Fuck Privacy

Privacy … Really?

What’s privacy? It’s quite easy, it’s everything that’s not in the public space. But public space is the reflect of our society. What you see in the public space, is the reflect of the society.

That’s exactly why cities try to hide homeless people, or – at least – send them in places where people won’t see them. To display something that is better than the reality. To hide things that would be shameful. To hide their failure or what they think is not proper.

And this is the main issue regarding privacy. What people are expecting to keep for themselves is what is judged by other as "non proper" or "inconvenient" or "indecent". What you’re supposed to keep private are the things that do not conform to someone idea of proper behaviour.

Privacy is not chosen, it’s enforced. It’s enforced by a dominant and oppressive system, whatever it is. Most of the people have nothing to hide. And that’s probably true. They have nothing to hide, because their behaviour is the one that follow the dominant moral code, the dominant comportment. And then, what they’re doing doesn’t interest anyone else but them; and I’m not saying they’ve got shitty life they just have a life similar to the life of everyone around them.

But if you’re not on this side of the world, then people will ask you to keep things in private. To behave. To not expose yourself. To not claim what you are.

When you says to someone to keep things private, you refuse their right to be.

And that’s why privacy sucks. It sucks when you asks my suicidal and depressive trans-gender-fluid friend who express themselves on social space to keep their pain for themselves because it’s improper. It sucks when you asks my friends to hide their love because they have the same gender while you’ll expose your heterosexuality without being ashamed. It sucks when you says to a woman whose body has been exposed that she should have keep those pictures private or that she should be ashamed to dare exposing herself.

You’ll say that you have a right to privacy. Except that people going fine, tells it – whatever the consequences on their neighbour or friends. Except that male genitals are basically exposed everywhere without consequences for them while a nipple is indecent in the public space – which means that having a female body is something that you should be ashamed of. Except that you can demonstrate your affections to the people you love while me or my friends can’t because we should keep that private.

Privacy is Censorship

In the end, privacy is censorship. It’s an argument used by oppressors to force oppressed people to conform to an oppressive form of society.

Asking to someone to be decent, discrete or to conform, is forcing them to behave, to not express themselves. To not define themselves. People who should have privacy, are the ones who do not conform to your vision of moral. It’s women, queers, sex-workers, porn actors and actress, etc.

And this is a form of censorship. And censorship is the oppresser’s tool. And it sucks. I oppose censorship not because of freedom of speech, but because of freedom of self-determination. I need words to define myself. And by censoring them, by forcing me not to use them, you remove me the possibility to define, to exist in the public space.

If you do not have the words to define an idea, then you can’t formulate this idea – that’s the whole purpose of novlang in 1984.

The interesting part of that is: if you need a law to censor something, then this something is named and then exist. It’s like in Inception (the movie), where the character played by Di Caprio states that:

If I want you to think about elephants, I just have to tell you not to think about elephants.

(And now, all my readers re thinking about elephants)

For instance, the word nigger/nigga has been used to discriminate against afro-american people. But some of them used took back control of this word, and reappropriate it to define themselves. They use it to define themselves. They exist because this word exist, and yes it leads to discrimination but it has a name and then you can fight it.

You can’t fight what you can’t name. And forbidding the use of specific speech do just that. It makes groups and communities unable to exist. Censorship doesn’t protect minorities. Freedom of self-determination does. Yes, it means that you’ll have hate speech. And yes, hate speech should probably be sanctioned in some way. But you must be able to discuss it.

If you cannot discuss racism, or fascism, or sexism then you can’t fight it. That’s why most of the teachers – at least not the creationist one – do oppose censorship.

But … Privacy is a human right?

Yes it it. It’s written in the UDHR and it’s the 12th article. The thing is, this declaration is not directed to citizen. It’s not meant to be implemented by them. It’s directed toward state, and it’s supposed to be what they should do, and to protect citizens from states – the way constitutions do.

And, for the sake of the argumentation, I’ll quote it here:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attack.

It basically state that you shouldn’t asks me to behave. To keep things private. To be decent. That you shouldn’t attack my honour or that I shall not be treated differently by the state – hence the society – for what I am.

The privacy defined here, is the one that you use to shelter yourself from discrimination of states or oppressive groups. It’s the survival mechanism one should not need to use, but sadly exist because there’s enough bigot out there in the world to threaten your life – think being openly gay in Uganda for instance.

Privacy in this context is a shield. However it disable you the right to being seen as what you are. It removes you the right to be. To define yourself. It’s a crappy shield, but it can makes you living.

And that’s why it’s important to be able to activate some sort of shielding, because you can go in jail for that. Or being killed by fascists. And as a human you have the right to protect yourself.

But if anyone else can define themselves in the public space, and if I can’t, if you ask me to be decent, you’re basically denying me the right to exist. You’re violating this 12th article that you claim to defend. And you’re doing that because you do not need privacy.

On the internet, being a white hetero cis-male means that you really do not need privacy. You won’t be ashamed because you had sex. Or because you exposed your body. Or because you demonstrate affection to the person you love. Privacy isn’t of any use to you, because you’re on the privileged side of an oppressive system. You won’t be beaten up because you were indecent. Or non-conforming to the society.

So, no more Privacy?

No. Sadly, we might need privacy. As I said beforehand, it is a shield from repression. Shielding yourselves is, however, denying what you are. It’s validating the oppressive society you’re leaving in.

If you want to fight that, then you need to abandon your privacy. Because you need to publicly exist. Also, that’s how you’ll find support among people going through similar issues. That’s how you can fight oppression. By existing in the public space, not only in the private space.

And if you do not belong to an oppressed party, then you do not need privacy, for you’re not going to be assaulted just because of what you are or think. You do not have privacy because it interest no one, because you’re in the "normal life" area of the world.

So yeah, we must fight for people being able to have a privacy. Because they could die if they have not. But no, you can’t asks me to being decent. Or to keep things private.

Fuck it.

Falling

Waking up.

Awake. Or not entirely. I’m still lost between both state, asleep – and no, it does not imply dreams for I do not remember them – and awake. Somewhere something is ringing to try to awake me.

I’m craving. Craving of data. I need to chck what happened for those hours I was asleep. I’ll skip breakfast. I can’t make them at my place anyway for I have nothing to prepare them. I do not even have something o brew caffein out of beans.

I’ll be late, but I have to feed on the data feeds. IRC. Mails. XMPP. Twitter. I’ll go through all of them before being awake. That’s how my processor will be booted up. And it’s not pretty, witnessing massacre or picture of dismembered bodies is something regular.

I used to think I’ll never get used to it. That the horror will still starts something into my guts that would makes me puke, but no. Not anymore. I do not feel anything when seeing those.

I’ll go across a stranger’s face while looking in a mirror. An alien face. Someon people saw on TV or elsewhere. I know it’s me because I do remember doing those tats and this non-consistent hair cut. But I do not recognise me. And yes, if you wonder, I may have trouble finding me in a picture.

This whole body is mine but alien to me. Not that I hate it. It’s just alien. Foreign. I’m not used to it and I do not remembr everything that happened to it.

I’ll survive my bike ride through my city to get at work. Processing a lot of data to avoid being hit by other more or less defined objects on the road. It happened once, but besides a lot of pain and some bruises, I survived.

At work I’ll be going from log analysis, to data strealm analysis, to behavioral anaylisys. I’ll eat a lot of horrible event without them hurting me. Not anymore.

It used to horrify me. Witnessing mass murdering, systematic anihilation of mankind. Now I just soak it. I’m not able to soak the help desk though, and it generally makes me angry. And causes a lot of stress.

Scar tissue

I’ve never been good at expressing feeling. Or at feel for what it worth. It’s getting hardr those day. While working here, I’ve done – at least – one burn out in less than three month. I’ve been through way to much riot, massacre, arbitrary arrest and video or picture of those than I can recall.

All of those wounds have healed. My mind is patched by so much scar tissue that it is mostly scar tissue. I have less and less emotionnal bandwidth. I can’t stop eating data or my mind will enter an endless loop of morbid thought.

I tried different hacks to stop that. But none of them works. I’ve hit wall until my hand is broke. I’ve drunk too much. Way too much. Friend of mine once told me "Addiction starts where feeling stops." Feeling stopped a while ago, not the flow of alcohol. I’ve tried being to exhausted to be able to think. It does not works either.

Now I’m eating data. Analysing them. Trying to makes sense of it, and talk about it with people. Friends. I spend most of my wake time to do that. I’m more and more like a computer, a machine. A sentient one, but a machine.

Reading. Analysing. Forwarding. Loop over it. Endlessly.

The more the days go, the more I’m turning into that. I do not eat healthy food. I’m stuck in bugged routine. I’m not enjoying doing stuff as much as I used to. My life is now, mostly, data consumption and anlysis.

No more emotionnal bandwidth makes me itchy. I fail at perceive irony and humor most of the time. I’m entering each and every battle without self-preservation. I know what emotional pain and distress is. It can’t hurt me now.

