PJL Renseignement … stop fleeing!

PJLRenseignement

If you haven’t heard, there’s an emergency law currently “debated” in France, which wants to legalize illegal practices from the Intelligence services (both domestic – DGSI – and foreign – DGSE) and gives them impunity, circumvent the judge, and goes to a massive discriminatory surveillance.

The hashtag is full of report of people opposing it (from Human Right defenders and NGOs to citizen collective such as LQDN to companies and business of all scale). So yeah, it’s the law NSA’s head is dreaming of.

There’s two issues I want to discuss at hand. Not sure how it’ll end, but here it goes. The first one is why fighting surveillance is – in my opinion – the wrong fight and the wrong way of doing it, there’s more to this than just surveillance. The second is about all the geeks and hackers trying to flee out of France, to move their businesses out of it and other “abandon ship” strategies.

Fighting surveillance

So, surveillance. As Quinn Norton and Eleanor Saita stated one year ago in their talk at 30C3, surveillance – in itself – is not inherently good or bad. Surveillance is watching, and – when you want to interact on something – you need to watch it. It’s hard to grab precisely something in the dark (you can do it, but it’s hard).

You need surveillance to expose corruption for instance. Or fascism. Or any wrong doing in fact.

So, the issue discussed is not – and should not be – the surveillance per se. The issue is that this whole process is secret, hidden, non documented, without control or regulation.

What does it mean? First, it means there’s an asymmetry in information. Something knows more about me than I’m able to know about them. What you do not know controls you, it means that this imbalance of power makes the state having more control over you.

It makes them able to act upon you on a discriminatory way. The gigantic issue here is that. It’s not the surveillance, it’s the lack of control. It’s the fact that no one is watching the watchers and have way to act upon them. What frighten me most in this law, are the wording used “secret defense”, “higher interest of the state”, “impunity for state agent” and things like that.

I’ve ranted on twitter about the black boxes that will be able to algorithmically identify threats. The thing is a lot of people lost sight of what an algorithm actually is.

It’s a parametric mathematic function applied to a set of data in order to classify information – or at least that’s what is intended in this specific use case. The magic words in algorithm, machine learning, classification system is just this: parameters. The way you choose your parameters will change the way you classify your data.

How many occurrences of jihadist related news you need to have in your browsing history to be classified as a jihadist? Hom many hours a day you spend in this chatroom? How many times a week you go there?

Those numbers – the one that we as citizens will never heard about – are political tools. The way you choose them, and why you choose them create classification of people and will make you decide who needs to be swatted or not. That’s where the ugliness begins. Those numbers will be chosen to discriminate people depending on their backgrounds.

I mean, they’re already discussing about exceptions for surveillance – especially for journalists – which means that they’re clearly lie when they say it’s an anonymous data collect, they’re already discriminating people based upon their traffic.

So, the surveillance is not the issue. Neither is the privacy. The issue is the lack of control. The issue is the absence of transparency. And stop fighting surveillance saying you have a right to privacy. That’s true, but then it enable politician to call for the “right to be forgotten” which will only help them evading justice.

The issue is that mass surveillance, done by an oppressive system is a tool of segregation and racism. Because in the French context where we do not speak about Arabs anymore, but only about Muslims (and in a way that makes people think that all Muslims are Salafists and potential terrorists), I’ll bet 2 BTC on the fact that they will be the one specifically targeted by this surveillance.

Same goes for the poorer of us. Who happen to be the ones who are not the white guys, who are also the ones who fight for survival and acceptance at all time. I’m quite sure that if the system catchs a white and rich guy, he will go in the false-positive trash and nobody will incriminate him.

So, stop fighting surveillance for the only sake of it. I should not need privacy in a non-oppressive system – that’s even how you determine you’re leaving in a non-oppressive regime: what you do and what you are cannot be held against you as long as it does not threaten the safety of someone else. But go fight the state implemented discrimination.

Don’t run away. Fight.

Which leads me to this other point. We – as citizens, as a collective – need to fight that. I refuse to abandon the ship. I’m witnessing a lot of data-exodus. People actively looking to host their data abroad. Commercial companies – such as OVH – are looking to build datacenter elsewhere.

I can understand why a company would do that. They would because they intend to respect the law. Because they do not want to risk their existence to protect their customers, so they’re running away. But the thing is, if you flee, then what will happen when the country you’ve fled to will also change their law and regulation? Flee again?

That’s not a sane way to do thing. That’s why we have civil society, to oppose the state, to try to restore a bit of balance in the power repartition. If you flee, you say to the state: you can do whatever you want, I just do not care about it.

If you’re a big company, which a lot of money, yes, it might have some power against the government, they will have to choose between reinforcing their power or keeping some jobs in the country. But, well, if the state initially wanted to defend their citizens best interests they won’t be trying to deprive them form liberties, right?

So, fleeing will only preserves you. And, well, you’re still a French company, with offices in France, so you still need to obey the law. OK, you’ll be somehow outside of the DGSI reach. But your customers won’t, since they’ll still be in France and they’ll still connect to your infrastructure from France, from inside the Dragnet. Which, basically won’t protect them and can even gave them a false feeling of security – which is worse.

What can you do? It’s time to protect your customers, your users. The people who’ve put trust in you. You do have a choice – and it’s not an easy or simple or risk-free one. You have to choose between taking care of your users, and actually hold the promises of security you’ve done to them or obeying the law. That’s call civil disobedience and yes, you can end up in jail. But you’re not alone, and a legal defence fund is something you can create or ask for help.

Yes, it might seem easy to say. But that’s what I intend to do with my project. Providing tools for activists and militants groups who need them. In a way that will try to preserve most of their privacy. I do not intend to respect the law to do that. I do not intend to hide myself.

Hosting data for other people is a political statement. I’m sick of hearing people asking for a country where they could safely hosts their data. You can do it wherever you want, if your government has decided to jail you, they will be able to do it – wherever your data are. What we need is not a list of foreign hosters who are out of the French territory and jurisdiction, what we need is a government who actually protects us, not themselves. What we need is actually to take a stance.

Privacy café, camp, cryptoparties et al is good and nice, but it does not solve the main issue. When are we really going to show those who’re in charge who actually is? When are we really going to send them a middle finger?

Do not flee. Do not let them scare you. Fight back. Federate. Protect the

My depression

I’m depressed. It’s quite obvious if you look at it from the symptom part. But I’m still reading or getting comment from people who thinks it’s just a small blues – like a Monday morning blues when the week-end is done and you’ve got to get to work.

It’s like saying that the small bruises you got for falling of your bike is the same thing that getting your leg rip apart without anesthetic or – if I believe what women told me – deliver a child.

First thing is you do not live with a depression. I do not live. Living implies being able to project yourself in time. The closest thing I found about this state is stated by Buffy. In this part of the show she’s obviously depressed, she’s just going through the motion.

My depression takes this form. Time is just irrelevant, I’m stuck into the now and go forward or look backward. It’s not apathy, because apathy doesn’t removes you the capacity to make a difference between next week, yesterday and next year.

This has insidious effect. For one, I’m unable to move forward. I cannot just going better because it implies to project myself into the future. Happiness is an alien concept and I do not see the reason to live. It’s absurd and it has no point, in the end I’ll die. I could as well kill myself, it would not change a thing.

Another thing is that my depression is not a lack of feeling. It’s quite the opposite. Anticipation – meaning something I know will happen in the next few hours – generates anxiety attack. Those attack manifest by an unability to think and sort my thoughts, shacking, craving, loghorea, headache. I have pills to take to calm this down (Valium).

I feel. A lot. Too much. Reading a mail I slightly disagree with will makes me burst into rages. Picture or news of protesters shot by cops will makes me cry and fall in a near catatonic states. I’m only nerves and I can react violently to someone who touch me – even if it’s someone I love.

That’s called exhaustion of emotional bandwidth. Where non depressed people have a way to manage, delay and rationalize their feelings, I have lost this ability. This is because I have something in my brain – Serotonin neuro transmeters who don’t catch the Serotonin – that makes me in a perpetual state of stress and hypervigilance.

I’m scorched and even the lightest of the wind hurts like hell. There’s no end, no light at the end of the tunnel. I’ve got no memories of happiness – that’s another aspect of this thing. I can have some joy, some people can makes me smile. But it does not last. Soon, it’s another wave – or tsunami

  • of feeling that come and overwhelm me.

So no, I’m not living with a depression. I’m drowning into it. I take drugs to help me, they gave me some buoyancy. Friends keep trying to maintain this buoyancy. But there’s always the calm of the abyss down below, under my feet. One day I’ll stop fighting and I’ll drown into the abyss.

