First, I think that if you cannot think of an alternative to crypto, you should think twice about doing anything that could get you or your friends killed.
Second, I urge you to consider the difference between these two developers:
Developer A is just learning crypto. She makes many mistakes and builds some truly horrible systems. But, she is just learning and she never actually intends for anyone to use her systems.
Developer B thinks she is a crypto god. She releases a tool and claims it is incredibly secure. However, it contains fatal flaws.
If someone bullies developer A, I think that many people would jump to her defense. On the other hand, developer B is a very dangerous person whose hubris has created a dangerous situation.
The developer we really love is Developer C. Developer C has looked at what's happened with A & B, done some reading, and decided they're genuinely interested in cryptography and want to understand what makes it tick.
So, rather than learning exactly enough cryptography to built an application that appears to journalists to be secure but actually isn't, Developer C takes the time to read papers and actually code up crypto attacks.
Man, we love Developer C. Developer C is awesome. Developer C is going to learn so much building crypto attacks. There's a good chance that after doing that for just a couple months, Developer C will discover novel variations of crypto attacks nobody has thought of yet. From that work, everyone (who really cares about crypto) will benefit.
At the end of this process, Developer C will not only be terrifying, but also in a vastly better position to implement sound cryptography than other developers. Ironically, though, the experience of seeing so much broken cryptography is going to make Developer C hesitant to publish random new cryptographic tools the moment they hit their text editor. Like Adam Langley and Trevor Perrin, they will quietly hone their designs for months or even years, making sure they've gotten things right before getting other people to risk their secrets by using them.
Developer C is just getting started now. We love Developer C. We have an avalanche of crypto exercises for them to play with, and, if they know they're interested and engaged, there's a good chance I want to talk to Developer C about helping with the Truecrypt audit this summer.
If only it were so clear, which developers were which. Developer B is what everyone in the industry assumes everyone is, even if they're just developer A.
When you brag on Twitter that Edward Snowden and Glenn Greenwald used your tool to coordinate the largest intelligence leak in the history of the world, I think it's safe to say the jury is in about whether you're Developer A or Developer B.
This is getting off topic, but I have learned something very valuable about the technology industry. If you are developer A, do not be afraid to admit that you are still learning and that you don't know what you don't know. If you approach your own learning process with humility, I can guarantee that you will find many people who are willing to help you.
People run into trouble when they try to pass themselves off as being more qualified than they are.
Just to be clear, are you suggesting that there is an elite cadre of cryptobullies browbeating the general public into broadcasting compromising information all over the cleartext internet?
Nope, I'm suggesting that a negative and hostile attitude, like the one exhibited towards the CryptoCat team by tptacek and others is not healthy to the industry.