And yes, I’m falling. The saying is "hitting the bottom", except there’s no bottom. Only dark and infinite abyss.

Mechanisation of my brain and alienation of my body are survival mechanism. A machine can’t feel. A machine can’t be hurted. So I’ll do it. Again. I’ll be that guy with a strange haircut, with some strongopinion on a lot of things, that’ll do the show into the media. Show must go on. And at least, it’s something consistent.

Dancing through my tears

Sometime, a buffer overflow occurs. A crisis. Generally triggered by something benign – for instance the loud bass of the opening of a concert. And I burst into tears. No idea why, it just happens.

I tend to think that’s yet another survival mechanisms. And I’ll dance through it. I’ll dance on my wrecked self. There’s nothing left of me. Nothing to be rejoiced about me. When I look back I have nothing happy. My father stoled my few happy childhood memories.

I manage to grew without leaving trace around me, without leaving anything that someone would use to hurt me.

The last ten years where a bit better, but I’m not able to see happiness in them. – not that I was not just that I’m not able to see it. I’ve been part of things other finds amazing, but it killed me.

What has been seen cannot be unseen they said. And it’s true. When my mind wanders I’ll always go back to the thing I indirectly witnessed the past three years.

But this is a lie. All of this is. I feel. I do feel the pain. I’ll leave conversation because someone hit me with a knife – a metaphorical one. And I’ll choke on it for two days, keeping me awake, trying to process the data. Trying to understand why it hurts so much. Discovering new area where I still feel. New fights to get involved into.

Love and Rage

I want to crush skulls. To hits things with my bare hands. To let the rage I feel going away with the pain. Last time it happens it was in a concert, it felt good. My head was empty and fuck, didn’t happened in a while. It last for few hours, but yes. It was good.

I miss those area in my life where I can let go. Now, even the street are space where people expect me to conform myself to something I’m not really. I need to find space for that.

It became harder to open myself to people. And the paradox is that I want to spare people I love and who loves me, and that’s how I killed my previous relationshisp, by shielding myself, by not talking about me because it’s fucking scary.

I should take care or me. I should accept this alien body, this alien me. I just have no idea of how to do that. I should listen atthe people who gave me advices. But they do not work. I’m not able to keep my brain down, or I’ll be surrounded by ghosts and morbidity.

I’m only able to love, that’s what’s left of me. That’s what I more or less kept to myself. Everything else is linked to thing I have no control over.

Fuck You

Once uppon a time

I used to be called a geek. A nerd. A no-life. Whatever. It used to be associated with people who didn’t want to socialize the way high school and society asked them to do.

It used to be people who were refusing what we told them what a boy or a girl should be, should act. It used to be people who were extremely interested by scientific topics, weird mathematics, role playing games, video games, computer science.

It used to be nice people who were chatting online, exchanging data, helping each other – or anyone who gets in and asked for help.

I wasn’t really proud of it, but at least it was something that was usefull for me at some point, I knew what I was. I wasn’t only an outcast.

Things change

But now, people grew old. Those geeks became adult, got in charge of things, and being a geek became something cool. It was rapidly identified to a man with tech gadget (like iPhones, and other useless shiny stuff) who are adept of a specific sub-culture (implying mainly commercial things).

And new people came in. And are still called geek because they spend time online, because they play video games, etc. Those people developped a false feeling of persecution. Prefering staying in their so-called community, they started to chose who was good enough to be a geek.

They are bullying, assaulting, stalking, chasing online and offline people who are saying them they’re doing someting wrong.

Basically, they act like 4 years old to whom someone asked to stop playing games and go eat with the family. Except 4 years old do not send SWAT team to rivals, do not harass women who are part of the industry – industry whoch provide the games they plays to – to the point they have to leave their house or their jobs, they do not hunt celebrities online for years to find nude cpictures of them and asks ransom for it before publishing them, they do not insult those victim once the picture shave been published while masturbating themselves on those pictures, once again to have them leave what they think is their.

They think the internet is their own things. They are destroying the community that once was inclusive (ok, and weird, and not that easy to understand) by turning it into a … I don’t know … mutually masturbating circle of elitists jerk?

Fuck You!

So fuck you. I refuse to be assimilated to you, a geek. You stripped that of me, you forced me to reject what used to be part of me, part of my culture. You can choke on your masculinist ego.

As long as you prefer hating people I love. As long as you think LGBTIQ people, women, or other are inferiro and can’t be part of your group or can’t access your culture, by using extremely violent means, including harassment, threats and other things like that, I can’t be called like you.

You do not deserve it, but you took that from me.

I may have changed recently, I may have discovered my bisexuality recently. But I’m still fond of RPG, Comic books, video games. But I cannot be called a geek. Not anymore.

So fuck you. You, your hate of what’s not like you, your syndrom of persecution, your conservatism, your etricked mind. I’m not like you. I do not want to be considered like you.

You’re destroying the privacy and the life of other people. I try to give them tools to help have privacy and a safe online life.

I’m not a geek. Not anymore. I can’t be.

Make Datalove Not Cyberwar

Note This post will be in French, since it’s what I used as notes for my talk at Pas Sage en Seine 2014 in Paris.

Make Datalove

Internet n’est pas un territoire

Internet n’est pas un territoire. Un territoire est un espace géographique et implique l’existence de frontière ou de limite quelconque. Or Internet est une machine hybride composée d’humain et de machines, connectées sans limite de par le monde – ou presque – et créant à l’infini de l’information.

Internet est infini. En tant qu’espace d’information et donc de culture, il n’a pas de limite. L’ensemble des mèmes peuvent cohabiter sur Internet, sans jamais épuiser les ressources d’Internet.

C’est en fait beaucoup plus proche de la notion d’espace mathématique que de territoire géographique. C’est un ensemble composé de cultures, d’idées, de mèmes, d’informations – au sens de la théorie de l’information, et qui repose sur la libre circulation de celle-ci.

Internet is not broken

En tant que système d’échange d’information, Internet fonctionne parfaitement. Il ne garantis pas la confidentialité des échanges, ni la sécurité des machines ou des personne, mais il garanti que l’échange et, l’accès à l’information est possible. Il garanti également que n’importe qui ou n’importe quelle machine peut s’y connecter, le seul pré requis est simplement de parler IP. A aucun moment il n’est demandé une preuve de confiance ou d’identité à une machine, ni n’est éxigé autre chose que de parler IP.

Internet fonctionne parfaitement. Il fonctionne même tellement bien qu’il y a plusieurs milliards de personnes connectées. Il fonctionne même tellement bien que partout dans le monde – ou presque – des personnes de tout milieu social, de toutes cultures, de tout niveau d’éducation, s’en servent pour communiquer.

Et je dis ça en ayant conscience de parler à un évènement où, sur 61 conférenciers, il n’y a que 5 femmes – et une seule à un talk où elle est seule à parler. Et en sachant parfaitement que des continents entiers ne sont pas présents sur Internet, ou que l’accès aux machines permettant l’accès à Internet reste encore trop souvent un privilège des classes sociales supérieures.

We are

Ce qui est cassé ce n’est pas Internet. Ce qui est cassé c’est nous. Les barbus auto proclamés gourous des internets, cyber hactivistes, hackers, sysadmin et autre. Ce qui est cassé ce sont nos égos, nos réactions de sociopathes nihilistes face à un problème politique et social. Ce qui est cassé c’est notre absence de réaction politique, imbus de nous mêmes que nous sommes et confortés dans notre idée que nous sauverons le monde grâce aux machines.

Nous n’avons pas besoin de CaliOPen ou de mailpile. D’OTR ou de GPG. De libre ou open SSL. Nous n’avons pas besoins d’appel à prendre les armes ou de nous écrire des lettres. Nous n’avons pas besoin de dire aux gens que s’ils ne sont pas capables de faire de la crypto et de la gestion de clef correctement alors nous ne pouvons pas les aider. Nous n’avons pas besoin de l’attitude arrogante qui consiste à penser que tout le monde est capable de comprendre la documentation que nous ne sommes pas capables d’écrire.

Certains d’entre nous veulent changer le monde. Et c’est une bonne chose. Certains veulent un monde dans lequel les communications sont par défaut ultra sécurisées, établis entre pairs de confiance, et avec la possibilité d’exclure les nœuds dangereux pour le réseau de manière permanente et selon un consensus autoritaire.

Ils partent du principe que la surveillance de masse, effectuées par les états nations ou corporatistes, est une violente atteinte à la démocratie et à la vie privée et que, de la même manière que le pair à pair permet l’échange d’information de manière décentralisée, fluide et sans autorité centrale, la protection de la vie privée et de l’intimité ne peut se résoudre que techniquement.

Pourquoi pas, mais réfléchissons y deux minutes. Si nous voulons reconstruire un réseau qui garantisse la sécurité et la confidentialité des communications, cela veux dire que nous ne pouvons communiquer qu’avec des nœuds approuvés par le réseau. Cela implique – entre autre – que tout nouvel arrivant doit prouver qu’il est de confiance.