I won’t be at peace, I’ll cease to exist, feel and think. And from my point of view it’s like heaven. It’s the end of the line. End of the pain. And it’s

Libertarians

Context

So, I receive queries for people wanting my point of view on various things – ok no, on internet and surveillance, privacy and stuff like that, they do not consult me for issues like climate change and the like. So my email adress is like public data, and people finds me.

It’s not always easy, because there’s a lot of people out there wanting to do a subject on “hackers” without more precision. You need to asks them a lot of things, help them to understand that “hackers” in not a precise enough subject and that they should focus on a specific problematics. And then you need to know the media who’s asks for the job, especially when you’re dealing with students in journalism.

Speaking of student in journalism, I try to be available, to answer them or to put them in contact with others more suited to answer their specific questions.

That’s why this one is a tough one for me. Because it puts me in front of a paradox. I always thought that convincing people needs to talk to them. I inhereted that from Telecomix, and I tried to do it on each occasion. If someone as an angle that I disagree with, then it’s probably because one of us (at least) is missing a point somewhere, and it can only be solved by more discussion.

However, I know the media behind the query. And they’re known to pose hackrs as sociopath who are after your credit card. They capitalize on fear, not on information sharing, and I tried twice to get around that and it did not work.

Hence this blog post. It’s the email I shoud probably write to this person, but I think it might be beneficial to have it somewhere more public. Name are changed, and no metadata of the original mail. Traduction is mine.

Questions and answers

Hello Okhin

Hey Mat,

I’m 19, and I’m writing and embodying a TV documentary in which I try to prove to my parents generation that, no, I did not abandon my privacy, and that Internet is more than a simple tool for my generation.

Cool. Sounds like a good project and I agree that your generation didn’t abandon their privacy, even if you – and I – spent a good part of it online. And I couldn’t agree more on the fact that internet is not only a tool, it’s a form of communication that enables a lot of different form of societies.

I’m focusing on the problematic of Digitals Native freedom, close to the freedom concept of the libertarian (like Larry Page, Elon Musk …) who emphasize the freedom and happiness of the man. My generation is not Foucault’s one, meaning a generation institutionnalized from childhood to retirement, but the libertarian’s ones, building a new world of economic collaboration in a reinvented society.

I’m not a libertarian. Libertarian – at least in the French way – are basically asking for total freedom for corporations (either single person company of worldwide megacorporations). Libertarian choose to inforce economic freedom over social ones.

And you do it also. You’re not speaking about the social aspect of internet, how Internet did change the balance of power between egemonic corporations, states and citizen. No, the aspect you’re focusing one is the economic one. Larry Page and Elon Musk are probably visionary, they did help to build a non-sentient AI, and to fix part of the way we exchange money.

But they’re building a world for an elite. We’re still below a tird of the worldwide population connected to the internet. Worse, most of the countries not connected to it are currently exploited by neo-colonial corporations to exploit them in order to build all those gadgets we use everyday to make our lives easier.

The world for those libertarians is a world where the weak can’t exist. I do agree that economic freedom might help – wel, economy is clearly not my strong suit – but we’re elaving in a world where companies – through Lobby group – actually pass law and can sue states under secret trade agreement.

For me Internet is a social tool. It can helps connect people, build communities, strengthen social link, and get a better understanding of the world. It can helps people throwing away a governement, organise dissent, but also to have care and help of communities members.

Yes, it can be used to build “new” economic system – altough libertarians are around since before Internet so I really do not think a totally free and unregulated market that will have no other purpose than justifying its existence and not to support mankind is something that exited long before the internet (since the first industrial revolution I’d say).

And I do think that the biggest mistake pioneer of the internet did back in 1990-ish is to allow advertisment network and monetization system to get a foot on internet. It certainly fast-tracked the “massive” adoption of internet, but it also give way to much power to those few groups who earned a lot of money selling those advertisment to take control of data – and part of the infrastructure.

I’d rather have an internet build by a community and for communities – using taxes and yes a state – the purpose of state is to maintain wellfare and infrastructure for all people not to govern.

It will be embodied documentary for the mainstream audience.

Currently, I’m focusing on a different angle. I think that I could make a stronger point if I speak about code. “Code is Law”, while showing that conding nowadays, is having power. What I wrote here is EXTREMELY narrow, but I try to know more on this subject (for instance [A state TV] is interested by my project only if I develop this part) and to have a good grasp of the issue. I also need time to immerse myself into this culture.

So, you want to basically say that hackers – people who codes and understand it – are an elit and that they’ve seized control of the world? It might be true (there’s currently an elitism in this so-called hacker community which is an issue), but I try to oppose it as much as I can.

That’s why there’s free software. Free software exists to ensure that no elit could be left in charge because they’re the only one to know how things works. That’s what’s in the hacker manifesto after all, And in every things that hackers do.

And also, if you really need to code to use a system, then you should need to build a car to drive it. You should need to know agronomics to eat vegetables. Even if I do admit that all those exampls are true, there’s a big issue in it, it states that we are born with all the same capacity. Which is false. Prejudicies, handicaps, social stigma, life accident, all these can lead to someone not being able to code. Or to understand how a car angien works, or what are the implication of eating meat instead of vegetables on the global scale.

You cannot asks to a single mother of three to learn how to code to use a system. And still, she can use it. And that’s a good thing. If you make code skill a requirement to use internet then internet is no longer a tool for emancipation, it became a tool of oppression. I want my communities to be inclusives. I want care takers in my communities. And I think internet enable that. And I really think you do not need to code to do that. Or to send enrypted email – or at least you shouldn’t.

So no, I will not say that code is a requirement to live in our world. Even if the french governement currently thinks that we need to teach kids to code instead of – for instance – criticism, building a thinking process and giving thel the key to explore and understand the world they live in.

I’ve came to see you with the director at a conference you made and we really liked your way to explain the issue 🙂 [This is a reference to this talk]. In this case, with our documentary we’re clearly speaking to “old farts” who tries to graps the issues of the Internet world. It’s kind of rare to be able to get this mssage out on the television even if it done – it’s true – simplistic approach (the young connected person that I embody, etc …).

Yeah, well, since you’re condescending with your audience I have big issues. Also – and you’ve probably never been confronted to that since you’re a young documentarist – a national TV will never let a positive message about internet get broadcasted.

I mean, I’ve tried twice. I got burned, I stop. If you think you can do it, then go for it. But you really should stop considring that people who aren’t conencted to the internet or who doesn’t see it the same way you see it do not live in the same world than you. They have a different culture, but you both share the same world. And excluding them from it won’t give you a better world, it will give you a world where you’ll be in power.

So yes, I could have accepted to meet you, but I will not. You can go see a lot of people, for instance Stéphane Bortzmeyer can probably deals with the “code is law” part. But I will not because I disagree with a lot of your ideas.

I hope you’ll find some answers in this post, and that it will raises some questions.

I wih luck in your project.

Back Online

Last year (or so)

For the last year, and a good part of the year before, I was working for a NGO: The International Federation of Human Rights as an ICT manager. Which – for anyone who ever worked as an operational engineer in an NGO -implies doing way to much work. From helpdesk to help to write reports about internet censorship, from system administrator to webmaster, from training activists during clandestine mission to training officers to use free software. It requires adaptabality, skills and an iron will when it tuns to defend free software on a daily basis.

I learned a lot of things there. Working with interesting people doing advocacy for human rights in the whole world brings a lot. Passionat and dedicated people. I learned what human right are and why they’re important. I developped a lot more cynism than what I previously had – and yes, it means a lot more of cynism – mostly due to some way of realism. I developped a better comprehension of how diplomatics and economics intertwined themselves.

I also learned that you can eshift extremeley fast from defending rights to defending your interests. I see egos destroying interesting project. I witnessed personal interests taking over principles of humanism. I was confronted more than once to paradoxes – for instance people advocating for right for the worker in asia and begging for Apple computers.

I also leraned a lot about me. For instance that I’m not meant for help desk. It’s too much stress and it makes me wanting to rip the throat of people with my teeth. I ended more than once a phonecall for support in a state of almost blind rage and needing to go out and walk or hit something. Or crying. I discovered that I probabaly developped a traumatism by being exposed to too much videos and pictures and texts about horror in the world. I had at least two diagnosed burn-outs in those 15 months. And I did anxiety attack on the job – not because we had attacks on our infrastructure, this part of the job is the kind of pressure I do manage.

I’ve been diagnosed with a severe depression, and for the last two month (or so) I’m now under drugs to keep my mind out of the suicide path he wanders on.

Off the grid

My contract is now over. And believe me, it was a great experience and I do not regreat it at all. I cannot afford to continue working like that though and I needed a full month off the grid.

