Welcome here fellow internaut, you'll find here things that were in my brain and that are now in the internet. I won't restrict myself on one specific topic, but you'll find here a lot of stuff about information theory, computers and civil liberties.
One thing however, you've noticed there's no comment available. It's intended. I do not want to do spam hunting, or moderation. It's something that bores me, that could bring me legal problem and stuff like that. And I do not want to makes you fighting the spam by adding registration (bleh) or captcha (which I fail more often than bots probably do). It's not supposed to be your burden. So, if you wanna comment, do it on your own space, and ping me (I'm on my own XMPP server, on twitter and i've got a mail, you'll find easily). We can exchange a lor more like that.
Oh, and it's a wiki style thing. So, I will alter/modify the content of posts, you can check the difference by looking at the page history.
Have fun. Enjoy your free internets. Make datalove not infowar.
[[!tags justice politics]]
Trigger Warnings: Rape, Paedophilia
I'm not really elaborate on the fact that the current prison system (either in the US, or - basically - everywhere else) is broken and walk on its head. If you want to contemplate the disaster, you can watch Prison Valley, get facts from OIP or read testimony made by, basically, every inmates, their family, their friends about what the prison is doing to them.
I could tells you what the incarceration of my father for paedophilia did to me, how I had to hide it, to lie every single days to basically everyone, to pretend it did not happens for the sole purpose of surviving through middle school, and that it didn't solve anything, Because he got convicted a second time for similar crimes years later. You'll notice that neither I, my sisters or my mother have been found guilty of anything, but still, we paid a price. For justice.
I will not argue that prison is the worst solution to any problems. At best, you put people on hold and free them, expecting them to behave when they'll get out. At worst, it's a political tool used to criminalize populations and build resentment upon some populations (yes, it's a tool used for power to keep people in check) while creating more sociopaths, storing them away in inhumane conditions, and forcing them to work - and so destroying jobs outside of jail.
Prison should not exist. Even for serial rapists, paedophile, killers, abusers of all sorts. If you're only answer as a society is to store them away, in a dark room, and hopping they'll get better you're delusional. I do believe people can change, but they need help, acceptance, and an possibility of failure.
The thing is, prison is intricately mixed with the notion of justice. We tend to think we deserve justice, but I'm not sure we really think about what it means. The justice system, as its currently implemented in most part of the world, is a punitive one. The principles behind it is that if you do a wrong to someone, you should pay for it, one way or one another. You should not pay to the victim, but to the society.
Basically, it's the biblical principle of the Talion's Law: an eye for an eye, with interests. Those interests exist to dissuade further wrong to be done and because the perceived loss might be above the material loss. When it come to non material wrongs, it gets complicated.
The justice system tries to determine what is the impact of the wrongdoing, what are the personalities of victims and perpetrators to find an appropriate sanction. Basically the process of justice tries to evaluate the cost of a human life, which is an extremely capitalist view. The life of a worker, or of a woman worth less than the one of a CEO for instance. That's why stealing and destruction of property is so harshly sanctioned, while rape or harassment of the work place is rarely sanctioned.
We deserve nothing
But you probably all know that, I'm just writing down some ideas on a text file. The thing I want to get too is that we deserve nothing. We do not deserve justice. It sound harsh, I know, but when you look at it, all the justice system is build around punishing.
And if you want to not act randomly, because you know, you're a sophisticated society built on principle from the XVIII° centuries. Principles formed by white people of the bourgeoisie, then you need to defines what should be punished and what should not. You need to establish what is the norm and to enforce it. You need to make sure everyone understand what are the personal costs of transgressing this norm, and you need to know who is behaving and who is not. You need to be Santa Claus, knowing all the dirty secrets of every kids, and decides which on will get presents and which one won't have anything.
You'll justify it with the Law. The Book Of The Law. We modernised the process since the biblical times (where Moses got high on drugs in a mountain and wrote stuff on marble tablets because he was afraid of losing he's grasp on power). You'll enforce it with a dedicated group of people: cops. And then you'll gave them the power to sort people between good and bad guys. To do that you'll give them the power of mass and systemic surveillance.
This notion of justice most of people wants requires mass surveillance. And prison. And a norm. And I'm still wondering: do we deserves justice? I tend to believe that, as a member of a society, we deserves nothing. We do not deserves to be happy, to have a good life, and the like. Deserving something means that, inherently, the world in which you live, should give you something.
I think the only thing we deserve, as individual, is the fulfilling of our needs (physiological and/or mental). Not justice, not love, not a family. I could insert here a reference to the Maslow's pyramid, but the model is a bit simplistic and outdated. I don't think the notion of justice is a need. The closest thing that would be associated to a need, is the need to be recognised, to be esteemed by other. To live in dignity and respect. And either everyone deserves that, or no one.
As stated before, prison strips individuals of their dignity, of their respect, of their esteemed (by other or by themselves). And I think the notion of justice cannot be dissociated of the notion of prison. As long as you ask for people to be thrown in prison, you're losing your access to live in dignity.
Where do we go from here
We do not deserve justice, and I think that, in our communities, we really should work on that. Justice is an outdated system used to justify incarceration, mass surveillance and therefor systemic discrimination.
What we need to think of is harm reduction, which is at the core of the Transformative Justice theory. The idea behind harm reduction is to provide communities with tools to help them avoiding harm in the first place, and then reducing the impact of it.
That's the idea behind collective insurance for instance. A collective effort can help reducing the burden of an accident. It requires to accept the fact that some people might not want to behave, or are not able to. And that you need to have structures to act before something happens. Calling out rapist or aggressors helps to do that, but it deprives the aggressor of the possibility of change. This is a community response to a traumatism. It does not reduces the traumatism of the victim, but it tends to reduce the potential harm that a person can do.
But I think we can go further. Paedophiles for instance are almost universally perceived as monster that should rot in jail for ever because they hurt children by kidnapping them and tying them in a closet making them their sex slaves. Which is as accurate as the depiction of rapist being a stranger that will jump women in the street to rape them and kill them.
In Berlin, a program has been started to help paedophile who did not commit an aggression. You can read about it here and it seems to be successful. They allow paedophile to talk about their issue, to have access to treatment and t manage their life with dignity and without hurting kids. This is not the only program, but a lot of them are targeting offenders (you need to have molested a child to enter some of those program)
Which is a better outcome than sending them to jail, with a so-called obligation of treatment (it did work so well that my father did get back to jail ten years after), or stacking them in prison cells, refusing to deal with them don't you think?
I have to add that, on a community level, I think this can works well with inside violence, not from harm done by the outside. You deserve dignity, so you should protect yourself against aggression, especially as a community. A neo-nazis entering a self-managed bar is an aggression, so you should gives yourself ways to protect against these violence from outsiders.
I think that the idea of transformative justice is interesting. The idea is to change the society to reduce harm being done, not trying to repair the victims (which is restorative justice) or trying to avenge them and dissuade potential perpetrators (traditional justice).
To ease the way of harm reduction, we - as a society - needs to be able to accept that perpetrators exists and are human being. And that they can change. We need to accept that, most of the time, a victim will endure some traumas that cannot ever be repaired fully - but they can learn to lives with it. We need to accept that, as a society, we have a role to play in aggressions and mitigating them.
One of the way of mitigation is to think of what enables aggressors. What makes them act and why would they think it's OK to act this way. With the traditional justice system it's often the perceived impunity. If a cop will not accept the complaint made by a victim, then the aggressor will never ever be confronted to the harm he did, so he will act and probably repeatedly.
Another enabler factor, is the social status of the perpetrator. A well established person, with power over a community - because they're doing important things - will enable perpetrator to do whatever they want, think about R. Polanski, J. Depp, J. Applebaum for instance.
That is why it is important to avoid social structures which enables people to do harm. Meaning, you should not have only one person in charge of this important thing you need your social group to survive. Every structures which have only one person in charge, will lead to harm. That is why I think it's important to attributes success and failures on collectives, not on individual among those collective.
We also needs to think about the friends of the perpetrators. Some of them are enablers, some are afraid of consequences if they act against their friends. I also tend to think that stripping a perpetrator of his friends by punishing them for actions he did, will not help those person to come forward and discuss an issue that bother them.
I think that most of the harm reduction process is about communication and speech. Being able to talk about something, without being thrown out of a group is something important. And you should be supported to come forward, you should be accepted for that. If someone does not understand consent for instance, or have trouble with it, this person should be able to talk about it, at least to someone. Yes, it means that you need to keep those discussions private.
Last point, you do not need for everyone to agree to that. But you need to have people who wants to try it and to work on it You should also be careful about not converting them o enabler, that's why it's something that needs to be addressed by your communities.
I really think we have an issue with justice. We claim we deserve justice while it's a tool made by and for the power. Or we tends to mix justice and revenge. I think we should really works on those topics. Protection of whistle blowers, privacy and other related issues cannot occur in a traditional justice system since it is intertwined with mass surveillance, systemic discrimination and the like.
I'm not advocating for vigilantes either, which is a protection from the outside (and yes, you might need, at some point, to have people who can physically resists to adversaries, but that's a different topic). But really, if we want to reduces aggression made by member of our communities toward other members of this communities, we cannot rely on the notion of justice, we need to find a different way.
Let's redefine Privacy, shall we?
There's a lot of issue with Privacy. I already wrote about it some time ago, but I think that in fact the current definition of Privacy is an issue. For starters, no one is able to provide me with a definition of privacy.
Is Privacy a secret?
The definition I encounter the most can be summed up a bit like this, it's everything that is "none of your concern". It's the version of Privacy I used in my previous post and, I think, it's probably the one that's defended mostly by people who basically are not discriminated against by system of oppressions (states, but not only).
There's two main issue with that. First, there's thing that you cannot "hide", such as your apparent gender, or the color of your skin, and those will submit you to system of oppression - I won't spend time to expose them, but please feel free to read some useful documentations. Second there's the fact that secret is used to hide things - that's the purpose of secret. You want to keep others in the dark about what's happening. David Cameron just said that his personal investment in Panama are private matters. Conjugal rape and other in-family sexual assault are always hidden under the veil of the "private matters" that should be treated only inside the family.
I mean, clearly, secrecy is a bad thing. Not only for government, but for people in position of power and control over other. I'm not advocating for a full publicity of everything, but for a questioning of is privacy a synonym to secrecy?
Do we really want to hide all of our lives to our society? If we want to redistribute wealth, we need to know about the income of each person. If we want to act upon the discrimination women faces, we need to know about those discrimination, we need to know about who's identified as a woman and to act upon the people who discriminate them.
