Security and Safety

There’s something on my mind that’s been going on for a while. Well, another something going on in y mind.
And it’s about security and/or safety and how those concepts are used today. Or how they’ve been twisted. So, let’s start with what I mean by those terms. They’re often used as synonym for each other, but I keep thinking that they’re not meant to be.

Security, as I see it – at least in the uncountable use – is a concept related to peace of mind (even the latin form securitas is about peace of mind). It means it’s something you do not have to pay attention because it cannot hurt you. I think it’s linked to avoiding accident and incident, to put the potential cause of accident away. That’s the reason we have more and more automated features in cars, like ABS or ESC, who tries to manage traction for you to not care about traction loss (and control loss). They’re meant to avoid accident. Or to significantly reduce your exposure to the risk of an accident. Those are called securities for a reason, they make you able to feel secure while you drive half a ton of metal and plastic at high speed along other people doing the same thing while hopping no-one will fail to avoid collision with each others.
Peace of mind requires to reduce or negates the perceived risks to work. You must been aware that you were exposed to risk and then to be aware of something which allow you to think that perceived risk has been acted upon and that you’re now able to stop being worried about it. Feeling secure is something deeply rooted in most of animals, it meant to have certainty about the fact that you can eat, drink, and not being killed by something while your asleep. It means taking step to ensure that you’ll have that tomorrow, and the day after that, and the day after that, until your death.
Security is being addressed in our communities by laws and regulations. Whether they’re explicit or implicit doesn’t really matters. They’re made to ensure that, at the end of the day, all member of the community can stop thinking about the daily threats they’re facing daily. Security implies rules which purpose is to control behaviors that the community perceive as an existential risk, it also implies active measure to protect one self from them which leads to either individual arming themselves to defend themselves, or giving this power to a group of people devoted to maintain security and to control behavior. And this group of people must display that the rules are enforced, because if they’re not, then they’re not devices for peace of mind. To elaborate more on this, there’s whole segment of philosophy dedicated to it (Foucault’s “Surveiller et punir” being one of them, but 1984 by Orwell or Best of Worlds by Huxley do address this).

Safety is, on the other end, everything that exist to reduce harm done. It’s the plan B, it’s what happens when shit finally hit the fan. To stay on the car analogy, safety are safety belts and airbags. They exists only because there’s a risk of accident that have not been nullified by security measures (laws and regulations). And that is why self-driving cars is such a hard problem to solve, because you can’t have a null risk’s probability.
Safety is what allows Security measures to fail without doing much harm to everyone. It’s not really peace of mind systems, because they only exists because you’re exposed to a risk. When you put a helmet on before riding through whatever traffic with your bike, you become aware of the risks you take, and you try to reduce the harm you’ll suffer when someone you’ll eventually be thrown on the ground in the middle of a street because someone didn’t looked before opening their car door. Safety is knowing that if someone enter your house while you’re in it, you’ll have a place and space to recover and people to provides you what you’re missing.
Safety is not about control of behavior, it is about caring for others. Is is not peace of mind but it is acknowledging that you cannot achieve perfect security, and that you need to accept some harm. It is about recovering, learning, growing up.

Why do I talk about this? Because I hear a lot about (cyber)security, and not about (cyber)safety. Security being about perceived risk, and applying behavior control in a way that will be perceived as a reduction of this risk, leads to the current regime of mass-surveillance we live under.
I’ve red a Story about Jessica a while back. And I think it address the fact that we do not have (cyber)safety, that the infosec community have no clue about safety and what it means. The security focused industry means more surveillance (logging) and behavior control (don’t click on links, upgrade, choose a stronger password, don’t publish your key, and many of the do and don’t prevalent in the infosec community).
In computer science, the safety of the software an entity have to manage is, however, quite pregnant. You’ll have backup of the data, backups of the infrastructure, disaster recovery plans, etc. But this is only about the safety of the software. It is not about safety of users or the people who maintain it. If you cannot achieve software security for your company, you’ll probably end up fired at some point. All the on-calls procedures are just means of maintaining a software in a safe state (alive and running, or at least partly running after a crash).
However, users of the software are not protected by those technical safety solution. What will happens when users data will be leaked? What steps are you taking to reduce the arm being done to them? You must be able to answer this question. It could be providing legal counseling, or collaborating with law enforcement (not that I’m a big fan of cops). It could be being proactive and warn them as soon as you find out something bad happened to their data, and try to provide them assistance in recovering access to your software for instance.

Holistic security goes a deep further into control. It is based on the fact that achieving full security requires you to have a specific mindset, and that you must take care of you in order to achieve security. I find it interesting to link way of life to exposure to perceived risks. If you sleep well, you’ll be better at security. Too bad you suffer from depression and insomnia, meaning your last good night sleep was ten days ago, and it was drug induced. Holistic security tends to be, form my point of view, ableist. If you’re not emotionally, physically and socially fit, you can’t hope for security. You cannot get your mind of all the stuff that’s forbidding you to achieve security. It is, in the long run, blaming the victim. You didn’t took care of you, ergo your security has been breached.
I’m not saying that we must get rid of security. It is important to reduce risk exposure. But it has a cost: surveillance and behavior control. I’m saying that we must focus more on safety, on what happens when the cops gt you during a protest with your unlocked phone (or they unlock it using your face). What harm will you be facing when someone is black mailing you over the nudes you got in your Direct Message – or stored on your computer.
This is the question asked in the stroy about Jessica. And I didn’t find a lot of answer since this been published. Facebook tries to help with revenge porn, and there’s a lot of things being done here (go have a look at what BADASSis doing for instance. And this is an issue where technology can’t save you (it is, again, something that provide surveillance and control behavior). Safety means there’s something to take care of people and to help them to recover. It means about caring about people (not software, their just maths, they can’t be in pain), it means trying to make everyone life better (and not easier). For instance, Code of Conducts are security measures. And they’re important because they allow people coming to your community to know that they’re not at risks. Until you do not enforce your own Code of Conduct for instance.
Having a post-harassment process to help the victims, and the harasser (yes, I mean that), to understand what happened, to document it, and to provide support for the victim is safety. That is what safe space should be about. Not space where you won’t be hurt, but space where, when it happens, you’re allowed to take less harm than if you were alone. It is also a space where you’ll be told something you’ve done did hurt someone – not that you broke a rule. It is a space where people will address your behavior and helps you to stop it, not by expelling you, but by a process. It can mean that, for sometime, you cannot come in certain places. It depends on how your community provides safety.

Safety is feeling welcome, feeling belonging to something, knowing that you can make mistakes, own them, and grow out of them. It is not something you can code in your software and, in fact, a lot of the time, your software works against safety.
If your data collection algorithm can be used by cops to identify perpetrators of a crime, it can also allow anti-gay bigots to identify gay people in their surrounding. It can be used by an abusive husband to identify where’s the woman he lived with as fled. It can be used by adults to expose teenagers sexting each others. It can be used to locate where a camgirl lives to stalk her.

And what’s the perceived risks you’re collection of data is protecting users against? You have to wonder if people can conduct drug traffic or do sex wok using your software, and if, by using your data collecting software, they put themselves at risk if you cooperate with cops. Security, in this case, would be to not use your data collecting software. If you value the possibility for law enforcement community to identify sex workers more than you value their safety, it means that you’ve got a political motivation for keeping several years of activity logs.

Keeping data about people is collaborating with cops, harassers and stalkers. It is not about safety of your users, it is about security and control. If you want to do cyberSafety, then it must be impossible for cops to identify anyone with the data you got. It means that you must not be able to identify formally your users. It also means that you must not do ad tracking. It means that the well being of your users is important for you, whatever they do in their life, whoever they are.
Stop logging, start caring.


It’s been a while. I mean, my last posts are translations of things I wrote on LQDN website. Since the last post, there’s been some changes (for instance, I finally installed something a little cleaner for people to read here without having too much to do on my side (yes, it means it’s an extremely basic wordpress).

Also I did burn out. And I do not think those word does even starts to explain what it’s been like. It’s not my first burn out. In fact I’ve got one at each places I worked, whether it’s a public administration, a big company, a startup or an association. It’s a constant in my life. I get a new job, and then I burn out.

It’s not sane *insert sarcasm and captain obvious related meme here*. But still, it happened to me at each job I took. Even if it’s for an association. I could say that it’s inherently linked to my professional specialization, but I’ve been working anywhere between an RJ45 cable and a chair. I’ve done architectural systems, Level 1 to 3 helpdesk, tutoring, devops, writing software, writing about technology and society, talked to a lot of different people abut technology, tailored databases, modeled applications. So, either it’s an issue with a whole industry (there’s some issue yeah, nut they’re systemic and related to capitalism), or it’s an issue with me.

Which brings me to this. I’m not sure I want to write more about the way hackers tends to think of themselves as  a Turing machine, but we’re not. Turing machine allows for extremely fast computations and near instant and perfect recall function, while our brains suck at it, but allow us to have insights. But I’ll keep this for another day.

I want to talk about transhumanism. And depression. For two reasons. First, is that I’m sick. I’ve got a severe depression disorder, among other mental health issues – and there’s a 7% probability that this sickness will kill me. Probably a bit more, because my others conditions will raise this (I’ve  been diagnosed with ADD and HQI, and I suspect I’m also borderline but it’s hard to diagnose while depressed so I’ll probably never know).

What transhumanism have to do with depression ? Science. Transhumanism is looking for ways to go beyond our humanities. Nietzche developed the Übermensch figures for it, but basically it’s the same. It’s a concept that transcend morality, as a tool used to divide the self into a good and a bad part (vices and vertues), and opposes nihilism, which states that this life – this world – is useless, since the only important thing is what’s after, becoming a Saint or mythological Hero.