No talks, no interviews, no code no nothing, not going to the hackerspace. Just playing video games (so in the last month I’ve done Dragon Age Inquisition, Mass Effect 1, 2 and almost the three, Saint Rows the Third and Saint Rows 4, Shadowrun Returns: Dragonfall) and watching movies and tv shows.

And sleeping (10 to 12 hours a day, thanks to melatonin). I’ve spent a lot of time inside my flat with my bunnies and getting out only for food – and the occasional social event with two or three people.

I’m still in this kind of state. Stuck in the present, unable to get outside and to walk into the world o to project myself into the future. I’m witting this from the café down the street, and it took me at least a full week to find the motivation to get there and write this (and read my mail).

So yeah, I was a bit off the grid. Off the world. I used part of this time to think about what I’m going to do next. I cannot imagine doing a job which is not inline with at least some of my political views, which blacklist most of the startups and comapnies I know.

I cannot work for other association or NGO because they will have the same issue and need for a five legged sheep as an ICT person. That rules a lot of things out.

Back online

So, I have no other choice but to find a way to pay the bills and to try to contribute to fight for a world with a bit more fairness in it. The thing that most collective lacks is a way to manage their online data.

Most of them relies on youtube – for instance – to upload their videos, exposing wrong doings and the like. Or use a centralized web services for managing their emails or to share documents.

Most of those collectives have other priorities than to learn key management, or to maintain a dedicated servers. It can even be illegal or dangerous for some of them. When reaching out to a foreign journalists or tweeting about your givernement can have you locked up in a jail without trial, you do not have the time to learn GPG, or how to host a website in TLS.

But this is things I was doing for the last year (and the years before with the telecomix crew). It’s something I wrote about, and I’ve been running cryptoparties for a while.

Also, there is a lot of projects promising about privacy and security of communications. Most of them needs that someone runs a server with the code and maintain it. Which is out of scope for most of the organisation and collectives I know – heck even the nation-wide newspaper here barely have the ressources for it.

This is what I’m going to do. I’ll try to find a way to earn my life with that, but the idea is to provide a mutualized solutions for individuals and collectives who cares about privacy and security. Using only free software, and contributing to them. Providing email, chat, storage and syncing, hosting made for those groups and individual.

I’ll need some help at some point, but the goal is to build a small company which can thrive on it. So yes, it will be a service you’ll have to pay for. Some services will be free – mostly the one that requires few ressources and works – but running server have a cost.

And I do not want to pay that cost with the data of my future users. Or with advertisement (which is the same in the end).

So, I’ll try to start that. I’m doing a lot of thinking and writing about it. Of course I’ll disclose everything about it.

Crypto parties.

Once uppon a time

When AsherWolf coined the term Crypto Party, there was an actual need for a specific part of the population to get trained to use encryption tools. We were in the middle of all the revelation of censorship done in the Maghred dictatorship and dictators were thrown out on an almost weekly basis.

I started to do them with journalists. I got in touch with Reporters without borders and we set-up some session to train a specific part of the population: journalists, field activists, netizens – as RWB keeps calling them.

This is where I learned a lot about GPG/PGP, the advanced use of Tor and of full-disk encryption. Doing those workshops and training did helps me to taught myself how thsoe tools works, what is operational security and threat modelling. I still have a lot to learn on those topics, but that’s how I started it, and that’s also why I did run the first CypherPunk workshop at Le Loop hackerspace.

I did’t have the idea at the time that it will works so well. Then Snowden makes me not a paranoid guy anymore. Things gets crazy, mass-media were screaming on loud that there’s no way you can have privacy online, that rogue agencies were going after each and any of us and everyne gets paranoid. Not careful, paranoid. Everyone lose focus on threat modelling.

Cryptography became hype, I heard speaking about Tor, LUKS, and other things on TV and in the press. I did my share of speaking to journalists, learning how the media works on the field, I did makes mistakes in communication, but in the end I tried to get the message that yes, there’s privacy issue, and no, crypto-geeks aren’t the one with the solution but citizens – people in fact – are the one with solutions.

The local cryptoparty group kept growing. People I used to train were now the trainers, and that’s fracking nice. We gathered more and more people, we tried to get out of the hackespace and to go meet people, creating the Privacy Café, in local bars, with diverse people with all their own problematics.

How we failed the people

And we basically failed them. I once wrote about the Responsability of teaching because I thought we were missing a point. When we set-up those workshops, we have a responsability toward the people who’ll eventually come. We need to give them all the necessary key to understand the problematics, we need to reassure them because most of them are not in a case where they face being jailed by a governement due to a tweet they sent.

The thing is, I wanted the crypto party to be able to function without a central person. Also, I was going through – and I’m still into it – a big depression so I needed to take some step out of things I’m doing, so I let it go its way, because I think it’s the only sane way to do things.

Also, I was growing tired of doing all the same workshops. I wanted something else, playing with new tools, learn new things, experiments new paradigms.

And I think that doing those workshop is not thesolution. I learned that a bit late maybe, but having time to go to a workshop, with your own hardware and a will to develop new skills is a privilege a lot of people cannot afford, I’ll send you to this blog entry wrote by a pop star doing infosec for reference: [A story about Jessica][1]

And fear of internet was more and more used as a teaching tool. And Fear is clearly the worst tool to use if you want people to learn. And I witnessed the militarisation fo the languages which bugs me. A lot. I even done a conference on this topic because we need to not scare the people away from the internet, or the Internet will die and we really need to be inclusive.

And being inclusive means we need to provide security by default. And it means, we need to build network and protocols who’ll take care of that. And that’s one point of strong disagreement with a part of the team. Some of them think that if you’re not able to run command line tools, then you do not deserve to be protected. They think that an interface to a tool necessarily implies a weaker security.

I do agree with that, command line tools with all their flags, are the best way to have a crypto disaster for instance (yes, command line IS an interface). The thing is, we do have some tools with good cryptography AND no interface at all (or almost no interface at all). For instance the Tor Browser Bundle. You launch it, it connects, it disapear and you’ll never hear about it and still you’re connected to the privacy network – and if it can’t connect you can’t use it therefore you can’t put yourself at risk.

Yes, Enigmail – and PGP – is a mess. As well as everything that’s based on key management. For one part because key management is about identity, and a lot of people want anonimity – so no identity – also because no one knows what a good key management solution is. The interface sucks, because the tool it’s based on sucks.

And we could build a mail solution where GPG will disappear, working more or less like TLS, with a warning when the key looks weird, or when youhave no encryption. But we – as the crypto party collective – prefers tell people they’re not good enough to use cryptographic tools.

Well, in fact I stopped teaching GPG in the cryptoparties. I prefer have them use OTR for instance, and install XMPP servers everywhere I can, with strong TLS setup, and have them configure OTR to autostart. It works, they do not even need to worry about it (except the color of the OTR button). Neither they need to worry about authenticate (some people might – depends on the threat model) their contact.

But still, I do have a lot of issues with this attitude I see in this group of people that they know best, they do not question their knowledge. They use fear as a tool, they think that you need to work to deserve protection not that we – as experts, geeks, technicians, whatever – need to build a community oriented and driven network of people with anonimity built at its core – yes, it’s supposed to be what internet is.

And that brings me to this tough issue, wether I should continue working on cryptoparties, or try to do something else. I think it’s easy to quit, to let them be. It’s harder to try to do something with the people who are willing to, and to move forward with them. But there is things in what they say that makes me thinking that we do have a gap in what we want to do with those cryptoparties.

Not being inclusive, not understanding the principles of privileges and discrimination, using fear and militarisation of your vocabulary. All of those are no go for me. And I did not find a way to discuss about that yet, tried the mailing lists but git no answer, tried to meet AFK, but no answer either.

So I’m wondering, maybe I should stop fighting for that and quit. Give the admin access to the lists for them to go the way they want to go and start something else. It’s not easy, but maybe it’s a failure.

I should probably just quit.

Fuck Privacy

Privacy … Really?

What’s privacy? It’s quite easy, it’s everything that’s not in the public space. But public space is the reflect of our society. What you see in the public space, is the reflect of the society.

That’s exactly why cities try to hide homeless people, or – at least – send them in places where people won’t see them. To display something that is better than the reality. To hide things that would be shameful. To hide their failure or what they think is not proper.

And this is the main issue regarding privacy. What people are expecting to keep for themselves is what is judged by other as "non proper" or "inconvenient" or "indecent". What you’re supposed to keep private are the things that do not conform to someone idea of proper behaviour.

Privacy is not chosen, it’s enforced. It’s enforced by a dominant and oppressive system, whatever it is. Most of the people have nothing to hide. And that’s probably true. They have nothing to hide, because their behaviour is the one that follow the dominant moral code, the dominant comportment. And then, what they’re doing doesn’t interest anyone else but them; and I’m not saying they’ve got shitty life they just have a life similar to the life of everyone around them.

