It’s tough to discover a lot details about Daniel Micay on-line. Google him and also you’ll flip up an impersonal X account and a barren LinkedIn web page, plus some YouTube “exposés” and flame wars on Reddit and HackerNews that characterize him as every part from a privateness advocate to a cybersecurity visionary to a despot. In the meantime, Claude refers to him as a “formidable unbiased cellular safety researcher” who’s “broadly described as socially abrasive” (for no matter that’s value). “All I can let you know about Daniel is that he lives in Canada,” says Dave Wilson, the group supervisor of GrapheneOS, a world-famous privateness software and Micay’s present challenge.
Throughout the cybersecurity group, the mythology surrounding Micay goes past movie star. He might be a ghost or a sort of egregore, like Satoshi Nakamoto or Ned Ludd. Followers choose aside scraps of biographical data; enemies take swipes at his technical achievements. Who is Daniel Micay? What does he actually need? After I wrote to the e-mail listed on the GrapheneOS web site, I heard again the identical day: “The crew as an entire can be pleased to take questions and reply them collectively in a collective trend. As such any responses can be from the ‘GrapheneOS crew’ and never immediately Daniel Micay.” Attention-grabbing. Then I acquired in contact with Micay himself—by way of LinkedIn, of all locations. He declined my request for an on-the-record interview, citing security considerations. I’ve since realized he’s 28 years outdated.
I did discuss to Micay’s former enterprise companion, James Donaldson, at size and towards the needs of Donaldson’s lawyer. I additionally talked to associates of Micay’s. Over many months, a portrait emerged of one thing lower than a fantasy however maybe greater than a person—and one who would go to excessive lengths to guard his legacy.
“He was a humorous man, ” mentioned Donaldson. Notice the previous tense.
Donaldson claims he first met Micay someday between 2011 and 2013, when Micay joined Toronto Crypto, a small group that sometimes acquired collectively to speak cryptography over beers. (By means of his present crew, Micay disputes this. He says he met Donaldson in 2014 and by no means formally joined the group.) On the time, Micay was a safety researcher and open supply developer with an curiosity within the fast-growing cellular area.
Micay might be, in keeping with Donaldson, considerably guarded. He had an off-kilter humorousness and chimed in solely when one thing technical got here up. Donaldson recalled a time when a troll infiltrated the crypto group’s chat and gave them the seemingly unimaginable activity of decrypting a collection of messages. Micay did so eagerly and simply. “I’ve a knack for determining individuals very early on,” Donaldson mentioned, “and I knew this man was good.” (By means of his crew, Micay claims to don’t have any recollection of this occasion.)
Donaldson, now 42, is a self-taught hacker who by no means completed faculty, was briefly unhoused, and spent most of his twenties in a “optimistic hardcore punk band.” “It’s cool being sensible,” he instructed me. “However in the event you can’t pay your payments, you’re a dumbass.” He noticed a possibility to become profitable in Android, which then managed 80 % of the smartphone consumer base. As a result of the working system was a decentralized, open source ecosystem that appeared to prioritize business enchantment and mass adoption over security, Android—with its plethora of vulnerabilities—had been likened to Swiss cheese. (This was in noteworthy distinction to the safer walled backyard of Apple’s iOS.) Donaldson didn’t know plug these holes himself, however now he knew somebody who may.
The area “Copperhead.co” was registered by Donaldson in 2014 and integrated in 2015 beneath each Donaldson’s and Micay’s names. The thought was that shares can be cut up equally, with Donaldson as CEO and Micay as de facto chief know-how officer. Their flagship product, CopperheadOS, was an open supply working system that targeted on one thing referred to as Android hardening. Like constructing a fortress and digging moats round a citadel, “hardening” a bit of software program makes it harder for hackers to realize entry. Within the case of CopperheadOS, this meant defending cellular knowledge by including layers of safety on high of the inventory Android OS. (Micay has claimed in courtroom filings that he was already engaged on Android hardening earlier than assembly Donaldson and that he agreed to the partnership on the specific understanding that he would retain management over the ensuing OS.)