If we want a world with a bit more fairness inside, we might need to be able to be a little bit more public about our lives. Society is build on the intersections and interactions we have with each other. The positive ones, and the negatives ones. The society, the cultures we live in, is not - I think - powered by the things we have in common, but by the differences we have and the different experiences we've been through.
So, privacy a the thing you keep in the closet is bad - go talk to queers about living in the closet to see why this kind of privacy sucks.
Also, I do not think that the right to privacy - as described by the article 12th of the UNDHR is defined by what we keep secret. This right is defined as protection against arbitrary interference. It doesn't state that it has to be secret. It protects interferences, meaning, influence, actions, perturbations. Not about knowing about it.
The issue with mass surveillance - and why its so bad - is not because it allow a passive global observer to exist, it is because it create an active global discriminator that will sort people between good citizens and terrorists, based on what data we create. Mass surveillance described as a passive global observer is an issue. The mass surveillance complex is used by power structure to maintain their power over people, by creating and enforcing discrimination. This is clearly a violation of Privacy because it is arbitrary interfering in life of people. But it's not because they collect the data.
This is one of the thing about mass surveillance, it does not exist in void, it exist as a political tool of social coercion. It'(s not the data collection and gathering that's the real issue. With the amount of data collected, we could have a real source of interesting data for sociologist to help them describing our society, and gives us clue to change and improve it.
So, no. The fact that a passive global observer exist is not the issue. The issue is that it is a fact an acting and active global discriminatory system. And secrecy is only a way to protect against the passive global observer. It does not enforce privacy. It does not defines privacy. It does not helps you to protect yourself against discrimination.
Is Privacy your identity?
I'm not sure. Identity is a social concept (and a psychological one, it sucks when you use one word for two different things). It's how you define yourself at some point in time, and how you are recognised and defined by others, based on their cultures and social cues and norms they have.
You decide how you want to define yourself, in regards with the current social cultures you bathe in. You adopt, reject, create or appropriates part of this culture to form your identity and to express to the society who you are, and how you'd like the society to consider you.
Your identity is - at least partly - publicly displayed and used by the society to interact with you. This is where discrimination will take place. If you're identified as a woman - whether or not you define yourself as one - and the society we live in discriminates women - and we live in such society - then you'll be discriminated.
Which basically seemed to be a good match for arbitral interfering ad specified earlier. It seems that the elements you use to define yourself, the elements used by other to identify you and to relates to you seems a better candidates for me than the one you keep secret.
What it means is that our privacy, what's private, is the core of how we see ourselves. It's not what we want to substract to public scrutiny. It's how we want to be identified. And our rights to have a privacy is basically our rights to defined however we want - in a social context - without being discriminated for it.
It does not means that if you want to define yourself as a patriarcal asshole you'll be able to act onto people as you want. It just means that defining yourself as a patriarcal asshole shouldn't means that you'll be treated in a specific way. The thing you'll say, the thing you'll do are what will bring your trouble, but not your identity.
Basically enforcing privacy is trying to find a way to end discrimination of any kind. It's not providing tools - secrecy - to create more discrimination. Fighting for privacy is understanding that the world is non-binary, that no identity should be infeoded to another, it's fighting for sanctioning people for what they do and not what they are.
Yeah, OK, but where's the cryptography comes into play?
Cryptography is needed because - in a world of oppression - you need to organize yourself to change those. And to organize you need secrecy at least temporary - until you act. It is not a right has protected by any of the article of the UNHRD, but it is mentioned in the preamble:
Whereas it is essential, if man is not to be compelled to have recourse, as a last resort, to rebellion against tyranny and oppression, that human rights should be protected by the rule of law,
Meaning that, if you're right to Privacy is not respected, then you need to react and fight for it. And for that you need secrecy, you need to hide from the spies and the forces that tries to remove your rights.
Because, in the end, the only rights you have are the one you fight for. And this is where cryptography will helps you. Cryptography will allow you to disobey, to organise dissent, to rebel, to have some time to breathe. But it will not helps you to enforce Privacy and the right to self determination.
And I think we all need to rethink that privacy is not what is secret, but it's what makes us individuals. It what gives us the right to coexist in the same society. And this is why we all need to fight for it. Without privacy, there's only bland human without identity. Without privacy there's no place for non-mainstream person. Without privacy there's no way to evolve and progress. Without privacy, there's no I or You. There's only us. Forced in an identity we didn't choose, think, defined, accepted, created.
Those identities are the one created by the global active discriminator to divides us. They are the nationalist ones, they are the Charlie's one. They're the one of the dominant classes and we're stuck with them, without a possibility to exist out of those scheme without being violently confronted.
We should fight for this privacy. For the possibility for anyone to self-determine themselves. And stop believing that we currently have access to it, or that cryptography will suffice.
So, for those of you who never heard about it, there's some hidden services in the wild. They're called .onion if you use Tor - and you should.
Facebook, for instance, also have a .onion. My blog to.
It's neat, it helps protect privacy of the user and escape mass surveillance and censorship. Anyone should do it if they're even remotely interested in protecting their users (I mean, even facebook did it. You can't be worse thanthem on this bsasis, except if you're a bank).
But, users still need to know that the .onion exist, and they still need to redirect there. And the onion adresses are anything but human friendly. They're hard to remember, and a mistake in one character might land you on a totally different website.
It would be nice that, the same way HTTPS Everywhere redirects you to https enabled website when you go for the non-encrypted version, there would be some way to redirect users who uses tor to the .onion version.
Onionify all the things
The cloudflare way
So, you can perfectly do the same thing that cloud flare is doing. Get a list of exit nodes, and - on your web-server - when a queries go from one of them, redirect to the hidden services.
It needs an updated list of exit node. Can probably be done, but then you also need control of the webserver (which might not necessarily be the case) and some cron jobs.
I need to do a bit more research on that anyway.
You can also probably add a header server side which would advertise the .onion. Or advertise address in DNSSEC zones one way or another. But then, you need the browser to be aware of that and to do those check before going on the website.
I think it's probably the best way to do it. And it probably isn't a lot of code (might need to do a plugin for that, to agree with everyone on a standard, and write a RFC).
Or you can control the browser with something on your content whch is aware of the onion. And which can check if the browser is able of using them.
That's what JS is for. A simple HEAD query sent by the client to the onion will tell you if the client can connect to your .onion.
It's probably dirty, it's JS it does asks permission to do it, but the bit of script I've write works fine.
It can be embedded on any page to redirect to a hidden service.
The code is straightforward. No dependencies. You do not need jquery for doing just a query, you need XMLHttpRequest.
It ca also be easily adaptable (just change the content of the onion variable), and it works from anywhere your client lands.
Better privacy for the user in 15 lines of JS.
The code is here, licenced under WTFPL. There's probably way to do it in a cleaner way, and I said earier, I think it would be better to have a .onion dectection feature in the browser, but it's there now.
And the more you'll use it, the more people will land on your onions. WHich will improve both Tor network - more casual surf is always good - and the privacy of your users.
Remember, Remember, the 13th of November
Hey Friend, been a long time. Usually this would be a conversation I have with you over an instant messaging media. We would argue, because I need to confront my views, and you'll help me to step back a little bit and try to force me to take care of me.
This conversation would probably splitted across several media and people, because this is how I function, in weird ways and without focus.
On the 13th of November, coming back from le Louvres to Saint Denis - where I live - you sent me a SMS asking me if I was safe. I did heard a loud noise from the Stade de France when I was heading out the subway to my home, but since there was a match I just flagged it as "weird noise made by sports fan". I didn't understood why I received this text.
Then, once home. I started a web browser. After receiving half a dozen a tweet of various instance of you, I reassured you by posting that I was home and safe on twitter. And then, with my room-mate and coworker we just thin about the huge amount of work that we would have to do on Monday - and even before that.
I told you, I work in strange ways. I wasn't emotionally affected by the death of 300 people. It's random and I knew no one there. The shooting happened in places I can happen to go, but it's as random as a plane crash (and in fact there's a higher probability to be killed in a plane crash than being hit in a terrorist event).
I checked upon friends (or waited for news)(yeah, I suck at maintaining friendship, I think you're kind of aware of that now) to be sure everyone was mostly safe. And then I waited for the political disaster that will ensure. Until the next Monday I really hoped that our politicians would do something clever, like calling for respect and fraternity and unity.
You called me naïve, but if I'm not that naïve, then I turn cynical. I tried very hard to shut down my inner voices warning me of what would come next. And since you told me that being cynical might hurt you, I try to avoid that. Also it's better for my moral and my depression.
And then our Beloved Socialist President of the Republican Democratic Palpatine ordered the Senate to vote the martial law … Mmm, no, I'm on the wrong movie here. It was the talk of Mr. Hollande in front of the congress - higher and lower chamber gathered at Versailles - when he asserted that we were at war. And that we need to form an alliance with Putin and Assad to fight ISIS. And that we need to extend and modify the State of Emergency, and the Constitution.
This is where I broke up. Syria is still a hard political subject for me. You know that since I talk a lot about it. You even asked me to get diagnosed because I might have some sort of trauma. SO, yes, this is where my emotions finally set me adrift.
What people call emotion wave or surge are - in my case - chaotic tsunamis destroying anything that might be related to reason. That's my poison. That's what will kill me in the end. You're important there, in the fact that you help me resurface in those situation and kind of freeze the emotional disaster.
We talked about it. I see no hope in our current situation. Warrant-less search and warrant-less house arrest; total stop of support of any kind toward the refugees - who already had a hard time; suspension of the right to protest and, more generally, confiscation of the political debate by the politicians - Mr. Valls said that he won't accept any discussion about the incidence of social or economic factor on terrorism; those are what we live on now.
I mean, I'm used to see army in the street of Paris. In fact, I never knew them without troops - the bombing attack of 1995 happened at a time I wasn't that much in Paris and since then troops are always in the street. But now, their in battle suit, helmet and bullet proof vests, way to much weapon for my sanity, etc.
Cops did change also. They weren't on a short leash before, but now they're out for blood and revenge. Usually, even on the few forbidden protests I was at, there's always a way to get out if you ask nicely, they will let you go without hustle - they're basically filtering you to be sure you won't sucker punch them, but in the end you can escape before they arrest everyone. But on the 28th of November, there wasn't such a thing like a possible escape. They wanted to fight.