Depression, and a lot of others mental illness, is tied to our experience with society (but this alone is not the only reason for depression, it seems there’s biologic and environmental factors too), it’s tied to stress, which is – basically – failures at communicating something to others or too understand what’s happening. We all faces stress, in different amount, and we probably all have ways to cope with it.

The thing with depression is that your train of thought is hijacked by existential crisis. It’s being in a perpetual state of fight or flight. It’s being unable to handle even the smallest emotion. People says that I’ve got a bad impulse control. It might be true. I’ve always got burst of rage which led me to, for instance, throw a desk at someone in elementary school. Because they cheated at a game. But now I have a way better impulse control. I’ll clamp my fists and probably get outside to walk and hit a wall until physical pain kills the anger. Yes, it explains some scars on my hand.

It requires all my energy, which does not allow me to build happiness. Every single day I wake up, doesn’t recognize me in a mirror, and go through the day while thinking about killing myself. Those are the good days. The worst one is me having daydream, with an excellent precision, of me hitting someone skull repeatedly with a metal bar or whatever I can get my hands on until my rage leaves me. I’ll usually manage to walk away (and yes, it happens regularly, to a point I’m now good at anticipating that and living a place before I end up stuck in a bar fight), pushing those impulse down inside until I can let go without putting anyone at risk. It’s not the impulse control which sucks, it’s the mood systems which are fucked up. And it scares me.

I’ve spend most of my life with this depression. It took me a while, and a lot of drugs, to be able to remember a chronology of episodes. For a while, I’ve pinned it down to my father incarceration, but I think it started before that.  But I know that at least since August ’97 I’ve got depression episodes of different magnitude. We’re in 2018now, so it’s been 21 years. And I’m not 42 years old yet. So yes, it means that most of my existence as an adult have been lived through depression, and hiding it to everyone because you cannot understand what it is.

It’s also, since not a lot of people want to talks about that – especially due to some extremely toxic tropes such as “Boys don’t cry” – you can spend a lot of time wondering if you’re alone, or if everyone feels the existential dread and collapse you feel everyday. You don’t know who, likes you, have to wear a social mask to hide their pain.

Add that to a total absence of bisexuals positives representation in the mainstream medias, especially during the 90’s, or positive gay representation, then you’re quickly lost, wondering if everyone is in pain, or if it’s only you. And if it’s you, why do you feel like that? Where does it come from?

The end of the 90’s, and of the century, was also when I learned that your friends will turn on you for no reason, except the fact that they wanted to have fun at your expense. That’s what boy-scouts taught me. You can spend weekends and a lot of time in a small social cell, supposedly trying to work together, in solidarity, but as soon as the other member of your cell will see a crack in you, they’ll rush into it, blow it open and will left you out to dry.

I’ve been evacuated from a camp, in tears, in 1997. Something like 6 month after my father had been incarcerated (it doesn’t helps when the joke is about family). And probably five days after some boy kissed me for the first time. Not out of love I think, but to check if I was drunk.

It cost me a lot. I’ve always been quite introvert, I’ve basically stopped trying to be friend with people. I’ll do like anyone else, tag along and, as soon as I can, I’ll crush them to get on top of them, since this is how I’m supposed to behave, I’ll become that.

It’s also at this time that I dig a little more into Science Fiction, and especially the Cyberpunk movement. And role playing games (first game of Shadowrun was in 01). Those books, especially the neuromancer, probably helped me a lot and saved me of all the incels tropes. I was in boys only classes, not because it was a non mixity school, but because I was interested in industrial machinery and computers and society teaches us that it’s not what women should do.

The fundamental thing in the CyberPunk movement is two fold. First, there’s a globalized society which provides instantaneous access to all informations, and such information is used by global construct to force humanity in its own view. Then, the stories in CyberPunk are not about heroes, but about marginalized people, ostracized person because they did not fit into the globalized capitalist society, and about how they dwell in society, how they use their environment to augment themselves and to reach capacities beyond their reach.

CyberPunk taught me that, the way our bodies and our mind are seen, generally through the spectrum of vices and virtues, is fundamentally obtrusive of collective freedom and reinforces individualism, you need to be more virtuous and less of a sinner – the vice and virtues being the 10 commandments, the amount of things you own, or what you share on social medias doesn’t really matters. Using vices and virtues to qualify people is flawed in about all the way we can imagine.

For once, because there’s a lot of people who either don’t understand those rules, or can’t abide to them. And then because they drive people to measure themselves on a moral scale, which is neither related to their personal capacities nor to their expectations of life or their experiences.

CyberPunk movement is about existing outside of the society, outside of the narrow definition of what is human. It is questioning what’s defining us and what’s human. In those universe, there’s always people who have been augmented. Either because they needed it – an amputee can get a leg back for instance – or because they wanted it.

Most of them are stigmatized for this. They’re considered as freaks or outlaws and they’re merely tolerated because they can do jobs that no one want to do. They can do that mostly because a lot of them lives at the margin of society, out of this globalized society tightly bound by a social contract (has Hobbes defined it for instance).

And the best part is that most – if not all – of the CyberPunk stories are about the collaboration of different kinds of freak. One CyberPunk character alone can’t survive. They survive because there’s other people at the margin of society, because they have developed the skills which allows them to use what they have to do what they need. It’s the kind of thinking hackers are supposed to have, It’s the ind of thinking that makes you see a bomb in a phone battery, which can be easily detonated which a phone.

It is the kind of thinking which leads you to question identities – individual or collective ones – and to accept people as they are. CyberPunk is not about fiber optics hair or glow in the dark eyes. It’s about the questions raised by those.

What’s a mind?, what’s a body? Can one exists without the other one? Are they tied to the social contract of society? Or does the existence of a free person is enough to destroy this social contract? All those questions are what you need to find in CyberPunk movement. It’s not really about the technology, a lot of this shared information storage has been depicted in a lot of ways (cultural hallucinations, loas who possess bodies, whatever abstraction one can find), it’s about how the technology shape the society and how free individuals can go beyond the morals of the society.

Which is what leads to transhumanism. How do we transcend our humanities to coexists together on this shared amount of resources that’s our environment. Transhumanism question the notion of identity or self. It is a movement which allow us to think beyond our currents mindset and body. It allows for people who can’t communicate with other to find ways to do it which does not involve pain. It allows for people who have a broken body to go around into another one. It allows for you leaving a lot of experiences at the same time, and then integrating them back into one self.

And the thing is, to do what I just described, a lot of people thinks we need some magic nanite stuff. We don’t need that, because we already have them – at least partly. The meds I take to put my mind in a less painfull state are just that. I’m eating carefully crafted proteins made of only 4 elements (Carbon, Hydrogen, Oxygen and Nitrate) which are shaped in a way that would allow my brain to get out of this fight or flight state he’s in, allowing me to have a wider range of emotions and to be able to enjoy things and explores my memories without rewriting them as painful one.

And doing that changes a lot of things. I’m not used to it, I’ve never really learned how to feel or express those feelings, but now, by using a daily dose of this synthetic pharmaceutical assembly of elements, I can at least have a possibility at that, at understanding where the pain is coming from and to address it.

I’m patching a flawed consciousness processor with what it needs. I’m altering the biofeedback loop which my conscious then use to helps me makes non random choices. And this feedback loop which helps us to not walks blindly in a complex and fragile environment, this feedback loop is what makes a system a cybernetic one.

We’re not Turing machine. We’re something else. Going further implies using cognitive science- which intersect in an elegant ways with mathematics and philosophy.  There is a theory (Information Integration Theory) which defines what a conscious is, and then tries to create a system that could be support consciousness. Just dig up wikipedia or the intertubes if you need more info. But we’re far away of a sentient artificial systems, since the computation complexity required by such a daunting task is crazy. I’m not even sure that we can grasp our own mind around such a concept. Which is kind of fun in some ways.

I’m patching my thought train the same way drug users messed up with their cortical systems. In fact some effect of drug use can emulate temporarily state of depression. Some of the MDMA withdrawal do looks like a depression state. Those of you who experienced it can probably start to grasp what it means to be depressed, but you’re lucky, it stops when your organism find its balance again. MDMA have even been used in therapy before it lands in our raves party, and researcher are still trying to find out if it could helps in treating PTSD.

We’re already augmenting our minds. Either to be more productive (Ohai caffein users) because we have to, or because it’s fun and some of us wants to go beyond their normal thought systems. And those two examples illustrates perfectly the main issues which people see in transhumanism.

When you talk about transhumanism, they think of ElonMusk, Lary Page, Jeff Besos or Eric Schmidt. Multibillionaires who are killing the world trying to make an escape pods for themselves only. It’s true that a lot of the Transhumanism movement is presented as coming from Silicon Valley multi-billionaires liberals, as they wish – like old Egypt Pharaoh’s – to live for eternity, finally overcoming death, allowing them to isolate themselves in gilded sarcophagus, their agents continuing to pillage resources for the sake of (hyper)capitalism, while hopping to be buried next to their god-like masters, or to be elevated to their level.

But this is not about transhumanism. It’s a god complex, born out of the virtues/vices dichotomy which leads most of the humanity to a harsh and violent life in a cybernetics world which only uses wealth (and then promotes greed) as a feedback loop. It’s not transhumanism, it’s dehumanism. It is turning human into simple machine that will maximize the output of the system, granting the immortal hypercapitalist pharaoh more and more power upon our lives

Humans are individual. Society usually tries to bend those humans into a more abstract concept, which can be monitored and acted upon. It allows – and promotes – some variations,  but only to a certain point. The dream of an internet who would – in the end – gives individuals more information about their environment to helps them find a place in the world that would allow them to be freed from pain, has been violently destroyed by the cultural globalization promoted by western capitalists.