Fini l’arrivée sur le réseau Internet par la simple attribution d’une adresse IP. Il va falloir prouver que l’on est "trustable". Il va falloir prouver au reste du réseau que l’on est bien comme il faut. Que la machine utilisée est sûre, respecte la dernière norme du protocole, et dispose de matériel ne compromettant pas l’intégrité du réseau.

Vous imaginez une société basée sur cette norme? Seules les personnes pensant comme il faut, n’ayant pas d’idée dangereuse, ne compromettant pas le consensus, ne remettant pas en question l’ordre établi, seraient autorisées à faire partie de la société, les autres seraient contraintes à un exil, à un isolement forcé?

En gros, vouloir un réseau de communications entièrement fiable et sécurisé, empêchant toute interception de communication, et dans lequel il y a des garanties que le message est bien délivré à son seul destinataire, reviens à créer des réseaux soit déconnectés les uns des autres, soit inutilisables par des personnes non encore connectées au réseau, ou ne pouvant pas se permettre une connexion. Cela reviens à créer une élite qui seule décide de qui accède au réseau et comment.

Une élite qui aurait le pouvoir de choisir qui doit se connecter et qui ne doit pas se connecter, basé sur des critère qu’elle est seule à formuler et comprendre. Je n’appelle pas vraiment ça un système démocratique. Du moins ça l’est encore moins que celui du fonctionnement actuel d’internet.

Make Datalove

Alors oui, il y a des problèmes. L’espionnage massif de la population par des états corporatistes ou nationaux – parce que ne croyez pas que c’est la NSA l’ennemi. L’asservissement volontaire au cool et le "choix" d’abandonner ses libertés au profit d’un objet. La réduction de la sphère privée et de l’intime, souvent sans en avoir conscience.

Mais ce n’est pas un problème technique. Le journalisme d’investigation n’a jamais su faire de l’OpSec, pas depuis le Viètnam. Ça ne l’a jamais empêché de faire son boulot. Les manifestants et activistes du monde entier utilisent des outils non sûr pour communiquer, mais ils communiquent et s’organisent quand même – peu importe qu’ils aillent en taule. Le problème ce n’est pas tellement de les protéger, ils prennent de toutes façon des risques monstrueux.

Le problème c’est de combattre les mèmes de la sécurité, de la peur, de l’espionnage. Et ce n’est pas avec plus de sécurité qu’on y arrivera. IL suffit de voir les différents ratage de la surveillance. Si on attrape pas telle personne en dépit des caméras de surveillance, c’est qu’il n’y en a pas suffisamment, il faut en rajouter, ce n’est pas parce que le système est inefficace.

Le problème c’est que ce n’est pas quelque chose qu’un outil logiciel résoudra – aussi bien conçu soit il. Même si on était capable de créer des systèmes de chiffrements point à point qui ne nécessitent pas d’intervention de l’utilisateur et que l’ensemble des bibliothèques logicielles sur lesquelles ils se baseraient soient exemptes de failles – ce qui est impossible – il resterait toujours le problème de la surveillance des communications périphériques, de la compromission des terminaux ou des utilisateurs qui iraient coller sur Facebook le contenu d’une conversation privée.

Le problème est politique et il ne se règlera que par une ou plusieurs solution politique. Il est temps que cette élite auto proclamée de barbus des internets redescende de son arbre à chat d’ivoire et aille au contact de celleux qui utilisent Internet, de celleux qui mènent des combats pour leurs droits à eux, mais aussi aux autres.

Il est temps d’arrêter de croire que des ordinateurs et des câbles vont sauver le monde. Déjà, parce que Internet ce n’est pas que des ordinateurs et des câbles, mais aussi les personnes qui s’en servent. Ensuite parce qu’il y a encore énormément de zone dans le monde où ces câbles n’existent pas. Enfin, parce que tant que l’on s’agite uniquement sur le net, et qu’on ne se sert pas des outils créés et utilisés par d’autres groupes militants, cela n’inquiètes pas les super puissance. Il faut arrêter de défendre nos droits sur internet, il faut défendre nos droits tout court, sur les territoires que nous occupons.

Et nous ne sommes pas seuls. Nous avons inventés des moyens d’actions efficaces – ou pas – qui permettent de créer du momentum médiatique, nous avons testés d’autres façon de manifester, mais nous sommes restés entre nous. Les groupes de défenses des droits – ce que l’on appelle la société civile au sens large – existent depuis avant Internet. Certains sont entrés dans la danse et utilisent merveilleusement cet outil social, d’autres non.

Nous espérons quoi, que ces groupes qui ne comprennent pas cet outil que nous avons construit, formé, déformé, et avec lequel nous faisons parfois des trucs géniaux viennent spontanément s’en servir comme nous l’entendons et fassent ce que nous voulons que ces groupes fassent? Ces groupes, mouvements, ont une histoire de militant. Ils se sont souvent formés dans la douleur et ont tous inventés des façons différentes d’agir. Ils savent comment ils veulent militer, ils expérimentent de nouvelles façon de résister. Qui sommes nous pour leur dire comment ils doivent défendre leur cause?

Ce n’est pas à eux de venir vers nous, c’est à nous d’aller vers eux, d’écouter ce qu’ils ont à dire, leurs histoire, leurs outils, leurs problèmes et les solutions qu’ils ont trouvés pour les résoudre. Au lieu de râler que tel groupe utilise gmail, allez les voir, allez discuter, allez échanger. Ils ont des trucs à vous apprendre. Et peut-être que ce n’est pas si grave qu’ils utilisent Gmail au final ou peut-être que vous pourrez démarrer un cluster avec eux etd ‘autres groupes qui se partagerons des ressources techniques et qu’ils se passeront de Gmail à terme.

Nous n’avons pas pour but d’être le centre de support des activistes. Et ils n’en ont pas besoin. En revanche nous savons tous qu’internet est fondamental pour la liberté d’expression, de communication et d’organisation. Nous savons tous que cet outil social peut transcender les frontières, les différences de classe, de langue, d’origine, de religion et autres pour construire de belle choses.

Et c’est notre devoir à nous, utilisacteurs d’internet, hacker ou pas, barbus ou pas, hipster, geeks, nerds ou pas de défendre cet outil. Et c’est notre devoir à nous en tant qu’être humains de défendre nos droits, et cela ne peut se faire qu’en défendant les droits de tout le monde. Avec tout le monde.

Télécommunisme et Cryptoanarchisme

Le Télécommunisme consiste simplement à cinsidérer le réseau physique comme un bien commun. Non pas le contenu, pas Internet, mais le net. Les réseaux, les fils, les signaux, les données. Pas les gens qui s’en servent, mais le réseau.

C’est penser qu’il n’y a pas nécessairement besoin d’un consensus pour le faire fonctionner, du moment qu’il fonctionne. Bien sûr les standards et autres RFC sont nécessaire, comme tout organisme complexe, les différentes parties de cet organisme ont besoin de discuter entre elles, de connaitre leur statut et de pouvoir s’adapter à des défaillances locales. Certains organismes ont choisit la centralisation dans des centres nerveux, d’autres distribuent ces centre nerveux – insectes, céphalopodes -, d’autres enfin collaborent carrément avec des organismes étrangers afin d’assurer leur survie – siphonophores.

La "gouvernance" du réseau n’existe pas. Il y a certes quelques organes qui pensent avoir réellement de l’influence, mais globalement le réseau fonctionne parce que des personnes mettent en commun leurs compétences et ressources pour que cela fonctionne. Il y a même des allumés qui remettent le réseau en route quand les organes officiels le coupent localement.

Nous sommes capable de gérer un des plus gros outils de communication comme un bien commun. Sans avoir de gouvernement, sans s’embêter des heures à prendre des décisions, sans se soucier non plus de l’utilité des actions entreprises. Nous gérons pour tous ce réseau, qui est l’épine dorsale de l’Internet et qui permet à tout ces cerveaux de s’échanger des informations.

La Cryptoanarchie est une théorie mathématique qui établit que si l’ensemble des communications sont chiffrées, il est impossible de distinguer le bruit et l’information dans le signal. Et donc de détecter une communication, ou d’en intercepter une.

Pour que cette théorie fonctionne, il faut que les outils de chiffrement soient massivement adoptés. Et tant qu’ils ne le seront pas, il n’y aura pas de cryptoanarchie. Penser que, parce qu’un outil existe, il est utilisé est une erreur. Il faut que l’outil soit le moins invasif possible, non désactivable, documenté et libre, et qu’il puisse fonctionner sur toutes les plateformes auxquels cet outil est destiné.

Tout ce qui amène à avoir juste un groupe de gens seuls capables de chiffrer, qu’il s’agisse de gouvernement faisant usage de lois de régulation de la cryptographi, d’entreprise déposant des brevets sur les techniques de chiffrement ou usant de logiciels propriétaires, ou d’une bande de nihiliste qui ne veut pas faire d’interface utilisable par tout le monde reviens au même.