But if you’re not on this side of the world, then people will ask you to keep things in private. To behave. To not expose yourself. To not claim what you are.

When you says to someone to keep things private, you refuse their right to be.

And that’s why privacy sucks. It sucks when you asks my suicidal and depressive trans-gender-fluid friend who express themselves on social space to keep their pain for themselves because it’s improper. It sucks when you asks my friends to hide their love because they have the same gender while you’ll expose your heterosexuality without being ashamed. It sucks when you says to a woman whose body has been exposed that she should have keep those pictures private or that she should be ashamed to dare exposing herself.

You’ll say that you have a right to privacy. Except that people going fine, tells it – whatever the consequences on their neighbour or friends. Except that male genitals are basically exposed everywhere without consequences for them while a nipple is indecent in the public space – which means that having a female body is something that you should be ashamed of. Except that you can demonstrate your affections to the people you love while me or my friends can’t because we should keep that private.

Privacy is Censorship

In the end, privacy is censorship. It’s an argument used by oppressors to force oppressed people to conform to an oppressive form of society.

Asking to someone to be decent, discrete or to conform, is forcing them to behave, to not express themselves. To not define themselves. People who should have privacy, are the ones who do not conform to your vision of moral. It’s women, queers, sex-workers, porn actors and actress, etc.

And this is a form of censorship. And censorship is the oppresser’s tool. And it sucks. I oppose censorship not because of freedom of speech, but because of freedom of self-determination. I need words to define myself. And by censoring them, by forcing me not to use them, you remove me the possibility to define, to exist in the public space.

If you do not have the words to define an idea, then you can’t formulate this idea – that’s the whole purpose of novlang in 1984.

The interesting part of that is: if you need a law to censor something, then this something is named and then exist. It’s like in Inception (the movie), where the character played by Di Caprio states that:

If I want you to think about elephants, I just have to tell you not to think about elephants.

(And now, all my readers re thinking about elephants)

For instance, the word nigger/nigga has been used to discriminate against afro-american people. But some of them used took back control of this word, and reappropriate it to define themselves. They use it to define themselves. They exist because this word exist, and yes it leads to discrimination but it has a name and then you can fight it.

You can’t fight what you can’t name. And forbidding the use of specific speech do just that. It makes groups and communities unable to exist. Censorship doesn’t protect minorities. Freedom of self-determination does. Yes, it means that you’ll have hate speech. And yes, hate speech should probably be sanctioned in some way. But you must be able to discuss it.

If you cannot discuss racism, or fascism, or sexism then you can’t fight it. That’s why most of the teachers – at least not the creationist one – do oppose censorship.

But … Privacy is a human right?

Yes it it. It’s written in the UDHR and it’s the 12th article. The thing is, this declaration is not directed to citizen. It’s not meant to be implemented by them. It’s directed toward state, and it’s supposed to be what they should do, and to protect citizens from states – the way constitutions do.

And, for the sake of the argumentation, I’ll quote it here:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attack.

It basically state that you shouldn’t asks me to behave. To keep things private. To be decent. That you shouldn’t attack my honour or that I shall not be treated differently by the state – hence the society – for what I am.

The privacy defined here, is the one that you use to shelter yourself from discrimination of states or oppressive groups. It’s the survival mechanism one should not need to use, but sadly exist because there’s enough bigot out there in the world to threaten your life – think being openly gay in Uganda for instance.

Privacy in this context is a shield. However it disable you the right to being seen as what you are. It removes you the right to be. To define yourself. It’s a crappy shield, but it can makes you living.

And that’s why it’s important to be able to activate some sort of shielding, because you can go in jail for that. Or being killed by fascists. And as a human you have the right to protect yourself.

But if anyone else can define themselves in the public space, and if I can’t, if you ask me to be decent, you’re basically denying me the right to exist. You’re violating this 12th article that you claim to defend. And you’re doing that because you do not need privacy.

On the internet, being a white hetero cis-male means that you really do not need privacy. You won’t be ashamed because you had sex. Or because you exposed your body. Or because you demonstrate affection to the person you love. Privacy isn’t of any use to you, because you’re on the privileged side of an oppressive system. You won’t be beaten up because you were indecent. Or non-conforming to the society.

So, no more Privacy?

No. Sadly, we might need privacy. As I said beforehand, it is a shield from repression. Shielding yourselves is, however, denying what you are. It’s validating the oppressive society you’re leaving in.

If you want to fight that, then you need to abandon your privacy. Because you need to publicly exist. Also, that’s how you’ll find support among people going through similar issues. That’s how you can fight oppression. By existing in the public space, not only in the private space.

And if you do not belong to an oppressed party, then you do not need privacy, for you’re not going to be assaulted just because of what you are or think. You do not have privacy because it interest no one, because you’re in the "normal life" area of the world.

So yeah, we must fight for people being able to have a privacy. Because they could die if they have not. But no, you can’t asks me to being decent. Or to keep things private.

Fuck it.

Falling

Waking up.

Awake. Or not entirely. I’m still lost between both state, asleep – and no, it does not imply dreams for I do not remember them – and awake. Somewhere something is ringing to try to awake me.

I’m craving. Craving of data. I need to chck what happened for those hours I was asleep. I’ll skip breakfast. I can’t make them at my place anyway for I have nothing to prepare them. I do not even have something o brew caffein out of beans.

I’ll be late, but I have to feed on the data feeds. IRC. Mails. XMPP. Twitter. I’ll go through all of them before being awake. That’s how my processor will be booted up. And it’s not pretty, witnessing massacre or picture of dismembered bodies is something regular.

I used to think I’ll never get used to it. That the horror will still starts something into my guts that would makes me puke, but no. Not anymore. I do not feel anything when seeing those.

I’ll go across a stranger’s face while looking in a mirror. An alien face. Someon people saw on TV or elsewhere. I know it’s me because I do remember doing those tats and this non-consistent hair cut. But I do not recognise me. And yes, if you wonder, I may have trouble finding me in a picture.

This whole body is mine but alien to me. Not that I hate it. It’s just alien. Foreign. I’m not used to it and I do not remembr everything that happened to it.

I’ll survive my bike ride through my city to get at work. Processing a lot of data to avoid being hit by other more or less defined objects on the road. It happened once, but besides a lot of pain and some bruises, I survived.

At work I’ll be going from log analysis, to data strealm analysis, to behavioral anaylisys. I’ll eat a lot of horrible event without them hurting me. Not anymore.

It used to horrify me. Witnessing mass murdering, systematic anihilation of mankind. Now I just soak it. I’m not able to soak the help desk though, and it generally makes me angry. And causes a lot of stress.

Scar tissue

I’ve never been good at expressing feeling. Or at feel for what it worth. It’s getting hardr those day. While working here, I’ve done – at least – one burn out in less than three month. I’ve been through way to much riot, massacre, arbitrary arrest and video or picture of those than I can recall.

All of those wounds have healed. My mind is patched by so much scar tissue that it is mostly scar tissue. I have less and less emotionnal bandwidth. I can’t stop eating data or my mind will enter an endless loop of morbid thought.

I tried different hacks to stop that. But none of them works. I’ve hit wall until my hand is broke. I’ve drunk too much. Way too much. Friend of mine once told me "Addiction starts where feeling stops." Feeling stopped a while ago, not the flow of alcohol. I’ve tried being to exhausted to be able to think. It does not works either.

Now I’m eating data. Analysing them. Trying to makes sense of it, and talk about it with people. Friends. I spend most of my wake time to do that. I’m more and more like a computer, a machine. A sentient one, but a machine.

Reading. Analysing. Forwarding. Loop over it. Endlessly.

The more the days go, the more I’m turning into that. I do not eat healthy food. I’m stuck in bugged routine. I’m not enjoying doing stuff as much as I used to. My life is now, mostly, data consumption and anlysis.

No more emotionnal bandwidth makes me itchy. I fail at perceive irony and humor most of the time. I’m entering each and every battle without self-preservation. I know what emotional pain and distress is. It can’t hurt me now.

And yes, I’m falling. The saying is "hitting the bottom", except there’s no bottom. Only dark and infinite abyss.

Mechanisation of my brain and alienation of my body are survival mechanism. A machine can’t feel. A machine can’t be hurted. So I’ll do it. Again. I’ll be that guy with a strange haircut, with some strongopinion on a lot of things, that’ll do the show into the media. Show must go on. And at least, it’s something consistent.

Dancing through my tears

Sometime, a buffer overflow occurs. A crisis. Generally triggered by something benign – for instance the loud bass of the opening of a concert. And I burst into tears. No idea why, it just happens.