There was a public announce that unemployment was on the raise just before the COP21. And nothing in the government deemed important to say anything about it. I mean, they're supposed to be socialists for fuck sake. They should at least says that they will work on a new way to count unemployed people, or that they will do something about it. But they only speaks about security. Mr Valls eve stating that "Security if the first of liberty" which, ironically, is a quote made by JM. Le Pen as a slogan for it's presidential elections back in the eighties.
We have a socialist prime minister, defending a security only program, based on pricniple established by the far right movement.
That's about the state of our politics in France. But don't get me wrong, The FN is a bit worse than he PS in that he will actually do what they said they're gonna do, and they plan to cut funding for planed parenthood (which depends largely on regional funding), and other nice stuff.
Politicians wants me to vote to block the National Front, in a national movement aganst fascism. But I won't. I do not see the point on voting for a lack of response to social issues, just for the sake of protecting us against fascism. Politicians who enabled the police state, who are asking for a republican merge, who are saying that young people in teh suburb should cultivate themselves, who plans to bomb people in collaboration with Turkish, Russian and Syrian - all extremely democratic - governments, who reduce democratic life to vote, who won't do a thing about the unemployment, wants my vote to oppose fascism?
You see my dearest friend, you asked me to look on the bright side. But it's more than hard to do that. You told me that bitterness is like Beaujolais Nouveau. You can drink a bit of it, it can even be good - and I disagree on Beaujolais Nouveau being a good wine ever - but too much and it will kills you. Or hurt you.
I don't know.
I work at La Quadrature du Net now. And I really try to avoid the repetitive self destruct pattern that leads me to chain burn out. Me or other staffers. Or you.
During the attacks on the 13th of November, I focused on the solidarity part of it. That's what I'm trying to do. That's why I keep informed on the Syrian situation by following the White Helmets.
But there's something that is absent of our political life in France. We have traditional organisations who covers for themselves without caring about anything else than their way to power: syndicates, political parties. We do have old style NGO, advocating nd lobbying behind the scenes. We have radical groups who are busy fighting cops. But we do not have orgs who works on party. Militantism in France is a serious business. And if you're not working yourself to death you're doing it wrong. ANd you end up without anyone willing to take up the fight, to think on long term strategies, to federate smaller groups who exhausts themselves beyond repair.
And I hear you. I need to focus on the positive sides. So that's what I'm trying to do. There's some good stuff happening. LQDN is finally having a nice and more inclusive community - there's a lot of effort to do, but it's in progress. I'm working there to build tools to bother our deputies - piphone and similar stuff, provide tools to flatten the democratic process. Or at least to help the circulation of information.
And that's my target. You said me that we're in for a long fight. I'm not even sure we can win this fight, and the nihilistic part of me keep thinking that it's useless. But since I try to not killing myself, I need something. If I can bother an intelligence officer, a head of office somewhere, deputies or senators, ministers or head of state that's a win.
If, when they see us, in the press, or elsewhere, or when they hear about us those people think "Oh no … not them again … my day is now ruined" then, it's a win. It won't makes them stop doing shit, but at least, I'll smile when thinking about all the pain they'll get.
And in the meantime, we should try harder working with other small organisation specialised in other aspect of the fight. There's a lot to do with queers, feminists, ant antiracist groups. And I really think that's where I can help - beyond the purely technical point.
So, you see, I'm trying to stop sipping the bitterness part of things. It's hard 'cause I've turned cynical/realist. And because I love the bitterness. But you're right. I should stop drinking it.
I'm happy you're here. Because at least I can talk to you. And there's here also. This post is fucked up, and makes no sense. But I think it's a bit like what's the political life looks like. Socialist calling voters to vote for traditionalists.
It's fucked up. But I'm gonna ignore that, because it's useless and I can't spend any more energy on that. I'll focus on building things.
Thanks for still being here.
I don't think I need to recall you the events of teh week-end. They're, like, everywhere on the internet, just grab any website and get a deep look into it.
I did not personally suffered from the shootings and the death of those people. Nobody I know was there, and given my current mental state I kind of grew an emotional dampening for this kind of horror. So, except for the checking on people and the continuous anxious flow of data and information coming from the TV of the twitter, I've essentially gone through the events unaffected.
I did not join the spontaneous meetings - because I'm still having issues with crowd, and paranoid crowds are the worse - but we did celebrate a birthday in a bar Saturday evening. In one of the - usually - most crowded place I know to drink beers, which was almost empty. Unusual things happened, like strangers checking on strangers while crossing path in deserted streets.
But mostly, I've been through it untouched and unaffected. It's hard for me to feel empathy and emotion those days, and when I'm not keeping them at bay, I'm learning how to induce and emulates them, in a not that much destructive way.
I'm getting good now at detecting thought patterns that lead to anxiety crisis, I'm able to decide with feeling I wanna run in my brain - more or less. It's an extremely artificial process, but not everyone can manage their emotions as you do. Mine are tsunamis and typhoon destroying any bits of rationality I can have, and it ends up with me boxing walls until I broke my hands or drinking myself to the point I'm unable to feel.
So, I basically removed those feelings, and gone through the motion. Focusing on people helping each other, closing myself into music and drawings, stuff like that, because the anxiety provided by continuous access to information is just the worst thing that could happens to me.
I rode through the horror with detachment and cynism. I was thinking about all the work we - since I'm working at la quadrature du net right now - will have to do on the coming days to check up freedom and civil liberties. But besides that, I was okay.
And then, during the week-end, I've seen fluctuat, nec mergitur everywhere. The Paris motto. People were defending their culture of getting out and drink wine, and coffee, partying. People gathered around what has been - in their perception of things - under assault: the parisian way of life (and, as Jon Oliver said it - good luck with that).
And people were already falling into the us VS them trap. Stating that we - the one who party the one who get drunk, the one who don't respect anything - are the good guys, and that anyone who would disagree with that are the bad guys.
But people's heart is not at partying. Mine neither.
And then, there was the Congress. For the one not familiar with the French political institution, the Congress is the gathering of the senate and of teh parliament at the request of the President, and it is gathered essentially for Constitutional patch and updates.
Before that, our President established the state of emergency. Basically, it removes the Habbeas Corpus, and allow for administrative house searching - warrantless house search - among other thing (it also grants prefect of police the capacity of establishing a curfew, it stops the rights to gathering, and close most of public space).
And the president then made a discourse before the Congress. He said mostly three things. First that our freedom is partying and going to bars. Everyone seems to forgot that my freedom is also resisting to injunctions, or asking for respect. Second, that we must go in war against Daesh/ISIS. Which means that we need to sit at a table with Poutin and Obama to found a solution for the Syria crisis - meaning they will work with Assad. Third, he asked for a two month prolongation of the state of emergency and a patch of the constitution (especially the articles 16and 36)
And then, everyone in the assistance applauded. And sang the national anthem. In an extremely nationalist way. And no one was there to oppose that. Every single parties represented as basically followed the president talks about the state of emergency.
And everyne was happy, because we were told to party. We had to. To get drunk is now a sign of resistance toward the horror. And no one cares that no ones is actually trying to fix things. No one cares hat the state of emergency will be updated to account for "new technologies", no one said a thing about the Kurd and rebel in Syria that will get the heat from the French alliance with Russia in Syria.
And I could not stand this. I hoped that, for once, things will indeed go in the good way. But nope. Our freedom has been restrained to the freedom to party. And I'm down. Really. The city that could take anything, that's proud of its stoicism is drowning.
And I'm crying. I'm crying because I'll get used to it. In the end, you'll get use to it. That's the horrific part. I'm used to the military in the street, I'm used to the suspicion toward refugees and foreigners. I'm used to the fact that politician just don't care. I'm used to be in pain. But I do not see the point of living.
If it's just for the pain, then why should I? If there's nothing but more pain incoming, what's the point to even bother at standing up in the morning? I'm down the lane. I know how it's induced. I should eat, I should take some rest. But I do not understand the point, I do not see it. The hope is a lie, there's none.
GMail: why it's not a good thing
This post is an answer to jbfavre post[FR], in which he state that - from a metadata point of view, your safer in the mass and so in gmail for instance than if you self host yourself.
In the conclusion he goes on saying that the best choice would be to hand over your mails to associations or small business - which I might agree (under specific concerns).
But he's not the only one stating that your better with a gmail account than one on your own domain name. manhack and others are also arguing that GMail is best to evade the mass surveillance.
Those person suggest that using GMail, is simple and Google has a lot of cash to invest in security. They're also trying hard to hinder NSA mass collection of data effort, but I think saying that using Google service is a good way to enforce your privacy is an intellectual bias.
I think this idea come from a misconception of what mass surveillance is. Mass surveillance is the intricate surveillance of an entire or substantial part of a population WP.
On the internet, the mass surveillance is done by a systematic collection of all data and metadata, their archiving and indexing and the fact that action and decisions are made on the results those data will show.
In France, there's a specific concern because it's now legal for our government to intercept all the communication and analyze metadata. Then there's a fallacy stating that if we all use the same host and the same encryption, then it's impossible for the state to know who's talking to who and when; opposed to the case where everyone have its own host and its "relatively" easy to know who's speaking to who and when.
It comes from the fact that, if I'm the only one receiving and sending mail from this computer, then you just need to get the TCP handshake to be sure that someone is talking with me. So it would be safer to have some kind of proxy somewhere, to mutualise those connections and to raise the cost of surveillance isn't it?
Except that this answer is valid if and only if you have some conditions: - The proxy is not itself part of a mass surveillance system - The mass surveillance you're trying to hide from does not go further than just getting the TCP protocol of your connexion - Your correspondent also use this sort of mass proxy, or it would be easy to know when he's talking
So, let's see what's the case with gmail.
Is Gmail involved in a mass surveillance system?
The obvious reason would be yes. At least because they can be coerced by the NSA to provide data to the NSA. Even if their was actually few uses of PRISM, the fact that they're forced by law to collaborate is not a good thing.
You would argue that it's just the NSA spying on us, they cannot actually do things to you if your not a US citizen which is false. Because there's at least the Five Eyes coalition, meaning that data gathered on you by the NSA will be shared with other agencies from other government.
Also, I think that saying that NSA mass surveillance has no effect in you is a lack of understanding of what are the impact of mass surveillance, I will not elaborate on that, others are doing that better than me.
But there's also something else that I want to elaborate, and that we miss in the "governments are evil" stance. It's the fact that google is collecting and analysing a lot of data. From your GMail data (and metadata) to your search, video historic, or even the blogs you read. They analyse those data and take actions - to present you more accurately targeted advertisement and search recommendation. Basically, they're doing mass surveillance on their own.