Seuls une élite est capable de chiffrer et donc de se protéger. De créer une asymétrie dans l’information en étant seuls capables d’avoir des secrets, et donc d’obtenir un pouvoir sur toutes les autres entités non capables de chiffrer. C’est ce que l’on appelle le crypto fascisme.

Et je suis inquiet quand je vois l’attitude d’une partie de la communauté hacker ou de la scène infosec. Quand certaines personnes envoient balader des débutants et des débutantes parce qu’ielles n’ont pas comprises la documentation pour installer ou configurer certains outils.

Oui, nous autres, peuples des intertubes, sommes parfaitement capables d’appliquer le Télécommunisme, de gérer de manière décentralisée, et intéressante, l’un des systèmes les plus complexe jamais créé par l’homme. EN revanche, nous nous plantons dès qu’il s’agît de fournir à chacun les clefs nécessaire à son indépendance, dès qu’il s’agît de permettre à chaque individu de pouvoir se débrouiller seul, il y a beaucoup moins de monde.

Alors que justement, Internet est à propos de l’émancipation, de la prise de conscience et de pouvoir nécessaire à chacune et chacun pour pouvoir essayer de créer son monde comme il l’entend. Internet est plus qu’un bien commun. Il repose sur un bien commun, mais il est au-delà de ça. Il permet la création de nouvelles formes de société, de nouvelles formes de médias, de nouvelles formes de communications.

Et si l’on se contente du Télécommunisme, si l’on se contente de la Cryptoanarchie, alors nous ratons quelque chose. Il faut se poser la question de l’application de nos modes de gestions technique à nos modes de gestions sociaux. Nous avons inventer des outils qui permettent des échanges non commerciaux, qui permettent de vivre de sa passion, qui permettent une transmission d’info gigantesque. Et nous voulons sacrifier ça pour aller faire la guerre?

Not Cyberwar

Je suis peut-être un bisounours mais

Je pense qu’utiliser les mèmes de la guerre n’est pas nous rendre service. Une guerre c’est une territorialisation. C’est l’instauration de frontière, de limitation de ressources, et à minima de l’occupation de celles-ci par une puissance quelconque.

Parler de guerre, c’est admettre une territorilisation d’internet. Ce qui permet de le découper, de le balkaniser. De créer des clouds souverains, des réseaux nationaux et autre genre de chose qui ont pour but de casser le flot de donnée, de créer de plus petite entités plus facile à contrôler, plus indépendantes des autres, sans lien facile entre elles. Et personne ne veut ça. Personne ne veut que la circulation de l’information soit contrôlée, que ce soit par un gouvernement ou une autre élite technologique.

Arrêtons l’appel aux armes

Il est donc temps d’arrêter l’appel aux armes. D’essayer de réparer ce qui n’est pas cassé, ou de vouloir réparer ce qui est cassé au-delà du réparable. Refusons la sémantique guerrière. Nous ne sommes pas des cyber guerriers. Nous ne vivons pas dans un cyber territoire. Nous n’avons pas de cyber armes, ou de cyber gouvernement. La guerre est un jeu qu’on ne peut gagner qu’en refusant de participer.

Vous voudrez sans doute parler de guerre asymétrique, de guérillas. Mais ça reste de l’épuisement de ressources, ça reste de la guerre, de l’occupation, de la destruction, de la raréfication de ressources. Arrêtons de parler de cyberguerre. C’est complètement destructif et contre-productif.

Nous ne sommes de toutes façon pas une armée, si nous en étions une, nous aurions une chaîne de commandement – elle peut très bien être décentralisée – des uniformes, du recrutement, des opérations. La création et la mise en place d’une armée, consiste de toute façon à créer une élite. Ouip, Anonymous ressemble à une armée. Du moins, de l’extérieur, cela ressemble à une armée. Certes décentralisée et distribuée, mais une armée quand même. Ce n’est pas tout Anonymous, nous savons bien que cela est pus complexe, et que cette armée est plus une image médiatique construite pour valider la cyber guerre, et donc la territorialisation du net. Et donc son occupation.

Mais pire encore, vous savez pourquoi les US et l’UE s’engagent dans tant de conflits? Pas pour défendre les intérêts des peuples. Mais pour justifier les budgets accordés aux entreprises privées qui leurs fournissent du matériel, des munitions, du renseignements. Pour pouvoir ensuite bénéficier de juteux contrats de reconstructions.

Si vous voulez jouer à la guerre, vous devez avoir des moyens vaguement équivalent à votre adversaire. En soldat, en armes et/ou en argent (ce dernier permettant de régler les deux autres). En face, nous avons d’une part des états nations paranoïaques qui ont plusieurs milliards de dollars à consacrer à ça, et des entreprises qui reçoivent des budgets toujours plus gros. Vous croyez vraiment qu’avec nos logiciels libre et nos seules valeurs nous sommes capable de gagner une guerre contre eux? Même une guerre asymétrique? Vous êtes naïfs à ce point?

Snowden, ce héros

Et vous savez qui profite le plus des révélations d’Edward Snowden? Non, ce ne sont pas les citoyens. Sinon, les organismes de surveillance auraient été remis sous contrôle des citoyens et on commencerait à avoir des procès. Non, ce sont les entreprises privées qui vendent de la sécurité. Pas les entreprises US, mais les entreprises UE. Les vendeurs de sécurité.

Ils ne prospèrent que grâce aux vendeurs de peur. Si vous n’avez pas peur, vous n’avez pas besoin d’acheter un système de sécurité. Or nous sommes ceux qui parlons le plus de sécurité. Il faut de la sécurité pour avoir une vie privée disons nous. Il faut plus de sécurité pour se protéger de l’espionnage massif des états. Il faut plus de sécurité pour se protéger des botnets chinois. Il faut plus de sécurité… Toujours plus de sécurité… Tout en sachant que cette sécurité est impossible à atteindre.

Nous faisons le lit des entreprise privées, de groupes transnationaux et extra territoriaux ne cherchant qu’à vendre encore plus de sécurité et donc de peur. De groupe ne pouvant être traduit en justice, collaborant pourtant à des crimes de guerre. Bien entendu, il y a des procès, contre des entreprises. Les actionnaires ne seront pas inquiétés, les patrons de ces entreprises ne seront pas personnellement mis en cause et – si jamais c’était le cas – ils seront remplacés par d’autre. Quoique fassent ces entreprises, tant qu’elles gagnerons du pouvoir, elles continuerons de le faire. Sans être inquiétées.

Cette course à la sécurité, en plus d’être vaine, ne mène qu’à de la paranoïa. Les ennemis sont difficiles à déterminer, à distinguer, du coup tout le monde travaille pour eux. Dans un climat ambiant de paranoïa et de défiance, il devient impossible de faire confiance à des inconnus, il devient impossible de travailler avec eux, il devient impossible de lancer des mouvements nouveaux, de trouver de nouvelles manières de militer, de défier les puissances et d’essayer de les mettre à genoux.

Vous vous souvenez de ce qui a fait le succès de l’internet? Le fait que n’importe quelle machine puisse se connecter et participer au réseau sans aucun pré requis autre que parler IP. Nul besoin de faire confiance, ou autre, il suffit juste de se brancher. Alors oui, il y a des choses malicieuse qui trainent sur les tubes, mais au final assez peu en rapport à toutes ces idées qui s’échange, à tout ces mèmes culturels qui se font et se défont, à tout ces mouvements sociaux qui s’organisent et font parler d’eux grâce à ça.

Utiliser les mèmes de la sécurité et de la guerre au sein de notre communauté, c’est devenir paranoïaque. C’est refuser que quiconque, peu importe son bagage technique, ses origines culturelles, ses connaissances du monde, puisse venir nous parler si ielle n’a pas été validée par une chaine de confiance reconnue.

Et à chaque fois que vous envoyez un méprisable RTFM, ou STFU NOOB à quelqu’un – ou un girls don’t code – c’est exactement ce que vous faites. À chaque fois que vous laissez quelqu’un quitter votre groupe parce qu’ielle ne s’y sent pas bien, c’est exactement ce que vous faites. À chaque fois que vous refusez – consciemment ou non – d’inclure quelqu’un, de débattre et d’échanger avec cette personne, c’est ce que vous faites. A chaque fois que vous refusez de prendre une position qui favoriserait l’inclusion, c’est ce que vous faits.

Croire qu’il y aura un éveil massif de la population et que tout le monde sera capable d’utiliser un terminal afin de chiffrer des mails à grand coup de ‘gpg –armor -e -r 0x00513947’ c’est se mettre le doigt dans l’œil. Profond. Cette prise de conscience massive n’arrivera pas. Et vous savez pourquoi? Parce que nous sommes suffisant. Parce que nous pensons que nos combats sont plus important que les autres. Parce que nous pensons qu’il est plus important de pouvoir chiffrer ses mails en toute confiance que de défendre les droits des femmes, des minorités, des queers. Que nous pensons que l’espionnage massif de la NSA est plus important que le changement climatique et que toutes celles et ceux qui ne sont pas d’accord avec nous ne sont que des fous dangereux inconscients qui remettent en question nos libertés.

