Stop killing people, stop using Skype!
A journalists friend of mine pointed me to a news flash from AFP – REF: 29578 DVBP 729 GLN20 (4) AFP (295) , if it means something to you – in which they killed someone. Or, if it’s not the case, he will be killed soon.
Why? First, they used his full name in the text, and the city where he lives. This is, in essence, like putting a target on his forehead and waiting for snipers, tanks and/or mortars to kill him.
But worse, they used the infamous malware named Skype to contact him. Besides the huge privacy issue related to using something that has been ‘accidentaly’ deployed in the last Windows Update, it is of public knowledge that Skype is used as a trojan to identify and hunt activists in Syria. The EFF posted about it, kaspersky, posted about it, even the original writer of the tool used inside Skype to deploy the Remote Access Tool has wrote about it along iwth a removal tool.
So, journalists now knows, for month, that it is dangerous to use Skype. It is also dangerous to use closed and proprietary software. A lot of people are telling this for months now and even make propositions to use alternative, free and decentralized systems, because it is the only way to enforce some bits of privacy.
You are a fucking idiot AFP
So, enough with the polite arguments. Each and every time someone uses Skype, Twitter, Facebook, MSN, Gmail or any other widespread and centralized system (it includes relying only on one XMPP servers, or status.net one) they’re putting their sources in danger.
So, fuckers, YOU HAVE TO STOP THIS. Get your fingers out of you ass. Just think and do your jobs. You’re destroying everything that people are trying to do by being a lazy asshole full of selfishness and thinking without brains.
Stop that or I’ll go after your family and smash them with Apple hardware (since it appears they can be used only to slap someone).
You knew that Skype is dangerous. But you did that call. And you put the name. You’ve killed the person who trusted you, you’re not better than the ones that are killing people in the street.
Addendum
It appears that the interview is exploited among various flash news, you can find one here (without going through a paywall)
Also, people might want to know what are the risks. Since it appears some are lazy enough tonot use seeks I’ve done a quick search and found all of those:
- https://en.wikipedia.org/wiki/Skype_security
- https://www.schneier.com/blog/archives/2011/12/skype_security.html
- http://www.guardian.co.uk/technology/2011/mar/16/skype-security-weaknesses-vulnerable
- http://www.securityfocus.com/columnists/357
- https://www.computerworld.com/s/article/9012239/How_dangerous_is_Skype_
It took me 20 seconds to find those. Also, if you’re looking for ways to communicate, there is two links I recommend:
Replies
Ok, so @afpfr did reply me. Nice of them. Here are their tweets (they also replied to Telecomix and Ju).
Basically they wanted me to contact them first, and then they said that their contact had no issue with the publication of its identity, adding that this identity is a pseudonym.
So, I do not think getting private on this issue will have them answering anything and changing their habits. Also, if it’s a pseudonyms, it is to make the sources unidentifiable. So, why writing down the pseudonym? And if their contact always use this pseudonym, the mukhabarats can get after him, arresting people to torture them and to make a link between his ID and his pseudo.
Also, I have no personal issue with the AFP. I have one with each and every person that will put someone in danger, because they are too lazy to think and use free software.
Moar Replies
Yeah, I know. But AFP did a long reply and I think it’s interesting. You’ll find the text in FR here and I think it is interesting.
First they did a long reply, which means, we got their attentions. And it also means they’re concerned about it. So, I’ll do a point to point reply, translating the text on the go. Because I do think that things can change.
Lots of internaut were flaming against the AFP, on the second of July, accusing them to put in danger the life of a Syrian opposition member.
Telling that the rage was overrated does not change the fact that you did put his life in danger.
In a flash news from Beyrouth, titled « Homs is still under fire, some injured people are amputated (militants) » and published Monday at 08:50 AM GMT, a militant from the bombed Syrian town gives us his testimony :
"A lot of district in Homs are still besieged and it’s very hard for us to bring food and drugs in" Khaled al-Tellawy told AFP, a militant from Homs contacted by Skype.
Dozen of people, on Twitter and in blog posts, were outraged, sometimes in harsh and insulting terms, because of the fact that the AFP were namely quoting this Syrian opposition member. They also criticized the AFP of using Skype, a communication system that some judge unsafe regarding the terms of use. The syrian government is suspected of having create some malware that grants him the possibility of easily locating militants when they use Skype.
