Introduction
This is part one in a series of posts to teach you, fellow developer, how to better maintain your privacy and security as the world around us grows more digital and dangerous with each passing day.
Background
I contribute to a number of software projects, some in crypto, some normie, some under my real name, some under a pseudonym. A question I get a lot from developers who want to plug into the pseudonymous economy is how to keep their personal profile separate from their "extracurriculars," without accidentally outing themselves forever.
While there's no absolutely "safe" way to do this, among the safest would involve a separate machine (virtual or otherwise), and a proxy that sends all your traffic through Tor. This is something I'll cover in a future edition of this series.
For now, I want to focus on one of the easiest steps you can take to maintain a degree of separation between your identities: multiple Git / Github profiles on the same machine.
This strategy is appropriate when:
- For reasons of privacy or retaliation (e.g. your employer), you want at least one degree of indirection between your real identity and your pseudonym
- Your physical or legal safety does not depend on this indirection (if it does, you need something stronger)
With that out of the way, I'll dig into a couple of details about how git works, and proceed to some recommendations.
Git uses SSH
The first thing to realize about Git is that it utilizes SSH for everything involving pushing/pulling files over the network. Anytime you run git push, git pull, git clone, etc., something like the following happens:
- Check $HOME/.ssh for default SSH configuration and SSH keys
- Use the configuration in $HOME/.ssh/config to route the command to the correct host
- Authorize the request using the key (either supplied with the command or the system default)
With this in mind, it becomes relatively easy to create and use a second profile on the same machine.
Step One: Create your new key (and optionally add it to github)
This one should be familiar to everyone. It's the same process you used to create your original key. You can follow the instructions from Github here or run this command and follow the prompts:
ssh-keygen -t ed25519 -C "your_email@example.com"
If you plan on using this key with github, follow their instructions to add your public key (ending in .pub - do not upload your private key!) to your account.
Step Two: Add a new git host
The next step is to update your SSH config to give you an easy way to use this new key. To do this, we are going to create a custom host.
First, open up ~/.ssh/config in your favorite text editor. You're going to add an entry that looks like this.
Make sure to substitute 'github-aztec' for something else, and replace 'id-aztec' with the file name of your new private key from the previous step.
Host github-aztec
User git
HostName github.com
IdentityFile ~/.ssh/id_aztec
Now, when your SSH daemon looks for hosts with which it can connect, 'github-aztec' will be in its virtual list, just like a real domain like github.com. The difference being that this connection, by default, will also pass along the correct SSH key that you created in the previous step.
Step Three: Update your project origin
Now that you have a key and a host, you need to update your project to point to it.
Navigate to your project root and run the following command (substituting 'github-aztec' for the host name you chose in the previous step):
git remote add origin github-aztec:user/repo
This is identical to what you would do with a normal remote, just substituting 'github-aztec' for 'github.com' (remember, 'github-aztec' is now a host like any other from the perspective of SSH on your system).
Now anytime you interact with git in this project, it will be interacting with the host (and therefore, key) from the previous step.
Step Four: Update your commit identity
This one trips up a lot of people. Every time you commit code in git, it writes a commit message that looks something like this:
If you aren't careful, git will pick up any global user/email you set previously and store that in future commit messages.
So make sure you set them like this:
git config user.name "BowTiedAztec"
git config user.email "bowtiedaztec@example.com"
If you previously set these values globally using the --global flag, it may be worth unsetting them globally so you will always be prompted by git to add a user and email for new projects.
Help, I f***ed up!
If you accidentally committed your real info to git, not all hope is lost. Set your git user and email per the previous step and then run the following command to amend the commit:
git commit --amend --reset-author
If you haven't yet pushed your code to a remote, you're done! If you have, you will need to run the following command to erase your info from the repo:
git push origin <branch_name> --force
The --force flag will overwrite previous history in the branch. If you don't have force push access, you will need to contact the owner of the repo.
Bonus: Using a VPN
As I mentioned, I will cover networking opsec in a future post. But one low-cost, high ROI technique for maintaing a bit more anonymity is using a privacy-oriented VPN. This will have the effect of pooling your network traffic with that of many other people, making it that much harder for someone (e.g. GitHub or whomever else you interact with via git) to figure out who is behind the pseudonym.
(Though, again, do not rely on this if your safety depends on it. Seriously.)
Personally, I use Mullvad VPN (not a referral link, I don't roll that way) but there are plenty of options out there. I like Mullvad in large part because of their long history of support for free expression as well as their physical location in Sweden (one of the better jurisdictions for privacy).
Conclusion
I hope this was helpful! If you have any questions, please feel free to contact me on Twitter @BowTiedAztec.
Top comments (0)