Appel à ouverture

Ce qu’il nous faut c’est arrêter de nous comporter en sociopathe. Nous nous plaignons tellement des gens qui ne reverse pas au Libre, mais nous que reversons nous aux autres? Des outils fonctionnels, sûrs et ne mettant pas en danger leur vie ou leurs organisations? Non. Nous ne leur apportons pas de soutien, nous préférons leur lancer des ordres en leur disant qu’il n’y a de salut que dans la crypto end-to-end.

Nous sommes persuadés que les outils actuels et le plus sûrs possible – et oui il en existe – sont utilisable par la majorité des gens, à condition de lire et de comprendre une documentation nécessitant un bagage technique assez énorme. Quand la documentation existe, est traduite, est disponible. Et ces outils sont donc inutilisables, donc non fonctionnels. Et donc du coup, les "autres" n’utilisent pas de crypto, et nous les considérons comme stupide et ne méritant pas notre précieux temps, nous sommes tellement meilleur qu’eux.

Sauf qu’internet n’est pas à propos de la crypto. La vie privée et la sphère intime sont à propos de crypto, la vie publique – des états et des puissances gouvernantes – aussi, mais ce n’est pas internet. Les lanceurs d’alertes n’ont pas attendus GPG pour faire leur travail. Les journalistes non plus. Si nous voulons changer le monde – et en tant que partie du monde nous nous devons de le faire – ce n’est pas avec de nouveaux logiciels ou protocoles que nous le ferons.

C’est en appliquant à nos structures sociales, nos communautés, les mêmes principes que ceux qui permettent à internet de fonctionner. Gratuité d’accès, facilité d’accès, ouverture à tous, confiance par défaut. Donc de s’ouvrir. Et pour s’ouvrir, il faut faire plus que juste dire "Hey, viens et poses toi là". Il faut faire en sorte que celleux qui veulent venir se sentent accueillies.

Oui, ça veut dire faire des efforts pour arrêter d’être paranoïaques, imbu de soi, ou simplement des connards. Mais en fait, en supprimant cette couche de paranoïa, cette suspicion par défaut, les choses deviennent moins stressante. En permettant à toutes de pouvoir participer et d’inclure tout le monde, nous augmentons aussi les diversités, nous ajoutons des mutations à nos mouvements cellulaires, nous pouvons découvrir de nouveau moyen d’actions, découvrir de nouvelles problématiques, se développer, construire des liens forts, développer une communauté, un groupe social qui partage réellement et qui prend soin de lui.

C’est ce que fait la Quadrature dans une certaine mesure en travaillant avec les engraineurs ou Act’Up sur certaines problématique. Et tout le monde y gagne.

Cela nécessite d’accepter que des personnes ne comprennent pas et ne comprendrons pas ce que vous faites. Cela nécessite d’aller contre des certitudes, des choses qui paraissent évidentes, de voir ce qu’il se passe ailleurs dans le monde.

Internet n’est pas un territoire, c’est une somme de conscience collective. Mais nous avons des territoires à défendre. Nous avons besoin d’Internet pour les défendre, mais nous devons les défendre. Allez parler aux autres, invitez-les. Écoutez-les. Si ielles ne veulent pas venir, demandez vous pourquoi. Souvent c’est parce qu’ielles ne se sentent pas bienvenue, pas inclus.

Et c’est généralement parce que personne ne règle le problème des trolls. Des antisociaux qui ne cherchent qu’à détruire les communautés, à maintenir le statu quo, à rester "entre couilles". A vouloir absolument avoir raison. Le climat qui règne sur nos listes de diffusions, canaux IRC, lieux "ouvert" n’est pas forcément serein. Sous prétexte de la liberté d’expression, on laisse tout dire sans conséquences, on laisse nos communauté se diviser, exploser, ne pas exister, refuser les autres.

Non, je ne demande pas la censure ou la régulation. La liberté d’expression existe et est importante. Mais la liberté n’a de sens que si elle est exercée en groupe. Notre liberté de pouvoir vivre ensemble est bien plus importante que la liberté des trolls d’exister impunément.

Il est peut-être temps d’arrêter de se comporter en nerds sociopathes, et de commencer à se comporter en activistes. Parce que les activistes de terrain ne nous attendrons pas. Ils refont déjà le monde, avec ou sans crypto de la mort. Avec ou sans sécurité. C’est quelque chose que vous ne pouvez pas empêcher, que ce soit au Bahrein, en Espagne, aux États Unis ou en Ukraine, des activistes sont arrêtés et torturés, peu importe qu’ils aient ou non utilisés des outils de chiffrement fort.

Ce qui est sûr en revanche c’est que le territoire dans lequel vous vivez, est défendu par des personnes que vous feriez bien de rencontrer. Parce qu’elle changent le monde et ne vous attendrons pas. Si vous ne voulez pas vous retrouvez limité à un rôle de barbu grincheux, de geek associal, de nerd nihiliste, de hipster branchouille, il serait peut-être temps de s’y mettre, d’inclure tout celleux qui veulent venir, et d’aller voir les autres.

Promis, les cannibales n’existent plus. Nous avons mangé le dernier hier.

GMX, Security and Privacy.

[[!meta description="""Yet another story about why you need to hide things from the rest of the world, and why commercial company can’t help you with

Once upon a time

I have this friend – Milou. She’s going to be a good journalist, and she worked a lot for NGOs during her studies. Hence she travelled a lot. As a NGO worker and apprentice journalists, she travelled in … hmmm … interesting places, and a country in particular – let’s call it Zoukinistan.

You’ve probably heard about Zoukinistan, it’s one of these countries the US – and part of EU – are at war with, and where those almighty democracies^Wpowers tried to create a Democracy they own.

So, this woman was going there, doing a job of getting in touch with local activists, reporting human right violations, doing journalisms, stuff like that. And she met there a lot of interesting people.

Not all these people are on the side our governments are comfortable dealing with. Not necessarily warlords or fundamentalists either. They probably just don’t want any more foreign interferences in their country. Yeah, the ones governments probably call terrorists. Or enemies. Or just those who want to expose corruption of their US backed government.

So, as a journalist, she maintains contact with those. No one knows when the next things to expose will blow up. And since she’s quite aware of all the NSA doing nasty things on US hosted servers – essentially trying to graph people in contact with this kind of activists – she goes for a non-US based email provider, and a free one.

And then GMX entered the dance.

Since Milou knows me, and since I worked a bit with her, she uses Tor, OTR, and free softwares. And I think she understands why it’s needed, and why she needs to protect her sources.

So, she created an account on https://gmx.com and used the webmail using Tor, naively thinking GMX – being a German company – would protect her communications.

It appears that GMX is part of United Internet, a German holding which also owns 1&1 and mail.com. And they own 7 datacenters in the EU and the US according to their about page. So they have data on US soil, under the Patriot Act – and you definitely don’t want to have data there if you try to protect sources from US Gov. But nothing says that the former French Caramail they bought and became part of gmx.com is hosted there – in fact, and for strict latency reasons, I think they’ll leave it in EU soil, just to have good performances.

Anyway, let’s put those considerations aside for now.

So, Milou and her friend exchange emails using GMX. I’ll skip the fact https is not enabled by default. Or that they implemented it quite late between servers – after all, Google did it only after NSA had leaked a nice post-it – it’s not really that important since, after all, all emails are probably stored in clear text on a corporation server.

However, Germany, home nation of GMX, is involved in military and security mission in Zoukinistan. We also now that NSA did infiltrate German Internet companies and that the German secrete services do cooperate with NSA.

And then the Milou’s GMX account has been closed for security reasons. Since the IT support doesn’t provide any details and that I could not find anywhere on the net anything related to closing of the accounts if used via Tor – even if they made it hard for anyone to do so – and given the lack of security on their side, I think that it must be read as national security reasons.

My guess is that GMX has been required to terminate this account because it represented a threat to national security.

The interesting part would be to know which nation asked for it. Could be France (Caramail which became GMX.com was French after all), US since they would not like my friend to chat with a terrorist or the German wanting the same thing.

I don’t know. Hard to find evidence when the tech people in the company refuse to provide any. And that’s weird. They could have pretended some unusual traffic came from Milou’s computer – unusual meaning in this case via Tor and Ubuntu – or that they detected some attack and the account had to be terminated, or anything else.

But no, they just "can’t answer", won’t provide any email backup, nor even any support. I don’t like drawing conclusions without facts, but it really seems like someone read those emails and have GMX close this specific account.

About learning and teaching

About learning and teaching

And maybe doing it right

So, I happens to have accidentally bootstrapped a sort of collective to “organize” cryptoparties in Paris (See Here). It’s quite cool because then, you know, I can skip some of them to actually get some rest when I’m on holiday.

Things works more or less smooth, but I have some issues with the way it looks like now. It’s not something easy to say, because it’s probably my fault – at least I do have some responsibilities – but we have some attitude issues among some of the co organizers. I hope it’s nothing that can’t be fixed and we will try to talk about it and see how it evolves.