Google is part of the problem. They cannot be a part of the solution to get out of mass surveillance. Sure, they won't kill someone simply based on metadata you'll say. But they're doing something worse, they won't expose you to information that they deems unrelated to your interests, and you won't even notice it.
So yes, Google - and Gmail - is part of a mass surveillance system. They might not be collaborate willingly with governments, but they do it at least for their own profit.
Are the mass surveillance system only targeting IP traffic?
We know - since the exposure of a lot of the NSA nasty stuff - that a lot of government have the capacity to intercept traffic on a global scale. The fact that your traffic goes to a datasilo such as google ones, or goes to your own server at home makes no difference, they're intercepted the same way. What would change is that they would need to get the email metadata from the email you send from gmail, while they do not need to decode them if everyone is on their own box.
They're already doing that. Equipment setup to break TLS, intercept email communication and compromise your endpoint are already used. So they do not get any benefits to going for something lighter. If you send an email from gmail to another gmail account, those natsec agencies can already read it and extract the metadata they need.
And since stuff like Palantir, hacking team or gamma international are all known companies who are selling solutions to our government. Those solution are based on the infection of your endpoint (your smartphone, tyablet or computer) to not bother with breaking the cryptography of your communications.
After all, if they can read what is displayed on your screen, why should they bother intercepting your TLS connection to a hidden service in Tor?
So, thinking that, being alone on your node, is a compromise on your anonymity is apparently wrong. You do not add metadata to the collection they already have (they already get the headers of your emails, no matter what).
Also, there's a last one that nobody thinks about. If everyone is on GMail, then you just need to compromise GMail to get all the ddata you need. Just one company. Yes, hacking into Google is something out of my personal scope, but if you're willing to, you can dot it. It has been done by China before, and I see no reason for things like that not happening again.
Hacking into GMail is just an enormous prize, you get it you can really improve your intelligence. Especially if you stay undetected. Put all one's eggs in one basket generally ends with an omelette. Even if it's a titanium basket.
Applying this principle, I then need to have my correspondent apply it
Because communication is - at least - two ways, if you want to protect and hide a communications, you need to protect both ends of communication. So, applying this means that everyone should get a gmail account, because it's safer for everyone.
I mean, You use GMail and I'm not. I'm running my own mail server. So, you hiding in the crowd does not works, because if I'm getting compromised - and since I do not have Google grade security - you're being compromised too (after all, they'll be able to get metadata of the mail you sent me).
So, for this fallacy to be true, you need everyone have a GMail account. Which will makes things worse because, hey, they're part of the problem - as stated above.
Doing that is exactly than not encrypting data or using Tor because "it would looks suspicious". It does not. Protecting your privacy should not looks suspicious. If you think it is, then it's kind of too late, you've already ate the states toxic memes of security. But let the ones who want to fight them do it.
No, Gmail, Yahoo, Facebook, Twitter, Microsoft or Amazon will not ever be a solution for privacy. They're part of the problem.
However, there is one specific case where GMail might be a not so bad alternative: throw away mails (as suggestsed by OaklandElle. Besides that? No. It will not improve your privacy, quite the other way around.
Solutions? Stop the dragnet and mass surveillance. Which you can do only at societal and political level. And give a try to the [internetcu.be] if you're looking for self hosting, it works. Mostly. It won't give you better security, but you'll definetly have better control. And even if you're still monitored by state, at least you won't be monitored by an advertisement selling company.
[UPDATE] After talking with jbfavre on twitter, it seems that I didn't understoof his point. He did not want to advocate for a massive use of GMail as a way of protecting yourself, but rather for small associative clusters.
I think that it's a good option. Simpler for most people than going full self-hosting, and sufficiently decentralised to hinder the mass collection of data. It's not the ideal choice - but then we cannot asks high risk people to have their data in their home where it will be seized by cops - but it's I think a good trade-off between privacy, ease of use and safety.
Shooting the ambulance
It seems that there's a national sport among crypto nerds, and it's shooting the ambulance. Yeah, I know, I've been kind of naive thinking that some people with common sense could be more vocable than the people who enjoy ranting on stuff, saying that this is shit, and that only them know the truth.
I'm speaking specifically about the own mailbox project and the torrent of flame and more or less accurate accusation it received from @aeris in this three posts. I also like to point out that the answers provided by the Own Mailbox team doesn't makes them right. There are issues with the project, but I do not think it's a reason for burning them alive, but instead would have been interesting to help them to improve.
This is something aeris have an issue with - I already pointed that out in the way Crypto Parties are ran around here in Paris.
The point he's missing in those articles is - as always - what is the threat model own mailbox tries to solve; as well as mixing up a lot of things (blaming a mail server for the insecurity of TLS or for the possibility of MitM attack is … out of scope).
So, let's try to think about that.
Everything is broken
First, as Quinn Norton once wrote, if you pretend to work in the security and tries to improve the safety of people, you have to acknowledge that: Everything is brooken. It basically states that there's no way to have a secure system. It does not exists, it will not exists any time soon.
If you look at a project like own mailbox, where you will display decrypted text on an end-point - because if you're not you're either using bad crypto or no-one is actually reading the content.
Eventually, you'll have decoded data - sensitive data - displayed and stored at least in memory of a computer. A computer which is flawed by malware, spyware, adware and other nasty things. Whatever your crypto level is, even if you have a fully patched computer with as few software as you need, you'll probably have some 0-day active that a motivated attackers can exploit to get access to this memory.
It means that, with a sufficient amount of time and of motivation, someone else than the emitter and recipient of the message would be able to get their hands on your data, for the simple reason that - at some point - you need to read it.
And if you have a bullet-proof mailbox - which is the promises made by own mailbox - well, it's way much easier to target the end-node and to read the mails at the same time as the user.
After all, Hacking Team was doing basically exactly that. And there's no reason to believe that they were the only one to do that.
And no, free software will not save you there, with so many attacks on web browser, or PDF, it's not enough to run free software on your computer. One way to solve this issue is to use an air gap computer, a computer that have never been and never will be connected to a network of a kind. It means you need to burn your mails on a CDRom or a DVDROm and to check them onto the airgap system.
And this is something you cannot do with the general public. Because maintaining such a computer - set asides the financial costs - requires time. Like at least one hour a day. Every day. And to get a good understanding at how the computer works. Which is something a lot of people - because they do not want to or because they cannot to - won't do.
Also, assuming that the average computer/smartphone/tablet/whatever security is higher than the one of a small brick that cannot be easily improved and extended is a hell of a mistake. Key generation whould only be done on airgap computer with hardware random number generator if you want to have really secure keys - and stored on a read-only devices.
Never forget Jessica
This is the second most important error done I think. We forget about Jessica. Specifically we make two mistakes. The first one, that everyone is willing to spend a lot of time figuring out their safety and to protect themselves and their relatives against a theoretical threat.
Let's stand back a little bit. We already have hard time to have people using simple means to protect themselves against a real threat like AIDS, syphilis or other STI - use condoms people. Seriously - how would we have them protect themselves against philosophical and political threats?
Especially if we expect them to understand things that could take some months or years to get by? What is the point of full-encrypted mail? What means end-to-end? What's the NSA/GCHQ/insert-your-own-agency-here doing exactly? And why they're doing it? They're trying to protect us, of course. Against terrorism. That's what they said.
If you want user to actively use crypto, you need them to not think about using it. And if you focus only on the technical issue, you're missing the point that it's a political one. Because if your government wants to spy on you, they will sub-contract a hacking team like, and you'll be screwed.
This is what - I think - aeris is missing. The people who'll actually get the own-mailbox are people who already understand why they need to protect themselves (yay, there's actually some of them out there), but who can't afford to host themselves another way - essentially by a lack of time and of skills.
People who will get these kind of devices are not the hard core activists who tries to avoid cops enter their house to seize computer look-a-like devices. Because, in this situation, hosting your mail in your office is useless at best, dangerous at worst.
So, most of the people who will use this kind of device or services aren't really people at risk of being sent in jail because they sent an email. They're probably the one who will use it as a nice gadget, on a side.
This kind of devices have no chance to ever be used in life or death situation. And even if they were, crypto won't protect you from bullets.
Also, everyone seems to think actual people uses email. They're not. Less and less. We're using Facebook messenger, twitter DM, GMail (which is less and less compatible with third-party clients), WhatsApp, SnapChat, SMS, etc …
I'm not saying that it's a good thing. I'm trying to understand who are the people who're gonna use this. And it won't be the social-media addict who only uses a Mac and GMail, it won't be the Uber Nerd who uses only mutt and altern.org emails, nor will it be company - because they can't handle the load on those devices.
It won't neither be the poorest people who do not have access to a correct enough ADSL line. So it will be people who already understand what it means to being watch and wants to add a little bit more security on their devices.
The thing is, we won't get everyone doing key management the perfect way for - at least - two reasons. The first one being that no one know what is perfect key management. The second one being that even the crypto nerds fails at it on a regular basis.
So this is it.
But going after them, saying that the devices is blatantly flawed without even having one at hand in the first place is kind of stupid and counter productive. There's an issue around the terms used (100% secure is always false), but I believe that - since it's a free software project - aeris could have, at least, open bugs or ticket. I did not find a repo for own-mailbox though - didn't look for it hard neither.
But aeris choose to get out for blood. Yes, this porject is far from perfect, but it's still a plus, and if it gets some people to use more opportunistic crypto, then it's fine enough for me.
aeris, you really should understand that no, no one can use the tools you're using as part of their regular routine. And in most case it's not even a matter of will, but a matter of means.
This post is a follow-up on what I tweeted yesterday - hours before the constitutional council gave its approval of the new French Intelligence bill. First tweet is here
Where I come from
Before writing this article, I think it's important to give some context about what I've done the last few years.
So, before joining the Telecomix Crypo Munition Buro and #telekompaketet, I wasn't that much in security and crypto. I learned that on the late, and with some specific goals in minds - I'll be back to that later. I was a mercenary sysadmin, working for anyone willing to pay me to maintain their system.
I didn't understood the difference between free software and open source back in the time, neither was I aware of a lot of issues in the world. Looking to it through my small internet periscoped visor. Most of the news I was reading back in the time were tied to computer, video games and - to some extent - foreign diplomacy.