I tend to think that’s yet another survival mechanisms. And I’ll dance through it. I’ll dance on my wrecked self. There’s nothing left of me. Nothing to be rejoiced about me. When I look back I have nothing happy. My father stoled my few happy childhood memories.

I manage to grew without leaving trace around me, without leaving anything that someone would use to hurt me.

The last ten years where a bit better, but I’m not able to see happiness in them. – not that I was not just that I’m not able to see it. I’ve been part of things other finds amazing, but it killed me.

What has been seen cannot be unseen they said. And it’s true. When my mind wanders I’ll always go back to the thing I indirectly witnessed the past three years.

But this is a lie. All of this is. I feel. I do feel the pain. I’ll leave conversation because someone hit me with a knife – a metaphorical one. And I’ll choke on it for two days, keeping me awake, trying to process the data. Trying to understand why it hurts so much. Discovering new area where I still feel. New fights to get involved into.

Love and Rage

I want to crush skulls. To hits things with my bare hands. To let the rage I feel going away with the pain. Last time it happens it was in a concert, it felt good. My head was empty and fuck, didn’t happened in a while. It last for few hours, but yes. It was good.

I miss those area in my life where I can let go. Now, even the street are space where people expect me to conform myself to something I’m not really. I need to find space for that.

It became harder to open myself to people. And the paradox is that I want to spare people I love and who loves me, and that’s how I killed my previous relationshisp, by shielding myself, by not talking about me because it’s fucking scary.

I should take care or me. I should accept this alien body, this alien me. I just have no idea of how to do that. I should listen atthe people who gave me advices. But they do not work. I’m not able to keep my brain down, or I’ll be surrounded by ghosts and morbidity.

I’m only able to love, that’s what’s left of me. That’s what I more or less kept to myself. Everything else is linked to thing I have no control over.

Fuck You

Once uppon a time

I used to be called a geek. A nerd. A no-life. Whatever. It used to be associated with people who didn’t want to socialize the way high school and society asked them to do.

It used to be people who were refusing what we told them what a boy or a girl should be, should act. It used to be people who were extremely interested by scientific topics, weird mathematics, role playing games, video games, computer science.

It used to be nice people who were chatting online, exchanging data, helping each other – or anyone who gets in and asked for help.

I wasn’t really proud of it, but at least it was something that was usefull for me at some point, I knew what I was. I wasn’t only an outcast.

Things change

But now, people grew old. Those geeks became adult, got in charge of things, and being a geek became something cool. It was rapidly identified to a man with tech gadget (like iPhones, and other useless shiny stuff) who are adept of a specific sub-culture (implying mainly commercial things).

And new people came in. And are still called geek because they spend time online, because they play video games, etc. Those people developped a false feeling of persecution. Prefering staying in their so-called community, they started to chose who was good enough to be a geek.

They are bullying, assaulting, stalking, chasing online and offline people who are saying them they’re doing someting wrong.

Basically, they act like 4 years old to whom someone asked to stop playing games and go eat with the family. Except 4 years old do not send SWAT team to rivals, do not harass women who are part of the industry – industry whoch provide the games they plays to – to the point they have to leave their house or their jobs, they do not hunt celebrities online for years to find nude cpictures of them and asks ransom for it before publishing them, they do not insult those victim once the picture shave been published while masturbating themselves on those pictures, once again to have them leave what they think is their.

They think the internet is their own things. They are destroying the community that once was inclusive (ok, and weird, and not that easy to understand) by turning it into a … I don’t know … mutually masturbating circle of elitists jerk?

Fuck You!

So fuck you. I refuse to be assimilated to you, a geek. You stripped that of me, you forced me to reject what used to be part of me, part of my culture. You can choke on your masculinist ego.

As long as you prefer hating people I love. As long as you think LGBTIQ people, women, or other are inferiro and can’t be part of your group or can’t access your culture, by using extremely violent means, including harassment, threats and other things like that, I can’t be called like you.

You do not deserve it, but you took that from me.

I may have changed recently, I may have discovered my bisexuality recently. But I’m still fond of RPG, Comic books, video games. But I cannot be called a geek. Not anymore.

So fuck you. You, your hate of what’s not like you, your syndrom of persecution, your conservatism, your etricked mind. I’m not like you. I do not want to be considered like you.

You’re destroying the privacy and the life of other people. I try to give them tools to help have privacy and a safe online life.

I’m not a geek. Not anymore. I can’t be.

Make Datalove Not Cyberwar

Note This post will be in French, since it’s what I used as notes for my talk at Pas Sage en Seine 2014 in Paris.

Make Datalove

Internet n’est pas un territoire

Internet n’est pas un territoire. Un territoire est un espace géographique et implique l’existence de frontière ou de limite quelconque. Or Internet est une machine hybride composée d’humain et de machines, connectées sans limite de par le monde – ou presque – et créant à l’infini de l’information.

Internet est infini. En tant qu’espace d’information et donc de culture, il n’a pas de limite. L’ensemble des mèmes peuvent cohabiter sur Internet, sans jamais épuiser les ressources d’Internet.

C’est en fait beaucoup plus proche de la notion d’espace mathématique que de territoire géographique. C’est un ensemble composé de cultures, d’idées, de mèmes, d’informations – au sens de la théorie de l’information, et qui repose sur la libre circulation de celle-ci.

Internet is not broken

En tant que système d’échange d’information, Internet fonctionne parfaitement. Il ne garantis pas la confidentialité des échanges, ni la sécurité des machines ou des personne, mais il garanti que l’échange et, l’accès à l’information est possible. Il garanti également que n’importe qui ou n’importe quelle machine peut s’y connecter, le seul pré requis est simplement de parler IP. A aucun moment il n’est demandé une preuve de confiance ou d’identité à une machine, ni n’est éxigé autre chose que de parler IP.

Internet fonctionne parfaitement. Il fonctionne même tellement bien qu’il y a plusieurs milliards de personnes connectées. Il fonctionne même tellement bien que partout dans le monde – ou presque – des personnes de tout milieu social, de toutes cultures, de tout niveau d’éducation, s’en servent pour communiquer.

Et je dis ça en ayant conscience de parler à un évènement où, sur 61 conférenciers, il n’y a que 5 femmes – et une seule à un talk où elle est seule à parler. Et en sachant parfaitement que des continents entiers ne sont pas présents sur Internet, ou que l’accès aux machines permettant l’accès à Internet reste encore trop souvent un privilège des classes sociales supérieures.

We are

Ce qui est cassé ce n’est pas Internet. Ce qui est cassé c’est nous. Les barbus auto proclamés gourous des internets, cyber hactivistes, hackers, sysadmin et autre. Ce qui est cassé ce sont nos égos, nos réactions de sociopathes nihilistes face à un problème politique et social. Ce qui est cassé c’est notre absence de réaction politique, imbus de nous mêmes que nous sommes et confortés dans notre idée que nous sauverons le monde grâce aux machines.

Nous n’avons pas besoin de CaliOPen ou de mailpile. D’OTR ou de GPG. De libre ou open SSL. Nous n’avons pas besoins d’appel à prendre les armes ou de nous écrire des lettres. Nous n’avons pas besoin de dire aux gens que s’ils ne sont pas capables de faire de la crypto et de la gestion de clef correctement alors nous ne pouvons pas les aider. Nous n’avons pas besoin de l’attitude arrogante qui consiste à penser que tout le monde est capable de comprendre la documentation que nous ne sommes pas capables d’écrire.

Certains d’entre nous veulent changer le monde. Et c’est une bonne chose. Certains veulent un monde dans lequel les communications sont par défaut ultra sécurisées, établis entre pairs de confiance, et avec la possibilité d’exclure les nœuds dangereux pour le réseau de manière permanente et selon un consensus autoritaire.

Ils partent du principe que la surveillance de masse, effectuées par les états nations ou corporatistes, est une violente atteinte à la démocratie et à la vie privée et que, de la même manière que le pair à pair permet l’échange d’information de manière décentralisée, fluide et sans autorité centrale, la protection de la vie privée et de l’intimité ne peut se résoudre que techniquement.

Pourquoi pas, mais réfléchissons y deux minutes. Si nous voulons reconstruire un réseau qui garantisse la sécurité et la confidentialité des communications, cela veux dire que nous ne pouvons communiquer qu’avec des nœuds approuvés par le réseau. Cela implique – entre autre – que tout nouvel arrivant doit prouver qu’il est de confiance.

Fini l’arrivée sur le réseau Internet par la simple attribution d’une adresse IP. Il va falloir prouver que l’on est "trustable". Il va falloir prouver au reste du réseau que l’on est bien comme il faut. Que la machine utilisée est sûre, respecte la dernière norme du protocole, et dispose de matériel ne compromettant pas l’intégrité du réseau.