However, the more I think about it, the more I think we didn’t talked enough about what teaching or do training actually is. And what are some responsibilities you have to endorse and accept when going in front of a group of people and try to have then learn new things, be it chemistry, astrophysics, politics or – in this case – cryptography and privacy.

So, as usual, I’m gonna brain dump here. Not sure if it will make sense or if I’m right, but I think people who wanna do some training might think about what it implies for them and for the people they’ll train.

Desorganised and non-planned

This how we kept cryptoparties organised around here. Everyone of good will is welcome to helps, there’s no skill prerequisite, no resume checking. We all do that on our free time and we try to remain between friends, so it implies a lot of parties (the Telecomix way of doing things) and sometime some harsh talk on a mailing list. But it’s how I like it.

I started those workshops at le Loop, because I wanted to explore technology I did not understand completely at that time, and I prefer doing that in group. The fact that it became a sort of institution is an accident and was never planned.

So, when we throw up a new cryptoparty, we follow the Chaos workshop Howto and we mostly tries to know who will be there and who can train on what topic, then ask the question to the people who have gathered here “What do you wanna explore?

And it was far from perfect, but at least it worked for a while. But now, we have some issues. Those issues are basically because we never talked between us of what knowledge transmission implies.

Cognitive biases ans Argument of authorities

First thing to acknowledge is that, when you put yourself in a trainer position, you have an immense power. You are the expert, the authority, the person who knows, and what you will say will be accepted like The Truth (with capital letters) by your audience.

It means that you need to be extra cautious regarding this power, because – has Peter Parker states it – with great power there is also great responsibility. Not to be exhaustive, or to be flawless, but to be as much flawless as you can toward the knowledge you’re trying to transmit.

Especially in the case where you train activists. Those people basically will use this knowledge in life or death situations and you must do everything you can to avoid them having wrong ideas about what they’re doing.

This is YOUR responsibility. You must know what you know and what you do not, you must accept that you can’t know everything and says when you can’t find an answer to a question (and note it and then look later for the answer). You can’t be good enough or approximative. You must be excellent. If you can’t, you should not do this training.

And yes you have internet to help you. When you don’t know, do not hesitate to fire up a web browser and search for the answer. That way, the people you’re training will learn how they can get better at understanding things. In the crypoparty context that’s also why I like doing them in pair. One can correct the other or helps when difficulties arises, and everyone is getting better at doing it.

That’s also why when I want to explore a new tool, I say upfront that I do not now how it works, but I want to find out how it works. And we dig deeper and deeper, while exploring.

That’s also why I do not teach the math behind cryptography, because I do not understand them fully (and that’s also why I’m not writing crypto code), so it’s hard for me to explain how they works besides rough generalities.

But – and that’s the important part – few people will question you. After all, you’re the person who have the knowledge, and they crave for it, they want it. So, it’s YOUR job to make sure that you won’t teach them errors.

Inclusiveness and accessibility

This part is more directed toward cryptoparties. It’s already a hard place for people to come to a cryptoparty, the name is scary – and that’s why we brand them Café Vie Privée or Privacy Café here – so we need to be the more polite, accessible and inclusive as possible.

It means that you should avoid to patronize people and accept their questions, and weirdness. It also means that when you have to pick up examples, analogies, and things like that, you really should avoid stereotypes because it only creates more stereotypes.

That’s also why you shouldn’t do level oriented groups. Or use terms like n00bs. It’s exclusive, it confront people to their lack of knowledge in a specific area (while they can probably teach you a lot of things from their experience).

The fact that our cryptoparties here are mostly ran by white cis-male is already a big issue. If you use sexist example or assume that people – because they’re female – are the ones who do not know a thing about crypto, you will have an issue.

And it’s not even because you’re an asshole. It’s still because you have the authority, and it have some powerful side-effects. If you tell to people that they’re fantastic and that they’re making progress, that it doesn’t matter if they fail now, etc., then they’ll be amazing. On the other end, if you think of them as n00bs and lamers who sucks at understanding basic tech because you knew it all before, then they’ll stay that way.

So always think of inclusion of everyone. Including the weirdest people you’ll see. Or the one you’re not comfortable with. You don’t have a choice, if you want to share your knowledge, you should share it with the biggest number possible of entities, and then you shouldn’t assume anything about their lives.

Stay humble

And that leads to our last part. Stay humble. You might know a lot of things about the topic you’re about to talk, or you wouldn’t or shouldn’t do it. But all the other people around you – including the co organisers – are also more or less expert on some topics, sometime even the topic you’re going to teach.

And you’ll always be in a de-facto authority, so do not brag about all the things you did. You do not need to justify yourself, if people came they already trust you to be good at what you’re going to train them. You do not need to confront them to their lack of knowledge.

And if you’re doing it with a collective – which is best, parties are better when there’s more than one person partying – you need to work with the collectives. Different people have different views on the same topic, that’s why it’s interesting to work with them. They will also helps you when’ you’re in difficulty, or helps you getting things together when your world will inevitably fall apart.

And it’s important in such a collective to not have to big of an ego, to accept to step back. Yes, you can promote your own projects because they’re cool, they can help people and the like. But you have to accept that, sometimes, someone else want to speak, or try to do things a different way, because we’re all learning how to transmit knowledge, and sometimes we need to experiment.

So yeah, you should listen at your co-organisers. But you must also listen at your trainees. They have questions and problematics you can’t anticipate. And since you’re not doing a lecture, you need to interact, to accept their view, to try to get in their shoes, because there’s a reason for that question you judge stupid.

Also, you need to transmit all the keys you may have to knowledge. It means that you, for instance, when you’re demonstrating a new crypto-tool you like, you should explain what each available options are and what are the differences, but also why you recommend using this specific set of options. You have a reason for doing so, so explain it.

And be patient. I mean, I’m doing help desk for a living (or well, part of my job is doing help desk) I can assure you that most of the people who will voluntarily come to one training are willing to learn. But they need to understand things, and sometimes you will need to answer the same questions many times. It means you need to rephrase until the trainee understand. And yes it’s exhausting. But it’s nothing like help desk, so be patient.

Conclusion?

So yes, if you want to train people, you have responsibility toward them. You must think about that, you’re basically messing with their lives. It’s easy to scare them, and have them run away, but that’s not your job. Your job is to give them enough keys and support for them to walk then run then do a back-flip.

And it needs some prerequisite. Be humble. Know where your knowledge stop. Be inclusive. If you’re not, and if it happens when I’m around, I will probably rush into you and slaps you around with a big trout.

Training is a serious matter. It can be done in fun ways, but it must be done in a way that will manage trainees to be trained (and, one day, they’ll became trainers too, which is an excellent things and helps you stepping back

Identity, Symbolism and Uniforms

Disclaimer: I’m in no way a sociologist, those are the state of thoughts in my brain as of now, it will probably change later. And yes, it’s the result of different conversation I had online recently

Identity crisis

Identity and surveillance

There’s something going on in my head for a while, it’s that I have hard time thinking why mass surveillance is inherently bad. I agree with that, but I try to understand why. Because, as Quinn Norton and Eleanor Saitta said it in their 30C3’s talk ‘No neutral ground in a burning world‘, the surveillance is not necessarily bad.

If we want mutual care and mutual aid to work – and really, I think it’s mandatory in the world I want to live in – then we need surveillance. To keep tabs on each other just to know if they’re OK, or if they need something.

So, the more I think about it, the more I come to the conclusion that the bad thing with surveillance is not the massive amount of data collected. It’s the link made between those data and entities – human being, devices, whatever. And that is, I think, what we call identity.

Some might argue that identity is what you are, but I tend to think it’s more than that. Identity is the projection of yourself in a social context, and the your identity is not the same from the state perspective or from your friends one.

Embodiment and identity

An identity is an interface between your self and other selves. It can be a login on a computer system, a social security number, or any other features. The Guy Fawkes mask is one of them for instance, as well as a lots of memes – but more on that later – and this interface is what we usually call a body.

A body (including the way it is dressed) is, in the meatspace, how people will identify me. My friends recognize me because of my body (and not because I give them my social security number). But in this networked world, you’re body has been augmented.

Your socials networks (Facebook profile, twitter stream, G+ account, whatever) is just that. A big pile of data that became your unique body on those networks. Same goes for the medical system, your personal medical record is your body in there – and yes it include description of your flesh and blood body.

And, for what it matters, the state, by giving you ID papers and forcing you to have them with you at all time, including biometrics to check that you’re really the good version of you (yes, a picture is a biometric identification system) gave you an identity.

And this is where it starts to suck big time. Whatever we wanna do today, you’re asked for a proof – a link – of identity. More and more content you check online require you to be authenticated using one identity or another, and since everything is logged, it’s added to your identity and to your body without your consent or your knowledge.

And every time you’re forced to use an identity (to get money from your bank account, to prove your ID to a cop, to watch that porn), you’re forced into a body. And that’s why registration sucks. Each time you have to login or decline an identity somewhere, you have to endorse a body on which you have less and less control.