Not the mainstream media, but not much better. I worked for government and the police - maintained the fingerprint database used by cops and sold by the former Sagem - now known as Morpho XL. I worked for oen of the traditionalist newspaper. For startup trying to build customer profile and senders of millions of mails.
But I was reading those few news. I was joining the twitter (2009 … damn, that's already 6 years?) and already having fight with people humping on the Facebook boat.
Because what was clear for me was that my privacy should be kept under my own personal control, not under the control of anyone or anything else. I always been shy about sharing data over over public and free network who will track you in the end.
I got this habit of watching for my privacy since high school. I accessed the internet for the time at this time. And at home we even had high-speed internet (512 Mbps in 1997, was part of an 31337, not chasing for those AOL 50h of free internet CD Roms).
I got this habit not because of the teaching of someone, but because of my father. See, my father wasn't an abusive one. He was kinda distant, avoiding me, but he was not an abusive one. At the time we had internet and when I discovered some of the endless possibilities of the computers being connected to each other, I also learned that my father was a paedophile. He has been convicted for that. Twice. At least the second time it was related to detention of pictures from internet.
Yep, that's about how I learned how it was important to understand how things works and why it was paramount to protect your privacy. Because cops would breaks into your house and seize your hardware for the sole purpose of you living in the same house than a sexual offender.
So, everything started there for me. Since then I always had a full encrypted drive, I've used the privacy mode in my browser as much as I could, I learned to delete cookies and Internet Cache on a lot of browsers (from Netscape Navigator and Mozaic to chrome to Internet Explorer 6).
This is when I started caring for the law about computers and communication. And censorship. I did not really get a grasp of what politics where, but still, I was keeping an eye at it.
Got a degree in computer science and got working, trying to earn my independence and to get out of my parents house - almost 20 years later I still can't speak to my father and yes, it's part of the reason I'm severely depressed - and so on.
We're now in 2009, end of the year and I'm bored at work. There is a lot of signal coming from Tunisia that things will getting ugly there. That's when I started to act for someone else than me.
I was self hosted, so I had spaces. And root access to my servers. Slim Ammanou was interviewed in some media I was reading (Cant' remember if it was Read Write Web fr or the blog of Jean Marc Manach, not really important I guess). And some people were doing mirrors of censored blogs in Tunisia.
I was bored, I did knew bash, so I scripted some things to help. WHen someone figured out that the ATI was dropping the SSL around facebiik to catch login and password, I crote a one line that could generates gigabytes of fake password for a specific account.
And someone told me to join IRC and #firstname.lastname@example.org. I haven't fired up an IRC client since the 2000' so it felt a bit odd, but then a lot of things changed for me, starting with the immolation of Mohamed Bouazizi, the Egyptian revolution and the Syrian civil massacre.
During those last five years I developed my security and crypto skills, and tried to train activists who needed it to communicate. I've quit my job and worked for an NGO for nearly a year and a half, chain burning-out myself to the point of severe anxiety disorder and depression, mixed with my attention disorder it doeswn't goes well.
So this is where I come from. I hope that it will helps you to understand what and why I'm going to say the next few things.
The crypto fallacies is to think that your freedom relies on the tool you use. That, if you use the correct tools, in the way they're intended to, then you have nothing to fear from an oppressive regime.
It's false, first because IT security on the general computing is a disaster - and I'm not sure it can be fixed anytime soon - but lmost of all it's false because you're opposing an oppressive regime.
If you're not actively opposing an oppressive regime, you're silently accepting it and then you're an accomplice. So, you're opposing an oppressive regime. An oppressive regime as one specific characteristics, it's using arbitrary detention and arrest to spread terror and keep thing under control. And no amount of crypto can fight that.
I've seen kill list in Syria, written with a carbon pen on a piece of paper. Based on denunciation by neighbors, assumptions by people or just because people did not live in the correct address. I've seen people getting shot for no other reason than their skin color, or the way they were dressed.
But most of all, I've seen people getting arrested, tortured and shot at because they were protesting into the street. And that's the thing cryptonerds needs to understand. In the end, the purpose of an activists, is to get in the street, to oppose - violently - the state, and end up in jail (in the bes case scenario). The crypto, or the tech gyzmo you can provides them with won't prevent that.
Also, if your freedom relies on a specific piece of tech, or a specific knowledge, it means that each and every people who has no access to it can't be free. Which raises an issue that I have not seen adressed by the most vocal voices in the OpSec for activists people. Sure, you can do IT Training in Mali, but when you have power outtage several hours a day and when the temperature will frequently raises above 40°C, most of our tech is made unusable - believe me, we tried that.
I've also seen crypto nerds going extremists and refusing to even consider talking to an activists over an unencrypted channel. That's an interesting stance since then, the activist would never know how to do that
That's also a good way to forbid communication, which is mandatory for coordinating actions, getting information out, and care about people. If we would follow those extremists, we would end up in an autistic mode without communicating because it would exposes you to a risk. Risk that still needs to be determined.
And, in the end, if you want to undermine and destroy an oppressive regime, you need to accept the risks. You need to accept that you'll end up in jail. You need to accept that you'll be beaten up. You need to accept the fact that if you do not take the streets, then it's your opponent who have them. And you need to take that back.
And you cannot do it from a computer.
Sure, sysadmin and service operators providing good opportunistic cryptography, with fluid interface and where the security doesn't get in the way of the user, while protecting their users from the government are needed - and it's the path I've choose, but you have to accept that it's illegal in most states. Even in NATO countries, or in the EU.
But those sysadmins won't be protected by crypto. Their freedom is at risk as soon as they decide to fight and to help. And no crypto tool you can use can tight your organisation to a point where no exterior influence can destroy it. We've seen it before - with Sabu for instance - we'll see it again because that's how things works.
The only thing crypto will buy you is time. This time should be used to coordinate, to share, to care, but it won't get you out of jail (even TPB founders did serve time). But that's about it, once you'll be in the street, you'll end up in jail whatever the crypto you're using.
And that is called OpSec (Operation Security). The purpose of OpSec is to be able to run an operation. If the crypto you're using makes you unable to run it, then you've failed your OpSec. And running no Operation is also an Operational failure.
So, yes, crypto is usefull, because it gives you time and space to breathe. It allows you to get some room to distress and coordinates. But your freedom does not rely on a piece of tech. It relies only on you to take it.
Go into the street.
Those are the notes I used for my talk at the Ubuntu Party in May 2015. So it's in French - sorry but feel free to translate.
It's about privacy, and it intends to give other way to talk about it.
As-t-on vraiment besoin de vie privée?
"On the internet nobody knows you're a dog".
Depuis les débuts d'Internet, la vie privée à toujours été une problématique forte. Qu'il s'agisse de l'utilisation de pseudonyme, des Anonymous ou des problématique autour de l'immixtion arbitraire dans la vie privée, la vie privée à toujours été débattue sur la place publique.
C'est une notion qui est présente dès que l'on parle de communication et d'information - le secret des correspondances date de bien avant UseNet - mais qui est également utilisé à tort et à raison par des personnes fort différente. Du droit à l'oubli demandé par les politiciens au coming out pratiquée par les communautés LGBTIQ en passant par l'invisibilisation et le conformisme parfois volontaire, parfois subit, que recouvre vraiment la notion de vie privée, et mark Zukerberg a-t-il raison quand il affirme que la vie privée est un artefact du passé?
Ça fait un peu de temps que je réfléchit à ce qu'est une identité, a ce qu'est la vie privé et aux problèmes que cela peut soulever dans la construction de soi. En tant que personne bisexuelle ce sont des questions qui me touchent personnellement et ne sont pas forcément simple.
Mais d'abord quelques définitions.
Qu'est-ce que la vie privée? Et autres définitions nécessaires.
Vie privé / Vie publique
Citée par tous les défenseurs des droits, notamment par l'article 8 de la Convention Européenne des Droits Humains et par l'article 12 de la Déclaration Universelle des Droits Humains de l'ONU, la protection des personnes contre l'immixtion dans leur vie privée est considérée comme un droit fondamental. Mais elle n'est jamais définie dans ces textes et chartes. Généralement car la notion de vie privée évolue avec les mœurs mais aussi avec la technologie. Il y a peu de chance que - en 1948 - l'ONU ai pu imaginer que nous nous baladerions tous avec un appareil capable de nous localiser au mètre près et capable d'enregistrer ces données sur plusieurs dizaines d'années.
Quand je parle de vie privée, je parle donc de tout ce qui n'est pas public. Ce qui est public c'est ce qui est accessible par une entité qui n'est ni émettrice ni réceptrice d'un message. La vie privée ne concerne donc que ce qui est connu par un groupe définit et restreint.
On peut d'ores et déjà remarquer qu'il y a différentes vie privées et publiques en fonction des différents cercles sociaux auxquels ont appartient. Et dans un monde favorisant les connexions entre ces différents groupes, toute la difficulté de gestion de la vie privée vient de là.
Entropie de l'information
Retournons aux bases de l'informatique et de la science de l'information avec la théorie de l'information de Shannon, telle qu'il l'a formulée en 1948, afin de définir l'entropie de Shannon.
L'entropie d'un système d'information est - en gros - inversement proportionnelle à la possibilité de prédire la prochaine information venant d'une source. Par exemple, si un émetteur n'a émis que des 'a', alors la source possède une entropie faible. Mais si jamais un 'b' apparaît, c'est une information à forte entropie (et nécessitant peu de bit pour être codée) car ce comportement n'a pas pu être prédit en considérant la source d'information.
Dans un monde normé, composé uniquement de 'a', exprimer une différence - de manière voulue ou non - est donc une information à forte entropie. Moins il y a de 'b', 'c', etc… plus leur apparition sera entropique et donc considérée comme anormale, comme une anomalie.
A l'inverse, dans un monde peu ou pas normé, dans lequel toutes les expressions sont reconnues et existe, être différent n'a que peu d'entropie, peu d'impact sur cet ensemble.
Nous vivons actuellement dans un monde normatif, encourageant le conformisme à un modèle donné. Ce modèle est véhiculé par différents médias : la publicité par exemple, qui véhicule une image de bonheur ou de beauté qui ne peut être atteint que par un certain type de personne, ayant un certain corps, une certaines couleur de peau etc… ; mais aussi par les gouvernements qui définissent les bons et mauvais citoyens grâce aux lois qui définissent la marge (stupéfiants, prostitutions, squats, hackers, etc…)
Un panopticon est une prison idéale théorisée en Angleterre au dix huitième siècle et qui se base sur le fait que les prisonniers savent qu'ils peuvent être surveillés en permanence, mais qu'ils ne voient pas si ils sont effectivement surveillés.