And refusing to fut in makes you a freak, a marginal, a danger to society. And now we have to find answers to existential questions, the same way CyberPunk characters have to. We cannot fit in this world, we can only survive at its fringe. And destroy the foundation of it from where we are. This is transhumanism, and the übermensh as theorized by Nietzsche (not the totalitarian eugenic nightmare of the nazis). It is about doing with what you have, it is about taking pleasures in our life, not feel guilt for it. It is about cooperation of different individual for them to go further in the exploration of consciousness and the unknown, not about conforming to a hierarchical caste system as all the singularitionist from the silicon valley dream of.  It is finding strength into the difference, not into uniformity.

And this is why I so much love Queer politics. Because Queer politics is about getting rid of identity, stopping using where we were born and what society forces us to be, to defines us. Or, has FM-2030 said it : “Conventional names define a person’s past: ancestry, ethnicity, nationality, religion. I am not who I was ten years ago and certainly not who I will be in twenty years.”

It is embracing individuals as they are, with what we see as flaws, and give them the capacity to experiment with themselves, to explore what it means to go beyond society and beyond identity. It is about having a space where you can take risk knowing that, in the worst case, there will be harm reduction made. It’s accepting the fact that people need a prosthetic mood system, or leg, or want to have a tail, or the tongue of a snake. Or fork their consciousness to drift into the data flowing all around us.

Transhumanism isn’t about eugenics. It is about life, about making it enjoyable. It is, at its core, anticapitalists. It is queer. Don’t let the neo-liberals uses it against you.

I think I’m done. I just hope it made sense. Kinda. It’s thing that were on my mind since a while now, now it’s there. Hope you have questions and/or comments (hey there is a comment system now :p). Have fun. Go transhumanist.

[Repost] Google, Amesys – même combat

So, I’ve changed things around here and I’m trying to get some writing done soon. In the meantime, I’ll repost here an oped I wrote at la quadrature du net (From which I’m currently off due to mental health issue, more on that later), so here the original text, in French and, of course, there’s more on LQDN website

Du 21 au 24 novembre dernier, à Villepinte (région parisienne), se tenait le salon Milipol (pour Militaire/Police), « l’événement mondial de la sécurité des États ».

En plus des habituels trafiquants marchands d’armes qui font la fierté de l’industrie française (ayons une pensée émue pour Michèle Alliot-Marie qui exporta en Tunisie notre savoir-faire en matière de maintien de l’ordre), il y a, depuis quelques années maintenant, des marchands de matériel informatique et de solutions de supervision des populations.

Vous avez forcément entendu parler d’Amesys, de Qosmos, de Palantir et autres Hacking Team qui se sont spécialisés dans le développement de solutions clef en main d’espionnage et de surveillance de la population. Et, les affaires étant les affaires, la plupart d’entre eux vendent à toute personne désirant acheter du matériel, qu’il s’agisse des dictatures libyenne ou syrienne, ou des démocraties sociales occidentales compatibles avec l’économie de marché (France, Allemagne, Royaume-Uni). On parle dans ces cas de capitalisme de la surveillance, c’est-à-dire de mesurer la valeur des choses grâce à la fonction de surveillance.

La surveillance se base sur la connaissance. En épidémiologie par exemple, c’est connaître le vecteur infectieux, le documenter, savoir comment il se propage et se transmet, mesurer son temps d’incubation éventuel, déterminer ses symptômes pour comprendre son fonctionnement et trouver éventuellement un remède.

Dans le cadre de la surveillance des personnes, cela se traduit par la connaissance de ces personnes, leur identification dans le temps et l’espace, connaître leurs habitudes et leurs façons de réagir, mesurer leur sensibilité à telle ou telle idée. La surveillance c’est la connaissance. Et la connaissance c’est ce qui permet de définir les choses, de les identifier. Le capitalisme de la surveillance est donc un capitalisme de la connaissance, de l’identité. Ce que vendent Amesys, Palantir ou autres à leurs clients c’est l’assignation d’une identité définie par eux ou par leur client à un groupe de personnes en fonction de mesures et d’observations, i.e. de données.

Dans le cas des États, cette assignation identitaire amène à des conséquences qui peuvent être extrêmement violentes pour certaines populations, amenant à des répressions fortes, une suppression d’un certain type de personnes d’un certain quartier, à de l’injustice prédictive basée sur des statistiques biaisées par des biais racistes – le racisme structurel – et qui donc ne peuvent que renforcer ces biais. Les smart cities, dans leur version la plus extrême, sont les étapes finales de ce processus, l’identification permanente, fixiste, en tous points de tous les individus, l’impossibilité de bénéficier des services communs et publics sans révéler son identité, sans donner aux surveillants encore plus de connaissances sur nos vies et nos identités, pour leur permettre de mieux définir nos identités, de mieux vendre aux États la détermination, l’essentialisation, la réduction des complexités de nos vies à des étiquettes : terroriste, migrant, réfugié, musulman, femme, queer, bon citoyen.

Dans cette analyse qui est faite, on parle très vite, très souvent d’algorithmes ou d’intelligence artificielle. On les accuse de tous les maux, d’être racistes, de faire l’apologie du génocide, d’être sexistes, de censurer les discours d’éducation à la sexualité, d’invisibiliser les minorités sexuelles, comme si les intelligences artificielles, les algoritmes, disposaient de conscience, émergeaient de nulle part, avaient décidé d’être néo-nazi. Pardon, alt-right. Mais, au final, personne ne dit ce que sont les algorithmes, ou les intelligences artificielles. On va commencer par la seconde. L’intelligence artificielle est un algorithme doté d’une grande complexité et utilisant de grosses quantités de données pour donner l’illusion d’une intelligence, mais d’une intelligence ne comprenant pas ce qu’est un contexte et non dotée de conscience. Reste à définir ce qu’est un algorithme donc.

Appelons le wiktionnaire à la rescousse. Un algorithme est une « méthode générale pour résoudre un ensemble de problèmes, qui, appliquée systématiquement et d’une manière automatisée à une donnée ou à un ensemble de données, et répétant un certain nombre de fois un procédé élémentaire, finit par fournir une solution, un classement, une mise en avant d’un phénomène, d’un profil, ou de détecter une fraude ». C’est donc une formule mathématique, ne prenant pas en compte les cas particuliers, et qui a pour but d’analyser des données pour trouver une solution à un problème.

Ces algorithmes ne sont pas en charge de collecter les données, de définir le problème ou de prendre des décisions. Ils analysent des données qui leur sont transmises et fournissent une classification de ces données en fonction de critères qui ont été décidés par les personnes qui les écrivent, qui les configurent et qui les utilisent. L’ensemble des problèmes sur la reconnaissance faciale qu’ont rencontrés la plupart des entreprises de la Silicon Valley résulte du jeu de données utilisé pour identifier une personne et la reconnaître, car il ne contenait que des images de personnes blanches. Le chat bot de Microsoft – Tay – s’est avéré tenir des propos négationnistes ou appelant au meurtre et à l’extermination. Non pas parce que Tay a une conscience politique qui lui permette de comprendre les propos qu’elle tient, mais parce que des personnes l’ont inondée de propos racistes ou négationnistes, fournissant un corpus de données servant de base aux interactions du chat bot, l’amenant donc à écrire des propos racistes et négationnistes. Microsoft a rapidement retiré ce chat bot de la circulation et l’entreprise a depuis promis d’être plus « attentive » .

Parallèlement, nous entendons également, et de plus en plus, parler d’économie de l’attention. De capitalisme de l’attention. Ce qui aurait de la valeur serait ce à quoi nous faisons attention, ce que nous regardons. Sous entendu, nous, utilisatrices de ce système, sommes capables de faire le choix de ce que nous voulons regarder et lire, de faire le choix de la connaissance à laquelle nous avons accès. Internet permet, en théorie, un accès non discriminé à l’intégralité des informations et des données, et donc de la connaissance, du savoir. Après tout, la connaissance est une information à laquelle j’accède pour la première fois. Et cette acquisition de connaissance me permet de comprendre le monde, de me positionner par rapport à lui, et donc de me définir et de le comprendre, exactement ce que font les systèmes de surveillance massive utilisés par les États.

Réguler l’accès à l’information et choisir quels contenus montrer à quelle personne permet donc, également, de contrôler comment vont se définir les personnes, comment elles vont comprendre le monde. L’économie de l’attention est basée sur ce principe. Pour garantir que vous interagissiez avec la connaissance qui vous est proposée, qui est la façon dont ces nouveaux capitalistes mesurent la valeur, il est important de vous surveiller, de vous mesurer, de vous analyser, de vous assigner des identités. Et donc de contrôler la connaissance à laquelle vous avez accès et celle que vous produisez.

Les gigantesques plateformes financées par les GAFAM1 servent exactement à ça. Facebook vous empêche activement d’accéder à l’ensemble de l’information présente sur leur réseau, vous demandant de vous connecter pour accéder à d’autres plateformes que la leur, ou vous pistant partout une fois que vous êtes connectés, leur permettant ainsi de récolter encore plus de connaissances à votre sujet, d’augmenter leur capacité de surveillance et donc d’identification et de contrôle. Remplissant dans ce cas exactement la même fonction que les systèmes répressifs des régimes étatiques.

Notamment car Facebook, Apple, Google, Amazon, Microsoft décident ce qu’il est moral de faire, quelles identités doivent être renforcées ou au contraire dévaluées. Par exemple, Youtube, en supprimant la possibilité pour un contenu parlant de sexualités de rapporter de l’argent aux créatrices, envoie un message assez clair aux personnes faisant de l’éducation sexuelle, ou parlant de problématique touchant les personnes queer : votre production de connaissance n’est pas bienvenue ici, nous ne voulons pas que des personnes puissent s’identifier à vous. Il en va de même avec Facebook et son rapport à la nudité ou Apple qui filtre également tout ce qui pourrait parler de sexe, quitte à censurer le contenu des musées. En dévalorisant certaines connaissances, en la supprimant de certaines plateformes, les personnes à la tête de ces entreprises permettent d’effacer totalement de l’espace public des pans entiers de la société, de supprimer les voix des minorités, d’empêcher la contradiction de leurs valeurs et permettent donc de renforcer les biais des personnes consommant la connaissance disponible, amenant à une polarisation, une simplification et à une antagonisation du monde.