Vous imaginez une société basée sur cette norme? Seules les personnes pensant comme il faut, n’ayant pas d’idée dangereuse, ne compromettant pas le consensus, ne remettant pas en question l’ordre établi, seraient autorisées à faire partie de la société, les autres seraient contraintes à un exil, à un isolement forcé?

En gros, vouloir un réseau de communications entièrement fiable et sécurisé, empêchant toute interception de communication, et dans lequel il y a des garanties que le message est bien délivré à son seul destinataire, reviens à créer des réseaux soit déconnectés les uns des autres, soit inutilisables par des personnes non encore connectées au réseau, ou ne pouvant pas se permettre une connexion. Cela reviens à créer une élite qui seule décide de qui accède au réseau et comment.

Une élite qui aurait le pouvoir de choisir qui doit se connecter et qui ne doit pas se connecter, basé sur des critère qu’elle est seule à formuler et comprendre. Je n’appelle pas vraiment ça un système démocratique. Du moins ça l’est encore moins que celui du fonctionnement actuel d’internet.

Make Datalove

Alors oui, il y a des problèmes. L’espionnage massif de la population par des états corporatistes ou nationaux – parce que ne croyez pas que c’est la NSA l’ennemi. L’asservissement volontaire au cool et le "choix" d’abandonner ses libertés au profit d’un objet. La réduction de la sphère privée et de l’intime, souvent sans en avoir conscience.

Mais ce n’est pas un problème technique. Le journalisme d’investigation n’a jamais su faire de l’OpSec, pas depuis le Viètnam. Ça ne l’a jamais empêché de faire son boulot. Les manifestants et activistes du monde entier utilisent des outils non sûr pour communiquer, mais ils communiquent et s’organisent quand même – peu importe qu’ils aillent en taule. Le problème ce n’est pas tellement de les protéger, ils prennent de toutes façon des risques monstrueux.

Le problème c’est de combattre les mèmes de la sécurité, de la peur, de l’espionnage. Et ce n’est pas avec plus de sécurité qu’on y arrivera. IL suffit de voir les différents ratage de la surveillance. Si on attrape pas telle personne en dépit des caméras de surveillance, c’est qu’il n’y en a pas suffisamment, il faut en rajouter, ce n’est pas parce que le système est inefficace.

Le problème c’est que ce n’est pas quelque chose qu’un outil logiciel résoudra – aussi bien conçu soit il. Même si on était capable de créer des systèmes de chiffrements point à point qui ne nécessitent pas d’intervention de l’utilisateur et que l’ensemble des bibliothèques logicielles sur lesquelles ils se baseraient soient exemptes de failles – ce qui est impossible – il resterait toujours le problème de la surveillance des communications périphériques, de la compromission des terminaux ou des utilisateurs qui iraient coller sur Facebook le contenu d’une conversation privée.

Le problème est politique et il ne se règlera que par une ou plusieurs solution politique. Il est temps que cette élite auto proclamée de barbus des internets redescende de son arbre à chat d’ivoire et aille au contact de celleux qui utilisent Internet, de celleux qui mènent des combats pour leurs droits à eux, mais aussi aux autres.

Il est temps d’arrêter de croire que des ordinateurs et des câbles vont sauver le monde. Déjà, parce que Internet ce n’est pas que des ordinateurs et des câbles, mais aussi les personnes qui s’en servent. Ensuite parce qu’il y a encore énormément de zone dans le monde où ces câbles n’existent pas. Enfin, parce que tant que l’on s’agite uniquement sur le net, et qu’on ne se sert pas des outils créés et utilisés par d’autres groupes militants, cela n’inquiètes pas les super puissance. Il faut arrêter de défendre nos droits sur internet, il faut défendre nos droits tout court, sur les territoires que nous occupons.

Et nous ne sommes pas seuls. Nous avons inventés des moyens d’actions efficaces – ou pas – qui permettent de créer du momentum médiatique, nous avons testés d’autres façon de manifester, mais nous sommes restés entre nous. Les groupes de défenses des droits – ce que l’on appelle la société civile au sens large – existent depuis avant Internet. Certains sont entrés dans la danse et utilisent merveilleusement cet outil social, d’autres non.

Nous espérons quoi, que ces groupes qui ne comprennent pas cet outil que nous avons construit, formé, déformé, et avec lequel nous faisons parfois des trucs géniaux viennent spontanément s’en servir comme nous l’entendons et fassent ce que nous voulons que ces groupes fassent? Ces groupes, mouvements, ont une histoire de militant. Ils se sont souvent formés dans la douleur et ont tous inventés des façons différentes d’agir. Ils savent comment ils veulent militer, ils expérimentent de nouvelles façon de résister. Qui sommes nous pour leur dire comment ils doivent défendre leur cause?

Ce n’est pas à eux de venir vers nous, c’est à nous d’aller vers eux, d’écouter ce qu’ils ont à dire, leurs histoire, leurs outils, leurs problèmes et les solutions qu’ils ont trouvés pour les résoudre. Au lieu de râler que tel groupe utilise gmail, allez les voir, allez discuter, allez échanger. Ils ont des trucs à vous apprendre. Et peut-être que ce n’est pas si grave qu’ils utilisent Gmail au final ou peut-être que vous pourrez démarrer un cluster avec eux etd ‘autres groupes qui se partagerons des ressources techniques et qu’ils se passeront de Gmail à terme.

Nous n’avons pas pour but d’être le centre de support des activistes. Et ils n’en ont pas besoin. En revanche nous savons tous qu’internet est fondamental pour la liberté d’expression, de communication et d’organisation. Nous savons tous que cet outil social peut transcender les frontières, les différences de classe, de langue, d’origine, de religion et autres pour construire de belle choses.

Et c’est notre devoir à nous, utilisacteurs d’internet, hacker ou pas, barbus ou pas, hipster, geeks, nerds ou pas de défendre cet outil. Et c’est notre devoir à nous en tant qu’être humains de défendre nos droits, et cela ne peut se faire qu’en défendant les droits de tout le monde. Avec tout le monde.

Télécommunisme et Cryptoanarchisme

Le Télécommunisme consiste simplement à cinsidérer le réseau physique comme un bien commun. Non pas le contenu, pas Internet, mais le net. Les réseaux, les fils, les signaux, les données. Pas les gens qui s’en servent, mais le réseau.

C’est penser qu’il n’y a pas nécessairement besoin d’un consensus pour le faire fonctionner, du moment qu’il fonctionne. Bien sûr les standards et autres RFC sont nécessaire, comme tout organisme complexe, les différentes parties de cet organisme ont besoin de discuter entre elles, de connaitre leur statut et de pouvoir s’adapter à des défaillances locales. Certains organismes ont choisit la centralisation dans des centres nerveux, d’autres distribuent ces centre nerveux – insectes, céphalopodes -, d’autres enfin collaborent carrément avec des organismes étrangers afin d’assurer leur survie – siphonophores.

La "gouvernance" du réseau n’existe pas. Il y a certes quelques organes qui pensent avoir réellement de l’influence, mais globalement le réseau fonctionne parce que des personnes mettent en commun leurs compétences et ressources pour que cela fonctionne. Il y a même des allumés qui remettent le réseau en route quand les organes officiels le coupent localement.

Nous sommes capable de gérer un des plus gros outils de communication comme un bien commun. Sans avoir de gouvernement, sans s’embêter des heures à prendre des décisions, sans se soucier non plus de l’utilité des actions entreprises. Nous gérons pour tous ce réseau, qui est l’épine dorsale de l’Internet et qui permet à tout ces cerveaux de s’échanger des informations.

La Cryptoanarchie est une théorie mathématique qui établit que si l’ensemble des communications sont chiffrées, il est impossible de distinguer le bruit et l’information dans le signal. Et donc de détecter une communication, ou d’en intercepter une.

Pour que cette théorie fonctionne, il faut que les outils de chiffrement soient massivement adoptés. Et tant qu’ils ne le seront pas, il n’y aura pas de cryptoanarchie. Penser que, parce qu’un outil existe, il est utilisé est une erreur. Il faut que l’outil soit le moins invasif possible, non désactivable, documenté et libre, et qu’il puisse fonctionner sur toutes les plateformes auxquels cet outil est destiné.

Tout ce qui amène à avoir juste un groupe de gens seuls capables de chiffrer, qu’il s’agisse de gouvernement faisant usage de lois de régulation de la cryptographi, d’entreprise déposant des brevets sur les techniques de chiffrement ou usant de logiciels propriétaires, ou d’une bande de nihiliste qui ne veut pas faire d’interface utilisable par tout le monde reviens au même.

Seuls une élite est capable de chiffrer et donc de se protéger. De créer une asymétrie dans l’information en étant seuls capables d’avoir des secrets, et donc d’obtenir un pouvoir sur toutes les autres entités non capables de chiffrer. C’est ce que l’on appelle le crypto fascisme.