La concrétisation de la menace de surveillance - et de répression en cas de non respect des règles établies - est suffisante pour garder les prisonniers sous contrôle.
Michel Foucault étendra ce principe à d'autre milieu sociaux en 1975, et expliquera que ce système de contrôle - la peur d'une surveillance omniprésente - est présente à de nombreux stades de notre société : à l'école, dans l'entreprise, à l'atelier et bien au-delà de la simple prison.
Un système panoptique est donc un système qui entretien une illusion de surveillance doté de capacité de répression afin de forcer les personnes à se conformer et à obéir à des règles. Il n'y a aucun besoin que cette surveillance soit réelle ou efficace, il suffit qu'elle soit visible et présente dans les esprits.
Identité « par défaut »
Ce qui est public c'est ce que l'on connait d'une personne lorsque l'on l'on interagît avec elle. Comment elle s'habille, sa coupe de cheveux, les stickers sur son laptop, sa photo de profil sur Facebook, le contenu de sa page Wikipedia où les résultats de recherche retournés par Google quand je cherche à savoir à qui j'ai affaire.
Bien entendu, la façon dont on est perçu par les autres dépend des normes sociales. Le fait d'avoir les cheveux longs n'a pas le même impact pour les garçons aujourd'hui qu'il y a 40 ans. Et il est également parfaitement possible de jouer avec ces codes pour passer dans une autre classe sociale que la sienne. Porter une blouse blanche vous fera passer pour un scientifique - et vous permettra de bénéficier d'un biais d'autorité - de même que porter un costard vous rendra plus crédible auprès de votre banquier pour obtenir un prêt.
Cet ensemble de code sociaux qui permettent de définir rapidement l'appartenance d'une personne à un groupe social est définie comme l'identité sociale. Cette identité sociale - à ne pas confondre avec l'identité personnelle - permet généralement de compléter ou de projeter les parts non explicite et non publique d'une personne. Typiquement, quelqu'un qui traine sur le chan #tor@oftc aura une identité sociale de hacker, avec tout ce que cela implique. Les hackers étant majoritairement des hommes blancs cis-hétéros, à moins qu'une personne n'explicite directement certains aspects de son identité personnelle - et donc abandonne une part de sa vie privée, j'aurais tendance à supposer que je parle à un homme cis-hétéro lorsque je parle avec quelqu'un de ce canal IRC.
L'assomption "On the internet nobody knows that you're a dog" part du principe qu'il est possible de ne pas avoir de marqueurs sociaux en ligne. En effet, lorsque l'on se connecte il est parfaitement possible de 'passer' pour un utilisateur standard. Un profil twitter non personnalisé, avec un pseudo non genré ne révèle que peu de chose sur vous. On ne sait pas si vous êtes un homme ou une femme, noir ou blanc, un chien ou un chat.
Mais notre cerveau a besoin de catégoriser les personnes pour pouvoir interagir avec elles. Pour éviter les impairs, mais aussi parce que notre cerveau fonctionne par analogie (et reconnaissance de motif) et que des hormones telles que l'atropine permettent d'amplifier ces comportement.
Et un utilisateur d'internet a une identité sociale. Plus de la moitié des utilisateurs d'internet sont basés dans les pays dit développés (Europe et Amérique du Nord principalement), et l'utilisateur "moyen" (au sens statistique) d'internet est donc un homme blanc cis-genre hétéro. L'identité sociale d'un utilisateur d'internet est celle-là. Ce qui veut dire que, à moins d'afficher des marqueurs permettant de vous classifier en dehors de cette identité sociale, j'aurais un 'passing' d'homme blanc cis-genre.
Quand j'ai une photo de profil d'œuf dans ma timeline sur twitter, je suppose que cette personne est un homme blanc cis-genre. Je lui assigne inconsciemment cette identité, et je m'attend à ce qu'elle se conforme à cette identité.
De même quand je croise une personne dans la rue. Les données que j'emmagasine sur elle en analysant la façon dont elle s'habille, se coiffe, marche, la façon dont elle parle, tout cela me donne des indices sur l'identité sociale de cette personne.
Cette identité n'est pas nécessairement son identité personnelle, il est important de le noter. Si je m'habille comme ça, c'est parce que j'ai envie d'être identifié comme un hacker, ce n'est pas forcément pour ça que je pense en être un. De même une personne efféminée passera pour une femme ou un homo, même si ce n'est pas nécessairement comme cela qu'elle se définirait.
Cette identité "par défaut", sociale, fait que pour pouvoir exister hors de cette norme, pour pouvoir être considéré par les autres comme ce que l'on est et non pas comme cette identité par défaut, il est nécessaire d'abandonner partiellement notre vie privée. Le fait que je vous dise que je soit bisexuel me permet de ne pas être entièrement classé dans cette identité par défaut, et donc d'enrichir une diversité d'identité. Cette diversité peu s'avérer vitale dans un système social, nous le verrons plus loin.
L'identité par défaut peu cependant avoir des avantages. Par exemple, LEGO en choisissant de faire ses figurines à la peau jaune avait établi à l'époque que c'était pour éviter les histoires de racisme. Ce jaune plastique à d'ailleurs été réutilisé un peu partout comme couleur 'neutre' et a été dérivée un peu partout. Les smileys et émojis jaunes par exemple.
Sauf que cette couleur a été assimilée à la couleur par défaut. De même que le blanc, ce jaune est devenu la couleur de peau par défaut, et donc ce jaune est devenu synonyme de blanc. Spécifiquement, lorsque la firme LEGO a commencé à développer la licence Star Wars. Lando Calrissian fût un des personnages à ne pas avoir sa mini figurine.
Plus tard, le set LEGO Sports représentant différentes personnalités du sport, donna aux joueurs de la NBA une peau noire, ce qui valida bien que la couleur "par défaut" jaune est en fait celle du système dominant en place. De même les emojis - au début tous jaunes - sont maintenant déclinés dans de nombreuses tonalités de peau afin de permettre à chaque personne de choisir comment elle veut être identifié.
Il y a aussi un trope au cinéma qui établit que l'homme est le "défaut" pour l'humanité. Un personnage de fiction est, par défaut, mâle. Si c'est une femme, il y a une raison spécifique pour - ou alors cela va générer une vague de commentaire et d'attaque. C'est ce que l'on appelle l'androcentrisme : on considère qu'une femme est une "anomalie" alors qu'elles constituent en fait 50% de la population humaine.
Le problème de cette identité par défaut est que, du coup, elle impose à celleux qui ne veulent pas être associées à cette identité par défaut la responsabilité de se démarquer, et de devoir abandonner des bouts de leur vie privée en les affichant car ces éléments sont privés pour les personnes se conformant à l'identité sociale par défaut.
Injonction à l'invisibilisation
Le discours que j'entends beaucoup dans le milieu geek/cryptonerds est basé sur le fait que l'on a forcément quelque chose à cacher et que donc, il faut nécessairement le cacher. Il suffit d'assister à un Café Vie Privé, ou de regarder les intitulés des conférences de l'Ubuntu Party par exemple.
Le discours est - en gros - vous devez tout dissimuler car le gouvernement/Facebook/Amazon/Google vont exploiter toutes ces données pour vous oppresser, vous exploiter, vous transformer en vache à lait et vous déshumaniser.
Selon ce discours, on devrait tous accepter l'identité par défaut. On devrait tous être des hommes blancs cisgenre hétérosexuels, puisqu'on ne devrait afficher aucune différence par rapport au modèle par défaut.
En suivant ce discours, les personnes opprimées parce qu'elles affichent une différence devraient cacher leur différence derrière leur vie privée et se conformer au modèle dominant et oppressif, au lieu de questionner ce modèle oppressif en affichant leurs différences.
Cette injonction, ce devoir d'utiliser sa vie privée pour se protéger des agressions, pose un double problème. D'abord, parce qu'il est formulés essentiellement par des hommes cis-hétéro blanc qui correspondent beaucoup à l'identité par défaut. Ces personnes n'ont que peu de choses à craindre d'un système oppressif car elles font parties - volontairement ou non - de cette classe oppressive. C'est donc une injonction d'oppresseurs à opprimés qui est formulées dans ce discours.
L'autre problème sous-jacent est que, si je suis discriminé, agressé, tabassé parce que je suis bisexuel et que je le revendique, alors on me dira que je n'avais qu'à dissimuler cette particularité. Que je n'avais qu'à me taire et me conformer. Ce discours ne remets pas en cause l'oppression systémique et classiste, voire l'encourage. Après tout, si quelqu'un n'est pas capable de chiffrer correctement ses communications et se fait prendre, ben c'est qu'elle l'a bien cherché, elle n'avait qu'à utiliser Tor.
Demander à supprimer de l'espace public les spécificités et les différences des uns et des autres, revient à uniformiser tout le monde derrière l'identité par défaut. Parfois utile pour mettre en retrait des informations qui pourrait parasiter un discours vis à vis d'un oppresseur - typiquement le black bloc ou les anonymous - cette uniformisation est nuisible si elle est maintenu en permanence et dans tous les espaces de notre société.
Déjà, parce qu'elle augmente l'entropie nécessaire à afficher une différence. Si personne n'est comme moi, alors il est coûteux d'afficher cette différence, et cela pourrais même être vain. Après tout, si je suis seul à ne pas être comme les autres, je n'ai aucun intérêt à l'afficher.
Mais surtout parce que cette uniformisation est présente partout où je vais. Dans la rue, le métro, au taff, dans les conférences techniques, etc…. L'espace public n'appartiens pas aux minorités. Le discours de la Manif pour tous - et leur défense quand on les accuse d'homophobie - est qu'il n'ont rien contre les homos, du moment qu'ils ne s'embrassent pas dans la rue. Ils justifie cela par une agression de leur modèle exprimée par le fait que deux personnes du même genre se tiennent par la main dans la rue ou s'embrassent.
Cette injonction à la vie privée est une ostracisation. Elle force les opprimés à se regrouper dans des endroits safe, dans des ghettos, dans des quartiers à eux où ils peuvent exprimer leur identité sans se faire emmerder. Demander à quelqu'un de tout chiffrer, de ne pas utiliser facebook ou Google parce qu'elle pourrait être profilée, c'est mettre la responsabilité de l'agression sur la personne qui aurait afficher une différence, qui aurait pu très bien se conformer.