Alors effectivement, Facebook en soi ne mettra personne dans les geôles de Bachar el-Assad, du moins pas dans une complicité active, mais l’entreprise fait partie d’un système disposant de deux faces. Une face violente, répressive, alimentant les délires paranoïaques des États d’une part, et une face « douce » et insidieuse, utilisant les publicitaires et la restriction de l’accès à la connaissance pour permettre aux entreprises conservatrices de nous imposer leur vision bipolaire du monde, renforcement les sentiments d’appartenance à un groupe identitaire, avec les conséquences violentes que l’on connaît.

Et pour s’en persuader, il suffit de regarder les liens entre ces deux faces. Peter Thiel, fondateur, avec Elon Musk, de PayPal et qui détient maintenant 7% de Facebook est également le fondateur de Palantir Technologies, entreprise qui a, notamment, obtenu le marché public des boîtes noires en France, tout en étant aussi l’outil officiel de la NSA. Thiel a également participé aux nombreux procès qui ont fait mettre à Gawker la clef sous la porte suite à la révélation de l’homosexualité de P. Thiel par Gawker. Thiel, enfin, est l’un des influents soutiens des républicains nord américains, il a notamment participé à la campagne de Ted Cruz avant de rejoindre l’équipe de Trump et de participer à la transition à la maison blanche. Il a de fait nécessairement discuté, échangé et parlé avec Robert Mercer, l’un des directeurs de Cambridge Analytica, une entreprise dont le but est de cibler les électeurs grâce à de nombreux points de collectes, principalement récupérés par Facebook afin de pouvoir les cibler directement et influencer leurs votes.

Alors oui, lorsque l’on pose la question de démanteler Google, la question de démanteler Palantir se pose aussi, et celle consistant à vouloir privilégier les seconds car ils représentent un danger plus important pour la sécurité des uns et des autres. Mais sans l’omniprésence des systèmes d’identification, sans les exaoctets de données récoltées sans notre consentement dans le but d’individualiser le contenu auquel nous avons accès – selon des critères sur lesquels nous n’avons aucun contrôle – la mise en place de la surveillance et de l’identité devient complexe, coûteuse et impossible.

Il faut démanteler les systèmes capitalistes identitaires si l’on veut détruire les systèmes d’oppressions basés sur l’identité ou sur l’accès biaisé à la connaissance. Il faut s’affranchir des moteurs de ce système que sont la publicité, le pistage et l’identification permanente. Il faut questionner et démanteler le racisme, le néo-colonialisme, le sexisme des entreprises de la Silicon Valley au lieu de s’étonner que leurs algorithmes soient racistes. Car ils sont devenus omniprésents et nous empêchent de nous définir, de vivre, d’exister comme nous l’entendons, avec nos cultures complexes et nos identités changeantes.

You Tube really sucks lately

[UPDATE]: Added some more concerning impacts – 2017-03-22

Being invisible


I’m going to be personal for a little bit here. I’m not comfortable with it because it’s still a mess in my head. But I think I’m past overdue about it and, also, it will probably help making some points later.

It took me thirty years to understand that I’m bisexual. That I’m not straight. It took me that long because I didn’t knew it was possible. I didn’t knew that the sexual attraction I had for boys was not something that everyone else was going through and that no one spoke about.

I’m thirty seven years old now. And when I look back, I can only assume that my current mental state of severe depression is more than probably linked to the fact that I suppressed those impulse, to behave like everyone else.

Let’s do the time warp and go back in time.

The first tie I was confronted to homosexuality, was in elementary school, where faggots was used as a slur. Since I was there during the nineties, it was also associated with AIDS. Still as a slur.

In high school, when my father got incarcerated for sexual assault on minor – and some friends of mine – I closed myself to others. No internet yet, and so my social input were made by the only representation available there : heteronormativity (and no, there’s no way I would have been able to spot and understand it), I locked deep down inside me my attraction to boys. I was also scared (and have been for almost twenty years now) that this attraction to boys was in fact paedophilia, that I would have inherited from my father.

I landed on Internet in 1997. Mainly inside roll play communities, but since I did not knew I was queer, there was no possibility to get access to those communities.

Same for most of my studies. I’ve never been in contact with queers, lesbians, gays, bis, trans*. I did not understood what the lyrics of Queen’s song meant, I will still fighting most of my feelings, learning to lie to anyone about anything (because of course, I had to lie about my father, you know, everyone keeps asking “what are you’re parent doing for a living” and you cannot really answer “he’s locked in jail”, so you lie. Constantly, to anyone about anything, it doesn’t help).

And even if I managed to get that they’re was gays and lesbians somewhere, bisexuality was kind of something limited to a sexual fetish in my world. And I was trying to blend in, to disappear, to have everyone not asking questions. I’m very good at it now, to not answer questions and to lie, sometimes without thinking (yeah, I do have a good score on “Are you a sociopath ?” tests).

The first time I encountered a non straight and out person was quite late in my life. It was at Le Loop’s Grand Opening, and quota_atypique happened to be there and, since she was doing an ethnology study of the hackerspaces – it was around January 2011 all the hype didn’t got there – and I think she told me she was lesbian (she did come out as bi later) in probably less than 10s after saying “Hi”.

I’m not sure I’ve thanked you for that Quota, but meeting you did have an … interesting … impact on my life. From there we met at the hackerspace, talks about stuff (from the beauty of command line interfaces to being queer in hackerspaces). It was at this time that I got involved in Telecomix too. A lot of conference was happening in Paris, and I did some about inclusions of people (not only women, but also trans* in the hackers communities. I build up a political culture from the popular one.

I met my boyfriend later on (I did get through a tough breakup before that, questioning my ability to manage a single dedicated relationship) at the Congress, even if we started dating later. We were in 2013 or something like that (or 2014, I suck at time frames). It took me a lot of time to accept it, to fight the interiorized shame, and to admit it.

We’re in 2017 now. I’m still not fully at ease with it, but it gets better. And when I look at all this pain I’ve been through, that could have been avoided if, like teenagers and kids today, I did have access to all this queer material, online communities, accessible without especially looking for it, at least we – the ones who grew up alone during the nineties – will be the last ones suffering from invisibility.

The main reason it took me 32 fucking years and part of my depression is because I didn’t have access to the possibility of a positive alternative of bisexuality. It was just invisible hidden. To know it wasn’t a shame, that you could be happy being bi and, it required to actively search for content.

And this is why I’m shaking with rage and anger while writing this (but Show Must Go On is playing now and helps me keep t under control).

YouTube sucks

YouTube, for the one of you who lived in a cave for the last ten years, is a media broadcasting company, which pays itself by selling targeting advertisement to its customers. One of the side effect of their product is that it happens they’re quite good at hosting and promoting videos, clips, documentaries, and whatever you can imagine doing with those cheap camera.

For years free software activists have advocated against the danger of this kind of platform. I’m going to speak a lot about YouTube, but have a look at the #FreeTheNipple campaign on Facebook or Twitter, the censorship of nudity on most of the platform powered by Apple or Facebook.

So, YouTube create a Restricted mode. Before they did that, there was a flag that – as an uploader – you could activate to hide explicit content (mostly nudity) and which would have requires someone to log in to see the content. And a way to report content that you think were offensive.

And there were copyright bots in charge of removing or monetizing content in violation of Intellectual Property basically killing fair use, one example I do like, is the Edward VS Buffy video.

But, in the end, uploaders and creators were able to post whatever contents they wanted without too much intervention from YouTube Inc. or Alphabet or whatever is the name of the thing that’s supposed to manage the platform.

What they did with the Restricted Mode is one step toward nullification on alternatives-cultures. Let’s get a little into details about what this filter exists, and speculation about the why, what are the impact and why it sucks.

What is it ?

From YouTube’s page:

Restricted Mode is an optional setting that you can use to help screen out potentially mature content that you may prefer not to see or don’t want others in your family to see.

So, it looks like Parental filter for youtube. They’ll defed themselves by saying it’s an optional features, but I bet it will be on by default until you log in not s long in the future.

But what is ‘potentially mature’ content you’ll ask ? Well, it’s not defined. But it appears that all LGBT content is considered as ‘potentially mature’. There’s a lot of outrage about it, I’ll just quote an article from The Independent in which a Youtube spokesperson say that the potentially mature content is – and I quote, in bold character, with emphasis :

A YouTube spokesperson later clarified that those more sensitive issues are particularly videos that cover subjects like “health, politics and sexuality”.

Basically, if YouTube thinks that you might potentially talk about politics, then you’ll be hidden in Restricted Mode. One of the first collaterals is the fact that, under Restricted mode, most of the queer produced content is off-limits. Some tests were run, just having the word “gay” in a video title is enough to have it blocked.

Why ????

My guess is that they did not specifically target a community. And we’re lucky that queers can be loud, other communities have probably been targeted and e don’t now which ones yet. Well, they didn’t intentionally targeted us.

Alphabet is currently having some issues with their customers (brands who wants to rent advertisement space online). For instance, they placed ads on extremists website, which raised concern with brands – no one really wants to get associated with neo-nazis. See here for instance.

So, Alphabet made a promise to their customers. We will be able to display your advertisement right next to the content that would improve your return on investment. For that they need to be sure that no one will associate neo-nazis with a brand of lipstick. That’s why they need the Restricited mode.

They need to create a consensual public space, which will suits their customers. A space where you won’t talk about politics, where you won’t talk about sexuality, where everything is about the mainstream culture.