Ok, I do accept that I’ve missed the pseudonym part (but then, having a pseudo or ‘one guy’ is the same). But, when you’re saying that some people thinks that Skype is unsure, you’re missing the point.
Skype is a trojan. It’s a free (as in free beer) tool that grants user to communicate using non-standards VoIP protocols. It grants a user to share almost anything via Skype. From text message, to sharing desktop, going by voice and video. It is now a subsidiary of Microsoft. And we all know that Microsoft works with each and every government, for instance in Tunisia.
And the FBI Use Skype as a surveillance tool
Besides, there are documented cases of Skype being used as a trojan in Syria to target activists there, the [EFF][] spotted some of them:
- https://www.eff.org/mention/syrian-rebels-targeted-using-commercial-skype-trojan
- https://www.eff.org/deeplinks/2008/10/chinese-skype-client-hands-confidential-communicat(ok, this one is in China, but still)
- https://www.eff.org/deeplinks/2012/05/fake-skype-encryption-tool-targeted-syrian-activists-promises-security-delivers
- https://www.eff.org/deeplinks/2012/06/darkshades-rat-and-syrian-malware
Sammy Ketz, directeur du bureau de l’AFP à Beyrouth où a été rédigée la dépêche, réfute toute accusation d’imprudence.
Sammy Kets, head of the AFP office in Beyrouth where the news was redacted, denies all accusation of carelessness.
« We explicitly asked him the autorization to quote him. He granted us this right, given that Khaled al-Tellawi is, of course, a pseudonym. Tellawi being a Syria area » explained Sammy Kets.
« None of our interlocutors gives us his real name and they choose their pseudonyms by themselves » he add. « It is the militants who are trying to contact us by all means possible and they invites us to join them on Skype. It is, most of the time, their only medium of communication with the outside. It is a wrong trial for an agency who always tried to protect their sources, especially in a conflict as dangerous as in Syria. »
So, why don’t you publish the pseudo of all your sources on each press release? I mean, if it’s so important for a good information, why all the journalists aren’t publishing the name of their sources, even if it’s a pseudonym? I mean, it appear to be a common practice, since AFP is a traditional with good repuation press agency, right? I might missing something, right?
We should asks mediapart and Le Canard Enchaîné to disclose each sources they have also. After all, this is how good journalism is done if I follow your thoughts. AFP, you might be kidding, or on crack to think that.
Also, if someone goes in the middle of a street while a truck is going to smash him. You warn him, you try to push it out of the way, you just don’t let him right in the middle of the road. So, the argument they reach you via Skype is fallacious. You should use this contact to establish a secured communication with them.
« We’re using Skype daily to communicate with Syrian rebels, as we’ve always done before in Libya and to this days and no one else have ever blamed us for that » add Jean-Louis Doublet, AFP chief editor for the Middle East
We’ve already blamed anyone for using Skype, through the @telecomix status.net chan, this blog or through a lot more media (even Richard Stallman warns anyone against Skype at the Jhack second iteration). So, you knew it and you were already blamed for that. But know, you are listening, so you’ll learn (I hope).
And the fact you were doing mistakes before, does not mean they weren’t mistakes.
« Opponents are necessarily concious of the dangers of using Skype. But it’s that or be totally cut of the outside world. In this country, everyone is risking their life » he pursue. « All the media are using Skype to speak to Syrian opposition. Accusing AFP to do it is specious. If someone wanted to forbid us to spread the opposition words they would not do anything else. »
No, opponents are not necessarily aware of the dangers of Skype. But you are. It is your duty, as journalists, to establish secured channel of communication with your informants on the ground. You cannot assume that people are doing what they should, or we won’t have conflict everywhere.
The fact that everyone is doing a mistake, does not make the mistakes the right things to do.
And, well, I do not want to shut any contact with Syria. I just want people to think about the way they’re communicating. Telecomix and the WorldNeighbourgHood have permanent contact with activists on the field, using more secure chan.
With Telecomix, we are trying to make people aware of more secure way of communication. Since 15 months we’re also building communication channels that anyone can use. You do not even have to asks us the permission first.
But yes, it means, you have to think first and act then.
Edited to add the various links at the end (2012/07/02 16:37 Paris time) Edited to add the replies. (2012/07/02 17:39 Paris time) Edited to add the more detailled reply of AFP (2012/07/02 20:22 Paris time)