Dire que si je ne chiffre pas mes communications et que je ne me conforme pas à l'identité dominante par défaut alors le gouvernement viendra m'emmerder, c'est valider le fait que le gouvernement est légitime pour aller emmerder les personnes à la marge. Dire que pour me protéger du harcèlement en ligne, il suffit que je ne dise pas que je suis une meuf, revient à ne pas remettre en question le fait qu'il y ait du harcèlement.
L'injonction à la vie privée permet, in fine, aux dominants de ne pas e remettre en question. Cette injonction au chiffrement permet de ne pas attaquer l'état sur la légitimité de la surveillance massive. Ce n'est pas parce que je n'utilise pas Tor que la NSA a le droit de surveiller mes communications.
Mais au final, la question la plus important à laquelle ne répond pas le chiffement c'est que si tout est privé, alors qu'est ce qui est légitime à exister dans l'espace public? Qu'est-ce qu'il est légitime de faire en public? Si tout le monde à la même apparence, le même genre, le même uniforme, au final quelle liberté j'ai dans l'espace public? Si porter une cravate rouge au lieu d'une cravate noire deviens un acte subversif, qu'est-ce que ça nous dit de notre société?
Le refus de la vie privée comme acte militant
Rendre publique une partie de sa vie privée est un acte militant. S'affiche comme membre de telle ou telle communauté, et donc hors de la norme établie, permet de faire évoluer cette norme, de réduire l'entropie d'être différent.
C'est une stratégie qui a déjà été beaucoup utilisée. Le manifeste des 343 salopes par exemple a permis de faire avancer le débat sur l'avortement en France et à amené à la loi Weill. 343 femmes ont abandonnées une partie de leur vie privée et se sont reconnues coupable d'un délit, afin de remettre en question ce qui à l'époque était l'état de la loi.
C'est également la stratégie du coming out développée par Harvey Milk entre autres, stratégie qui permettra son élection au poste de maire d'un district de LA, puis à son assassinat.
Cette stratégie est basée sur le fait que si une personne straight connait une personne homosexuelle, que c'est un ami, un frère, une sœur, alors il y a moins de chance que cette personne straight considère l'homosexualité comme une tare ou que la discrimination contre les homos soit quelque chose qui ne la concerne pas.
S'afficher ouvertement comme faisant partie d'une minorité permet aussi aux autres personnes de cette minorité de ne pas se sentir seul⋅e⋅s ou abandonné⋅e⋅s. Cela leur donne un contact, un point d'entrée vers des groupes d'entraide et de soutien, et cela peut amener d'autres personnes à essayer de comprendre les oppressions systémiques.
On le voit, par exemple, dans le mouvement féministe sur twitter. Les féministes font blocs et se soutiennent parce qu'elles se revendiquent en tant que telle. Certes, cela les expose a du harcèlement en ligne et hors ligne, mais avoir un groupe, une communauté, leur permet de aprtager leurs expériences, de se soutenir quand ça ne va pas, de faire front contre les agressions et aussi de s'autogérer c'est à dire de pouvoir s'organiser entre elles, sans qu'un homme blanc cis-hétéro viennent les "aider".
Cette autogestion permet la réappropriation des espace publics. Qu'il s'agisse d'espace hors-ligne - tels que les marches de nuits ou la non-mixité dans certains lieux - ou en-ligne - avec tumblr par exemple qui est essentiellement féminin - cette réappropriation de l'espace public n'est possible que par un abandon partiel de sa vie privée.
En exprimant une injonction à la vie privée et donc en validant le système oppressif actuel, vous empêchez cette réappropriation de l'espace public. Vous forcez les minorités et groupes opprimés à n'exister que dans la sphère privée, loin des regards. Vous les forcez à la clandestinité, à exister hors de votre espace public.
Cette mise à l'écart, cette ostracisation forcée gomme de l'espace public les personnes concernées. Elles n'ont plus le droit d'avoir une identité sociale en lien avec leur identité personnelle. Dans 1984, si tout le monde porte un uniforme c'est pour qu'il ne soit pas possible d'exister hors de l'Angsoc. Les seuls qui ne portent pas cette uniforme sont les personnes qui ne sont pas membres du parti et qui vivent dans les bidonvilles. Ces personnes n'existent pas pour le personnel administratif.
Si vous empêchez les femmes d'exister sur internet, ou les LGBT, alors vous les invisibilisez. Vous leur refusez le droit de s'exprimer dans l'espace public, vous les empêchez de verbaliser les agressions qu'elles subissent. Et si ces agressions ne peuvent être verbalisées, alors peut-être qu'elles n'existent pas. Ou qu'elles ne sont pas systémique. Si je me fais fouiller par les flics, ce n'est pas parce que j'habite à Saint Ouen et que j'ai l'air d'un dealer, c'est juste un contrôle aléatoire. Si il n'est pas possible de faire de statistiques sur les contrôles au faciès parce qu'il n'est pas possible de faire de statistique ethnique, alors il est impossible de mesurer efficacement le racisme de la police.
Si on ne peut mesurer le racisme de la police, alors c'est qu'il n'existe pas. On ne peut pas en prouver l'existence. Tous les débordements et toutes les bavures seront la faute d'individus, pas d'un système raciste et oppressif.
De la même façon, en demandant à tout le monde de tout garder privé, vous validez l'invisibilisation des minorités, vous leur niez le droit et la possibilité d'exposer des oppressions. Faire le choix militant de se revendiquer d'un groupe social, d'abandonner une partie de sa vie privé, est le seul moyen de confronter la société à ses inégalités et injustice.
Ce n'est pas du tout un choix aisé et il y a de nombreux endroits dans le monde où je ne pourrais pas dire que je suis bisexuel sans être instantanément menacé de mort.
Comme moyen de défense
Ces discriminations basées sur l'identité personnelle sont la raison pour laquelle toutes les déclarations des droits définissent un droit à la vie privée pour se protéger contre ces discriminations.
Ce droit permet à chaque personne de s'aménager un espace personnel dans sa vie quotidienne, espace dans lequel il lui est possible d'essayer de se construire de se définir.
La vie privée permet d'avoir un espace d'expérimentation, un espace dans lequel on peux essayer des choses ou faire des choses que l'on a pas nécessairement envie d'exposer au public parce que l'on ne sait pas encore si on approuve ou pas ces choses. Il peut s'agir par exemple de questionner son identité de genre ou sexuelle, de se demander si le FN n'aurais pas tort et proposerait des choses intéressante ou même de faire une blague sexiste.
Après tout, dans un cadre privé et où tout le monde se connaît, il est possible de baisser sa garde, de laisser échapper un mot ou une blague oppressive et que cela soit compris comme cela, comme une erreur, comme un dérapage ou juste comme un lâcher prise. Et ce n'est pas parce que l'on lit Mein Kampf que l'on est nécessairement un sympathisant d'Adolf Hitler.
Ces expérimentations, sont extrêmement importantes car elles permettent d'apprendre. En explorant des voies alternatives sans être soumis au jugement des autres, il deviens possible de se construire, d'essayer de se définir.
On peut parfaitement avoir besoin de Windows pour travailler, parce qu'il n'est pas possible de faire changer seul toute la politique des système d'information d'une entreprise de 600 personnes et pour laquelle on est qu'un employé comme un autre. Ou juste parce que c'est plus pratique pour dépanner l'ordinateur des personnes qui viennent aux Repair Café et que non, on ne va pleur mettre Ubuntu parce que ce n'est pas la raison pour laquelle ces personnes sont venues - et que l'on ne veut pas qu'elles nous appellent dès qu'un .docx va planter sur leur machine. En revanche l'annoncer ici, publiquement, va déchaîner l'ire de nombreuses personnes.
Ou bêtement parce qu'un rm -rf --no-preserve-root / malheureux va vous exposer à d nombreuses années de moqueries.
L'espace public n'est pas vraiment un espace tolérant à l'erreur ou à la différence, essentiellement parce qu'il est accaparé par les oppresseurs. La vie privée permet de se négocier un espace dans lequel exister sans se confronter aux oppressions. C'est dans ce sens que la DUDH protège - par son article 12 - les citoyens contre les immixtions arbitraire dans leur vie privée.
Cette protection est nécessaire afin de permettre aux états de traiter tous les citoyens de manières égales. Se conserver une vie privée permet de se protéger contre les injustices du système ou de la société. Quand l'environnement extérieur cherche à vous stigmatiser et à vous rejeter, il est nécessaire de se conformer pour souffler et pour éviter d'être soumis à des violences physiques, sociales ou psychologique parfois extrêmement violente.
Il est également parfois nécessaire de passer pour quelqu'un du groupe dominant afin de pouvoir faire valoir certains points politique. L'identité par défaut, passe souvent pour une identité neutre et donc objective. Se parer de cette identité permet ainsi de bénéficier d'une aura d'objectivité qui permet d'asseoir son propos. Il suffit de voir les mèmes tels que "Fake Geek Girl" par exemple. C'est un mème qui se base sur le fait que les meufs n'y connaitrait soi disant rien en culture geek, et se base sur le fait qu'elle ne savent pas répondre à un obscur fait de trivia basé sur cette culture pour leur refuser l'appartenance à cette culture geek. Fait qui est - très souvent - ignoré par une grande partie des hommes faisant partie de ce groupe.
Se faire passer pour un homme dans ce milieu permet donc à une femme de ne pas se faire jeter dehors, juste sous le simple prétexte de son identité de genre non conforme au milieu, et donc de pouvoir se faire écouter par des mecs qui ne l'auraient pas écouter sinon.
Il y a aussi plusieurs espaces publics ou privés. Des choses qui sont parfaitement acceptées dans un sous-groupe, peuvent être sujet à discrimination dans un groupe plus grand ou différent. Démarrer un Mac OS X à NUMA sera parfaitement bien vu, mais vous vaudra quelques regards en coin si vous le faites au Loop. L'intersections et les interactions entre ces cercles sociaux et ces groupes rendent encore plus complexe et flou la notion de vie privée et de vie publique.
Surveillance de masse et discrimination
La surveillance de masse a pour but de pouvoir surveiller l'entièreté d'une population. Cette surveillance ne se limite généralement pas à l'espace public, mais concerne l'ensemble de la vie d'une personne ou - pour être précis - l'indexation et l'analyse de l'ensemble des données personnelles, privées ou non, disponible par une entité étatique ou commerciale.
