Notes on developers anonymity
If you are even a mildly active Bitcoin enthusiast, and somebody asked you to list who are the current top Bitcoin developers, you would probably be able to name at least a few. With a simple Google search you could easily find all the Bitcoin and Bitcoin Core developers with very few exceptions, and with those who remain anonymous, it could be the case that upon further in-depth investigation the identity of some of them would get revealed. From what we know some of the currently unknown developers could be just pseudonyms of other known developers, working on different projects under different names.
Now at this point you could wonder: why do you even care? They are doing a great job after all and the fact that they are so popular is well deserved.
Last week, at the 50th Bitcoin Milan Meetup, organized by the local community and by the BHB Network, during a panel with various experts, a fascinating question was asked:
What happens if a government blackmails all the current active Bitcoin devs simultaneously and forces them to release a backdoor in Bitcoin? Will people just install the new version? Are there enough, well-prepared, not known, people in the world, which would be able to find out and understand extremely well-crafted pieces of malicious code?
It is a very interesting question, which was raised already over many conferences, and I believe it is worth to be covered with an entry-level discussion.
Bitcoin is a controversial project by its nature, and for controversial we mean that it could disrupt substantial parts of how we conduct our monetary and financial lives.
It is touching the control by the State over money (think of seigniorage) and it’s giving room for a world of permissionless transactions, not approved by any central authority. Expecting a honeymoon forever is merely not a realistic and careful thing to do.
<< the guys that play God without permission. And now I think they’re following me. >>
Mr. Robot S3.Ep9
Do we want the people developing this controversial software to be known? Is it a serious issue?
Asking these type of questions is the right approach to deal with this complex environment and its security needs.
The threat of a government (or a generic malevolent third-party) simultaneously blackmailing all the current known developers may exist, and it must be part of the security model of the Bitcoin project.
Blackmailing/attacking citizens of different countries around the globe may seem an unlikely scenario. We must set for the worst case though, as at stake here is the life of Bitcoin.
As an example, we could take a big conference like Scaling Bitcoin, which hosts the brightest minds (although not all) of the industry in the same physical location, with these kinds of events security matters a lot.
Is it a threat for the software?
Being an open-source project, anyone can review the code of Bitcoin and come up with vulnerabilities; the Internet today allows for a quick and censorship-resistant viral spread of information, a simple PDF detailing the issue couldn’t be stopped quickly by any sized effort of a government, especially if it is not expected.
Thankfully, some developers are still anonymous, and there may also be people anonymously doing silent reviews and checks for the Bitcoin code.
Even if, as of today, there weren’t enough capable coders, new developers could arrive at any moment and spot the potential threat without notice needed.
If we assume that a backdoor could last for a certain amount of time, two factors could help preventing mass-use of the infected software:
- Independent code-reviews are important! Anyone with enough preparation can do it; this is why understanding how the protocol works is crucial and why Bitcoin-related companies should invest in having proper reviewing practices by hiring in-house open-source developers: while at first, this may seem just a charitable act to do for getting a better reputation among the community, it is also key for the security of the whole business you are operating on. (If Bitcoin spectacularly fails, and you are dependent on it, your entire activity probably fails too)
- Being slow at updating your software. Even if this may seem counter-intuitive, except critical security patches, updating your Bitcoin-related software should be a process as slow as possible. Your own money depends on the code you are running, leaving aside for a moment the possibility of a backdoor, slow-update practices could help someone have time to spot bugs and malfunctioning pieces of code. These can cause unwanted forks (a.k.a. breach of consensus) which may make you lose Bitcoins.
Also note that, if for some reasons, Bitcoin developers couldn’t stay visible anymore, unless they get imprisoned or deprived of Internet connection, they could probably be able to start contributing to the project again in an anonymous form. This would allow them also to “resist” eventual blackmailing attempts, as they would be able to signal eventual backdoors and to keep working on the code to the best of their skills.
Reputation, open universal peer-review and the physically-decentralized nature of Bitcoin development seem to point the relative weakness of attacking developers to destroy or damage the quality and the security of the software itself.
In this sense, there are no credible reasons to expect or consider a relevant security issue such an attack.
Is it a threat for the developers themselves?
While you may consider that the types of threat covered in this article are not a credible attack to the Bitcoin network for the reasons mentioned above, we should also consider what does it mean and what does a Bitcoin developer risk by not being anonymous.
First off, one should recognize that going around promoting your ownership of large sums of bitcoins is not a smart thing to do. Differently from other types of currencies, Bitcoin is not held by institutions; this means that if you are personally forced to, nobody can meaningfully stop a submitted transaction after you are not threatened anymore. With other types of currencies like euros and dollars, banks can halt and reverse payments, unless they have been performed in cash: it is not common to carry around or withdraw large sums of cash though, with Bitcoin this becomes extremely easier.
The best defense against this is plausible deniability; if you can reasonably state that you do not own bitcoin, there are no incentives to go behind you as you are theoretically able to deny forever. (If you went around bragging about your lambos, this is not plausible)
Going back to our point: being a Bitcoin developer doesn’t necessarily means owning Bitcoin, but the earlier you got into the project and the more this is not credible. If you played around with it since 2010 (and this is known by the fact that you non-anonymously contributed to or participated in the project), a generic third-party could reasonably expect that you have many of them. This is a “bad” (possibly unwanted) expectation created by popularity.
As time goes on, Bitcoin may rise in value significantly, reaching incredible price levels, when it will, you will still not be able to delete the past as the web is quite resistant to that.
What is at stake here is not the robustness of Bitcoin but mainly the personal well-being of non-anonymous developers.
Potential reputational and practical (temporary) problems
Being a Bitcoin developer is cool, you are treated by many people (including myself) as a guru and a hero. This may be an incentive to brag about this fact and avoid anonymity.
It is not a cool thing anymore if your colleagues start getting publicly attacked and defamed by mass-media for working on such a fantastic controversial software. As you can see, popularity is a double-edged sword: it can do wonders or hurt you badly.
Let’s assume for a moment that all the current and capable Bitcoin developers cannot work on it anymore for reputational/legal/physical issues, in the case of the arrival of new anonymous (or not) substitutes, will they be as good? Will they able to understand and improve the project without guidance?
We are now used to incredible developments and innovation going around this project. It may be possible that different developers wouldn’t be so capable and maybe an alternative project (a.k.a. altcoin), using more strict anonymous practices, could be extremely active, outpacing Bitcoin innovation schedule while these types of issues temporarily halt Bitcoin development.
Considering the popularity and the vast network effect (or protocol effect, with its essential inter-operability being the most used cryptocurrency), this scenario aforementioned, is not particularly likely, it is based on a weak assumption of being able to prevent all the possible great coders worldwide from working on Bitcoin. There may be already too many of them. And even if that would be the case, the industry currently operating in Bitcoin would be able to pay the anonymous developers working on other altcoins to not go through a phase of costly market reorganization on a potential “new standard.”
These were notes outlining some possible “attack” scenarios leveraging the fact that most of the developer base of Bitcoin is not anonymous, some of them could become serious in the future, some of them are just highly improbable fantasies.
However, it is important to note that all of them share a common attribute: stressing the fundamental importance of anonymity, privacy, and even plausible deniability, for achieving both practical, security and ideological goals in a pure Bitcoin fashion.