The mainstream culture, for advertisement purposes. The culture of heteronormativity, of whiteness, of sexism. The culture which has no issue with anyone as long as they comply, hide their differences, and consume goods targeted specifically for them on a large scale.

Assimilation or death is basically what the restricted mode is. It is the removal from a public space of everything which does not match the cultural consensus, and this cultural consensus has no room left for us.


Lots of them.

Beyond the invisibilisation which will makes life of all those teenager and person questioning themselves a lot harder, which will lead to isolation (if you know no one with whom you can share it gets harder to construct yourself) and depression; there’s also the end of anonymity for everyone who want to access anything beyond the Restricted Mode.

You do not have to log in yet. But Google do not needs you to log in to know who you are and what you’re watching. It gets worse with restricted mode because it states that you’re explicitely calling for access to ‘potentially offensive’ content when you disables it. Which in some country, might be illegal or otherwise gets you in trouble. It also means that they’re not making any difference about a sex-ed video and pornography.

Or maybe you’ll be in places where you do not know the restricted mode is enable,d for instance on a high school of family computer. And you have question about your personal health – like how to get an abortion. You just won’t be able to find any content, which is endangering people, not getting them safe.

Yes, it’s not n by default. But given the pace at which terms of uses change, and the fact that Alphabet really needs this functionality to sustain their business of analysing your comportment and selling it to advertisers, I do not think it will takes long before it’s getting on by default. At which point, the only way would be to log in to disable it.

The impact on creator of those videos, some of them trying to earn some money with it – using patreon or other similar platform for instance – is even bigger. Making content online, maintaining a community, informing them, entertaining them is, sometimes, one of the few recourse left to queers to earn their life. Being Restricted will cut them from their community and from getting new viewers.

And the beauty of it is, the more you have content flagged as restricted, the more you’ll be restricted in the future.

We are not alone

At this point, and after getting back home on my bike, I fellethat there’s more to it. Using those three specifics topix “health”, “politics” and “sexuality” YouTube cand decide to silence any community of their chosing.

I said earlier that they weren’t purposedly targetting queers, I’m not so sure about it. They want a consnsual space of pure entertainment they can sell to advertisers who wants to target the dominant part of the society (because they’re theone consumng ost of their products).

But really the issue is that they can silence any one who can potentially speak about politics, health or politics. And since a lot of woman can potentially speaks about feminism, woman health, reproductive rights, You Tube can use this to silence any women on they’re platform.

Which, when the platform is one of the most used one, having a wider audience than the classic television networks, is basically removing them from public space.

They can decde that all rap music is potentially politics and removes it from Restricted Mode. As well as a lot of punk or any other political content. They already removed some Lady Gaga content.

And getting removed from public space, is being removed from politics and policies. If you cannot show that you exists, then – from a society point of view – you do not exists, ergo you do not need your needs to be fulfilled, you do not need abortion clinics, you do not need full adoption, you do not needs rights, because you do not exists.

Where do we go from here

YouTube Restricted ban is a blatant statement that minorities are not a priori concern of a multi billion company. It shouldn’t be news to anyone, but we were tolerated there, not warmly welcomed.

And even if YouTube says they will try to fix the issue, the fact that you cannot talk about sex on a video without getting Restricted is a hell of an issue.

The issue here is that we let a private interest to manage a public space of expression. The only solution is to build other platforms. To create our own medias, to fight assimilation.

Internet has always been about decentralisation getting your content online, sharing information without filters but since the advertisement took over one of the big chunk of it (heck, even getting into your phone and homes to gather data), this decentralisation is dying.

It’s never too late, there’s a lot of alternatives a=out there. But we need to accept that the road will not be easy. Storage and bandwidth are expensive, architecture costs human time to be maintained and improved. Some groups are working on it, they need our support.

I know that Framasoft is working on a tube-like platform for instance. But we, as a community, need to accept that we’re not welcome anymore on YouTube. We also need to ensure who else has been left out the Restricted mode.

And we need to move out of the advertisement business. I refuse to comply to

And Justice for all

Trigger Warnings: Rape, Paedophilia

Prison song

I’m not really elaborate on the fact that the current prison system (either in the US, or – basically – everywhere else) is broken and walk on its head. If you want to contemplate the disaster, you can watch Prison Valley, get facts from OIP or read testimony made by, basically, every inmates, their family, their friends about what the prison is doing to them.

I could tells you what the incarceration of my father for paedophilia did to me, how I had to hide it, to lie every single days to basically everyone, to pretend it did not happens for the sole purpose of surviving through middle school, and that it didn’t solve anything, Because he got convicted a second time for similar crimes years later. You’ll notice that neither I, my sisters or my mother have been found guilty of anything, but still, we paid a price. For justice.

I will not argue that prison is the worst solution to any problems. At best, you put people on hold and free them, expecting them to behave when they’ll get out. At worst, it’s a political tool used to criminalize populations and build resentment upon some populations (yes, it’s a tool used for power to keep people in check) while creating more sociopaths, storing them away in inhumane conditions, and forcing them to work – and so destroying jobs outside of jail.

Prison should not exist. Even for serial rapists, paedophile, killers, abusers of all sorts. If you’re only answer as a society is to store them away, in a dark room, and hopping they’ll get better you’re delusional. I do believe people can change, but they need help, acceptance, and an possibility of failure.

The thing is, prison is intricately mixed with the notion of justice. We tend to think we deserve justice, but I’m not sure we really think about what it means. The justice system, as its currently implemented in most part of the world, is a punitive one. The principles behind it is that if you do a wrong to someone, you should pay for it, one way or one another. You should not pay to the victim, but to the society.

Basically, it’s the biblical principle of the Talion’s Law: an eye for an eye, with interests. Those interests exist to dissuade further wrong to be done and because the perceived loss might be above the material loss. When it come to non material wrongs, it gets complicated.

The justice system tries to determine what is the impact of the wrongdoing, what are the personalities of victims and perpetrators to find an appropriate sanction. Basically the process of justice tries to evaluate the cost of a human life, which is an extremely capitalist view. The life of a worker, or of a woman worth less than the one of a CEO for instance. That’s why stealing and destruction of property is so harshly sanctioned, while rape or harassment of the work place is rarely sanctioned.

We deserve nothing

But you probably all know that, I’m just writing down some ideas on a text file. The thing I want to get too is that we deserve nothing. We do not deserve justice. It sound harsh, I know, but when you look at it, all the justice system is build around punishing.

And if you want to not act randomly, because you know, you’re a sophisticated society built on principle from the XVIII° centuries. Principles formed by white people of the bourgeoisie, then you need to defines what should be punished and what should not. You need to establish what is the norm and to enforce it. You need to make sure everyone understand what are the personal costs of transgressing this norm, and you need to know who is behaving and who is not. You need to be Santa Claus, knowing all the dirty secrets of every kids, and decides which on will get presents and which one won’t have anything.

You’ll justify it with the Law. The Book Of The Law. We modernised the process since the biblical times (where Moses got high on drugs in a mountain and wrote stuff on marble tablets because he was afraid of losing he’s grasp on power). You’ll enforce it with a dedicated group of people: cops. And then you’ll gave them the power to sort people between good and bad guys. To do that you’ll give them the power of mass and systemic surveillance.

This notion of justice most of people wants requires mass surveillance. And prison. And a norm. And I’m still wondering: do we deserves justice? I tend to believe that, as a member of a society, we deserves nothing. We do not deserves to be happy, to have a good life, and the like. Deserving something means that, inherently, the world in which you live, should give you something.

I think the only thing we deserve, as individual, is the fulfilling of our needs (physiological and/or mental). Not justice, not love, not a family. I could insert here a reference to the Maslow’s pyramid, but the model is a bit simplistic and outdated. I don’t think the notion of justice is a need. The closest thing that would be associated to a need, is the need to be recognised, to be esteemed by other. To live in dignity and respect. And either everyone deserves that, or no one.

As stated before, prison strips individuals of their dignity, of their respect, of their esteemed (by other or by themselves). And I think the notion of justice cannot be dissociated of the notion of prison. As long as you ask for people to be thrown in prison, you’re losing your access to live in dignity.

Where do we go from here

We do not deserve justice, and I think that, in our communities, we really should work on that. Justice is an outdated system used to justify incarceration, mass surveillance and therefor systemic discrimination.

What we need to think of is harm reduction, which is at the core of the Transformative Justice theory. The idea behind harm reduction is to provide communities with tools to help them avoiding harm in the first place, and then reducing the impact of it.

That’s the idea behind collective insurance for instance. A collective effort can help reducing the burden of an accident. It requires to accept the fact that some people might not want to behave, or are not able to. And that you need to have structures to act before something happens. Calling out rapist or aggressors helps to do that, but it deprives the aggressor of the possibility of change. This is a community response to a traumatism. It does not reduces the traumatism of the victim, but it tends to reduce the potential harm that a person can do.

But I think we can go further. Paedophiles for instance are almost universally perceived as monster that should rot in jail for ever because they hurt children by kidnapping them and tying them in a closet making them their sex slaves. Which is as accurate as the depiction of rapist being a stranger that will jump women in the street to rape them and kill them.

In Berlin, a program has been started to help paedophile who did not commit an aggression. You can read about it here and it seems to be successful. They allow paedophile to talk about their issue, to have access to treatment and t manage their life with dignity and without hurting kids. This is not the only program, but a lot of them are targeting offenders (you need to have molested a child to enter some of those program)

Which is a better outcome than sending them to jail, with a so-called obligation of treatment (it did work so well that my father did get back to jail ten years after), or stacking them in prison cells, refusing to deal with them don’t you think?

I have to add that, on a community level, I think this can works well with inside violence, not from harm done by the outside. You deserve dignity, so you should protect yourself against aggression, especially as a community. A neo-nazis entering a self-managed bar is an aggression, so you should gives yourself ways to protect against these violence from outsiders.