Ce qui est surveillé devient, de fait public. Connu par l'état ou par les autres. Votre statut relationnel est mis à disposition du public par facebook, de même que votre identité de genre par exemple. La RATP sait quels trajets vous effectuez et peu donc vendre des publicités mieux ciblées aux annonceurs via sa filiale Metrobus.
Si tout est surveillé, tout est alors public. On se retrouve dans le modèle du Panopticon tel que envisagé par Foucault dans "Surveiller et Punir". On ne sait même pas si on est surveillé, mais le simple fait que cette menace existe nous force à nous conformer et donc à nous contrôler. Les boîtes noires de la Loi sur le Renseignement n'ont même pas besoin d'exister ou de fonctionner pour être efficace, il suffit simplement que nous soyons persuadés qu'elles existent et qu'elles analysent intégralement notre vie privée devenue publique pour que nous ayons déjà commencés à modifier nos comportements et notre rapport à la vie privée.
Dans un monde sans vie privé et ayant pour but de forcer au conformisme, alors l'anti conformisme devient suspect. Les personnes ayant le plus à perdre du panoptique sont les personnes qui refusent ce conformisme, car c'est elle que le panoptique cherche à identifier. Toute personne refusant de se conformer est désormais suspecte d'atteinte à la sureté de l'état.
De fait, la surveillance de masse est nécessairement discriminatoire. Elle ne concerne pas les personnes faisant parti de la classe dominante, ou désirant s'y conformer. La surveillance de masse ne va détruire la vie privée que des personne opprimées. Cette surveillance impose donc une forme de conformisme, d'uniformité et - on l'a vu - cette uniformité amène à une invisibilisation des marges et à leur suppression de l'espace public. Or, sans espace privé, ces personnes ne peuvent exister, il deviens impossible de formuler une oppression.
Se négocier un espace privé est donc un moyen de lutte contre la société panoptique et conformiste. Pouvoir vivre en dehors du système de surveillance de masse permet de préserver son individualité, qui ne peut s'exprimer que dans sa vie privée dans un système social de ce type. Sans vie privé, il devient impossible de formuler une idée qui va contre le système social ou d'expérimenter. Il devient impossible d'évoluer ou de se penser différemment des autres ce qui amène à la disparition de toutes les différences vis vis des autres et à l'assimilation de notre identité personnelle à notre identité sociale. Nous ne sommes plus des personnes mais des fonctions et des rôles.
L'invasion de notre vie privée par toute sorte de système panoptique (administration et état d'une part, mais aussi toutes les entités se gavant au big data) amène donc à la suppression des individus et à notre assimilation à une identité sociale hors de notre contrôle. Il est donc littéralement vital que nous reprenions le contrôle sur nos données personnelles - qui ne sont jamais définies comme privées par les opérateurs - afin de savoir qui a le droit de savoir quoi sur moi. Quitte à ce qu'Amazon ne puisse pas me proposer de livre que j'aimerai à tous les coups.
La vie privée est donc quelque chose d'extrêmement important, on l'a vu elle seule permet de pouvoir remettre en question un système oppressif et conformiste en permettant à chacun de se construire son identité personnelle.
Cela dit, l'injonction à la vie privée, dire à tout le monde qu'il faut tout cacher, c'est justement se conformer au système panoptique. C'est refuser aux individus le droit d'exister comme ils le veulent.
C'est un droit consacré par plusieurs déclarations des droits humains. Mais c'est un droit, pas un devoir. Je n'ai aucune obligation à cacher mon identité sexuelle, ni à la révéler. C'est un choix que je fais et que je suis seul à pouvoir faire.
Et c'est un choix qui évolue dans le temps et le contexte social. Ce n'est pas parce que je balance des choses sur moi dans un cercle social défini que je le ferai dans un autre. Il n'y a pas de règle universelle de ce qui doit être privé ou public, il n'y a que des curseurs que l'on essaye de contrôler pour exposer plus ou moins de sa vie privé, pour différentes raison.
Mais oui, il est absolument nécessaire de réfléchir aux outils pour protéger sa vie privée, notamment en ligne. Mais il faut aussi se poser la pertinence de ces outils et de ses usages. Ces outils doivent permettre aux personnes qui le désirent de choisir quelles informations rendre publiques et lesquelles doivent rester privées.
Il faut aussi se poser la question de la lutte globale contre la surveillance généralisée, parce que Tor, GPG, OTR ou autre ne sont pas la solution universelle. Ces outils ne résolvent pas le fait que les états est corporations construisent une prison panoptique à laquelle nous consentons.
If you haven't heard, there's an emergency law currently “debated” in France, which wants to legalize illegal practices from the Intelligence services (both domestic - DGSI - and foreign - DGSE) and gives them impunity, circumvent the judge, and goes to a massive discriminatory surveillance.
The hashtag is full of report of people opposing it (from Human Right defenders and NGOs to citizen collective such as LQDN to companies and business of all scale). So yeah, it's the law NSA's head is dreaming of.
There's two issues I want to discuss at hand. Not sure how it'll end, but here it goes. The first one is why fighting surveillance is - in my opinion - the wrong fight and the wrong way of doing it, there's more to this than just surveillance. The second is about all the geeks and hackers trying to flee out of France, to move their businesses out of it and other “abandon ship” strategies.
So, surveillance. As Quinn Norton and Eleanor Saita stated one year ago in their talk at 30C3, surveillance - in itself - is not inherently good or bad. Surveillance is watching, and - when you want to interact on something - you need to watch it. It's hard to grab precisely something in the dark (you can do it, but it's hard).
You need surveillance to expose corruption for instance. Or fascism. Or any wrong doing in fact.
So, the issue discussed is not - and should not be - the surveillance per se. The issue is that this whole process is secret, hidden, non documented, without control or regulation.
What does it mean? First, it means there's an asymmetry in information. Something knows more about me than I'm able to know about them. What you do not know controls you, it means that this imbalance of power makes the state having more control over you.
It makes them able to act upon you on a discriminatory way. The gigantic issue here is that. It's not the surveillance, it's the lack of control. It's the fact that no one is watching the watchers and have way to act upon them. What frighten me most in this law, are the wording used “secret defense”, “higher interest of the state”, “impunity for state agent” and things like that.
I've ranted on twitter about the black boxes that will be able to algorithmically identify threats. The thing is a lot of people lost sight of what an algorithm actually is.
It's a parametric mathematic function applied to a set of data in order to classify information - or at least that's what is intended in this specific use case. The magic words in algorithm, machine learning, classification system is just this: parameters. The way you choose your parameters will change the way you classify your data.
How many occurrences of jihadist related news you need to have in your browsing history to be classified as a jihadist? Hom many hours a day you spend in this chatroom? How many times a week you go there?
Those numbers - the one that we as citizens will never heard about - are political tools. The way you choose them, and why you choose them create classification of people and will make you decide who needs to be swatted or not. That's where the ugliness begins. Those numbers will be chosen to discriminate people depending on their backgrounds.
I mean, they're already discussing about exceptions for surveillance - especially for journalists - which means that they're clearly lie when they say it's an anonymous data collect, they're already discriminating people based upon their traffic.
So, the surveillance is not the issue. Neither is the privacy. The issue is the lack of control. The issue is the absence of transparency. And stop fighting surveillance saying you have a right to privacy. That's true, but then it enable politician to call for the “right to be forgotten” which will only help them evading justice.
The issue is that mass surveillance, done by an oppressive system is a tool of segregation and racism. Because in the French context where we do not speak about Arabs anymore, but only about Muslims (and in a way that makes people think that all Muslims are Salafists and potential terrorists), I'll bet 2 BTC on the fact that they will be the one specifically targeted by this surveillance.
Same goes for the poorer of us. Who happen to be the ones who are not the white guys, who are also the ones who fight for survival and acceptance at all time. I'm quite sure that if the system catchs a white and rich guy, he will go in the false-positive trash and nobody will incriminate him.
So, stop fighting surveillance for the only sake of it. I should not need privacy in a non-oppressive system - that's even how you determine you're leaving in a non-oppressive regime: what you do and what you are cannot be held against you as long as it does not threaten the safety of someone else. But go fight the state implemented discrimination.
Don't run away. Fight.
Which leads me to this other point. We - as citizens, as a collective - need to fight that. I refuse to abandon the ship. I'm witnessing a lot of data-exodus. People actively looking to host their data abroad. Commercial companies - such as OVH - are looking to build datacenter elsewhere.
I can understand why a company would do that. They would because they intend to respect the law. Because they do not want to risk their existence to protect their customers, so they're running away. But the thing is, if you flee, then what will happen when the country you've fled to will also change their law and regulation? Flee again?
That's not a sane way to do thing. That's why we have civil society, to oppose the state, to try to restore a bit of balance in the power repartition. If you flee, you say to the state: you can do whatever you want, I just do not care about it.
If you're a big company, which a lot of money, yes, it might have some power against the government, they will have to choose between reinforcing their power or keeping some jobs in the country. But, well, if the state initially wanted to defend their citizens best interests they won't be trying to deprive them form liberties, right?
So, fleeing will only preserves you. And, well, you're still a French company, with offices in France, so you still need to obey the law. OK, you'll be somehow outside of the DGSI reach. But your customers won't, since they'll still be in France and they'll still connect to your infrastructure from France, from inside the Dragnet. Which, basically won't protect them and can even gave them a false feeling of security - which is worse.
What can you do? It's time to protect your customers, your users. The people who've put trust in you. You do have a choice - and it's not an easy or simple or risk-free one. You have to choose between taking care of your users, and actually hold the promises of security you've done to them or obeying the law. That's call civil disobedience and yes, you can end up in jail. But you're not alone, and a legal defence fund is something you can create or ask for help.
Yes, it might seem easy to say. But that's what I intend to do with my project. Providing tools for activists and militants groups who need them. In a way that will try to preserve most of their privacy. I do not intend to respect the law to do that. I do not intend to hide myself.
Hosting data for other people is a political statement. I'm sick of hearing people asking for a country where they could safely hosts their data. You can do it wherever you want, if your government has decided to jail you, they will be able to do it - wherever your data are. What we need is not a list of foreign hosters who are out of the French territory and jurisdiction, what we need is a government who actually protects us, not themselves. What we need is actually to take a stance.
Privacy café, camp, cryptoparties et al is good and nice, but it does not solve the main issue. When are we really going to show those who're in charge who actually is? When are we really going to send them a middle finger?
Do not flee. Do not let them scare you. Fight back. Federate. Protect the people who've put their trust in you. They'll protect yourself then.