implemented. One of them is trustless computation, where even the server operator know nothing about the code, which is executed, because it is encrypted, and everything is computed "on the fly", like it is in neural networks (but, in contrast to AI models, the structure is well-known and easy to understand for the creator, it is just obfuscated for the outside world, including the party, which provide hardware resources, like servers).

There are improvements on both sides. You have more surveillance than before, but you also have more tools to defend yourself. There are whole protocols for communication, like nostr, which were not available in Satoshi times.

Also, there is a lot of potential in Bitcoin itself. Even if you take only Satoshi's ideas, and nothing else, then you can easily note, that not all of them are implemented. There is still a lot of work, which is left for the future.

If it is possible, it doesn't mean it will remain possible. Github is still centralized and can change its rules in a blinking of an eye like coming up with some excuse and banning Tor.

Not to mention that the problem with centralized Github is also the code/repository itself that can be purged from their servers without prior notice if the order comes down from the US government. They have already done it once at a large scale about 5 years ago, who's to say they're not going to do the same to for example Samourai-wallet-like projects?

Yes that's what @takuma sato said.

You do have the ability to use Github without revealing your identity.  I believe developers using Tails OS can code conveniently.  What tools do you require?  Programming software can be stored in persistent storage.  Each commitment is automatically submitted through Tor. 

This is a requirement for any developer who chooses to enhance anonymity nowadays. 


Does this have to do with Saylor's new decentralized identity proposal?  Yes, it's just PGP, but more complicated. 

Sometimes I wonder, just how anonymous can developers really be in recent times. Most sites privacy site claims not to have a backlog or have these data sets deleted after a period of time but, they get dragged by the law and a few come out with supposedly deleted or none existent data.
Given that not all the services on the web are privacy concerned or respected, some hosting services require some registrations and payments through certain linked medias,
How are developers still able to archive privacy and how do they really hedge against authorities if they really do.

I think Satoshi Nakamoto remains a figure that was able to avoid this given that it was a new and not well thought about innovation on the part of the government and measures that are in place today where non existent a decade ago as, it posed little to no challenge to the status quo then but, it’s a march now and every side is trying to get the best of it.

the proactiveness and futuristic approach of the pioneer Satoshi Nakamoto might have been the very thing that have saved Bitcoin and it remains the reason why it’s number one and why I don’t measure it up or would rather do Bitcoin than the minions of alternatives out there.

What is wrong with using conventional PGP keyservers to upload your PGP keys on? They are already well-supported.


I don't think so. It seems that spammers have enough money to bombard you with 1 sat transactions. What is a few hundred sats for them? There's no reason why it can't be done on-chain during times when the fee rate is not very high, anyway.

The problem with the Ordinals Attack has never been its uselessness. The problem is that it is treating Bitcoin, aka a payment system, as a cloud storage.

Can you say DNS is useless? No. But storing it in bitcoin blockchain is problematic. This is why Satoshi and anybody who understands Bitcoin is against such things.

That's not a solution though. When we are talking about Github, it is not just about fake accounts and PGP keys. We are talking about a platform where code is being shared with its version control system (git), changes/issues/pull-requests are being shared and reviewed publicly, and a lot more features.

To get rid of that centralization, we need a decentralized platform that offers all of this not just a place to store PGP keys.
Not to mention that storing PGP keys inside a transaction does NOT solve anything whatsoever. It is just as arbitrary data and an attack on Bitcoin as any other Ordinals transaction. PGP relies on Web of Trust not on where the key is stored.

Michael Saylor mentioned some features he is interested in developing on the MicroStrategy World conference. He talked about DID (decentralized ID) running on Bitcoin, I believe using ordinals. So if he is interested, then maybe ordinals aren't completely useless. This way you could host your PGP keys or something like that in a decentralized network instead of depending on some servers that can be seized, compromised or otherwise tampered with.

They also mentioned an idea of using LN payments to stop spam email, fake accounts running crypto scams and so on, by using micropayments.

As reminder, Samourai team introduce decentralized Whirlpool last month. But unfortunate the founder got caught when it's not "mature" enough.


Theoretically an anonymous developer could ask for donation or funding. But only few people would make donation and that anonymous developer need to gain trust for some time.

If the devs want to take credit for their work and earn money, they need to have public identities. Otherwise businesses would stay anonymous too. One can simply not stay anonymous and own a business at the same time.

The problem is the tax system. Once you start paying taxes, they already got you. Now you are taking orders from your biggest business partner, the government.

Imagine a dev, doing all the hard work, fixing bugs and shit but in the end he gets nothing because he stayed anonymous. How many people are willing to take this? Not everybody is a saint like satoshi.

Samourai was a legally registered company. The founders had used their real names when they registered. That is contrary to what Satoshi did, but then again Satoshi didn’t create Bitcoin as a for-profit business venture. I believe their original company was dissolved and then registered as an anonymous LLC in Wyoming but it would’ve been helpful if they’d been anonymous from the beginning.

Aside from developers keeping their identities private, their project needs to be as decentralized as possible. Samourai had a single point of failure which is their centralized coordinator. In contrast, with Joinmarket there isn’t a centrally controlled server that interacts with participants. They could still decide to target Joinmarket but it would be a much weaker case.

Unfortunately "personal gains" in general has hurt the development in cryptocurrency scene the most. This is exactly why we don't really see innovation in altcoins; the devs are looking to make a quick buck or become famous, etc.

Staying anonymous will be difficult for developers because they want the world to know how intelligent they are and there by become famous however it is very possible for a developer to stay anonymous and I think when it concerns cryptocurrency is best to stay anonymous for safety reasons.

This is a huge attack against privacy and against volunteers. Those who want to build a privacy tools and take their part into it, should definitely think twice. But I still think that this is not the end, since there is a war between some countries that have high skilled software developers, privacy tools might be created and improved by governments to upset each-other, also, some countries might offer asylum to wanted developers.

It should be hard for software developers to create and use p2p decentralized collaboration network. Decentralized products are hard to use for average people with no coding experience. Those who are skilled in software development, shouldn't find such a network/website confusing. But I believe that it won't be popular because many people don't care about decentralization.

You should proceed with caution. I.e. do Link exchanges are not good.
You still can decide whether to develop or not.

Can they stay anonymous?

I think that's the problem, they are still signing up on a centralized websites like the one owned by Microsoft (ie. Github) and have to push commits there. This can create a lot of challenges for someone who wants to stay truly anonymous.

TDev wasn't anonymous. Nopara had doxxed them publicly in the past, so they certainly weren't satoshi-like anonymous.