Et je suis inquiet quand je vois l’attitude d’une partie de la communauté hacker ou de la scène infosec. Quand certaines personnes envoient balader des débutants et des débutantes parce qu’ielles n’ont pas comprises la documentation pour installer ou configurer certains outils.

Oui, nous autres, peuples des intertubes, sommes parfaitement capables d’appliquer le Télécommunisme, de gérer de manière décentralisée, et intéressante, l’un des systèmes les plus complexe jamais créé par l’homme. EN revanche, nous nous plantons dès qu’il s’agît de fournir à chacun les clefs nécessaire à son indépendance, dès qu’il s’agît de permettre à chaque individu de pouvoir se débrouiller seul, il y a beaucoup moins de monde.

Alors que justement, Internet est à propos de l’émancipation, de la prise de conscience et de pouvoir nécessaire à chacune et chacun pour pouvoir essayer de créer son monde comme il l’entend. Internet est plus qu’un bien commun. Il repose sur un bien commun, mais il est au-delà de ça. Il permet la création de nouvelles formes de société, de nouvelles formes de médias, de nouvelles formes de communications.

Et si l’on se contente du Télécommunisme, si l’on se contente de la Cryptoanarchie, alors nous ratons quelque chose. Il faut se poser la question de l’application de nos modes de gestions technique à nos modes de gestions sociaux. Nous avons inventer des outils qui permettent des échanges non commerciaux, qui permettent de vivre de sa passion, qui permettent une transmission d’info gigantesque. Et nous voulons sacrifier ça pour aller faire la guerre?

Not Cyberwar

Je suis peut-être un bisounours mais

Je pense qu’utiliser les mèmes de la guerre n’est pas nous rendre service. Une guerre c’est une territorialisation. C’est l’instauration de frontière, de limitation de ressources, et à minima de l’occupation de celles-ci par une puissance quelconque.

Parler de guerre, c’est admettre une territorilisation d’internet. Ce qui permet de le découper, de le balkaniser. De créer des clouds souverains, des réseaux nationaux et autre genre de chose qui ont pour but de casser le flot de donnée, de créer de plus petite entités plus facile à contrôler, plus indépendantes des autres, sans lien facile entre elles. Et personne ne veut ça. Personne ne veut que la circulation de l’information soit contrôlée, que ce soit par un gouvernement ou une autre élite technologique.

Arrêtons l’appel aux armes

Il est donc temps d’arrêter l’appel aux armes. D’essayer de réparer ce qui n’est pas cassé, ou de vouloir réparer ce qui est cassé au-delà du réparable. Refusons la sémantique guerrière. Nous ne sommes pas des cyber guerriers. Nous ne vivons pas dans un cyber territoire. Nous n’avons pas de cyber armes, ou de cyber gouvernement. La guerre est un jeu qu’on ne peut gagner qu’en refusant de participer.

Vous voudrez sans doute parler de guerre asymétrique, de guérillas. Mais ça reste de l’épuisement de ressources, ça reste de la guerre, de l’occupation, de la destruction, de la raréfication de ressources. Arrêtons de parler de cyberguerre. C’est complètement destructif et contre-productif.

Nous ne sommes de toutes façon pas une armée, si nous en étions une, nous aurions une chaîne de commandement – elle peut très bien être décentralisée – des uniformes, du recrutement, des opérations. La création et la mise en place d’une armée, consiste de toute façon à créer une élite. Ouip, Anonymous ressemble à une armée. Du moins, de l’extérieur, cela ressemble à une armée. Certes décentralisée et distribuée, mais une armée quand même. Ce n’est pas tout Anonymous, nous savons bien que cela est pus complexe, et que cette armée est plus une image médiatique construite pour valider la cyber guerre, et donc la territorialisation du net. Et donc son occupation.

Mais pire encore, vous savez pourquoi les US et l’UE s’engagent dans tant de conflits? Pas pour défendre les intérêts des peuples. Mais pour justifier les budgets accordés aux entreprises privées qui leurs fournissent du matériel, des munitions, du renseignements. Pour pouvoir ensuite bénéficier de juteux contrats de reconstructions.

Si vous voulez jouer à la guerre, vous devez avoir des moyens vaguement équivalent à votre adversaire. En soldat, en armes et/ou en argent (ce dernier permettant de régler les deux autres). En face, nous avons d’une part des états nations paranoïaques qui ont plusieurs milliards de dollars à consacrer à ça, et des entreprises qui reçoivent des budgets toujours plus gros. Vous croyez vraiment qu’avec nos logiciels libre et nos seules valeurs nous sommes capable de gagner une guerre contre eux? Même une guerre asymétrique? Vous êtes naïfs à ce point?

Snowden, ce héros

Et vous savez qui profite le plus des révélations d’Edward Snowden? Non, ce ne sont pas les citoyens. Sinon, les organismes de surveillance auraient été remis sous contrôle des citoyens et on commencerait à avoir des procès. Non, ce sont les entreprises privées qui vendent de la sécurité. Pas les entreprises US, mais les entreprises UE. Les vendeurs de sécurité.

Ils ne prospèrent que grâce aux vendeurs de peur. Si vous n’avez pas peur, vous n’avez pas besoin d’acheter un système de sécurité. Or nous sommes ceux qui parlons le plus de sécurité. Il faut de la sécurité pour avoir une vie privée disons nous. Il faut plus de sécurité pour se protéger de l’espionnage massif des états. Il faut plus de sécurité pour se protéger des botnets chinois. Il faut plus de sécurité… Toujours plus de sécurité… Tout en sachant que cette sécurité est impossible à atteindre.

Nous faisons le lit des entreprise privées, de groupes transnationaux et extra territoriaux ne cherchant qu’à vendre encore plus de sécurité et donc de peur. De groupe ne pouvant être traduit en justice, collaborant pourtant à des crimes de guerre. Bien entendu, il y a des procès, contre des entreprises. Les actionnaires ne seront pas inquiétés, les patrons de ces entreprises ne seront pas personnellement mis en cause et – si jamais c’était le cas – ils seront remplacés par d’autre. Quoique fassent ces entreprises, tant qu’elles gagnerons du pouvoir, elles continuerons de le faire. Sans être inquiétées.

Cette course à la sécurité, en plus d’être vaine, ne mène qu’à de la paranoïa. Les ennemis sont difficiles à déterminer, à distinguer, du coup tout le monde travaille pour eux. Dans un climat ambiant de paranoïa et de défiance, il devient impossible de faire confiance à des inconnus, il devient impossible de travailler avec eux, il devient impossible de lancer des mouvements nouveaux, de trouver de nouvelles manières de militer, de défier les puissances et d’essayer de les mettre à genoux.

Vous vous souvenez de ce qui a fait le succès de l’internet? Le fait que n’importe quelle machine puisse se connecter et participer au réseau sans aucun pré requis autre que parler IP. Nul besoin de faire confiance, ou autre, il suffit juste de se brancher. Alors oui, il y a des choses malicieuse qui trainent sur les tubes, mais au final assez peu en rapport à toutes ces idées qui s’échange, à tout ces mèmes culturels qui se font et se défont, à tout ces mouvements sociaux qui s’organisent et font parler d’eux grâce à ça.

Utiliser les mèmes de la sécurité et de la guerre au sein de notre communauté, c’est devenir paranoïaque. C’est refuser que quiconque, peu importe son bagage technique, ses origines culturelles, ses connaissances du monde, puisse venir nous parler si ielle n’a pas été validée par une chaine de confiance reconnue.

Et à chaque fois que vous envoyez un méprisable RTFM, ou STFU NOOB à quelqu’un – ou un girls don’t code – c’est exactement ce que vous faites. À chaque fois que vous laissez quelqu’un quitter votre groupe parce qu’ielle ne s’y sent pas bien, c’est exactement ce que vous faites. À chaque fois que vous refusez – consciemment ou non – d’inclure quelqu’un, de débattre et d’échanger avec cette personne, c’est ce que vous faites. A chaque fois que vous refusez de prendre une position qui favoriserait l’inclusion, c’est ce que vous faits.

Croire qu’il y aura un éveil massif de la population et que tout le monde sera capable d’utiliser un terminal afin de chiffrer des mails à grand coup de ‘gpg –armor -e -r 0x00513947’ c’est se mettre le doigt dans l’œil. Profond. Cette prise de conscience massive n’arrivera pas. Et vous savez pourquoi? Parce que nous sommes suffisant. Parce que nous pensons que nos combats sont plus important que les autres. Parce que nous pensons qu’il est plus important de pouvoir chiffrer ses mails en toute confiance que de défendre les droits des femmes, des minorités, des queers. Que nous pensons que l’espionnage massif de la NSA est plus important que le changement climatique et que toutes celles et ceux qui ne sont pas d’accord avec nous ne sont que des fous dangereux inconscients qui remettent en question nos libertés.