I think that the idea of transformative justice is interesting. The idea is to change the society to reduce harm being done, not trying to repair the victims (which is restorative justice) or trying to avenge them and dissuade potential perpetrators (traditional justice).

To ease the way of harm reduction, we – as a society – needs to be able to accept that perpetrators exists and are human being. And that they can change. We need to accept that, most of the time, a victim will endure some traumas that cannot ever be repaired fully – but they can learn to lives with it. We need to accept that, as a society, we have a role to play in aggressions and mitigating them.

One of the way of mitigation is to think of what enables aggressors. What makes them act and why would they think it’s OK to act this way. With the traditional justice system it’s often the perceived impunity. If a cop will not accept the complaint made by a victim, then the aggressor will never ever be confronted to the harm he did, so he will act and probably repeatedly.

Another enabler factor, is the social status of the perpetrator. A well established person, with power over a community – because they’re doing important things – will enable perpetrator to do whatever they want, think about R. Polanski, J. Depp, J. Applebaum for instance.

That is why it is important to avoid social structures which enables people to do harm. Meaning, you should not have only one person in charge of this important thing you need your social group to survive. Every structures which have only one person in charge, will lead to harm. That is why I think it’s important to attributes success and failures on collectives, not on individual among those collective.

We also needs to think about the friends of the perpetrators. Some of them are enablers, some are afraid of consequences if they act against their friends. I also tend to think that stripping a perpetrator of his friends by punishing them for actions he did, will not help those person to come forward and discuss an issue that bother them.

I think that most of the harm reduction process is about communication and speech. Being able to talk about something, without being thrown out of a group is something important. And you should be supported to come forward, you should be accepted for that. If someone does not understand consent for instance, or have trouble with it, this person should be able to talk about it, at least to someone. Yes, it means that you need to keep those discussions private.

Last point, you do not need for everyone to agree to that. But you need to have people who wants to try it and to work on it You should also be careful about not converting them o enabler, that’s why it’s something that needs to be addressed by your communities.

I really think we have an issue with justice. We claim we deserve justice while it’s a tool made by and for the power. Or we tends to mix justice and revenge. I think we should really works on those topics. Protection of whistle blowers, privacy and other related issues cannot occur in a traditional justice system since it is intertwined with mass surveillance, systemic discrimination and the like.

I’m not advocating for vigilantes either, which is a protection from the outside (and yes, you might need, at some point, to have people who can physically resists to adversaries, but that’s a different topic). But really, if we want to reduces aggression made by member of our communities toward other members of this communities, we cannot rely on the notion of justice,

Redefining privacy

Let’s redefine Privacy, shall we?

There’s a lot of issue with Privacy. I already wrote about it some time ago, but I think that in fact the current definition of Privacy is an issue. For starters, no one is able to provide me with a definition of privacy.

Is Privacy a secret?

The definition I encounter the most can be summed up a bit like this, it’s everything that is "none of your concern". It’s the version of Privacy I used in my previous post and, I think, it’s probably the one that’s defended mostly by people who basically are not discriminated against by system of oppressions (states, but not only).

There’s two main issue with that. First, there’s thing that you cannot "hide", such as your apparent gender, or the color of your skin, and those will submit you to system of oppression – I won’t spend time to expose them, but please feel free to read some useful documentations. Second there’s the fact that secret is used to hide things – that’s the purpose of secret. You want to keep others in the dark about what’s happening. David Cameron just said that his personal investment in Panama are private matters. Conjugal rape and other in-family sexual assault are always hidden under the veil of the "private matters" that should be treated only inside the family.

I mean, clearly, secrecy is a bad thing. Not only for government, but for people in position of power and control over other. I’m not advocating for a full publicity of everything, but for a questioning of is privacy a synonym to secrecy?

Do we really want to hide all of our lives to our society? If we want to redistribute wealth, we need to know about the income of each person. If we want to act upon the discrimination women faces, we need to know about those discrimination, we need to know about who’s identified as a woman and to act upon the people who discriminate them.

If we want a world with a bit more fairness inside, we might need to be able to be a little bit more public about our lives. Society is build on the intersections and interactions we have with each other. The positive ones, and the negatives ones. The society, the cultures we live in, is not – I think – powered by the things we have in common, but by the differences we have and the different experiences we’ve been through.

So, privacy a the thing you keep in the closet is bad – go talk to queers about living in the closet to see why this kind of privacy sucks.

Also, I do not think that the right to privacy – as described by the article 12th of the UNDHR is defined by what we keep secret. This right is defined as protection against arbitrary interference. It doesn’t state that it has to be secret. It protects interferences, meaning, influence, actions, perturbations. Not about knowing about it.

The issue with mass surveillance – and why its so bad – is not because it allow a passive global observer to exist, it is because it create an active global discriminator that will sort people between good citizens and terrorists, based on what data we create. Mass surveillance described as a passive global observer is an issue. The mass surveillance complex is used by power structure to maintain their power over people, by creating and enforcing discrimination. This is clearly a violation of Privacy because it is arbitrary interfering in life of people. But it’s not because they collect the data.

This is one of the thing about mass surveillance, it does not exist in void, it exist as a political tool of social coercion. It'(s not the data collection and gathering that’s the real issue. With the amount of data collected, we could have a real source of interesting data for sociologist to help them describing our society, and gives us clue to change and improve it.

So, no. The fact that a passive global observer exist is not the issue. The issue is that it is a fact an acting and active global discriminatory system. And secrecy is only a way to protect against the passive global observer. It does not enforce privacy. It does not defines privacy. It does not helps you to protect yourself against discrimination.

Is Privacy your identity?

I’m not sure. Identity is a social concept (and a psychological one, it sucks when you use one word for two different things). It’s how you define yourself at some point in time, and how you are recognised and defined by others, based on their cultures and social cues and norms they have.

You decide how you want to define yourself, in regards with the current social cultures you bathe in. You adopt, reject, create or appropriates part of this culture to form your identity and to express to the society who you are, and how you’d like the society to consider you.

Your identity is – at least partly – publicly displayed and used by the society to interact with you. This is where discrimination will take place. If you’re identified as a woman – whether or not you define yourself as one – and the society we live in discriminates women – and we live in such society – then you’ll be discriminated.

Which basically seemed to be a good match for arbitral interfering ad specified earlier. It seems that the elements you use to define yourself, the elements used by other to identify you and to relates to you seems a better candidates for me than the one you keep secret.

What it means is that our privacy, what’s private, is the core of how we see ourselves. It’s not what we want to substract to public scrutiny. It’s how we want to be identified. And our rights to have a privacy is basically our rights to defined however we want – in a social context – without being discriminated for it.

It does not means that if you want to define yourself as a patriarcal asshole you’ll be able to act onto people as you want. It just means that defining yourself as a patriarcal asshole shouldn’t means that you’ll be treated in a specific way. The thing you’ll say, the thing you’ll do are what will bring your trouble, but not your identity.

Basically enforcing privacy is trying to find a way to end discrimination of any kind. It’s not providing tools – secrecy – to create more discrimination. Fighting for privacy is understanding that the world is non-binary, that no identity should be infeoded to another, it’s fighting for sanctioning people for what they do and not what they are.

Yeah, OK, but where’s the cryptography comes into play?

Cryptography is needed because – in a world of oppression – you need to organize yourself to change those. And to organize you need secrecy at least temporary – until you act. It is not a right has protected by any of the article of the UNHRD, but it is mentioned in the preamble:

Whereas it is essential, if man is not to be compelled to have recourse, as a last resort, to rebellion against tyranny and oppression, that human rights should be protected by the rule of law,

Meaning that, if you’re right to Privacy is not respected, then you need to react and fight for it. And for that you need secrecy, you need to hide from the spies and the forces that tries to remove your rights.

Because, in the end, the only rights you have are the one you fight for. And this is where cryptography will helps you. Cryptography will allow you to disobey, to organise dissent, to rebel, to have some time to breathe. But it will not helps you to enforce Privacy and the right to self determination.

And I think we all need to rethink that privacy is not what is secret, but it’s what makes us individuals. It what gives us the right to coexist in the same society. And this is why we all need to fight for it. Without privacy, there’s only bland human without identity. Without privacy there’s no place for non-mainstream person. Without privacy there’s no way to evolve and progress. Without privacy, there’s no I or You. There’s only us. Forced in an identity we didn’t choose, think, defined, accepted, created.

Those identities are the one created by the global active discriminator to divides us. They are the nationalist ones, they are the Charlie’s one. They’re the one of the dominant classes and we’re stuck with them, without a possibility to exist out of those scheme without being violently confronted.

We should fight for this privacy. For the possibility for anyone to self-determine themselves. And stop believing that we currently have access to it, or that cryptography will suffice.


Hidden services

So, for those of you who never heard about it, there’s some hidden services in the wild. They’re called .onion if you use Tor – and you should.

Facebook, for instance, also have a .onion. My blog to.

It’s neat, it helps protect privacy of the user and escape mass surveillance and censorship. Anyone should do it if they’re even remotely interested in protecting their users (I mean, even facebook did it. You can’t be worse thanthem on this bsasis, except if you’re a bank).

But, users still need to know that the .onion exist, and they still need to redirect there. And the onion adresses are anything but human friendly. They’re hard to remember, and a mistake in one character might land you on a totally different website.

It would be nice that, the same way HTTPS Everywhere redirects you to https enabled website when you go for the non-encrypted version, there would be some way to redirect users who uses tor to the .onion version.

Onionify all the things

The cloudflare way

So, you can perfectly do the same thing that cloud flare is doing. Get a list of exit nodes, and – on your web-server – when a queries go from one of them, redirect to the hidden services.

It needs an updated list of exit node. Can probably be done, but then you also need control of the webserver (which might not necessarily be the case) and some cron jobs.

I need to do a bit more research on that anyway.

