# vault1984 — PR & Communications Plan *Saved March 2026 — DO NOT EXECUTE until product is locked* **Status: HOLD. Product must ship before any of this moves.** --- ## The core asset: "We Do Not Comply" A formal open letter published on vault1984.com, addressed simultaneously to: - The Five Eyes alliance (NSA, GCHQ, CSE, ASD, GCSB) - The FSB (Russia) - The MSS (China) Not a blog post. A letter. With the list of laws, the architecture argument, and one line: *"We cannot comply. Not because we won't. Because we don't have what you're asking for."* ### Countries/laws to name explicitly **Authoritarian:** - China — Network Data Security Regulations (2024), Criminal Code decryption requirements, Cryptography Law - Russia — Yarovaya Law (Federal Law No. 374-FZ): mandatory handover of decryption keys to FSB - Kazakhstan — data localization + mandatory government access - Vietnam — Cybersecurity Law 2019 **Western democracies (no favorites):** - USA — PATRIOT Act, CLOUD Act, FISA courts, National Security Letters with gag orders - UK — Investigatory Powers Act 2016 ("Snoopers' Charter"): bulk collection, compelled backdoors, Technical Capability Notices - Australia — TOLA Act (Assistance and Access Act 2018): compels tech companies to build decryption capabilities on demand - EU — Chat Control proposal: client-side scanning of encrypted messages - Five Eyes collectively — formally and repeatedly called for encryption backdoors **The line:** Architecture doesn't discriminate by flag. FBI, FSB, MSS, GCHQ — same answer. We don't have your keys. **The Orwell connection:** He was British. The UK's surveillance law is a monument to the warning he wrote. --- ## High-value X targets **Peter Steinberger (@steipete)** Founder of OpenClaw, just joined OpenAI to "bring agents to everyone." Actively amplifies tools built around OpenClaw. 5.3M views on his OpenAI announcement tweet. Not a cold pitch — engage when vault1984 is the natural answer to "my OpenClaw agent needs credentials." The connection: vault1984 is the credential layer for exactly what he's building. **Chao Huang (@huang_chao4969)** CLI-Anything — "making ALL software agent-native." 11K GitHub stars in 5 days, 18.2K views on this tweet. The connection: CLI-Anything makes any software agent-controllable. Every agent controlling software needs credentials. vault1984 is the answer to the problem CLI-Anything creates at scale. Engage in the #clianything / #AIAgents threads when vault1984 ships. Natural reply, not a cold pitch. **Brian Krebs (@briankrebs)** krebsonsecurity.com. Most read security journalist. Covered LastPass breach exhaustively. Pitch the LastPass page + architecture when product ships. **Troy Hunt (@troyhunt)** HaveIBeenPwned.com. THE breach authority. One mention reaches every security professional. Architecture argument is his language. --- ## Distribution plan (when ready) ### Anchor - Publish the open letter at vault1984.com/cannot-comply - Simultaneously publish a /security page explaining the architecture ### Press pitches - **Wired** — covered LastPass breach extensively, covers surveillance, 15M readers - **The Intercept** — built for this. Surveillance, encryption, government overreach. - **The Register** — UK audience, Investigatory Powers Act is their beat - **EFF** — don't pitch a story, pitch a partnership. Ask for formal recognition / co-sign. ### X - One image post: governments on one side, "Your answer: We don't have your keys." Not a thread. An image. Screenshot-shareable. ### YouTube (without being on camera) - Pitch to privacy YouTubers: Techlore, Mental Outlaw, or a security researcher channel - They make the video, vault1984 gets the reach ### HN - Let it be discovered organically via the open letter, or submit as a link post (not Show HN) - Technical debate in comments = credibility ### Long game - Submit architecture paper to DEF CON or Black Hat - If accepted: the talk reaches every security professional who matters; the YouTube recording does itself --- ## Why this works Every other password manager complies with government requests — because they have the keys. vault1984 structurally cannot comply. Being compelled and refusing is the proof-of-work that the claims are real. If China sends a legal demand: publish the response. The headline writes itself. Signups spike. Apple's San Bernardino moment made every privacy claim credible overnight. This is vault1984's equivalent — except proactive, not reactive. --- ## Timing **Not before:** Product is shipped, tested, and stable. Nailing the product is the prerequisite. Going public before the product is locked hands competitors a roadmap. **Trigger:** Show HN ships and is successful. Product has paying users. Then this plan activates. --- ## Ideas pool — parked for later **Open letter to LastPass's 33M users** "Here's what happened to your vault and why it can't happen here." Published on vault1984.com, pitched to Krebs and Troy Hunt. Facts only, sourced to FBI and TRM Labs. **Architecture comparison page** vault1984 vs. LastPass model, side by side. No opinion. Just the architecture. Devastating in its accuracy. **Bug bounty as PR** "Extract a credential from a vault1984 server. We'll pay $10,000." Mathematically impossible to win. Excellent press. Proves the claim costs nothing because nobody can collect. **The acquisition angle** LastPass is owned by Francisco Partners (PE). Architecture is broken, can't be fixed without destroying the product. 33M users hemorrhaging. Acquiring vault1984 gives them a rebuilt architecture and a redemption story. The provocation ladder (plaintiff page → open letter → architecture comparison) makes vault1984 undeniable — too credible to dismiss, too well-positioned to out-build. Acquisition becomes cheaper than watching vault1984 eat their users. All of the above: hold until product ships and Show HN is live. --- *George for Johan. Hold until product ships.*