As the feminist says: "My body, my rules." It should apply on all forms of body, including the ones made of data.

Symbolism and memes

Symbol

Before going further, I need to define what a symbol – or an icon – is. I’m not a specialist in symbolism or else, but still. Symbols are ides compression system. When you see one of them, you instantly access to a lot of ideas and concepts linked to it – of course those ideas will depend on your past and on the events you’ve gone through – and that’s why symbols can be extremely powerful. They are to ideas and memes what gzip is to text, a fast way to deliver memes.

And occult enthusiast loves the symbols because their meaning depends on your cultural background. Take the svastika for instance. If you’ve got an hinduist or buddhist background, a north-westernenr one or if you’re a raëlian, it does not deserve the same message. And occultists loves the hidden meaning of symbols, after all occultism is all about the hidden meaning. What’s the hidden meaning of this bird fly, of those tea leafs, or any other stupid sign they try to interpret and give meaning to.

Symbol and bodies

Adding symbols to your body is, usually, a good way to tell a lot of things to the entities interacting with you. Wearing those buttons of the CCC or EFF basically explain to those who have the cultural background that I support them.

The hidden meaning of symbols and the fact that they’re senseless is also extremely interesting. That’s how antisocial and oppressed groups identify themselves. Christian during the early age of roman empire, used to use fish as a way to identify themselves. Nowadays fascists wear some specific clothes, or use some symbols (like the celtic cross) to be able to identify themselves but not being flagged as a fascist (while having a nazi cross tattooed on their forehead will makes us identify them as nazi).

So tattoos, clothes, buttons, avatars, quotes, and all those memetic shortcuts you wear on your body do tell to people what you claims to be or think. And that’s why we spend some time to think about how we look, that’s because those symbols will unzip themselves in people thoughts when they’ll meet us. Your body – and then your identity – tells a lot to the people you interact with. And that’s why it’s important for you to get in control of your body.

I mean, you wouldn’t allow somehow to tattoo that nazi cross on your forehead. So, you shouldn’t let a government or a corporation labels you as, for instance, a radical lefty or a LGBTIQ militant if you do not want it.

However, some symbols have became so powerful tat they now have entire identities attached to them. Take the Guy Fawkes mask. Seeing one makes you think Anonymous (and can recall V for Vendetta) and Anonymous is an identity. It’s a body you can wear at any given time it’s even its purpose.

Uniforms

And yes, there’s a lot of these kind of body you can wear to represent specific ideas. You reject your identity to embrace one another. For instance the UPS delivery guy is not someone specific. He is UPS. While wearing this brown body, driving this brow truck, he become UPS and all that this represent or can represent.

Wearing a uniform denies your identity and makes yourself part of another body. That’s why cops and soldier have them. To identify themselves, for us to identify them as the function they serves (and not as specific individuals), and to differentiate from their enemies.

That’s also why anarchists and others tend to have a uniform (hell, black flag is a strong symbol, and nowadays most of them wears black hoodies and scarf to hide their faces) it allow them to abandon their identities and to wear another one.

Wearing a symbol or a uniform also makes you part of a community. I mean, the Apple is a sign of belonging to the Apple values (elitism, lack of control, wealth, coolness) as well as wearing a latin cross will give you the feeling to belong to the christianity, or wearing those branded shoes will makes you part of a community. Or makes you think you are.

But mostly, uniforms are a form of abandoning your identity to merge yourself in a crowd of more or less likely minded people. That’s why I tend to think they can be dangerous. When you start having people all wearing the same symbols with or without understanding all the implication a symbol might have – not everyone have the same cultural background – you start to have a uniform appearing.

And wearing a uniform is abandoning your identity to became another.

The link with surveillance?

So, you have your body. Some part you control, some you don’t (basically everything that’s in the cloud – which is a technical term meaning I don’t give a shit about what happens to those data).

The ones you control is not the problem here. The problem here is the one you don’t control anymore. Different entities are associating ideas, tags, identification mark all over your body – think tattoo here – for different kind of purposes. To tailor some services, advertisement or – as the event in Kiev show us – to classify you as a dissident.

You have no control on that. Those organisms use those (meta)data to build an identity and to link it to your others identities. And if you control the identity – hence the body – you control the people.

You make them wear a uniform they don’t even know about, or understand. You transform them from individuals to part of something else they have to conform to, because wearer of uniforms do not disobey or they’re stripped of it. And since it’s cool to wear it, you do not want to lose it.

And yes, this identity imply that you’ll comply with what it means. From the state point of view, building identities allow them to sort between good and bad citizens. And to expose the bad ones as bad citizens and you don’t want to be the bad guy – except for the sociopath.

So, you’ll do everything you can to conform. To obey. To stay in it, to deserve your uniform of good citizenship. And then to abandon your self for the one you’re told to wear. And that’s where mass surveillance sucks. It’s not about the amount of data collected which can be useful (asks an epidemiologist to work without data collected on the whole earth for instance). It’s not even about surveillance (knowing a disaster is happening and reacting to it is, generally, a good thing). It’s the identity building that sucks.

Enforced identity is quite new as a concept in the human history. And each time a state have provided citizens with ID-card, it was for controlling them (yeah, in France we have them since the Vichy government), not for making their life easier.

And in that connected era, states aren’t the only on to gather data and to attributes ID. Twitter nickname, Google and Facebook ID, all of them are more and more used to connect to other services. And yeah, it means they want to have control over you. And for you to wear the identity they’ve chosen for you.


Project Chaos – Part 1

Project Chaos Part 1

Intro

This article will be the first one of an ongoing story, I’ll try to document my journey on this project through posts, probably shorter than the usual ones.

So, I’ve got this group or tabletop role player that I know for 15 years through different instanciation of the same internet community. It’s the group of people I know for the longest time (for almost half of my life until now) and as all online community it’s shaped by the tools we use (and the tools we use are shaped by our community).

There were the bulletin board like forums (phpBB then fluxBB), both of them managed by the techies (not me) and a third iteration based on drupal. And facebook. Because before 2007 we used the bulletin board forums as a way to keep in touch, to plan parties or to help each other.

Since the facebook happens, the forum mostly turned to be a game-lore database, all the social thing slowly moved over there. And then the forum started to slowly die.

Also, Shadowrun, the game we used to play, gone through some editorial crisis, the new edition has been heavily criticized and some personal dramas did technically killed this forum and group of friends.

They’re still in touch through Facebook, Google cloud sharing services and stuff like that. But since I won’t get there I’ve been a little bit ostracized (not that I really mind, I love my loneliness) but this community was not a community anymore. We ended up with half a dozen of people doing all the community services, while all the others are just feasting on it.

Typical of communities of that age I think. Some of us moved far away, other are having babies, but still, internet tools were supposed to help us to stay in touch.

For the last two years, we did however launch a lot of meetups in different places. And I fighted the uses of google docs to the profit of free alternatives such as etherpad and ethercalc (more than enough for our use case of writing down recipes and errands to run to feed 30 people) with some success.

And then came the sharing. We’re sharing a lot of music and playlists. Especially when you want to run a game, you’re always looking for some atmosphere, so we talk a lot about music (I mean, a 6hours long game is 6 hour of music non stop, you need to find some). The thing is, they want some of my music and, since I won’t use spotify nor google, we’re stuc with sneakernet. Reminds me high school where we exchanged tapes, but with USB hard drive of more than one terabyte.

So, they wanted to share, including what politicians would call illegal files. And, in what sounds like a surprise – but interesting – move, they want to do it themselves (OK, they want me to get involved and helps them) but they want to self-host their stuff.

10 years of advocating free software. 5 of advocating for getting out of social centralized web. 2 after setting up a social network for our characters. 1 after showed them how powerful free and decentralized software can be, they asked me to helps them build a community sharing server.

At last.

Next step

So, we’re currently writing down what we want and need, using etherpad and calcs. There will be a lot of learning implied, and some code to write. But at least, we’re going to do it together.

And yes, they actually asked me to show them how to administrate a server, even if it implies running a shell.

So this will be my log for this journey. I hope we’ll reach the destination. Theres adventures to come, but I have faith in their motivation.

You can haz my freedom. As long as I can haz my pr0n

is not the issue we’re facing"""]]

Context

Yesterday, the National Assembly in France voted the LPM (Loi de Programmation Militaire – Military Planning Law) and a lot of the so called civil society was upset about the Article 13 that may (or may not, we can’t know given the way the text is redacted) legalise what has been illegal for the state until now: wide collection of data and communication in a state without a judge intervention if it’s for the defense of the state.

And I really think that civil society is now dead in France. And I’m saying that while working for a NGO – FIDH (Human Rights International Federation) – and after helps LQDN fighting ACTA, HADOPI and all this stuff.

I just think that the 13th article of this law is just a diversion, a bone throw to the civil society to fight against and to enable the government to do worst at the same time.

Don’t touch my porn

Everyone, including me, is fully aware that each attempt to control and censor the internet (even if it’s stupid) is dangerous because it deprives you of your liberty to … to do what? To consume moar advertisement push to us by private companies.

