Companies and hacktivism

Companies and hacktivism

Google’s case

On the 12nd of March, I was at the Cyber-censorship event organized by RWB and sponsored by Google. There was a nice panel after that, with a lot of activists from Belaruss, Egypt, Tunisia and Syria among others. And, well, could not restrain myself, but I’ve expressed some worries about Google, Skype and others companies providing tools used by activists to communicate and about the lack of openness of them.

The Google representative that was there answered briefly that

"[He] do not understand the criticism about the lack of openness of Youtube, everyone can access it".

Well, that’s not true. For instance, tehre’s a video posted by Fhimt.com was locally censored for no apparent reason (the story is on reflets.info). And that’s only one case. I’ve got another one of an allegedly leaked video of torture of syrian that is ‘not available’ (but given the numbers of views and other thing, it was available), and while building the TBS I saw that about twenty videos we once got in the past, are not available anymore.

So, yeah, youtube.com is available in most part of the world. But not the content of it, and Google gives no reason of the specifics (except for ‘copyright claims’), they give no guarantee that anything that is available now, will be available tomorrow.

Worst, when reading their terms of use they restrain the avaibility of the contents to the only authorized Google apps (youtube.com being one), that means that, yes TBS is violating the clause 4.C and H of the terms of use:

You agree not to access Content through any technology or means other than the video playback pages of the Service itself, the Embeddable Player, or other explicitly authorized means YouTube may designate.

You agree not to use or launch any automated system, including without limitation, "robots," "spiders," or "offline readers," that accesses the Service in a manner that sends more request messages to the YouTube servers in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser. Notwithstanding the foregoing, YouTube grants the operators of public search engines permission to use spiders to copy materials from the site for the sole purpose of and solely to the extent necessary for creating publicly available searchable indices of the materials, but not caches or archives of such materials. YouTube reserves the right to revoke these exceptions either generally or in specific cases. You agree not to collect or harvest any personally identifiable information, including account names, from the Service, nor to use the communication systems provided by the Service (e.g., comments, email) for any commercial solicitation purposes. You agree not to solicit, for commercial purposes, any users of the Service with respect to their Content.

So, it means that, everything that is on youtube is subject to the good will of Google. If they decide for one reason or another that you must not see a content on youtube, then they will destroy it and you have no legal way to make an archive of it. Not without a commercial agreement.

Hence, the youtube services is, indeed, free of charge and accessible. But it is not free at all, because you cannot do a lot of things with it.

I mean, Google could be an amazing archiving tool, they have an insane amount of data at end, and they could archive them, providing to the citizens that content on Google (email, video, docs, search results, whatever) will always be available using, for instance, documented and free standard. But they aren’t and they won’t.

They won’t because, besides what Google can say, they are a company. And the only goal of a company is to earn a big pile of cash. They can have an ethics, they can pretend their going social, whatever. In the end, what will dictates their move is the quantity of money they will have at the end of the month.

That’s why they moved in China, despite the censorship over there. They saw 300 millions people that can use Google, that’s 300 millions people that can be submitted to compartmental analysis to serve theme efficiently targeted advertisement (which is the Google job).

Google is not about freedom of information, so they accepted a partial censorship from China authority. Then, they discovered they where targeted by a huge attack, the Aurora attack, probably commanded by China’s authority to go after some intellectual property of Google, so they went out.

They didn’t move because their tool was censored. They moved because their business was under attack. They’ve done some PR move about the China being uncooperative, violating their property (no shit?) and forcing them to do insane censorship (oh, really? So, you’re not censoring yourselves?) and then they moved to Hong Kong, acting like the good guys.

The good guys will have stay there, will have disobey and will have provided activists there online tool to preserve their anonymity and their security, fighting the laws and regulation of the Chinese government.

The Skype case

Skype is even worse. Even without being now a Microsoft product, Skype is designed on closed and obfuscated protocols that are designed to go through most of the firewall on both side of the call. The utility allow for Desktop Sharing that grants execution on distant host, your address book is stored somewhere, the cryptography is based on secret algorithm not documented anywhere, so it is Security through obscurity which is as bad as no security (even worse, because it gives a false feeling of security).