Appel à ouverture

Ce qu’il nous faut c’est arrêter de nous comporter en sociopathe. Nous nous plaignons tellement des gens qui ne reverse pas au Libre, mais nous que reversons nous aux autres? Des outils fonctionnels, sûrs et ne mettant pas en danger leur vie ou leurs organisations? Non. Nous ne leur apportons pas de soutien, nous préférons leur lancer des ordres en leur disant qu’il n’y a de salut que dans la crypto end-to-end.

Nous sommes persuadés que les outils actuels et le plus sûrs possible – et oui il en existe – sont utilisable par la majorité des gens, à condition de lire et de comprendre une documentation nécessitant un bagage technique assez énorme. Quand la documentation existe, est traduite, est disponible. Et ces outils sont donc inutilisables, donc non fonctionnels. Et donc du coup, les "autres" n’utilisent pas de crypto, et nous les considérons comme stupide et ne méritant pas notre précieux temps, nous sommes tellement meilleur qu’eux.

Sauf qu’internet n’est pas à propos de la crypto. La vie privée et la sphère intime sont à propos de crypto, la vie publique – des états et des puissances gouvernantes – aussi, mais ce n’est pas internet. Les lanceurs d’alertes n’ont pas attendus GPG pour faire leur travail. Les journalistes non plus. Si nous voulons changer le monde – et en tant que partie du monde nous nous devons de le faire – ce n’est pas avec de nouveaux logiciels ou protocoles que nous le ferons.

C’est en appliquant à nos structures sociales, nos communautés, les mêmes principes que ceux qui permettent à internet de fonctionner. Gratuité d’accès, facilité d’accès, ouverture à tous, confiance par défaut. Donc de s’ouvrir. Et pour s’ouvrir, il faut faire plus que juste dire "Hey, viens et poses toi là". Il faut faire en sorte que celleux qui veulent venir se sentent accueillies.

Oui, ça veut dire faire des efforts pour arrêter d’être paranoïaques, imbu de soi, ou simplement des connards. Mais en fait, en supprimant cette couche de paranoïa, cette suspicion par défaut, les choses deviennent moins stressante. En permettant à toutes de pouvoir participer et d’inclure tout le monde, nous augmentons aussi les diversités, nous ajoutons des mutations à nos mouvements cellulaires, nous pouvons découvrir de nouveau moyen d’actions, découvrir de nouvelles problématiques, se développer, construire des liens forts, développer une communauté, un groupe social qui partage réellement et qui prend soin de lui.

C’est ce que fait la Quadrature dans une certaine mesure en travaillant avec les engraineurs ou Act’Up sur certaines problématique. Et tout le monde y gagne.

Cela nécessite d’accepter que des personnes ne comprennent pas et ne comprendrons pas ce que vous faites. Cela nécessite d’aller contre des certitudes, des choses qui paraissent évidentes, de voir ce qu’il se passe ailleurs dans le monde.

Internet n’est pas un territoire, c’est une somme de conscience collective. Mais nous avons des territoires à défendre. Nous avons besoin d’Internet pour les défendre, mais nous devons les défendre. Allez parler aux autres, invitez-les. Écoutez-les. Si ielles ne veulent pas venir, demandez vous pourquoi. Souvent c’est parce qu’ielles ne se sentent pas bienvenue, pas inclus.

Et c’est généralement parce que personne ne règle le problème des trolls. Des antisociaux qui ne cherchent qu’à détruire les communautés, à maintenir le statu quo, à rester "entre couilles". A vouloir absolument avoir raison. Le climat qui règne sur nos listes de diffusions, canaux IRC, lieux "ouvert" n’est pas forcément serein. Sous prétexte de la liberté d’expression, on laisse tout dire sans conséquences, on laisse nos communauté se diviser, exploser, ne pas exister, refuser les autres.

Non, je ne demande pas la censure ou la régulation. La liberté d’expression existe et est importante. Mais la liberté n’a de sens que si elle est exercée en groupe. Notre liberté de pouvoir vivre ensemble est bien plus importante que la liberté des trolls d’exister impunément.

Il est peut-être temps d’arrêter de se comporter en nerds sociopathes, et de commencer à se comporter en activistes. Parce que les activistes de terrain ne nous attendrons pas. Ils refont déjà le monde, avec ou sans crypto de la mort. Avec ou sans sécurité. C’est quelque chose que vous ne pouvez pas empêcher, que ce soit au Bahrein, en Espagne, aux États Unis ou en Ukraine, des activistes sont arrêtés et torturés, peu importe qu’ils aient ou non utilisés des outils de chiffrement fort.

Ce qui est sûr en revanche c’est que le territoire dans lequel vous vivez, est défendu par des personnes que vous feriez bien de rencontrer. Parce qu’elle changent le monde et ne vous attendrons pas. Si vous ne voulez pas vous retrouvez limité à un rôle de barbu grincheux, de geek associal, de nerd nihiliste, de hipster branchouille, il serait peut-être temps de s’y mettre, d’inclure tout celleux qui veulent venir, et d’aller voir les autres.

Promis, les cannibales n’existent plus. Nous avons mangé le dernier hier.

GMX, Security and Privacy.

[[!meta description="""Yet another story about why you need to hide things from the rest of the world, and why commercial company can’t help you with

Once upon a time

I have this friend – Milou. She’s going to be a good journalist, and she worked a lot for NGOs during her studies. Hence she travelled a lot. As a NGO worker and apprentice journalists, she travelled in … hmmm … interesting places, and a country in particular – let’s call it Zoukinistan.

You’ve probably heard about Zoukinistan, it’s one of these countries the US – and part of EU – are at war with, and where those almighty democracies^Wpowers tried to create a Democracy they own.

So, this woman was going there, doing a job of getting in touch with local activists, reporting human right violations, doing journalisms, stuff like that. And she met there a lot of interesting people.

Not all these people are on the side our governments are comfortable dealing with. Not necessarily warlords or fundamentalists either. They probably just don’t want any more foreign interferences in their country. Yeah, the ones governments probably call terrorists. Or enemies. Or just those who want to expose corruption of their US backed government.

So, as a journalist, she maintains contact with those. No one knows when the next things to expose will blow up. And since she’s quite aware of all the NSA doing nasty things on US hosted servers – essentially trying to graph people in contact with this kind of activists – she goes for a non-US based email provider, and a free one.

And then GMX entered the dance.

Since Milou knows me, and since I worked a bit with her, she uses Tor, OTR, and free softwares. And I think she understands why it’s needed, and why she needs to protect her sources.

So, she created an account on https://gmx.com and used the webmail using Tor, naively thinking GMX – being a German company – would protect her communications.

It appears that GMX is part of United Internet, a German holding which also owns 1&1 and mail.com. And they own 7 datacenters in the EU and the US according to their about page. So they have data on US soil, under the Patriot Act – and you definitely don’t want to have data there if you try to protect sources from US Gov. But nothing says that the former French Caramail they bought and became part of gmx.com is hosted there – in fact, and for strict latency reasons, I think they’ll leave it in EU soil, just to have good performances.

Anyway, let’s put those considerations aside for now.

So, Milou and her friend exchange emails using GMX. I’ll skip the fact https is not enabled by default. Or that they implemented it quite late between servers – after all, Google did it only after NSA had leaked a nice post-it – it’s not really that important since, after all, all emails are probably stored in clear text on a corporation server.

However, Germany, home nation of GMX, is involved in military and security mission in Zoukinistan. We also now that NSA did infiltrate German Internet companies and that the German secrete services do cooperate with NSA.

And then the Milou’s GMX account has been closed for security reasons. Since the IT support doesn’t provide any details and that I could not find anywhere on the net anything related to closing of the accounts if used via Tor – even if they made it hard for anyone to do so – and given the lack of security on their side, I think that it must be read as national security reasons.

My guess is that GMX has been required to terminate this account because it represented a threat to national security.

The interesting part would be to know which nation asked for it. Could be France (Caramail which became GMX.com was French after all), US since they would not like my friend to chat with a terrorist or the German wanting the same thing.

I don’t know. Hard to find evidence when the tech people in the company refuse to provide any. And that’s weird. They could have pretended some unusual traffic came from Milou’s computer – unusual meaning in this case via Tor and Ubuntu – or that they detected some attack and the account had to be terminated, or anything else.

But no, they just "can’t answer", won’t provide any email backup, nor even any support. I don’t like drawing conclusions without facts, but it really seems like someone read those emails and have GMX close this specific account.