HTTP Headers

You can also probably add a header server side which would advertise the .onion. Or advertise address in DNSSEC zones one way or another. But then, you need the browser to be aware of that and to do those check before going on the website.

I think it’s probably the best way to do it. And it probably isn’t a lot of code (might need to do a plugin for that, to agree with everyone on a standard, and write a RFC).

Plain JS

Or you can control the browser with something on your content whch is aware of the onion. And which can check if the browser is able of using them.

That’s what JS is for. A simple HEAD query sent by the client to the onion will tell you if the client can connect to your .onion.

It’s probably dirty, it’s JS it does asks permission to do it, but the bit of script I’ve write works fine.

It can be embedded on any page to redirect to a hidden service.


The code is straightforward. No dependencies. You do not need jquery for doing just a query, you need XMLHttpRequest.

It ca also be easily adaptable (just change the content of the onion variable), and it works from anywhere your client lands.

Better privacy for the user in 15 lines of JS.

The code is here, licenced under WTFPL. There’s probably way to do it in a cleaner way, and I said earier, I think it would be better to have a .onion dectection feature in the browser, but it’s there now.

And the more you’ll use it, the more people will land on your onions. WHich will improve both Tor network – more casual surf is always good – and the privacy of your users.

Have fun.

To friends.

there. But also because there’s weird things going on."""]]

Remember, Remember, the 13th of November

Hey Friend, been a long time. Usually this would be a conversation I have with you over an instant messaging media. We would argue, because I need to confront my views, and you’ll help me to step back a little bit and try to force me to take care of me.

This conversation would probably splitted across several media and people, because this is how I function, in weird ways and without focus.

On the 13th of November, coming back from le Louvres to Saint Denis – where I live – you sent me a SMS asking me if I was safe. I did heard a loud noise from the Stade de France when I was heading out the subway to my home, but since there was a match I just flagged it as "weird noise made by sports fan". I didn’t understood why I received this text.

Then, once home. I started a web browser. After receiving half a dozen a tweet of various instance of you, I reassured you by posting that I was home and safe on twitter. And then, with my room-mate and coworker we just thin about the huge amount of work that we would have to do on Monday – and even before that.

I told you, I work in strange ways. I wasn’t emotionally affected by the death of 300 people. It’s random and I knew no one there. The shooting happened in places I can happen to go, but it’s as random as a plane crash (and in fact there’s a higher probability to be killed in a plane crash than being hit in a terrorist event).

I checked upon friends (or waited for news)(yeah, I suck at maintaining friendship, I think you’re kind of aware of that now) to be sure everyone was mostly safe. And then I waited for the political disaster that will ensure. Until the next Monday I really hoped that our politicians would do something clever, like calling for respect and fraternity and unity.

You called me naïve, but if I’m not that naïve, then I turn cynical. I tried very hard to shut down my inner voices warning me of what would come next. And since you told me that being cynical might hurt you, I try to avoid that. Also it’s better for my moral and my depression.

And then our Beloved Socialist President of the Republican Democratic Palpatine ordered the Senate to vote the martial law … Mmm, no, I’m on the wrong movie here. It was the talk of Mr. Hollande in front of the congress – higher and lower chamber gathered at Versailles – when he asserted that we were at war. And that we need to form an alliance with Putin and Assad to fight ISIS. And that we need to extend and modify the State of Emergency, and the Constitution.

This is where I broke up. Syria is still a hard political subject for me. You know that since I talk a lot about it. You even asked me to get diagnosed because I might have some sort of trauma. SO, yes, this is where my emotions finally set me adrift.

What people call emotion wave or surge are – in my case – chaotic tsunamis destroying anything that might be related to reason. That’s my poison. That’s what will kill me in the end. You’re important there, in the fact that you help me resurface in those situation and kind of freeze the emotional disaster.

We talked about it. I see no hope in our current situation. Warrant-less search and warrant-less house arrest; total stop of support of any kind toward the refugees – who already had a hard time; suspension of the right to protest and, more generally, confiscation of the political debate by the politicians – Mr. Valls said that he won’t accept any discussion about the incidence of social or economic factor on terrorism; those are what we live on now.

I mean, I’m used to see army in the street of Paris. In fact, I never knew them without troops – the bombing attack of 1995 happened at a time I wasn’t that much in Paris and since then troops are always in the street. But now, their in battle suit, helmet and bullet proof vests, way to much weapon for my sanity, etc.

Cops did change also. They weren’t on a short leash before, but now they’re out for blood and revenge. Usually, even on the few forbidden protests I was at, there’s always a way to get out if you ask nicely, they will let you go without hustle – they’re basically filtering you to be sure you won’t sucker punch them, but in the end you can escape before they arrest everyone. But on the 28th of November, there wasn’t such a thing like a possible escape. They wanted to fight.

There was a public announce that unemployment was on the raise just before the COP21. And nothing in the government deemed important to say anything about it. I mean, they’re supposed to be socialists for fuck sake. They should at least says that they will work on a new way to count unemployed people, or that they will do something about it. But they only speaks about security. Mr Valls eve stating that "Security if the first of liberty" which, ironically, is a quote made by JM. Le Pen as a slogan for it’s presidential elections back in the eighties.

We have a socialist prime minister, defending a security only program, based on pricniple established by the far right movement.

That’s about the state of our politics in France. But don’t get me wrong, The FN is a bit worse than he PS in that he will actually do what they said they’re gonna do, and they plan to cut funding for planed parenthood (which depends largely on regional funding), and other nice stuff.

Politicians wants me to vote to block the National Front, in a national movement aganst fascism. But I won’t. I do not see the point on voting for a lack of response to social issues, just for the sake of protecting us against fascism. Politicians who enabled the police state, who are asking for a republican merge, who are saying that young people in teh suburb should cultivate themselves, who plans to bomb people in collaboration with Turkish, Russian and Syrian – all extremely democratic – governments, who reduce democratic life to vote, who won’t do a thing about the unemployment, wants my vote to oppose fascism?

You see my dearest friend, you asked me to look on the bright side. But it’s more than hard to do that. You told me that bitterness is like Beaujolais Nouveau. You can drink a bit of it, it can even be good – and I disagree on Beaujolais Nouveau being a good wine ever – but too much and it will kills you. Or hurt you.

I don’t know.

I work at La Quadrature du Net now. And I really try to avoid the repetitive self destruct pattern that leads me to chain burn out. Me or other staffers. Or you.

During the attacks on the 13th of November, I focused on the solidarity part of it. That’s what I’m trying to do. That’s why I keep informed on the Syrian situation by following the White Helmets.

But there’s something that is absent of our political life in France. We have traditional organisations who covers for themselves without caring about anything else than their way to power: syndicates, political parties. We do have old style NGO, advocating nd lobbying behind the scenes. We have radical groups who are busy fighting cops. But we do not have orgs who works on party. Militantism in France is a serious business. And if you’re not working yourself to death you’re doing it wrong. ANd you end up without anyone willing to take up the fight, to think on long term strategies, to federate smaller groups who exhausts themselves beyond repair.

And I hear you. I need to focus on the positive sides. So that’s what I’m trying to do. There’s some good stuff happening. LQDN is finally having a nice and more inclusive community – there’s a lot of effort to do, but it’s in progress. I’m working there to build tools to bother our deputies – piphone and similar stuff, provide tools to flatten the democratic process. Or at least to help the circulation of information.

And that’s my target. You said me that we’re in for a long fight. I’m not even sure we can win this fight, and the nihilistic part of me keep thinking that it’s useless. But since I try to not killing myself, I need something. If I can bother an intelligence officer, a head of office somewhere, deputies or senators, ministers or head of state that’s a win.

If, when they see us, in the press, or elsewhere, or when they hear about us those people think "Oh no … not them again … my day is now ruined" then, it’s a win. It won’t makes them stop doing shit, but at least, I’ll smile when thinking about all the pain they’ll get.

And in the meantime, we should try harder working with other small organisation specialised in other aspect of the fight. There’s a lot to do with queers, feminists, ant antiracist groups. And I really think that’s where I can help – beyond the purely technical point.

So, you see, I’m trying to stop sipping the bitterness part of things. It’s hard ’cause I’ve turned cynical/realist. And because I love the bitterness. But you’re right. I should stop drinking it.

I’m happy you’re here. Because at least I can talk to you. And there’s here also. This post is fucked up, and makes no sense. But I think it’s a bit like what’s the political life looks like. Socialist calling voters to vote for traditionalists.

It’s fucked up. But I’m gonna ignore that, because it’s useless and I can’t spend any more energy on that. I’ll focus on building things.

Fluctuat, mergitur

Fluctuat …

I don’t think I need to recall you the events of teh week-end. They’re, like, everywhere on the internet, just grab any website and get a deep look into it.

I did not personally suffered from the shootings and the death of those people. Nobody I know was there, and given my current mental state I kind of grew an emotional dampening for this kind of horror. So, except for the checking on people and the continuous anxious flow of data and information coming from the TV of the twitter, I’ve essentially gone through the events unaffected.

I did not join the spontaneous meetings – because I’m still having issues with crowd, and paranoid crowds are the worse – but we did celebrate a birthday in a bar Saturday evening. In one of the – usually – most crowded place I know to drink beers, which was almost empty. Unusual things happened, like strangers checking on strangers while crossing path in deserted streets.

But mostly, I’ve been through it untouched and unaffected. It’s hard for me to feel empathy and emotion those days, and when I’m not keeping them at bay, I’m learning how to induce and emulates them, in a not that much destructive way.

I’m getting good now at detecting thought patterns that lead to anxiety crisis, I’m able to decide with feeling I wanna run in my brain – more or less. It’s an extremely artificial process, but not everyone can manage their emotions as you do. Mine are tsunamis and typhoon destroying any bits of rationality I can have, and it ends up with me boxing walls until I broke my hands or drinking myself to the point I’m unable to feel.