The only strength of Skype is to have a good marketing team, and to be available on whatever platform you can think about (the free of charge thing is the same for all VoIP providers).

One big problem with Skype, is the auto-update thing. It is used a lot to deploy malware, notably in Syria where activists get killed for organized themselves (so, yes, a government using such malware can now the people you’re calling and can arrest you and them, alongside with their friend and families). I’m not saying Skype is collaborating with government, just that a closed proprietary software that will get installed on all the computers, that can install things on his own without warning users, that can get through all firewall and that do things in your back is called a trojan over here.

Worst, now Microsoft bought Skype. And Microsoft have a lot of patents. There is one that need all your attention right now. The patent 2010153809 labelled ‘Legal Intercept‘. So, in short, Microsoft as patented the technology required to give any government the capability to intercept any communication using one of their software. Most of the government now have law to authorize such things. There was law for that in classic-phone system, as long as on GSM, and I always thought it’s legal for them to intercept any communication they need to build a case against you as long as the legal system allow them (and it will). The thing with Skype is, it was supposed to be end to end encrypted, so, mainly, the snoopers cannot have a verbatim of the talk.

With this patent, however, Microsoft is telling that any government can now intercept communication in Skype. So, basically, anyone who have access to the Microsoft tool for lawful intercept can now intercept Skype communication. So, the encryption is now broke and will never be recoverable.

The weird thing is that the Syrian government, for instance, has law that grants him access to spy on its people. With this kind of patent, they do not even need DPI and hackers tobreak it, just to ask Microsoft to give them the key of the system.

Facebook Google, Twitter and the One identity problem

As I saod before, most of the website you use have only one goal: serves you with the data they want you to access (because they’re paid for that), not the one you want. And, for this to be efficient, they need to know you in a lot of details.

They do not care about you having a pseudonym or a real name (except for Facebook). What they do care about is the fact that you must have only one name. They need it, because they wants to track you everywhere you go to build of profile of you they can sell to whoever pays for it (or access their data using more creative way).

For instance, Google has changed their Privacy Policy, requiring that you use only one account for all their services (and that all of those services will share data with all the services). So, youtube will now about what you wrote on gmail and what’s on your blog (if you use blogger).

Facebook, and its ‘like’ button is even worse. If you’ve got a facebook cookie in your browser (which, if you have a facebook account, is the case) and even if you’re disconnected, the simple fact of loading the ‘like’ button (which is a script) will tell it to facebook.

Twitter is now selling your public tweets (and all the informations associated to each tweet, including localisation if it’s active). I still do not understand who will buy something that is already free because it’s public, so I suppose they, in fact, sell analysis and profile that match some criteria to target them with advertisement. Or by selling them to a governmental agency that is willing to pay to watch their citizen. Don’t think it’s not the case, government are spending a huge amount of money on CCTV camera and other way of spying on their people.

So what?

The thing is that those company have product almost in every country, their product is free of charge because the users are the product, but still, you have it every where. They can live with insane traffic, they’re translated in the much common languages, they are easy to use, multi-platform and idiot-proof. And that’s why people uses them to share pictures of their sex life or of their last trip to Vietnam, to share videos of riots and uprising or about clever cats playing on a keyboard, to harass underage girls or to share an amazing animation clip.

Those tools are everywhere because they are big, they’ve made internet popular, they’re in part responsible for the development of those smart-phones and of the eradication of the dumb-phones.

And given that, and the fact that the last websites you will access in case of crisis are Google, Facebook and Twitter while news sites will be closed to protect the government, activists can and will uses them. And some of them will get killed for this, because those website do not provides way of communication that are really anonymous.

Google told they’re making an effort to be as ethical as possible. If they really was, they’ll open the code they use on their servers, they’ll open and disclose their algorithm, they’ll provide way of enjoying fully their services without building a profile.

Surely, they’ll earn less money. But they will still earn some. Plus, some people should have remain alive and free instead of being jailed for having uploaded content on facebook or Google.