Dear anonymous internet user asking for help..

Posted on

Dear anonymous internet user, dear corporate employee hiding behind a gmail.com address, dear “GitHub account with a single issue”,

Thank you for your interest in my free software, my project or the documentation I wrote for you. I am happy to hear you want to ask a question, have a problem, or perhaps even inform me of a new requirement you have.

But with some small exceptions (do read on), I’m afraid I will not be able to help you.

You see, our community and I have done a lot of work to get these projects to where they are today. But your first step in asking for help was deciding that I should not know who you are or where you intend to use my stuff.

This way we got off to a really bad start.

Some of you go so far as to create a custom email address for contacting me (‘powerdns-2019@gmail.com’), others even have the gall to send email from addresses like asdfasdasd17@outlook.com. A recent trend is the ‘single issue GitHub account’.

Of particular note are employees from large corporations using my open source software, but not wanting anyone to know that. I get email from random gmail accounts asking questions you’d only ask if you operate a fleet of satellites in space.

So why do I care?

First, I just consider it rude. You come at me hiding who you are but still expect me to do free work for you. Try doing that in real life. What were you thinking? Not introducing yourself AND using a fake identity?

Second, I have found that this anonymity also means respondents feel free to simply walk away with no damage to their reputation. You report a complicated bug, I spend some time investigating, ask about details, and I get no response. Some weeks later a very similar question comes in from a fresh email address, likely the same person, still not wanting to do the work to get help.

Third, my software and other products can be used for good or evil. If I don’t know who you are, am I enabling you to build the new Turkish censorship infrastructure, or helping you implement the Роскомнадзор block list more efficiently? These are two examples that actually happened by the way.

What’s next, send a copy of photo ID?

Of course not. But I do care that the people asking for help have not obviously gone out of their way to hide who they are. I am fine for example with Github issues coming from accounts that are clearly working with many open source projects, even if I don’t know who they are. But I can see they work well in getting issues solved.

Similarly, many internet users are pseudonymous - we may not know exactly who they are, but they have developed a reputation by being part of the community. I love to work with them.

As a case in point consider @SwiftOnSecurity. We don’t know who they are, but their contribution is such that “Swift” is able to get a CEO phoned out of bed at 2AM in the morning with a single tweet. Be like Tay.

“Our corporate policy does not allow us to disclose our use of open source software”

While I have sympathy for the pain this will cause you individually, my open source policy does not allow me to offer free help to corporations who do not even have the decency to admit that they use my software.

I understand it is not easy for (large) corporations to support open source software, with procurement not understanding why you are paying for free software. I really get that.

But one of the few things you CAN do as a corporation is lend a project credibility by admitting that you use it. If your organization decides to even withhold that minimum contribution, please understand I can’t help you.

As an aside, keeping your identity secret can make open source projects overlook the weight of your problem, as happened to Cloudflare in 2014 when they complained anonymously about PowerDNS, and we therefore did not have the context to appreciate the scale of their issue.

“But I found a bug in your software”

While I am grateful for your report, I have no moral obligation to fix your every bug. Life is short, many things need to be done. If you truly want to upset an open source developer, tell them what they “should” be doing - safely behind your anonymous email address or single use GitHub account.

“You write free software so you must provide free support”

I don’t even.

What if I privately tell you who we are, but you keep it secret?

To a certain extent that helps, but not when providing support for open source software.

We wrote words on this earlier for PowerDNS. In short, it does not scale to provide free software support to the whole world but not have a record of that. As noted in Open Source Support: out in the open:

By providing support in the open, other people can learn, search engines pick up our answers, the community can pitch in with solutions or suggestions. Doing free support this way provides a true public benefit.
If you have a domain that does not resolve, we need the actual name of that domain. Not ‘example.com’. If we cannot query your nameservers because you won’t tell us their IP address, we can’t help you.

What about people that really need anonymity

These exist, and I help them. I have extended family living in oppressive regimes. And you know, I can tell if the need for secrecy derives from worries about personal safety. But the vast majority of anonymous users have no such worries - not sharing who they are is mere convenience for them, allowing them to forego the risk of looking stupid under their real name, while making my life harder.

Summarising

If you contact me for help while taking efforts to stay anonymous, and your anonymous identity has no visible track record, please know that in general there is little I can do for you.