We’re not using this fantastic tool to build a new society, to change the old one, to organise protest like it’s the case almost everywhere in the world (Tunisia, Egypt, SYria, Ukrain, Greece, Brazil, I mean, look at the news: world is in flame). We’re using it to watch porn and to stalk our neighbour.

So, yes, you will fight for your right to watch porn. That’s OK, I mean, I can’t blame you for wanting to watch porn. But you will defend only that. When people are in the streets fighting for the «internet», they’re not asking for freedom of organisation, communication and privacy. They just want to watch movies they do not want to pay for (because the movies are so lame nowadays that anyone should pay for that, I agree) or to watch their neighbor having sex at a party.

And now, the civil society is just raging against each attempt to censor the big ternet. Except it’s mostly fighting on that. We were already lured in the past, when opposing DADVSI while anti terrorism law were passed. Twice.

The issue is that organisation (and non organisation) such as LQDN might be great to get people calling parliamentarians in the French national assembly or in the Euopean parliament (after all, ACTA was defeated), but they’re not good at explaining to the people why those laws suck.

The thing is that now, we have in each and every law (about planning of military operation, prostitution, gambling, copyright fraud, criminalisation of hate speech, etc.) an article about Internet and censorship/controls.

The thing is that now, we’re fighting only on this point. Us, the citizen, at least the one who are occupying the mediasphere and the social space, are only focused on internet, and nowhere else.

It means that it’s easy for the governement to pass a new security law. It ust have to add a censor-the-internet-article-we-do-not(really-want-in-fact and just wait for the civil society to go after this specific piece of article that the governement is willing to abandon anyway.

It will give civil society the feeling that they’re usefull, while validating that this way of governance works.

Well, you know what?

G

O

F

U

C

K

Y

O

U

R

S

E

L

F

!

It’s a lie.

It does not works. A society which is OK with mass surveillance (whereas using cameras for CCTV, advertisement display with eye-tracking and face recognition system, invasive social networks and other facial recognition system branded as cool) is not a democracy.

Wake up!

It’s time to stop believing that the orderly and controlled protests, petitions and yelling at people works. It doesn’t, the current politician cast is gaming us and this system.

We need to teach, to provide as many explanation as necessary, to fight the fear and to help everyone to have a better understanding of what internet actually is, what it’s not and why it’s the best and most beautiful thing humanity ever created (yet). And we can’t do that by using the traditional way of expression.

We must stop trying to convince politician and start more powerful grassroot and decentralized movement. We must build that alternative society everyone is dreaming of. We must stop thinking that politicians and corporations will ever hear the people, because it won’t happen as long as they think they’re safe. We must challenge them and threatens their safety.

We must not abandon our rights, among them the right to have a private life and to protect it from interference according to the Article 12 of the UDHR, but it’s a bit late.

I mean, 2001 is the first anti-terrorist law (LSQ). We since had a lot of them. And each time, there’s only the internaut – or, well, the one who enjoy their porn – to fight them.

It was twelve years ago. And we still have all of them. No one is publicly asking for the abrogation of those laws. Instead of that we’re just reacting, we’re playing a defense game in which we can only lose something (a small piece of liberty or a bigger one), we need to take the initiative now.

How many loss of liberties should we endure before someone will actually move? I think that we just quit the fight. I think that we think about what we can lose if we start getting angry, and that’s why we’re hearing a lot about what’s happening in Greece. Our so-called leaders are using Greece as a bogeyman to scare us and keep us at peace like, you know, saying "You shouldn’t ask to much or you could loose evrything". The problem here is not about what’s left that we can loose. It’s about what we could win.

So, just wake up. ANd think about what we can have, start asking for things instead of waiting that what you deserve is attacked by one more stupid law. Take back the street. Threatens and challenge the ones in power. Use the solidarity and means of communications you have around you.

The issue is not the politicians. The issue is you. You let them control your

We need optimism, not fear

Fear

I plead guilty. I used to use fear as a tool to try to seed concern in people mind when I was explaining why it is needed to use cryptography on the internet (and elsewhere as well).

The thing is, fear is an extremely powerful feeling. I think it’s rooted somewhere in the evolutionary process, I don’t think there’s species who don’t know fear (and if it were they either are sharks or have since then disappeared, eaten by things they should have fear).

And it’s not one you should use to make people do things. If you use fear to try motivate people, they will be stressed, and some of them will panic (we do not answer rationally to stress and fear) and will run away, screaming in despair, spreading the fear like an arson jumps from trees to trees and finally destroying the whole forest.

By using fear, people who will do what you’re saying, won’t do it because they feel it will improve them, they will do something because they have no choice. And if they can run away from it, they will just do it and will avoid to – for instance – use the internet.

Developing fear into people, is the best way to get the worst out of them, this is exactly the mechanism developed by fascist to gain power, and you know that since Star Wars:

Fear is the path to the darknet. Fear leads to anger. Anger leads to hate. Hate leads to suffering. – Yoda

And since fear is irrational, it doesn’t help people to understand how things works. That’s exactly what states (nation or corporate) are doing now with the Cyberwar, the Darknet and all the creepy stuff.

It enables the states to plant uncertainty (and doubt) in the mind of people, to make them unable to understand how things works, and then to control them (people are now afraid of opening stuff to understand how they work).

I once thought it was possible to use a little bit of fear to raise consciousness into people mind, but it’s like firing up a match in a gasoline tank, even if you’re careful, in the end, it will blow up.

Death on the internet

We were discussing the issue with @microouvert the other day – she says I’m now on the cuddle bear sides. We hear a lot of things about the NSA/GCHQ/DGSI/FSB/insert any new acronyms I might forget here, and the way they do surveillance.

We hear a lot about the surveillance (and then control, and restriction of liberties) made by GAFA members, less than the NSA thing but still. The thing is, it’s not the issue at hand.

You won’t fight spying by using fear. I’ve noted two different behaviour when trying to "warn" (and scare) people about the danger of mass surveillance. Either people go for the "Nothing to hide" stance, or they go for the "Jumping into a bunker and wait for the world’s end" stance. None of them is good.

The issue we ave to manage, and the only way we can find to dismantle the mass surveillance, is by fixing society. And you fix society by empowering people, not by giving them tool they don’t understand, and don’t know what to do with.

In most of the cases, the fact that Google, the DGSI, or your neighbour is spying on you is not a matter of life and death. Most people are not field activists, journalists, hackers, or other – sadly – risky activities to do. Most people just keep on with their life, doing the extraordinary things they doing every day. They do not need to be scared by global surveillance, they already have a lot of thing on their mind to manage.

I’m not saying that global surveillance society is not scary. It is, and it keeps me up at night. We need to fight it but we can only fight it by a social change.

I mean, I’ve looked through some toys shop recently (yeah, something about Unixmas) and there’s more and more spy tools. There’s more and more stalker apps on both Android and Apple store (while you still can’t access porn on the second). Spying your neighbors, your partners or your kids is hype, fun and cool.

This is way more worrying than the fact that NSA is spying on French citizens. The acceptance that it’s normal to invade the privacy of other is an issue. And when you protect yourself from that, you are a freak, you’re an outcast of the society.

It’s not a political change that we need. I don’t believe a political change will happen soon, and will do any good. We need a social change. We need people to empower themselves and discover that internet is a great tool to organise.

Internet isn’t about surveillance

Internet is about communication. And organisation. That’s what we need to tell to the world.

Surveillance is, basically the gathering, storage and analysis of human activities – data and metadata. This is not what internet is doing. Internet is doing one thing: packet switching, which is carrying a message from a point A to a point B.

The storage does not happens on Internet, it happens at the fringe of internet: on your computer, in some datacenters, or elsewhere. But Internet does not maintain a databases with all the packets ever created.

Internet is about communication, and organisation. It enables people to benefits of different way of organisation since it provides different way of communication, and communication is what we – social animals – are doing to thrive, live and survive.

This is the thing we need to teach to people. That they should not worry about internet because internet is not actually spying on them. It’s helping them to communicate, to organise, to reach out.

And that’s something all people are doing. Either they want to organize a family meal, a party or a riot, they are organising things. And they’re doing it using social networks, improving they’re social network. Ok it’s on facebook, twitter, Google+ or whatever spying agency tool provided to them.

What we need, is to open the eyes of the internet consumers to turn them in internet actors. What we need, is to reassure them, and guide them through the early step of understanding what is internet and how it works. What we need is disassemble the toxic memes of surveillance, cyber-insecurity and Darknet – which isn’t about encryption, but about opposing the dirty internet to the good internet.

And you can’t do that by using fear. You need to light a spark in the mind of people, not to burn them alive in fear. We don’t need "Told you so", or "Paranoiac" stance – I’m not saying that you should use some caution, just that most of people don’t need it.

So, stop saying there’s some danger on the internet. It’s a lie. There’s only IP packets on the internet. Everything else is in our society. And we need to change it.

And yes, I’m turning to the optimistic cuddle bears from the intertubes team. It will allow we to do some memetic warfare in a more efficient way.