So, I basically removed those feelings, and gone through the motion. Focusing on people helping each other, closing myself into music and drawings, stuff like that, because the anxiety provided by continuous access to information is just the worst thing that could happens to me.

I rode through the horror with detachment and cynism. I was thinking about all the work we – since I’m working at la quadrature du net right now – will have to do on the coming days to check up freedom and civil liberties. But besides that, I was okay.

And then, during the week-end, I’ve seen fluctuat, nec mergitur everywhere. The Paris motto. People were defending their culture of getting out and drink wine, and coffee, partying. People gathered around what has been – in their perception of things – under assault: the parisian way of life (and, as Jon Oliver said it – good luck with that).

And people were already falling into the us VS them trap. Stating that we – the one who party the one who get drunk, the one who don’t respect anything – are the good guys, and that anyone who would disagree with that are the bad guys.

But people’s heart is not at partying. Mine neither.


And then, there was the Congress. For the one not familiar with the French political institution, the Congress is the gathering of the senate and of teh parliament at the request of the President, and it is gathered essentially for Constitutional patch and updates.

Before that, our President established the state of emergency. Basically, it removes the Habbeas Corpus, and allow for administrative house searching – warrantless house search – among other thing (it also grants prefect of police the capacity of establishing a curfew, it stops the rights to gathering, and close most of public space).

And the president then made a discourse before the Congress. He said mostly three things. First that our freedom is partying and going to bars. Everyone seems to forgot that my freedom is also resisting to injunctions, or asking for respect. Second, that we must go in war against Daesh/ISIS. Which means that we need to sit at a table with Poutin and Obama to found a solution for the Syria crisis – meaning they will work with Assad. Third, he asked for a two month prolongation of the state of emergency and a patch of the constitution (especially the articles 16and 36)

And then, everyone in the assistance applauded. And sang the national anthem. In an extremely nationalist way. And no one was there to oppose that. Every single parties represented as basically followed the president talks about the state of emergency.

And everyne was happy, because we were told to party. We had to. To get drunk is now a sign of resistance toward the horror. And no one cares that no ones is actually trying to fix things. No one cares hat the state of emergency will be updated to account for "new technologies", no one said a thing about the Kurd and rebel in Syria that will get the heat from the French alliance with Russia in Syria.

And I could not stand this. I hoped that, for once, things will indeed go in the good way. But nope. Our freedom has been restrained to the freedom to party. And I’m down. Really. The city that could take anything, that’s proud of its stoicism is drowning.

And I’m crying. I’m crying because I’ll get used to it. In the end, you’ll get use to it. That’s the horrific part. I’m used to the military in the street, I’m used to the suspicion toward refugees and foreigners. I’m used to the fact that politician just don’t care. I’m used to be in pain. But I do not see the point of living.

If it’s just for the pain, then why should I? If there’s nothing but more pain incoming, what’s the point to even bother at standing up in the morning? I’m down the lane. I know how it’s induced. I should eat, I should take some rest. But I do not understand the point, I do not see it. The hope is a lie, there’s none.

GMail … seriously?

[[!meta description="""No, seriously, people are arguing that GMail is in fact a good choice to protect your privacy online. They might be on

GMail: why it’s not a good thing

This post is an answer to jbfavre post[FR], in which he state that – from a metadata point of view, your safer in the mass and so in gmail for instance than if you self host yourself.

In the conclusion he goes on saying that the best choice would be to hand over your mails to associations or small business – which I might agree (under specific concerns).

But he’s not the only one stating that your better with a gmail account than one on your own domain name. manhack and others are also arguing that GMail is best to evade the mass surveillance.

Those person suggest that using GMail, is simple and Google has a lot of cash to invest in security. They’re also trying hard to hinder NSA mass collection of data effort, but I think saying that using Google service is a good way to enforce your privacy is an intellectual bias.

I think this idea come from a misconception of what mass surveillance is. Mass surveillance is the intricate surveillance of an entire or substantial part of a population WP.

On the internet, the mass surveillance is done by a systematic collection of all data and metadata, their archiving and indexing and the fact that action and decisions are made on the results those data will show.

In France, there’s a specific concern because it’s now legal for our government to intercept all the communication and analyze metadata. Then there’s a fallacy stating that if we all use the same host and the same encryption, then it’s impossible for the state to know who’s talking to who and when; opposed to the case where everyone have its own host and its "relatively" easy to know who’s speaking to who and when.

It comes from the fact that, if I’m the only one receiving and sending mail from this computer, then you just need to get the TCP handshake to be sure that someone is talking with me. So it would be safer to have some kind of proxy somewhere, to mutualise those connections and to raise the cost of surveillance isn’t it?

Except that this answer is valid if and only if you have some conditions:

  • The proxy is not itself part of a mass surveillance system
  • The mass surveillance you’re trying to hide from does not go further than just getting the TCP protocol of your connexion
  • Your correspondent also use this sort of mass proxy, or it would be easy to know when he’s talking

So, let’s see what’s the case with gmail.

Is Gmail involved in a mass surveillance system?

The obvious reason would be yes. At least because they can be coerced by the NSA to provide data to the NSA. Even if their was actually few uses of PRISM, the fact that they’re forced by law to collaborate is not a good thing.

You would argue that it’s just the NSA spying on us, they cannot actually do things to you if your not a US citizen which is false. Because there’s at least the Five Eyes coalition, meaning that data gathered on you by the NSA will be shared with other agencies from other government.

Also, I think that saying that NSA mass surveillance has no effect in you is a lack of understanding of what are the impact of mass surveillance, I will not elaborate on that, others are doing that better than me.

But there’s also something else that I want to elaborate, and that we miss in the "governments are evil" stance. It’s the fact that google is collecting and analysing a lot of data. From your GMail data (and metadata) to your search, video historic, or even the blogs you read. They analyse those data and take actions – to present you more accurately targeted advertisement and search recommendation. Basically, they’re doing mass surveillance on their own.

Google is part of the problem. They cannot be a part of the solution to get out of mass surveillance. Sure, they won’t kill someone simply based on metadata you’ll say. But they’re doing something worse, they won’t expose you to information that they deems unrelated to your interests, and you won’t even notice it.

So yes, Google – and Gmail – is part of a mass surveillance system. They might not be collaborate willingly with governments, but they do it at least for their own profit.

Are the mass surveillance system only targeting IP traffic?

We know – since the exposure of a lot of the NSA nasty stuff – that a lot of government have the capacity to intercept traffic on a global scale. The fact that your traffic goes to a datasilo such as google ones, or goes to your own server at home makes no difference, they’re intercepted the same way. What would change is that they would need to get the email metadata from the email you send from gmail, while they do not need to decode them if everyone is on their own box.


They’re already doing that. Equipment setup to break TLS, intercept email communication and compromise your endpoint are already used. So they do not get any benefits to going for something lighter. If you send an email from gmail to another gmail account, those natsec agencies can already read it and extract the metadata they need.

And since stuff like Palantir, hacking team or gamma international are all known companies who are selling solutions to our government. Those solution are based on the infection of your endpoint (your smartphone, tyablet or computer) to not bother with breaking the cryptography of your communications.

After all, if they can read what is displayed on your screen, why should they bother intercepting your TLS connection to a hidden service in Tor?

So, thinking that, being alone on your node, is a compromise on your anonymity is apparently wrong. You do not add metadata to the collection they already have (they already get the headers of your emails, no matter what).

Also, there’s a last one that nobody thinks about. If everyone is on GMail, then you just need to compromise GMail to get all the ddata you need. Just one company. Yes, hacking into Google is something out of my personal scope, but if you’re willing to, you can dot it. It has been done by China before, and I see no reason for things like that not happening again.

Hacking into GMail is just an enormous prize, you get it you can really improve your intelligence. Especially if you stay undetected. Put all one’s eggs in one basket generally ends with an omelette. Even if it’s a titanium basket.

Applying this principle, I then need to have my correspondent apply it

Because communication is – at least – two ways, if you want to protect and hide a communications, you need to protect both ends of communication. So, applying this means that everyone should get a gmail account, because it’s safer for everyone.

I mean, You use GMail and I’m not. I’m running my own mail server. So, you hiding in the crowd does not works, because if I’m getting compromised – and since I do not have Google grade security – you’re being compromised too (after all, they’ll be able to get metadata of the mail you sent me).

So, for this fallacy to be true, you need everyone have a GMail account. Which will makes things worse because, hey, they’re part of the problem – as stated above.

Doing that is exactly than not encrypting data or using Tor because "it would looks suspicious". It does not. Protecting your privacy should not looks suspicious. If you think it is, then it’s kind of too late, you’ve already ate the states toxic memes of security. But let the ones who want to fight them do it.

No, Gmail, Yahoo, Facebook, Twitter, Microsoft or Amazon will not ever be a solution for privacy. They’re part of the problem.

However, there is one specific case where GMail might be a not so bad alternative: throw away mails (as suggestsed by OaklandElle. Besides that? No. It will not improve your privacy, quite the other way around.

Solutions? Stop the dragnet and mass surveillance. Which you can do only at societal and political level. And give a try to the [][] if you’re looking for self hosting, it works. Mostly. It won’t give you better security, but you’ll definetly have better control. And even if you’re still monitored by state, at least you won’t be monitored by an advertisement selling company.

[UPDATE] After talking with jbfavre on twitter, it seems that I didn’t understoof his point. He did not want to advocate for a massive use of GMail as a way of protecting yourself, but rather for small associative clusters.

I think that it’s a good option. Simpler for most people than going full self-hosting, and sufficiently decentralised to hinder the mass collection of data. It’s not the ideal choice – but then we cannot asks high risk people to have their data in their home where it will be seized by cops – but it’s I think a good trade-off between privacy, ease of use and safety.